WebLogic Server 8.1 API Reference

weblogic.webservice.client
Class BaseWLSSLAdapter

java.lang.Object
  |
  +--weblogic.webservice.client.BaseWLSSLAdapter

Direct Known Subclasses:

WLSSLAdapter

public abstract class BaseWLSSLAdapter

extends java.lang.Object

implements SSLAdapter

Copyright (c) 2003 by BEA Systems, Inc. All Rights Reserved. WLSSLContext.java Created: Mon Apr 8 19:24:52 2002

Author:

Copyright © 2004 BEA Systems, Inc. All Rights Reserved.

Field Summary

static java.lang.String	ENFORCE_CONSTRAINTS
static java.lang.String	STRICT_CHECKING_DEFAULT
protected boolean	strictCertChecking
static java.lang.String	TRUSTED_CERTS
protected static java.lang.String	trustedCertFile
protected static boolean	verbose
static java.lang.String	VERBOSE_PROPERTY

Constructor Summary

BaseWLSSLAdapter()
Returns an instance of the this class.

Method Summary

protected boolean	adapterUsed()
void	addIdentity(javax.security.cert.X509Certificate[] chain, byte[] encodedPrivateKey) Deprecated.
void	addIdentity(javax.security.cert.X509Certificate[] chain, java.security.PrivateKey privateKey) Deprecated.
void	addIdentity(java.security.cert.X509Certificate[] chain, java.security.PrivateKey privateKey) Adds an certificate chain to be sent to a peer during authentication.
void	clearProxy() Removes the proxy from the Adapter's connections -- all subsequent connections will be direct.
java.net.Socket	createSocket(java.lang.String host, int port) Returns a socket connected to a ServerSocket on the named host, at the given port.
protected com.certicom.net.ssl.SSLContext	getContext() internals
javax.security.cert.X509Certificate[]	getIdentity(java.lang.String algorithm, int index) Deprecated.
java.lang.String	getProtocolVersion() Gets the hello policy for clients.
protected javax.net.ssl.SSLSocketFactory	getSocketFactory()
protected boolean	getStrictCheckingDefault()
void	loadLocalIdentity(java.io.InputStream stream, char[] password) Adds a PEM encoded certificate chain to the system.
abstract java.net.URLConnection	openConnection(java.net.URL url) Opens connection to URL
void	removeIdentity(javax.security.cert.X509Certificate certificate) Deprecated.
void	removeIdentity(java.security.cert.X509Certificate certificate)
void	setProtocolVersion(java.lang.String version) This sets the hello policy for clients.
void	setProxy(java.lang.String host, int port) Sets the proxy for the adapter.
static void	setStrictCheckingDefault(boolean strict) Determines the default setting for Strict Certificate checking of subsequent instances of this adapter class.
void	setTrustedCertificatesFile(java.lang.String filename) Sets the name of the file from which the set of trusted CA certs will be loaded.
void	setTrustManager(TrustManager manager) Sets the trust policy for all sockets generated by factories of this adapter.
void	setTrustManager(TrustManager manager, java.lang.Object callbackref) Sets the trust policy for all sockets generated by this adapter.
void	setVerbose(boolean verbose) This method is used to enable or disabled verbose debugging output.
static javax.security.cert.X509Certificate	X509java2javax(java.security.cert.X509Certificate javaCert) Convert a java.security.cert.X509Certificate to the equivalent javax.security.cert.X509Certificates
static javax.security.cert.X509Certificate[]	X509java2javax(java.security.cert.X509Certificate[] javaCerts) Converts an array of java.security.cert.X509Certificates to the equivalent array of javax.security.cert.X509Certificates
static java.security.cert.X509Certificate	X509javax2java(javax.security.cert.X509Certificate javaxCert) Convert a javax.security.cert.X509Certificate to the equivalent java.security.cert.X509Certificates
static java.security.cert.X509Certificate[]	X509javax2java(javax.security.cert.X509Certificate[] javaxCerts) Converts an array of javax.security.cert.Certificates (e.g.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

STRICT_CHECKING_DEFAULT

public static final java.lang.String STRICT_CHECKING_DEFAULT

VERBOSE_PROPERTY

public static final java.lang.String VERBOSE_PROPERTY

TRUSTED_CERTS

public static final java.lang.String TRUSTED_CERTS

ENFORCE_CONSTRAINTS

public static final java.lang.String ENFORCE_CONSTRAINTS

verbose

protected static boolean verbose

trustedCertFile

protected static java.lang.String trustedCertFile

strictCertChecking

protected boolean strictCertChecking

Constructor Detail

BaseWLSSLAdapter

public BaseWLSSLAdapter()

Returns an instance of the this class. If set, the SSLAdapter will load the trusted certificates from the file designated by the following system property:

weblogic.webservice.client.ssl.trustedcertfile To disable strict certificate checking by default, set the following system property to false:

weblogic.webservice.client.ssl.strictcertchecking To enable the use of proxy by default, set the following system properties to the appropriate values.

weblogic.webservice.transport.https.proxy.host weblogic.webservice.transport.https.proxy.port

Method Detail

createSocket

public final java.net.Socket createSocket(java.lang.String host,
                                          int port)
                                   throws java.io.IOException

Returns a socket connected to a ServerSocket on the named host, at the given port. This socket is configured using the socket options established for this SSLAdapter.

Specified by:

createSocket in interface SSLAdapter

Parameters:

host - the server host

port - the server port

Throws:

java.io.IOException - if the connection can't be established

java.net.UnknownHostException - if the host is not known

openConnection

public abstract java.net.URLConnection openConnection(java.net.URL url)
                                               throws java.io.IOException

Opens connection to URL

Specified by:

openConnection in interface SSLAdapter

Parameters:

url - URL we will be connecting to

Returns:

URLConnection

Throws:

java.io.IOException - if error occurs while accessing Socket

setStrictCheckingDefault

public static void setStrictCheckingDefault(boolean strict)

Determines the default setting for Strict Certificate checking of subsequent instances of this adapter class. A value of false means instances will accept flawed certificates from the server but warn. This value can also be set with the following system property:

weblogic.webservice.client.ssl.strictcertchecking

Parameters:

strict - the default setting for strict certificate checking

setVerbose

public void setVerbose(boolean verbose)

This method is used to enable or disabled verbose debugging output. This value can also be set with the following system property:

weblogic.webservice.client.verbose

Parameters:

verbose - the default setting for strict certificate checking

setTrustedCertificatesFile

public void setTrustedCertificatesFile(java.lang.String filename)

Sets the name of the file from which the set of trusted CA certs will be loaded. The file should contain PEM encoded certificates. Cannot be used after the Adapter has been used.

Parameters:

filename -

loadLocalIdentity

public final void loadLocalIdentity(java.io.InputStream stream,
                                    char[] password)
                             throws java.security.KeyManagementException

Adds a PEM encoded certificate chain to the system.

Parameters:

stream - The input stream containing the encoded certificate chain.

password - The password to the PKCS 8 encrypted private key.

Throws:

java.security.KeyManagementException - if the certificate is malformed

See Also:

addIdentity(X509Certificate[], byte[]), removeIdentity(X509Certificate), getIdentity(String, int)

getIdentity

public final javax.security.cert.X509Certificate[] getIdentity(java.lang.String algorithm,
                                                               int index)

Deprecated.

Gets an authentication chain that will be used for the given algorithm. The system manages multiple certificate chains, which is useful for client authenticaiton when the server requests a cert chain signed by a specific trusted root.

In a server, only the first authentication chain added to the system is used, though multiple chains may be added.

Parameters:

algorithm - The algorithm that the cert chain uses for authentication. eg "ECDSA", "DSA", "RSA".

index - The index into the list of authentication chains.

Returns:

The authentication certificate chain at the given index.

Throws:

java.lang.ArrayIndexOutOfBoundsException - if there is no certificate at the given index.

See Also:

addIdentity(X509Certificate[], byte[]), removeIdentity(X509Certificate), loadLocalIdentity(InputStream, char[])

addIdentity

public final void addIdentity(javax.security.cert.X509Certificate[] chain,
                              byte[] encodedPrivateKey)

Deprecated.

Adds an certificate chain to be sent to a peer during authentication.

Parameters:

chain - The certificate chain that will be used for authentication to a peer.

encodedPrivateKey - The private key associated with the last certificate. This is needed to sign/decrypt messages during authentiction and key exchange.

See Also:

removeIdentity(X509Certificate), getIdentity(String, int), loadLocalIdentity(InputStream, char[])

addIdentity

public final void addIdentity(javax.security.cert.X509Certificate[] chain,
                              java.security.PrivateKey privateKey)

Deprecated.

Adds an certificate chain to be sent to a peer during authentication.

Parameters:

chain - The certificate chain that will be used for authentication to a peer.

privateKey - The private key associated with the last certificate. This is needed to sign/decrypt messages during authentiction and key exchange.

See Also:

removeIdentity(X509Certificate), getIdentity(String, int), loadLocalIdentity(InputStream, char[])

addIdentity

public final void addIdentity(java.security.cert.X509Certificate[] chain,
                              java.security.PrivateKey privateKey)

Adds an certificate chain to be sent to a peer during authentication.

Parameters:

chain - The certificate chain that will be used for authentication to a peer.

privateKey - The private key associated with the last certificate. This is needed to sign/decrypt messages during authentiction and key exchange.

See Also:

removeIdentity(X509Certificate), getIdentity(String, int), loadLocalIdentity(InputStream, char[])

removeIdentity

public final void removeIdentity(javax.security.cert.X509Certificate certificate)

Deprecated.

Removes a certificate chain from the list of available authentication certificate chains.

Parameters:

certificate - The certificate which is the last in the certificate chain to be removed.

See Also:

addIdentity(X509Certificate[], byte[]), getIdentity(String, int), loadLocalIdentity(InputStream, char[])

removeIdentity

public final void removeIdentity(java.security.cert.X509Certificate certificate)

setProtocolVersion

public final void setProtocolVersion(java.lang.String version)

This sets the hello policy for clients.

When a client sends a hello message to a server, a preferred protocol version is sent. The server responds with an offer to use that protocol or a different one. The policy defines what to do when the negotiated protocol version is other than preferred. This has some security implications, though as of this writing the SSL3 and TLS protocol versions have not been successfully attacked.

It is safe to send the SSL2 hello message even when the only allowed versions are SSL3 and TLS. This is commonly done to allow a graceful exit when no common protocol can be negotiated.

"TLS" means that a TLS hello is sent; the client will accept SSL3 or TLS.
"SSL3" means that a SSL3 hello is sent; the client will accept SSL3 or SSL2.
"TLS1/2HI" means that a SSL2 hello is sent; the client will accept SSL3 or TLS.
"SSL3/2HI" means that a SSL2 hello is sent; the client will accept SSL3 or SSL2.
"TLS1-ONLY" means that a TLS hello is sent; the client will accept TLS.
"SSL3-ONLY" means that a SSL3 hello is sent; the client will accept SSL3.
"ANY" is synonymous with "TLS1/2HI"

The default is "ANY".

getProtocolVersion

public final java.lang.String getProtocolVersion()

Gets the hello policy for clients.

Returns:

The hello policy.

See Also:

setProtocolVersion(String)

setTrustManager

public final void setTrustManager(TrustManager manager)

Sets the trust policy for all sockets generated by factories of this adapter. This allows clients to alter the logic for accepting questionable certificates.

Parameters:

manager - the trust policy.

See Also:

TrustManager

setTrustManager

public final void setTrustManager(TrustManager manager,
                                  java.lang.Object callbackref)

Sets the trust policy for all sockets generated by this adapter. This allows clients to alter the logic for accepting questionable certificates.

Parameters:

manager - the trust manager for policy.

callbackref - callback object passed to the Trust Manager certificateCallback method

See Also:

TrustManager

setProxy

public void setProxy(java.lang.String host,
                     int port)

Sets the proxy for the adapter. This proxy will be used on all connections created by the adapter.

Parameters:

host - the hostname or IP address of the proxy server.

port - the port on which the proxy server listens.

clearProxy

public void clearProxy()

Removes the proxy from the Adapter's connections -- all subsequent connections will be direct.

getContext

protected final com.certicom.net.ssl.SSLContext getContext()

internals

getStrictCheckingDefault

protected final boolean getStrictCheckingDefault()

getSocketFactory

protected javax.net.ssl.SSLSocketFactory getSocketFactory()

adapterUsed

protected boolean adapterUsed()

X509java2javax

public static final javax.security.cert.X509Certificate X509java2javax(java.security.cert.X509Certificate javaCert)
                                                                throws java.security.cert.CertificateEncodingException,
                                                                       javax.security.cert.CertificateException

Convert a java.security.cert.X509Certificate to the equivalent javax.security.cert.X509Certificates

Parameters:

javaCert -

Returns:

Throws:

java.security.cert.CertificateEncodingException -

javax.security.cert.CertificateException -

X509javax2java

public static final java.security.cert.X509Certificate X509javax2java(javax.security.cert.X509Certificate javaxCert)
                                                               throws java.security.cert.CertificateException,
                                                                      javax.security.cert.CertificateEncodingException

Convert a javax.security.cert.X509Certificate to the equivalent java.security.cert.X509Certificates

Parameters:

javaxCert -

Returns:

Throws:

java.security.cert.CertificateException -

javax.security.cert.CertificateEncodingException -

X509java2javax

public static final javax.security.cert.X509Certificate[] X509java2javax(java.security.cert.X509Certificate[] javaCerts)
                                                                  throws javax.security.cert.CertificateException,
                                                                         java.security.cert.CertificateEncodingException

Converts an array of java.security.cert.X509Certificates to the equivalent array of javax.security.cert.X509Certificates

Parameters:

javaCerts -

Returns:

Throws:

javax.security.cert.CertificateException -

java.security.cert.CertificateEncodingException -

X509javax2java

public static final java.security.cert.X509Certificate[] X509javax2java(javax.security.cert.X509Certificate[] javaxCerts)
                                                                 throws javax.security.cert.CertificateEncodingException,
                                                                        java.security.cert.CertificateException

Converts an array of javax.security.cert.Certificates (e.g. a cert chain) to the equivalent array of java.security.cert.Certificates.

Parameters:

javaxCerts -

Returns:

Throws:

javax.security.cert.CertificateEncodingException -

java.security.cert.CertificateException -