在我的测试中,我能够毫无问题地使用它们,但我找不到文档说明SSLSocketFactory.createSocket()是否是线程安全的.可以在多个线程中使用相同的SSLSocketFactory来创建SSL套接字吗?
我的应用程序使用一个处理将纯文本套接字升级到SSL的类:
public class SSLHandler() {
public Socket upgradeToSSL(Socket plainSocket) {
SSLSocket sslContext = SSLContext.getInstance("TLS");
TrustManager[] trustManager = new TrustManager[]{
new MyOwnTrustManager()
};
sslContext.init(null, trustManager, null);
SSLSocketFactory sslsocketfactory = sslContext.getSocketFactory();
sslSocket = (SSLSocket) sslsocketfactory.createSocket(
remoteSocket,
remoteSocket.getInetAddress().getHostAddress(),
remoteSocket.getPort(),
true);
return sslSocket;
}
}
SSLHandler类用于多个线程,如下所示:
Socket plainSocket = new Socket(host, port);
//Do some stuff in plain text...
//Lets use TLS now
SSLHandler sslHandler = new SSLHandler();
sslHandler.upgradeToSSL(Socket plainSocket);
plainSocket = upgradeToSSL(plainSocket);
因此,对于每个新线程,都会创建一个SSLHandler.为了避免这种情况,我正在考虑使用Singleton模式重构SSLHandler:
public class SingletonSSLHandler() {
private SSLSocket sslContext;
private SSLSocketFactory sslSocketFactory; …