Package oracle.jdbc

Interface SecurityInformation

  • public interface SecurityInformation
    Interface to retrieve security details of the underlying network connection.
    Since:
    23ai

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      SecurityInformation.AuthenticationAdaptorType getAuthenticationAdaptor()
      Returns the type of the authentication mechanism used for authenticating the user to the Oracle Database Server.
      java.lang.String getChecksumLevel()
      Returns the checksumming level configured to negotiate Native Network Encryption with the server.
      java.lang.String getChecksummingAlgorithm()
      Returns the checksumming algorithm name used for protecting the data packets transferred over the network with Native Network Encryption.
      SecurityInformation.DNMatchStatus getDNMatchStatus()
      After connection establishment, calling this method returns the server DN verification status.
      java.lang.String getEncryptionAlgorithm()
      Returns the encryption algorithm which is used for encrypting the data packets transferred over the network with Native Network Encryption.
      java.lang.String getEncryptionLevel()
      Returns the encryption level configured to negotiate Native Network Encryption with the server.
      java.lang.String getServerDN()
      Returns the DN received from the TLS certificate of the server.
      java.lang.String getSNI()
      Returns the Server Name Indication (SNI) value used while TLS handshake.
      java.lang.String getTLSCipherSuite()
      Returns the name of the CipherSuite used for securing the underlying TCPS connection.
      java.lang.String getTLSVersion()
      Returns the TLS version negotiated with the server.
      boolean isNativeEncryptionEnabled()
      Returns true if the underlying network connection is protected by Native Network Encryption, otherwise returns false.
      boolean isStrongCryptoUsed()
      Returns true if strong key and IV are used to protect the data packets transferred over the network with Native Network Encryption.

    • Method Detail

      • getDNMatchStatus

        SecurityInformation.DNMatchStatus getDNMatchStatus()

        After connection establishment, calling this method returns the server DN verification status. Returns null if underlying protocol does not support DN verification.

        If DN is configured (through SSL_SERVER_CERT_DN), then the DN of the server's certificate must match the configured DN for the connection to be successful. In this case DNMatchStatus.VERIFIED_MATCHING_CONFIG is returned.

        If DN is not configured, standard DN verification will occur if the EZConnect+ URL format is used or if the property OracleConnection.CONNECTION_PROPERTY_THIN_SSL_SERVER_DN_MATCH is set to true or if SSL_SERVER_DN_MATCH is set to TRUE in the URL. If no DN verification is done then this method will return DNMatchStatus.NOT_VERIFIED.

        Standard DN verification is done using the host name or service name specified in the URL in the following order:

        1. If the host name from the URL is matched with one of the SANs (Subject Alternative Name) or the CN value from the server's certificate then DNMatchStatus.VERIFIED_MATCHING_HOSTNAME is returned.
        2. If the service name from the URL is matched with one of the SANs (Subject Alternative Name) or the CN value from the server's certificate then DNMatchStatus.VERIFIED_MATCHING_SERVICENAME is returned.

        Returns:
        dnMatchStatus
        See Also:
        OracleConnection.CONNECTION_PROPERTY_THIN_SSL_SERVER_CERT_DN, OracleConnection.CONNECTION_PROPERTY_THIN_SSL_SERVER_DN_MATCH

      • getServerDN

        java.lang.String getServerDN()
        Returns the DN received from the TLS certificate of the server.
        Returns:
        The server certificate DN, or null if TLS is not enabled.

      • isNativeEncryptionEnabled

        boolean isNativeEncryptionEnabled()
        Returns true if the underlying network connection is protected by Native Network Encryption, otherwise returns false.
        Returns:
        true if Native Network Encryption is enabled, otherwise false

      • getEncryptionAlgorithm

        java.lang.String getEncryptionAlgorithm()
        Returns the encryption algorithm which is used for encrypting the data packets transferred over the network with Native Network Encryption.
        Returns:
        The encryption algorithm name, or null if Native Network Encryption is not enabled.
        See Also:
        OracleConnection.CONNECTION_PROPERTY_THIN_NET_ENCRYPTION_TYPES

      • getChecksummingAlgorithm

        java.lang.String getChecksummingAlgorithm()
        Returns the checksumming algorithm name used for protecting the data packets transferred over the network with Native Network Encryption.
        Returns:
        The checksumming algorithm name, or null if Native Network Encryption is not enabled.
        See Also:
        OracleConnection.CONNECTION_PROPERTY_THIN_NET_CHECKSUM_TYPES

      • getEncryptionLevel

        java.lang.String getEncryptionLevel()
        Returns the encryption level configured to negotiate Native Network Encryption with the server. Default value is ACCEPTED.
        Returns:
        The encryption level, or null if Native Network Encryption is not enabled.
        See Also:
        OracleConnection.CONNECTION_PROPERTY_THIN_NET_ENCRYPTION_LEVEL

      • getChecksumLevel

        java.lang.String getChecksumLevel()
        Returns the checksumming level configured to negotiate Native Network Encryption with the server. Default value is ACCEPTED.
        Returns:
        The checksumming level, or null if Native Network Encryption is not enabled.
        See Also:
        OracleConnection.CONNECTION_PROPERTY_THIN_NET_CHECKSUM_LEVEL

      • isStrongCryptoUsed

        boolean isStrongCryptoUsed()
        Returns true if strong key and IV are used to protect the data packets transferred over the network with Native Network Encryption.
        Returns:
        true if strong crypto is enabled, or false if it is disabled or if Native Network Encryption is not enabled.
        See Also:
        OracleConnection.CONNECTION_PROPERTY_THIN_NET_ALLOW_WEAK_CRYPTO