|
BEA Systems, Inc. | ||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--weblogic.webservice.client.BaseWLSSLAdapter
Copyright (c) 2003 by BEA Systems, Inc. All Rights Reserved. WLSSLContext.java Created: Mon Apr 8 19:24:52 2002
Field Summary | |
static java.lang.String |
ENFORCE_CONSTRAINTS
|
static java.lang.String |
STRICT_CHECKING_DEFAULT
|
protected boolean |
strictCertChecking
|
static java.lang.String |
TRUSTED_CERTS
|
protected static java.lang.String |
trustedCertFile
|
protected static boolean |
verbose
|
static java.lang.String |
VERBOSE_PROPERTY
|
Constructor Summary | |
BaseWLSSLAdapter()
Returns an instance of the this class. |
Method Summary | |
protected boolean |
adapterUsed()
|
void |
addIdentity(javax.security.cert.X509Certificate[] chain,
byte[] encodedPrivateKey)
Deprecated. |
void |
addIdentity(javax.security.cert.X509Certificate[] chain,
java.security.PrivateKey privateKey)
Deprecated. |
void |
addIdentity(java.security.cert.X509Certificate[] chain,
java.security.PrivateKey privateKey)
Adds an certificate chain to be sent to a peer during authentication. |
void |
clearProxy()
Removes the proxy from the Adapter's connections -- all subsequent connections will be direct. |
java.net.Socket |
createSocket(java.lang.String host,
int port)
Returns a socket connected to a ServerSocket on the named host, at the given port. |
protected com.certicom.net.ssl.SSLContext |
getContext()
internals |
javax.security.cert.X509Certificate[] |
getIdentity(java.lang.String algorithm,
int index)
Deprecated. |
java.lang.String |
getProtocolVersion()
Gets the hello policy for clients. |
protected javax.net.ssl.SSLSocketFactory |
getSocketFactory()
|
protected boolean |
getStrictCheckingDefault()
|
void |
loadLocalIdentity(java.io.InputStream stream,
char[] password)
Adds a PEM encoded certificate chain to the system. |
abstract java.net.URLConnection |
openConnection(java.net.URL url)
Opens connection to URL |
void |
removeIdentity(javax.security.cert.X509Certificate certificate)
Deprecated. |
void |
removeIdentity(java.security.cert.X509Certificate certificate)
|
void |
setProtocolVersion(java.lang.String version)
This sets the hello policy for clients. |
void |
setProxy(java.lang.String host,
int port)
Sets the proxy for the adapter. |
static void |
setStrictCheckingDefault(boolean strict)
Determines the default setting for Strict Certificate checking of subsequent instances of this adapter class. |
void |
setTrustedCertificatesFile(java.lang.String filename)
Sets the name of the file from which the set of trusted CA certs will be loaded. |
void |
setTrustManager(TrustManager manager)
Sets the trust policy for all sockets generated by factories of this adapter. |
void |
setTrustManager(TrustManager manager,
java.lang.Object callbackref)
Sets the trust policy for all sockets generated by this adapter. |
void |
setVerbose(boolean verbose)
This method is used to enable or disabled verbose debugging output. |
static javax.security.cert.X509Certificate |
X509java2javax(java.security.cert.X509Certificate javaCert)
Convert a java.security.cert.X509Certificate to the equivalent javax.security.cert.X509Certificates |
static javax.security.cert.X509Certificate[] |
X509java2javax(java.security.cert.X509Certificate[] javaCerts)
Converts an array of java.security.cert.X509Certificates to the equivalent array of javax.security.cert.X509Certificates |
static java.security.cert.X509Certificate |
X509javax2java(javax.security.cert.X509Certificate javaxCert)
Convert a javax.security.cert.X509Certificate to the equivalent java.security.cert.X509Certificates |
static java.security.cert.X509Certificate[] |
X509javax2java(javax.security.cert.X509Certificate[] javaxCerts)
Converts an array of javax.security.cert.Certificates (e.g. |
Methods inherited from class java.lang.Object |
clone,
equals,
finalize,
getClass,
hashCode,
notify,
notifyAll,
toString,
wait,
wait,
wait |
Field Detail |
public static final java.lang.String STRICT_CHECKING_DEFAULT
public static final java.lang.String VERBOSE_PROPERTY
public static final java.lang.String TRUSTED_CERTS
public static final java.lang.String ENFORCE_CONSTRAINTS
protected static boolean verbose
protected static java.lang.String trustedCertFile
protected boolean strictCertChecking
Constructor Detail |
public BaseWLSSLAdapter()
weblogic.webservice.client.ssl.trustedcertfile
To disable strict certificate checking by default, set the
following system property to false
:
weblogic.webservice.client.ssl.strictcertchecking
To enable the use of proxy by default, set the following system
properties to the appropriate values.
weblogic.webservice.transport.https.proxy.host
weblogic.webservice.transport.https.proxy.port
Method Detail |
public final java.net.Socket createSocket(java.lang.String host, int port) throws java.io.IOException
host
- the server hostport
- the server portpublic abstract java.net.URLConnection openConnection(java.net.URL url) throws java.io.IOException
url
- URL we will be connecting topublic static void setStrictCheckingDefault(boolean strict)
false
means instances will accept flawed
certificates from the server but warn.
This value can also be set with the following system property:
weblogic.webservice.client.ssl.strictcertchecking
strict
- the default setting for strict certificate checkingpublic void setVerbose(boolean verbose)
weblogic.webservice.client.verbose
verbose
- the default setting for strict certificate checkingpublic void setTrustedCertificatesFile(java.lang.String filename)
filename
- public final void loadLocalIdentity(java.io.InputStream stream, char[] password) throws java.security.KeyManagementException
stream
- The input stream containing the encoded certificate chain.password
- The password to the PKCS 8 encrypted private key.addIdentity(X509Certificate[], byte[])
,
removeIdentity(X509Certificate)
,
getIdentity(String, int)
public final javax.security.cert.X509Certificate[] getIdentity(java.lang.String algorithm, int index)
In a server, only the first authentication chain added to the system is used, though multiple chains may be added.
algorithm
- The algorithm that the cert chain uses for
authentication. eg "ECDSA", "DSA", "RSA".index
- The index into the list of authentication chains.addIdentity(X509Certificate[], byte[])
,
removeIdentity(X509Certificate)
,
loadLocalIdentity(InputStream, char[])
public final void addIdentity(javax.security.cert.X509Certificate[] chain, byte[] encodedPrivateKey)
chain
- The certificate chain that will be used for
authentication to a peer.encodedPrivateKey
- The private key associated with the last
certificate. This is needed to sign/decrypt
messages during authentiction and key exchange.removeIdentity(X509Certificate)
,
getIdentity(String, int)
,
loadLocalIdentity(InputStream, char[])
public final void addIdentity(javax.security.cert.X509Certificate[] chain, java.security.PrivateKey privateKey)
chain
- The certificate chain that will be used for
authentication to a peer.privateKey
- The private key associated with the last
certificate. This is needed to sign/decrypt
messages during authentiction and key exchange.removeIdentity(X509Certificate)
,
getIdentity(String, int)
,
loadLocalIdentity(InputStream, char[])
public final void addIdentity(java.security.cert.X509Certificate[] chain, java.security.PrivateKey privateKey)
chain
- The certificate chain that will be used for
authentication to a peer.privateKey
- The private key associated with the last
certificate. This is needed to sign/decrypt
messages during authentiction and key exchange.removeIdentity(X509Certificate)
,
getIdentity(String, int)
,
loadLocalIdentity(InputStream, char[])
public final void removeIdentity(javax.security.cert.X509Certificate certificate)
certificate
- The certificate which is the last in the certificate chain
to be removed.addIdentity(X509Certificate[], byte[])
,
getIdentity(String, int)
,
loadLocalIdentity(InputStream, char[])
public final void removeIdentity(java.security.cert.X509Certificate certificate)
public final void setProtocolVersion(java.lang.String version)
When a client sends a hello message to a server, a preferred protocol version is sent. The server responds with an offer to use that protocol or a different one. The policy defines what to do when the negotiated protocol version is other than preferred. This has some security implications, though as of this writing the SSL3 and TLS protocol versions have not been successfully attacked.
It is safe to send the SSL2 hello message even when the only allowed versions are SSL3 and TLS. This is commonly done to allow a graceful exit when no common protocol can be negotiated.
"TLS" means that a TLS hello is sent; the client will accept SSL3 or TLS.
"SSL3" means that a SSL3 hello is sent; the client will accept SSL3 or SSL2.
"TLS1/2HI" means that a SSL2 hello is sent; the client will accept SSL3 or TLS.
"SSL3/2HI" means that a SSL2 hello is sent; the client will accept SSL3 or SSL2.
"TLS1-ONLY" means that a TLS hello is sent; the client will accept TLS.
"SSL3-ONLY" means that a SSL3 hello is sent; the client will accept SSL3.
"ANY" is synonymous with "TLS1/2HI"
The default is "ANY".
public final java.lang.String getProtocolVersion()
setProtocolVersion(String)
public final void setTrustManager(TrustManager manager)
manager
- the trust policy.TrustManager
public final void setTrustManager(TrustManager manager, java.lang.Object callbackref)
manager
- the trust manager for policy.callbackref
- callback object passed to the Trust Manager
certificateCallback methodTrustManager
public void setProxy(java.lang.String host, int port)
host
- the hostname or IP address of the proxy server.port
- the port on which the proxy server listens.public void clearProxy()
protected final com.certicom.net.ssl.SSLContext getContext()
protected final boolean getStrictCheckingDefault()
protected javax.net.ssl.SSLSocketFactory getSocketFactory()
protected boolean adapterUsed()
public static final javax.security.cert.X509Certificate X509java2javax(java.security.cert.X509Certificate javaCert) throws java.security.cert.CertificateEncodingException, javax.security.cert.CertificateException
javaCert
- public static final java.security.cert.X509Certificate X509javax2java(javax.security.cert.X509Certificate javaxCert) throws java.security.cert.CertificateException, javax.security.cert.CertificateEncodingException
javaxCert
- public static final javax.security.cert.X509Certificate[] X509java2javax(java.security.cert.X509Certificate[] javaCerts) throws javax.security.cert.CertificateException, java.security.cert.CertificateEncodingException
javaCerts
- public static final java.security.cert.X509Certificate[] X509javax2java(javax.security.cert.X509Certificate[] javaxCerts) throws javax.security.cert.CertificateEncodingException, java.security.cert.CertificateException
javaxCerts
-
|
Documentation is available at http://download.oracle.com/docs/cd/E13222_01/wls/docs81 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |