|
BEA Systems, Inc. | ||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--weblogic.webservice.client.BaseWLSSLAdapter
WLSSLContext.java Created: Mon Apr 8 19:24:52 2002
Field Summary | |
static java.lang.String |
STRICT_CHECKING_DEFAULT
|
protected boolean |
strictCertChecking
|
static java.lang.String |
TRUSTED_CERTS
|
protected static java.lang.String |
trustedCertFile
|
protected static boolean |
verbose
|
static java.lang.String |
VERBOSE_PROPERTY
|
Constructor Summary | |
BaseWLSSLAdapter()
Returns an instance of the this class. |
Method Summary | |
protected void |
_setStrictChecking(boolean strict)
|
protected boolean |
adapterUsed()
|
void |
addIdentity(javax.security.cert.X509Certificate[] chain,
byte[] encodedPrivateKey)
Adds an certificate chain to be sent to a peer during authentication. |
void |
addIdentity(javax.security.cert.X509Certificate[] chain,
java.security.PrivateKey privateKey)
Adds an certificate chain to be sent to a peer during authentication. |
void |
clearProxy()
Removes the proxy from the Adapter's connections -- all subsequent connections will be direct. |
java.net.Socket |
createSocket(java.lang.String host,
int port)
Returns a socket connected to a ServerSocket on the named host, at the given port. |
protected com.certicom.net.ssl.SSLContext |
getContext()
internals |
javax.security.cert.X509Certificate[] |
getIdentity(java.lang.String algorithm,
int index)
Gets an authentication chain that will be used for the given algorithm. |
java.lang.String |
getProtocolVersion()
Gets the hello policy for clients. |
protected javax.net.ssl.SSLSocketFactory |
getSocketFactory()
|
protected boolean |
getStrictCheckingDefault()
|
void |
loadLocalIdentity(java.io.InputStream stream,
char[] password)
Adds a PEM encoded certificate chain to the system. |
abstract java.net.URLConnection |
openConnection(java.net.URL url)
Opens connection to URL |
void |
removeIdentity(javax.security.cert.X509Certificate certificate)
Removes a certificate chain from the list of available authentication certificate chains. |
void |
setProtocolVersion(java.lang.String version)
This sets the hello policy for clients. |
void |
setProxy(java.lang.String host,
int port)
Sets the proxy for the adapter. |
static void |
setStrictCheckingDefault(boolean strict)
Determines the default setting for Strict Certificate checking of subsequent instances of this adapter class. |
void |
setTrustedCertificatesFile(java.lang.String file)
Sets the name of the file from which the set of trusted CA certs will be loaded. |
void |
setTrustManager(TrustManager manager)
Sets the trust policy for all sockets generated by factories of this adapter. |
void |
setTrustManager(TrustManager manager,
java.lang.Object callbackref)
Sets the trust policy for all sockets generated by this adapter. |
void |
setVerbose(boolean verbose)
This method is used to enable or disabled verbose debugging output. |
Methods inherited from class java.lang.Object |
clone,
equals,
finalize,
getClass,
hashCode,
notify,
notifyAll,
toString,
wait,
wait,
wait |
Field Detail |
public static final java.lang.String STRICT_CHECKING_DEFAULT
public static final java.lang.String VERBOSE_PROPERTY
public static final java.lang.String TRUSTED_CERTS
protected static boolean verbose
protected static java.lang.String trustedCertFile
protected boolean strictCertChecking
Constructor Detail |
public BaseWLSSLAdapter()
weblogic.webservice.client.ssl.trustedcertfile
To disable strict certificate checking by default, set the
following system property to false
:
weblogic.webservice.client.ssl.strictcertchecking
To enable the use of proxy by default, set the following system
properties to the appropriate values.
weblogic.webservice.transport.https.proxy.host
weblogic.webservice.transport.https.proxy.port
Method Detail |
public final java.net.Socket createSocket(java.lang.String host, int port) throws java.io.IOException
host
- the server hostport
- the server portpublic abstract java.net.URLConnection openConnection(java.net.URL url) throws java.io.IOException
u
- URL we will be connecting topublic static void setStrictCheckingDefault(boolean strict)
false
means instances will accept flawed
certificates from the server but warn.
This value can also be set with the following system property:
weblogic.webservice.client.ssl.strictcertchecking
strict
- the default setting for strict certificate checkingpublic void setVerbose(boolean verbose)
weblogic.webservice.client.verbose
strict
- the default setting for strict certificate checkingprotected final void _setStrictChecking(boolean strict)
public void setTrustedCertificatesFile(java.lang.String file)
string
- The name of the file containing the trusted certs.public final void loadLocalIdentity(java.io.InputStream stream, char[] password) throws java.security.KeyManagementException
stream
- The input stream containing the encoded certificate chain.password
- The password to the PKCS 8 encrypted private key.addIdentity(X509Certificate[], byte[])
,
removeIdentity(X509Certificate)
,
getIdentity(String, int)
public final javax.security.cert.X509Certificate[] getIdentity(java.lang.String algorithm, int index)
In a server, only the first authentication chain added to the system is used, though multiple chains may be added.
algorithm
- The algorithm that the cert chain uses for
authentication. eg "ECDSA", "DSA", "RSA".index
- The index into the list of authentication chains.addIdentity(X509Certificate[], byte[])
,
removeIdentity(X509Certificate)
,
loadLocalIdentity(InputStream, char[])
public final void addIdentity(javax.security.cert.X509Certificate[] chain, byte[] encodedPrivateKey)
chain
- The certificate chain that will be used for
authentication to a peer.encodedPrivateKey
- The private key associated with the last
certificate. This is needed to sign/decrypt
messages during authentiction and key exchange.removeIdentity(X509Certificate)
,
getIdentity(String, int)
,
loadLocalIdentity(InputStream, char[])
public final void addIdentity(javax.security.cert.X509Certificate[] chain, java.security.PrivateKey privateKey)
chain
- The certificate chain that will be used for
authentication to a peer.privateKey
- The private key associated with the last
certificate. This is needed to sign/decrypt
messages during authentiction and key exchange.removeIdentity(X509Certificate)
,
getIdentity(String, int)
,
loadLocalIdentity(InputStream, char[])
public final void removeIdentity(javax.security.cert.X509Certificate certificate)
cert
- The certificate which is the last in the certificate chain
to be removed.addIdentity(X509Certificate[], byte[])
,
getIdentity(String, int)
,
loadLocalIdentity(InputStream, char[])
public final void setProtocolVersion(java.lang.String version)
When a client sends a hello message to a server, a preferred protocol version is sent. The server responds with an offer to use that protocol or a different one. The policy defines what to do when the negotiated protocol version is other than preferred. This has some security implications, though as of this writing the SSL3 and TLS protocol versions have not been successfully attacked.
It is safe to send the SSL2 hello message even when the only allowed versions are SSL3 and TLS. This is commonly done to allow a graceful exit when no common protocol can be negotiated.
"TLS" means that a TLS hello is sent; the client will accept SSL3 or TLS.
"SSL3" means that a SSL3 hello is sent; the client will accept SSL3 or SSL2.
"TLS1/2HI" means that a SSL2 hello is sent; the client will accept SSL3 or TLS.
"SSL3/2HI" means that a SSL2 hello is sent; the client will accept SSL3 or SSL2.
"TLS1-ONLY" means that a TLS hello is sent; the client will accept TLS.
"SSL3-ONLY" means that a SSL3 hello is sent; the client will accept SSL3.
"ANY" is synonymous with "TLS1/2HI"
The default is "ANY".
public final java.lang.String getProtocolVersion()
setProtocolVersion(String)
public final void setTrustManager(TrustManager manager)
trustManager
- the trust policy.TrustManager
public final void setTrustManager(TrustManager manager, java.lang.Object callbackref)
trustManager
- the trust policy.certificateCallbackRef
- object passed to the Trust Manager
certificateCallback methodTrustManager
public void setProxy(java.lang.String host, int port)
host
- the hostname or IP address of the proxy server.port
- the port on which the proxy server listens.public void clearProxy()
protected final com.certicom.net.ssl.SSLContext getContext()
protected final boolean getStrictCheckingDefault()
protected javax.net.ssl.SSLSocketFactory getSocketFactory()
protected boolean adapterUsed()
|
Documentation is available at http://download.oracle.com/docs/cd/E13222_01/wls/docs81b |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |