BEA WebLogic Server 9.0 API Reference

weblogic.webservice.client
Class BaseWLSSLAdapter

java.lang.Object
  weblogic.webservice.client.BaseWLSSLAdapter

All Implemented Interfaces:

SSLAdapter

Direct Known Subclasses:

WLSSLAdapter

Deprecated. please migrate to jws for webservices

public abstract class BaseWLSSLAdapter

extends Object

implements SSLAdapter

Copyright (c) 2003 by BEA Systems, Inc. All Rights Reserved. WLSSLContext.java Created: Mon Apr 8 19:24:52 2002

Copyright © 2005 BEA Systems, Inc. All Rights Reserved.

Field Summary

static String	ENFORCE_CONSTRAINTS Deprecated.
static String	STRICT_CHECKING_DEFAULT Deprecated.
protected boolean	strictCertChecking Deprecated.
static String	TRUSTED_CERTS Deprecated.
protected static String	trustedCertFile Deprecated.
protected static boolean	verbose Deprecated.
static String	VERBOSE_PROPERTY Deprecated.

Constructor Summary

BaseWLSSLAdapter()
Deprecated. Returns an instance of the this class.

Method Summary

protected boolean	adapterUsed() Deprecated.
void	addIdentity(X509Certificate[] chain, byte[] encodedPrivateKey) Deprecated.
void	addIdentity(X509Certificate[] chain, PrivateKey privateKey) Deprecated.
void	addIdentity(X509Certificate[] chain, PrivateKey privateKey) Deprecated. Adds an certificate chain to be sent to a peer during authentication.
void	clearProxy() Deprecated. Removes the proxy from the Adapter's connections -- all subsequent connections will be direct.
Socket	createSocket(String host, int port) Deprecated. Returns a socket connected to a ServerSocket on the named host, at the given port.
protected com.certicom.net.ssl.SSLContext	getContext() Deprecated. internals
X509Certificate[]	getIdentity(String algorithm, int index) Deprecated.
String	getProtocolVersion() Deprecated. Gets the hello policy for clients.
protected SSLSocketFactory	getSocketFactory() Deprecated.
protected boolean	getStrictCheckingDefault() Deprecated.
void	loadLocalIdentity(InputStream stream, char[] password) Deprecated. Adds a PEM encoded certificate chain to the system.
abstract URLConnection	openConnection(URL url) Deprecated. Opens connection to URL
void	removeIdentity(X509Certificate certificate) Deprecated.
void	removeIdentity(X509Certificate certificate) Deprecated.
void	setProtocolVersion(String version) Deprecated. This sets the hello policy for clients.
void	setProxy(String host, int port) Deprecated. Sets the proxy for the adapter.
static void	setStrictCheckingDefault(boolean strict) Deprecated. Determines the default setting for Strict Certificate checking of subsequent instances of this adapter class.
void	setTrustedCertificatesFile(String filename) Deprecated. Sets the name of the file from which the set of trusted CA certs will be loaded.
void	setTrustManager(TrustManager manager) Deprecated. Sets the trust policy for all sockets generated by factories of this adapter.
void	setTrustManager(TrustManager manager, Object callbackref) Deprecated. Sets the trust policy for all sockets generated by this adapter.
void	setVerbose(boolean verbose) Deprecated. This method is used to enable or disabled verbose debugging output.
static X509Certificate	X509java2javax(X509Certificate javaCert) Deprecated. Convert a java.security.cert.X509Certificate to the equivalent javax.security.cert.X509Certificates
static X509Certificate[]	X509java2javax(X509Certificate[] javaCerts) Deprecated. Converts an array of java.security.cert.X509Certificates to the equivalent array of javax.security.cert.X509Certificates
static X509Certificate	X509javax2java(X509Certificate javaxCert) Deprecated. Convert a javax.security.cert.X509Certificate to the equivalent java.security.cert.X509Certificates
static X509Certificate[]	X509javax2java(X509Certificate[] javaxCerts) Deprecated. Converts an array of javax.security.cert.Certificates (e.g.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ENFORCE_CONSTRAINTS

public static final String ENFORCE_CONSTRAINTS

Deprecated.

See Also:

Constant Field Values

STRICT_CHECKING_DEFAULT

public static final String STRICT_CHECKING_DEFAULT

Deprecated.

See Also:

Constant Field Values

strictCertChecking

protected boolean strictCertChecking

Deprecated.

TRUSTED_CERTS

public static final String TRUSTED_CERTS

Deprecated.

See Also:

Constant Field Values

trustedCertFile

protected static String trustedCertFile

Deprecated.

verbose

protected static boolean verbose

Deprecated.

VERBOSE_PROPERTY

public static final String VERBOSE_PROPERTY

Deprecated.

See Also:

Constant Field Values

Constructor Detail

BaseWLSSLAdapter

public BaseWLSSLAdapter()

Deprecated.

Returns an instance of the this class. If set, the SSLAdapter will load the trusted certificates from the file designated by the following system property:

weblogic.webservice.client.ssl.trustedcertfile To disable strict certificate checking by default, set the following system property to false:

weblogic.webservice.client.ssl.strictcertchecking To enable the use of proxy by default, set the following system properties to the appropriate values.

weblogic.webservice.transport.https.proxy.host weblogic.webservice.transport.https.proxy.port

Method Detail

adapterUsed

protected boolean adapterUsed()

Deprecated.

addIdentity

public final void addIdentity(X509Certificate[] chain,
                              byte[] encodedPrivateKey)

Deprecated.

Adds an certificate chain to be sent to a peer during authentication.

Parameters:

chain - The certificate chain that will be used for authentication to a peer.

encodedPrivateKey - The private key associated with the last certificate. This is needed to sign/decrypt messages during authentiction and key exchange.

See Also:

removeIdentity(X509Certificate), getIdentity(String, int), loadLocalIdentity(InputStream, char[])

addIdentity

public final void addIdentity(X509Certificate[] chain,
                              PrivateKey privateKey)

Deprecated.

Adds an certificate chain to be sent to a peer during authentication.

Parameters:

chain - The certificate chain that will be used for authentication to a peer.

privateKey - The private key associated with the last certificate. This is needed to sign/decrypt messages during authentiction and key exchange.

See Also:

removeIdentity(X509Certificate), getIdentity(String, int), loadLocalIdentity(InputStream, char[])

addIdentity

public final void addIdentity(X509Certificate[] chain,
                              PrivateKey privateKey)

Deprecated.

Adds an certificate chain to be sent to a peer during authentication.

Parameters:

chain - The certificate chain that will be used for authentication to a peer.

privateKey - The private key associated with the last certificate. This is needed to sign/decrypt messages during authentiction and key exchange.

See Also:

removeIdentity(X509Certificate), getIdentity(String, int), loadLocalIdentity(InputStream, char[])

clearProxy

public void clearProxy()

Deprecated.

Removes the proxy from the Adapter's connections -- all subsequent connections will be direct.

createSocket

public final Socket createSocket(String host,
                                 int port)
                          throws IOException

Deprecated.

Returns a socket connected to a ServerSocket on the named host, at the given port. This socket is configured using the socket options established for this SSLAdapter.

Specified by:

createSocket in interface SSLAdapter

Parameters:

host - the server host

port - the server port

Throws:

IOException - if the connection can't be established

UnknownHostException - if the host is not known

getContext

protected final com.certicom.net.ssl.SSLContext getContext()

Deprecated.

internals

getIdentity

public final X509Certificate[] getIdentity(String algorithm,
                                           int index)

Deprecated.

Gets an authentication chain that will be used for the given algorithm. The system manages multiple certificate chains, which is useful for client authenticaiton when the server requests a cert chain signed by a specific trusted root.

In a server, only the first authentication chain added to the system is used, though multiple chains may be added.

Parameters:

algorithm - The algorithm that the cert chain uses for authentication. eg "ECDSA", "DSA", "RSA".

index - The index into the list of authentication chains.

Returns:

The authentication certificate chain at the given index.

Throws:

ArrayIndexOutOfBoundsException - if there is no certificate at the given index.

See Also:

addIdentity(X509Certificate[], byte[]), removeIdentity(X509Certificate), loadLocalIdentity(InputStream, char[])

getProtocolVersion

public final String getProtocolVersion()

Deprecated.

Gets the hello policy for clients.

Returns:

The hello policy.

See Also:

setProtocolVersion(String)

getSocketFactory

protected SSLSocketFactory getSocketFactory()

Deprecated.

getStrictCheckingDefault

protected final boolean getStrictCheckingDefault()

Deprecated.

loadLocalIdentity

public final void loadLocalIdentity(InputStream stream,
                                    char[] password)
                             throws KeyManagementException

Deprecated.

Adds a PEM encoded certificate chain to the system.

Parameters:

stream - The input stream containing the encoded certificate chain.

password - The password to the PKCS 8 encrypted private key.

Throws:

KeyManagementException - if the certificate is malformed

See Also:

addIdentity(X509Certificate[], byte[]), removeIdentity(X509Certificate), getIdentity(String, int)

openConnection

public abstract URLConnection openConnection(URL url)
                                      throws IOException

Deprecated.

Opens connection to URL

Specified by:

openConnection in interface SSLAdapter

Parameters:

url - URL we will be connecting to

Returns:

URLConnection

Throws:

IOException - if error occurs while accessing Socket

removeIdentity

public final void removeIdentity(X509Certificate certificate)

Deprecated.

Removes a certificate chain from the list of available authentication certificate chains.

Parameters:

certificate - The certificate which is the last in the certificate chain to be removed.

See Also:

addIdentity(X509Certificate[], byte[]), getIdentity(String, int), loadLocalIdentity(InputStream, char[])

removeIdentity

public final void removeIdentity(X509Certificate certificate)

Deprecated.

setProtocolVersion

public final void setProtocolVersion(String version)

Deprecated.

This sets the hello policy for clients.

When a client sends a hello message to a server, a preferred protocol version is sent. The server responds with an offer to use that protocol or a different one. The policy defines what to do when the negotiated protocol version is other than preferred. This has some security implications, though as of this writing the SSL3 and TLS protocol versions have not been successfully attacked.

It is safe to send the SSL2 hello message even when the only allowed versions are SSL3 and TLS. This is commonly done to allow a graceful exit when no common protocol can be negotiated.

"TLS" means that a TLS hello is sent; the client will accept SSL3 or TLS.
"SSL3" means that a SSL3 hello is sent; the client will accept SSL3 or SSL2.
"TLS1/2HI" means that a SSL2 hello is sent; the client will accept SSL3 or TLS.
"SSL3/2HI" means that a SSL2 hello is sent; the client will accept SSL3 or SSL2.
"TLS1-ONLY" means that a TLS hello is sent; the client will accept TLS.
"SSL3-ONLY" means that a SSL3 hello is sent; the client will accept SSL3.
"ANY" is synonymous with "TLS1/2HI"

The default is "ANY".

setProxy

public void setProxy(String host,
                     int port)

Deprecated.

Sets the proxy for the adapter. This proxy will be used on all connections created by the adapter.

Parameters:

host - the hostname or IP address of the proxy server.

port - the port on which the proxy server listens.

setStrictCheckingDefault

public static void setStrictCheckingDefault(boolean strict)

Deprecated.

Determines the default setting for Strict Certificate checking of subsequent instances of this adapter class. A value of false means instances will accept flawed certificates from the server but warn. This value can also be set with the following system property:

weblogic.webservice.client.ssl.strictcertchecking

Parameters:

strict - the default setting for strict certificate checking

setTrustedCertificatesFile

public void setTrustedCertificatesFile(String filename)

Deprecated.

Sets the name of the file from which the set of trusted CA certs will be loaded. The file should contain PEM encoded certificates. Cannot be used after the Adapter has been used.

Parameters:

filename -

setTrustManager

public final void setTrustManager(TrustManager manager)

Deprecated.

Sets the trust policy for all sockets generated by factories of this adapter. This allows clients to alter the logic for accepting questionable certificates.

Parameters:

manager - the trust policy.

See Also:

TrustManager

setTrustManager

public final void setTrustManager(TrustManager manager,
                                  Object callbackref)

Deprecated.

Sets the trust policy for all sockets generated by this adapter. This allows clients to alter the logic for accepting questionable certificates.

Parameters:

manager - the trust manager for policy.

callbackref - callback object passed to the Trust Manager certificateCallback method

See Also:

TrustManager

setVerbose

public void setVerbose(boolean verbose)

Deprecated.

This method is used to enable or disabled verbose debugging output. This value can also be set with the following system property:

weblogic.webservice.client.verbose

Parameters:

verbose - the default setting for strict certificate checking

X509java2javax

public static final X509Certificate X509java2javax(X509Certificate javaCert)
                                            throws CertificateEncodingException,
                                                   CertificateException

Deprecated.

Convert a java.security.cert.X509Certificate to the equivalent javax.security.cert.X509Certificates

Parameters:

javaCert -

Returns:

Throws:

CertificateEncodingException

CertificateException

X509java2javax

public static final X509Certificate[] X509java2javax(X509Certificate[] javaCerts)
                                              throws CertificateException,
                                                     CertificateEncodingException

Deprecated.

Converts an array of java.security.cert.X509Certificates to the equivalent array of javax.security.cert.X509Certificates

Parameters:

javaCerts -

Returns:

Throws:

CertificateException

CertificateEncodingException

X509javax2java

public static final X509Certificate X509javax2java(X509Certificate javaxCert)
                                            throws CertificateException,
                                                   CertificateEncodingException

Deprecated.

Convert a javax.security.cert.X509Certificate to the equivalent java.security.cert.X509Certificates

Parameters:

javaxCert -

Returns:

Throws:

CertificateException

CertificateEncodingException

X509javax2java

public static final X509Certificate[] X509javax2java(X509Certificate[] javaxCerts)
                                              throws CertificateEncodingException,
                                                     CertificateException

Deprecated.

Converts an array of javax.security.cert.Certificates (e.g. a cert chain) to the equivalent array of java.security.cert.Certificates.

Parameters:

javaxCerts -

Returns:

Throws:

CertificateEncodingException

CertificateException