JSSE classes and interfaces
Relationship Between Classes
To communicate securely, both sides of the connection must be SSL-enabled. In the JSSE API, the endpoint classes of the connection is the SSLSocket and SSLEngine. In the following diagram, the major classes used to create SSLSocket and SSLEngine are laid out in a logical ordering.
An SSLSocket is created either by an SSLSocketFactory
or by an SSLServerSocket accepting an inbound connection. In turn, an
SSLServerSocket is created by an SSLServerSocketFactory. Both
SSLSocketFactory and SSLServerSocketFactory objects are
created by an SSLContext. An SSLEngine is created directly by
an SSLContext, and relies on the application to handle all I/O.
Important: When using raw SSLSocket or SSLEngine
classes, you should always check the peer's credentials before sending any data. Endpoint
identification/verification procedures can be handled during SSL/TLS handshaking. See the method
SSLParameters.setEndpointIdentificationAlgorithm. For example, the host name in a
URL should match the host name in the peer's credentials. An application could be exploited with URL
spoofing if the host name is not
verified.