ConfigurationMBean
, DescriptorBean
, javax.management.DynamicMBean
, javax.management.MBeanRegistration
, javax.management.NotificationBroadcaster
, SettableBean
, WebLogicMBean
public interface TLSMBean extends ConfigurationMBean
A TLSMBean
contains SSL/TLS connection parameters
and may be organized in a user-defined inheritance
hierarchy and referenced by name.
DEFAULT_EMPTY_BYTE_ARRAY
Modifier and Type | Method | Description |
---|---|---|
java.lang.String[] |
getCiphersuites() |
Specifies the cipher suites for the TLS connection.
|
java.lang.String |
getHostnameVerifier() |
The name of the class that implements the
weblogic.security.SSL.HostnameVerifier interface. |
java.lang.String |
getIdentityKeyStoreFileName() |
The source of the identity keystore.
|
java.lang.String |
getIdentityKeyStorePassPhrase() |
The encrypted identity keystore's passphrase.
|
byte[] |
getIdentityKeyStorePassPhraseEncrypted() |
The encrypted pass phrase defined when creating the keystore.
|
java.lang.String |
getIdentityKeyStoreType() |
The type of the keystore.
|
java.lang.String |
getIdentityPrivateKeyAlias() |
The alias of the private key representing the identity for the
associated connection.
|
java.lang.String |
getIdentityPrivateKeyPassPhrase() |
The pass phrase of the private key referred by the alias
in
getIdentityPrivateKeyAlias() . |
byte[] |
getIdentityPrivateKeyPassPhraseEncrypted() |
The encrypted form of the pass phrase used to retrieve
the identity private key from the keystore.
|
java.lang.String |
getInboundCertificateValidation() |
Indicates the client certificate validation rules for inbound
SSL.
|
java.lang.String |
getMinimumTLSProtocolVersion() |
Get the minimum SSL/TLS protocol version to be used in a TLS connection.
|
java.lang.String |
getName() |
The name of this set of TLS connection parameters.
|
java.lang.String |
getOutboundCertificateValidation() |
Indicates the server certificate validation rules for outbound
SSL.
|
java.lang.String |
getTrustKeyStoreFileName() |
The source of the trust keystore.
|
java.lang.String |
getTrustKeyStorePassPhrase() |
The encrypted trust keystore's passphrase.
|
byte[] |
getTrustKeyStorePassPhraseEncrypted() |
The encrypted pass phrase defined when creating the keystore.
|
java.lang.String |
getTrustKeyStoreType() |
The type of the trust keystore.
|
java.lang.String |
getUsage() |
The declared usages of this SSL/TLS configuration.
|
boolean |
isAllowUnencryptedNullCipher() |
Specifies whether NULL ciphers are allowed for the TLS connection.
|
boolean |
isClientCertificateEnforced() |
Specifies whether clients must present digital certificates from
a trusted certificate authority.
|
boolean |
isHostnameVerificationIgnored() |
Specifies whether to ignore the installed implementation of the
weblogic.security.SSL.HostnameVerifier interface (when
this server is acting as a client to another application
server). |
boolean |
isSSLv2HelloEnabled() |
Indicates whether SSLv2Hello is enabled in a TLS connection.
|
boolean |
isTwoWaySSLEnabled() |
Specifies whether to use two way SSL.
|
void |
setAllowUnencryptedNullCipher(boolean enable) |
Sets the value which specifies
whether NULL ciphers are allowed for the TLS connection.
|
void |
setCiphersuites(java.lang.String[] ciphers) |
Sets the value of the cipher suites for the TLS connection.
|
void |
setClientCertificateEnforced(boolean enforced) |
Sets the value of the attribute which
specifies whether clients must present digital certificates from
a trusted certificate authority.
|
void |
setHostnameVerificationIgnored(boolean ignoreFlag) |
Sets the value of the flag which
specifies whether to ignore the installed implementation of the
weblogic.security.SSL.HostnameVerifier interface (when
this server is acting as a client to another application
server). |
void |
setHostnameVerifier(java.lang.String classname) |
Sets the value of the name of the class that implements the
weblogic.security.SSL.HostnameVerifier interface. |
void |
setIdentityKeyStoreFileName(java.lang.String fileName) |
Sets the value of the source of the identity keystore.
|
void |
setIdentityKeyStorePassPhrase(java.lang.String passPhrase) |
Sets the value of the identity key store pass phrase
attribute.
|
void |
setIdentityKeyStorePassPhraseEncrypted(byte[] passPhraseEncrypted) |
Sets the encrypted value of the identity key store pass phrase
attribute.
|
void |
setIdentityKeyStoreType(java.lang.String type) |
Sets the value of the type of the keystore.
|
void |
setIdentityPrivateKeyAlias(java.lang.String alias) |
Sets the value for the alias of the
private key representing the identity for the
associated connection.
|
void |
setIdentityPrivateKeyPassPhrase(java.lang.String passPhrase) |
Sets the value of the pass phrase
of the private key referred by the alias
in
getIdentityPrivateKeyAlias() . |
void |
setIdentityPrivateKeyPassPhraseEncrypted(byte[] passwordEncrypted) |
Sets the value of the encrypted form of the pass phrase used to retrieve
the identity private key from the keystore.
|
void |
setInboundCertificateValidation(java.lang.String validationStyle) |
Sets the value of the InboundCertificateValidation
attribute.
|
void |
setMinimumTLSProtocolVersion(java.lang.String minimumTLSProtocolVersion) |
Set the value for the minimum SSL/TLS protocol version
to be used in a TLS connection.
|
void |
setName(java.lang.String name) |
Set the value of the name of this set of TLS connection parameters.
|
void |
setOutboundCertificateValidation(java.lang.String validationStyle) |
Sets the value of the OutboundCertificateValidation
attribute.
|
void |
setTrustKeyStoreFileName(java.lang.String fileName) |
Sets the value of the source of the trust keystore.
|
void |
setTrustKeyStorePassPhrase(java.lang.String passPhrase) |
Sets the value of the trust key store pass phrase
attribute.
|
void |
setTrustKeyStorePassPhraseEncrypted(byte[] passPhraseEncrypted) |
Sets the encrypted value of the trust key store pass phrase
attribute.
|
void |
setTrustKeyStoreType(java.lang.String type) |
Sets the value of the type of the trust keystore.
|
void |
setTwoWaySSLEnabled(boolean enabled) |
Sets the value of the attribute which
specifies whether to use two way SSL.
|
void |
setUsage(java.lang.String usage) |
Sets the value of the declared usages of this SSL/TLS configuration.
|
freezeCurrentValue, getId, getInheritedProperties, getNotes, isDynamicallyCreated, isInherited, isSet, restoreDefaultValue, setComments, setDefaultedMBean, setNotes, setPersistenceEnabled, unSet
addPropertyChangeListener, createChildCopyIncludingObsolete, getParentBean, isEditable, removePropertyChangeListener
getAttribute, getAttributes, invoke, setAttribute, setAttributes
postDeregister, postRegister, preDeregister, preRegister
addNotificationListener, getNotificationInfo, removeNotificationListener
getMBeanInfo, getObjectName, getParent, getType, isCachingDisabled, isRegistered, setParent
java.lang.String getName()
The name of this set of TLS connection parameters.
getName
in interface ConfigurationMBean
getName
in interface WebLogicMBean
void setName(java.lang.String name) throws javax.management.InvalidAttributeValueException
Set the value of the name of this set of TLS connection parameters.
setName
in interface ConfigurationMBean
setName
in interface WebLogicMBean
name
- The new name value
TODO: validator ConfigurationValidator.validateNamejavax.management.InvalidAttributeValueException
getName()
java.lang.String getUsage()
The declared usages of this SSL/TLS configuration.
void setUsage(java.lang.String usage) throws javax.management.InvalidAttributeValueException
Sets the value of the declared usages of this SSL/TLS configuration.
usage
- The new usage valuejavax.management.InvalidAttributeValueException
getUsage()
java.lang.String getIdentityPrivateKeyAlias()
The alias of the private key representing the identity for the
associated connection. The alias refers to a private key in
getIdentityKeyStoreFileName()
void setIdentityPrivateKeyAlias(java.lang.String alias) throws javax.management.InvalidAttributeValueException
Sets the value for the alias of the
private key representing the identity for the
associated connection. The alias refers to a private key in
getIdentityKeyStoreFileName()
alias
- The new alias valuejavax.management.InvalidAttributeValueException
getIdentityPrivateKeyAlias()
java.lang.String getIdentityPrivateKeyPassPhrase()
The pass phrase of the private key referred by the alias
in getIdentityPrivateKeyAlias()
.
void setIdentityPrivateKeyPassPhrase(java.lang.String passPhrase) throws javax.management.InvalidAttributeValueException
Sets the value of the pass phrase
of the private key referred by the alias
in getIdentityPrivateKeyAlias()
.
passPhrase
- The new pass phrase valuejavax.management.InvalidAttributeValueException
getIdentityPrivateKeyPassPhrase()
byte[] getIdentityPrivateKeyPassPhraseEncrypted()
The encrypted form of the pass phrase used to retrieve the identity private key from the keystore.
TODO: derivedDefault ((ServerTemplateMBean)getParent()).getSSL().getServerPrivateKeyPassPhraseEncrypted()void setIdentityPrivateKeyPassPhraseEncrypted(byte[] passwordEncrypted)
Sets the value of the encrypted form of the pass phrase used to retrieve the identity private key from the keystore.
passwordEncrypted
- The encrypted form of the pass phrasejava.lang.String getIdentityKeyStoreFileName()
The source of the identity keystore.
For a JKS keystore, the source is the path and file name. For an Oracle Key Store Service (KSS) keystore, the source is the KSS URI.
If using a JKS keystore, the keystore path name must either be absolute or relative to where the server was booted.
If using a KSS keystore, the keystore URI must be of the form:
kss://system/keystorename
where keystorename
is the name of the keystore
registered in KSS.
The value in this attribute is only
used for a server if ServerMBean.KeyStores
is
CUSTOM_IDENTITY_AND_JAVA_STANDARD_TRUST
,
CUSTOM_IDENTITY_AND_CUSTOM_TRUST
or
CUSTOM_IDENTITY_AND_COMMAND_LINE_TRUST
.
void setIdentityKeyStoreFileName(java.lang.String fileName) throws javax.management.InvalidAttributeValueException
Sets the value of the source of the identity keystore.
fileName
- The new file name valuejavax.management.InvalidAttributeValueException
getIdentityKeyStoreFileName()
java.lang.String getIdentityKeyStorePassPhrase()
The encrypted identity keystore's passphrase. If empty or null, then the keystore will be opened without a passphrase.
This attribute is only used if ServerMBean.KeyStores
is
CUSTOM_IDENTITY_AND_JAVA_STANDARD_TRUST
, CUSTOM_IDENTITY_AND_CUSTOM_TRUST
or CUSTOM_IDENTITY_AND_COMMAND_LINE_TRUST
.
When you get the value of this attribute, WebLogic Server does the following:
IdentityKeyStorePassPhraseEncrypted
attribute.When you set the value of this attribute, WebLogic Server does the following:
IdentityKeyStorePassPhraseEncrypted
attribute to the
encrypted value.Using this attribute (IdentityKeyStorePassPhrase
) is a potential security risk because
the String object (which contains the unencrypted password) remains in
the JVM's memory until garbage collection removes it and the memory is reallocated. Depending on how
memory is allocated in the JVM, a significant amount of time could pass
before this unencrypted data is removed from memory.
Instead of using this attribute, use IdentityKeyStorePassPhraseEncrypted
.
getIdentityKeyStorePassPhraseEncrypted()
void setIdentityKeyStorePassPhrase(java.lang.String passPhrase) throws javax.management.InvalidAttributeValueException
Sets the value of the identity key store pass phrase attribute.
passPhrase
- The new pass phrase value valuejavax.management.InvalidAttributeValueException
getIdentityKeyStorePassPhrase()
,
setIdentityKeyStorePassPhraseEncrypted(byte[])
byte[] getIdentityKeyStorePassPhraseEncrypted()
The encrypted pass phrase defined when creating the keystore.
void setIdentityKeyStorePassPhraseEncrypted(byte[] passPhraseEncrypted)
Sets the encrypted value of the identity key store pass phrase attribute.
passPhraseEncrypted
- The new encrypted identity key store pass phrase valuegetIdentityKeyStorePassPhraseEncrypted()
java.lang.String getIdentityKeyStoreType()
The type of the keystore. Generally, this is
JKS
. If using the Oracle Key Store Service, this would be
KSS
If empty or null, then the JDK's default keystore type
(specified in java.security
) is used. The
identity key store type is only used if ServerMBean.KeyStores
is
CUSTOM_IDENTITY_AND_JAVA_STANDARD_TRUST
,
CUSTOM_IDENTITY_AND_CUSTOM_TRUST
or
CUSTOM_IDENTITY_AND_COMMAND_LINE_TRUST
.
void setIdentityKeyStoreType(java.lang.String type) throws javax.management.InvalidAttributeValueException
Sets the value of the type of the keystore. Generally, this is
JKS
. If using the Oracle Key Store Service, this would be
KSS
type
- The new identity key store type valuejavax.management.InvalidAttributeValueException
getIdentityKeyStoreType()
boolean isHostnameVerificationIgnored()
Specifies whether to ignore the installed implementation of the
weblogic.security.SSL.HostnameVerifier
interface (when
this server is acting as a client to another application
server).
void setHostnameVerificationIgnored(boolean ignoreFlag) throws javax.management.InvalidAttributeValueException
Sets the value of the flag which
specifies whether to ignore the installed implementation of the
weblogic.security.SSL.HostnameVerifier
interface (when
this server is acting as a client to another application
server).
ignoreFlag
- The new hostnameVerificationIgnored valuejavax.management.InvalidAttributeValueException
isHostnameVerificationIgnored()
java.lang.String getHostnameVerifier()
The name of the class that implements the
weblogic.security.SSL.HostnameVerifier
interface.
This class verifies whether the connection to the host with the
hostname from URL should be allowed. The class is used to prevent
man-in-the-middle attacks. The
weblogic.security.SSL.HostnameVerifier
has a
verify()
method that WebLogic Server calls on the client
during the SSL handshake.
void setHostnameVerifier(java.lang.String classname) throws javax.management.InvalidAttributeValueException
Sets the value of the name of the class that implements the
weblogic.security.SSL.HostnameVerifier
interface.
classname
- The new hostnameVerifier class name valuejavax.management.InvalidAttributeValueException
getHostnameVerifier()
boolean isTwoWaySSLEnabled()
Specifies whether to use two way SSL.
void setTwoWaySSLEnabled(boolean enabled) throws javax.management.InvalidAttributeValueException
Sets the value of the attribute which specifies whether to use two way SSL.
enabled
- The new twoWaySSLEnabled valuejavax.management.InvalidAttributeValueException
isTwoWaySSLEnabled()
boolean isClientCertificateEnforced()
Specifies whether clients must present digital certificates from a trusted certificate authority.
void setClientCertificateEnforced(boolean enforced) throws javax.management.InvalidAttributeValueException
Sets the value of the attribute which specifies whether clients must present digital certificates from a trusted certificate authority.
enforced
- The new ClientCertificateEnforced valuejavax.management.InvalidAttributeValueException
isClientCertificateEnforced()
java.lang.String[] getCiphersuites()
Specifies the cipher suites for the TLS connection.
The strongest negotiated cipher suite is chosen during the SSL handshake. The set of cipher suites used by default by JSSE depends on the specific JDK version with which WebLogic Server is configured.
For a list of possible values, see Cipher Suites.
void setCiphersuites(java.lang.String[] ciphers) throws javax.management.InvalidAttributeValueException
Sets the value of the cipher suites for the TLS connection.
ciphers
- The new ciphersuites valuejavax.management.InvalidAttributeValueException
- if the array is null or contains null elements.getCiphersuites()
boolean isAllowUnencryptedNullCipher()
Specifies whether NULL ciphers are allowed for the TLS connection.
When a SSL server and a SSL client try to negotiate a commonly supported Cipher, there is a chance that they may end up with nothing in common. A NullCipher is a cipher providing no encryption for the SSL message between the client and server, and it may temporarily be used in the development environment if the SSL server and client share no common cipher for some reason. This is not a standard SSL feature, some SSL provider supports this feature.
The AllowUnEncryptedNullCipher flag is used to control whether the NullCipher feature is enabled or not, if true, the SSL message may be unencrypted when SSL server and client shares no common cipher.
This AllowUnEncryptedNullCipher flag is only effective to SSL providers which support the NullCipher feature.
Warning: this NullCipher feature should NOT be enabled for a production environment, it may leads to unencrypted SSL message
By default, the AllowUnEncryptedNullCipher is false
*void setAllowUnencryptedNullCipher(boolean enable)
Sets the value which specifies whether NULL ciphers are allowed for the TLS connection.
enable
- true to allow NullCipher featureisAllowUnencryptedNullCipher()
java.lang.String getTrustKeyStoreFileName()
The source of the trust keystore.
For a JKS keystore, the source is the path and file name. For an Oracle Key Store Service (KSS) keystore, the source is the KSS URI.
If using a JKS keystore, the keystore path name must either be absolute or relative to where the server was booted.
If using a KSS keystore, the keystore URI must be of the form:
kss://system/keystorename
where keystorename
is the name of the keystore
registered in KSS.
The value in this attribute is only
used for a server if ServerMBean.KeyStores
is
CUSTOM_IDENTITY_AND_CUSTOM_TRUST
.
void setTrustKeyStoreFileName(java.lang.String fileName) throws javax.management.InvalidAttributeValueException
Sets the value of the source of the trust keystore.
fileName
- The new file name valuejavax.management.InvalidAttributeValueException
getTrustKeyStoreFileName()
java.lang.String getTrustKeyStorePassPhrase()
The encrypted trust keystore's passphrase. If empty or null, then the keystore will be opened without a passphrase.
This attribute is only used if ServerMBean.KeyStores
is
CUSTOM_IDENTITY_AND_CUSTOM_TRUST
.
When you get the value of this attribute, WebLogic Server does the following:
TrustKeyStorePassPhraseEncrypted
attribute.When you set the value of this attribute, WebLogic Server does the following:
TrustKeyStorePassPhraseEncrypted
attribute to the
encrypted value.Using this attribute (TrustKeyStorePassPhrase
) is a potential security risk because
the String object (which contains the unencrypted password) remains in
the JVM's memory until garbage collection removes it and the memory is reallocated. Depending on how
memory is allocated in the JVM, a significant amount of time could pass
before this unencrypted data is removed from memory.
Instead of using this attribute, use TrustKeyStorePassPhraseEncrypted
.
getTrustKeyStorePassPhraseEncrypted()
void setTrustKeyStorePassPhrase(java.lang.String passPhrase) throws javax.management.InvalidAttributeValueException
Sets the value of the trust key store pass phrase attribute.
passPhrase
- The new pass phrase value valuejavax.management.InvalidAttributeValueException
getTrustKeyStorePassPhrase()
,
setTrustKeyStorePassPhraseEncrypted(byte[])
byte[] getTrustKeyStorePassPhraseEncrypted()
The encrypted pass phrase defined when creating the keystore.
void setTrustKeyStorePassPhraseEncrypted(byte[] passPhraseEncrypted)
Sets the encrypted value of the trust key store pass phrase attribute.
passPhraseEncrypted
- The new encrypted trust key store pass phrase valuegetTrustKeyStorePassPhraseEncrypted()
java.lang.String getTrustKeyStoreType()
The type of the trust keystore. Generally, this is
JKS
. If using the Oracle Key Store Service, this would be
KSS
If empty or null, then the JDK's default keystore type
(specified in java.security
) is used. The
trust key store type is only used if
ServerMBean.KeyStores
is
CUSTOM_IDENTITY_AND_CUSTOM_TRUST
.
void setTrustKeyStoreType(java.lang.String type) throws javax.management.InvalidAttributeValueException
Sets the value of the type of the trust keystore. Generally, this is
JKS
. If using the Oracle Key Store Service, this would be
KSS
type
- The new trust key store type valuejavax.management.InvalidAttributeValueException
getTrustKeyStoreType()
java.lang.String getInboundCertificateValidation()
Indicates the client certificate validation rules for inbound SSL.
This attribute only applies to TLS connections using 2-way SSL.
void setInboundCertificateValidation(java.lang.String validationStyle)
Sets the value of the InboundCertificateValidation attribute.
validationStyle
- the new validation stylegetInboundCertificateValidation()
java.lang.String getOutboundCertificateValidation()
Indicates the server certificate validation rules for outbound SSL.
This attribute always applies to outbound SSL that is part of
WebLogic Server (that is, an Administration Server talking to the
Node Manager). It does not apply to application code in the server
that is using outbound SSL unless the application code uses a
weblogic.security.SSL.ServerTrustManager
that is
configured to use outbound SSL validation.
void setOutboundCertificateValidation(java.lang.String validationStyle)
Sets the value of the OutboundCertificateValidation attribute.
validationStyle
- the new validation stylegetOutboundCertificateValidation()
java.lang.String getMinimumTLSProtocolVersion()
setMinimumTLSProtocolVersion(String)
void setMinimumTLSProtocolVersion(java.lang.String minimumTLSProtocolVersion) throws javax.management.InvalidAttributeValueException
minimumTLSProtocolVersion
- the new minimum SSL/TLS protocol versionjavax.management.InvalidAttributeValueException
boolean isSSLv2HelloEnabled()