SecureConnection (Java(TM) ME Generic Connection Framework, Version 8 (JSR360 Final Release))

All Superinterfaces:: java.lang.AutoCloseable, java.io.Closeable, Connection, InputConnection, OutputConnection, SocketConnection, StreamConnection

public interface SecureConnection
extends SocketConnection

This interface defines the secure socket stream connection. A secure connection is established using Connector.open with the scheme "ssl" and the secure connection is established before open returns. The mode parameter of Connector.open is not used. If the secure connection cannot be established due to errors related to certificates a CertificateException is thrown.

A secure socket is accessed using a generic connection string with an explicit host and port number. The host may be specified as a fully qualified host name or IP Address. e.g. ssl://host.com:79 defines a target socket on the host.com system at port 79.

The SecureConnection supports the same ConnectionOption parameters as defined by SocketConnection.

Note that RFC1900 recommends the use of names rather than IP numbers for best results in the event of IP number reassignment.

Protocols and Protocol variants

A secure connection MUST be implemented by one or more of the following specifications:

TLS Protocol Version 1.0 as specified in RFC 2246.
TLS Protocol Version 1.1 as specified in RFC 4346.
TLS Protocol Version 1.2 as specified in RFC 5246.
The Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) RFC 4492.
SSL V3 as specified in The SSL Protocol Version 3.0

If TLS1.0, TLS 1.1 or TLS1.2 is implemented, also RFC 6176 must be implemented. It is strongly recommended to also implement RFC 5746.

Mandatory cipher suites

A valid implementation of the TLS protocol must at least support the mandatory ciphers as defined by the respective RFCs. For TLS 1.1 the mandatory cipher suite is TLS_RSA_WITH_3DES_EDE_CBC_SHA, for TLS 1.2 it is TLS_RSA_WITH_AES_128_CBC_SHA.

BNF Format for Connector.open() string

The URI must conform to the BNF syntax specified below. If the URI does not conform to this syntax, an IllegalArgumentException is thrown.

<socket_connection_string>	::= "ssl://"<hostport>
<hostport>	::= host ":" port
<host>	::= host name or IP address
<port>	::= numeric port number

Connection Options for SecureConnection

This connection inherits the connection options from SocketConnection. Additional behavior, such as the selection of a certificate, cipher suite or a choice of a specific protocol can be achieved by using the ConnectionOptions below.

Certificate is used to supply a string containing the Subject distinguished name of the X.509 client certificate in the string representation defined by clause 3 of RFC 4514. If the secure connection cannot be established due to errors related to certificates, a CertificateException is thrown.

Protocol is used to supply a string to select a minimum version of the SSL/TLS protocol. If the implementation does not support the selected protocol, Connector.open fails with a ConnectionNotFoundException. If no Protocol connection option is passed and the implementation supports multiple versions of the protocol, the implementation defaults to the highest version of the protocol (SSLv3 < TLS1.0 < TLS1.1 < TLS1.2).

CipherSuite is used to supply a string to select a set of specific cipher suites. The table below lists all possible names for protocols and cipher suites; the actual set of supported protocols and cipher suites are platform-dependent. If none of the selected cipher suites can be used for the connection, Connector.open fails with a ConnectionNotFoundException.

Name	Type	Values	Remarks
"Certificate"	String	Subject distinguished name	Example: "cn=Robert Smith+uid=rsmith,ou=people,dc=example,dc=com"
"Protocol"	String	"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"	The protocol parameter is case insensitive, only one protocol option is permitted. It denotes the minimum requested protocol version, where SSLv3 < TLSv1 < TLSv1.1 < TLSv1.2
"CipherSuite"	String	The cipher suite string can be one of the following: the CipherSuite column of the CipherSuite definitions table in Appendix C of SSL V3 RFC 6101. the CipherSuite column of the CipherSuite definitions table in Appendix C of TLS 1.0 RFC 2246. the CipherSuite column of the CipherSuite definitions table in Appendix C of TLS 1.1 RFC 4346. the CipherSuite column of the CipherSuite definitions table in Appendix C of TLS 1.2 RFC 5246. the CipherSuite column (2nd column) of the CipherSuite definitions table in section 6 of Elliptic Curve Cryptography (ECC) Cipher Suites RFC 4492.	Multiple cipher suites may be specified in one `Connector.open` call simultaneously. The sequence of these cipher suites indicates the order in which the negotiation with the communication partner shall be performed.

Example

The following example shows how a SecureConnection using TLS1.2 and Elliptic Curve cipher suite would be used to establish a TLS connection to "host.com" on port 79.

   ConnectionOption<String> protocol = new ConnectionOption<String>("Protocol", "TLSv1.2");
   ConnectionOption<String> cipher = new ConnectionOption<String>("CipherSuite", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
   SecureConnection sc = (SecureConnection)
                         Connector.open("ssl://host.com:79", protocol, cipher);

   SecurityInfo info = sc.getSecurityInfo();
   boolean isTLS = (info.getProtocolName().equals("TLS"));

   sc.setSocketOption(SocketConnection.LINGER, 5);

   InputStream is  = sc.openInputStream();
   OutputStream os = sc.openOutputStream();

   os.write("Hello World\r\n".getBytes());
   int ch = 0;
   while(ch != -1) {
       ch = is.read();
   }

   is.close();
   os.close();
   sc.close();

Since:: MIDP 2.0, CLDC 8

- Field Summary
  - Fields inherited from interface javax.microedition.io.SocketConnection
    DELAY, KEEPALIVE, LINGER, RCVBUF, SNDBUF, TIMEOUT
- Method Summary
  
  Methods
  Modifier and Type Method and Description
  
  SecurityInfo getSecurityInfo()
  Return the security information associated with this connection when it was opened.
  - Methods inherited from interface javax.microedition.io.SocketConnection
    getAccessPoint, getAddress, getLocalAddress, getLocalPort, getPort, getSocketOption, setSocketOption
  - Methods inherited from interface javax.microedition.io.InputConnection
    openDataInputStream, openInputStream
  - Methods inherited from interface javax.microedition.io.OutputConnection
    openDataOutputStream, openOutputStream
  - Methods inherited from interface javax.microedition.io.Connection
    close

Methods
Modifier and Type	Method and Description
`SecurityInfo`	`getSecurityInfo()` Return the security information associated with this connection when it was opened.

- Method Detail
  - getSecurityInfo
```
SecurityInfo getSecurityInfo()
                             throws java.io.IOException
```
    Return the security information associated with this connection when it was opened.
    
    Returns:
    the security information associated with this open connection.
    
    Throws:
    
    java.io.IOException - if an arbitrary connection failure occurs

Interface SecureConnection

Protocols and Protocol variants

Mandatory cipher suites

BNF Format for Connector.open() string

Connection Options for SecureConnection

Example

Field Summary

Fields inherited from interface javax.microedition.io.SocketConnection

Method Summary

Methods inherited from interface javax.microedition.io.SocketConnection

Methods inherited from interface javax.microedition.io.InputConnection

Methods inherited from interface javax.microedition.io.OutputConnection

Methods inherited from interface javax.microedition.io.Connection

Method Detail

getSecurityInfo