Oracle Advanced Security Administrator's Guide
Release 8.1.7

Part Number A85430-01

Library

Product

Contents

Index

Go to previous page Go to next page

F
Oracle Implementation of Java SSL

This appendix provides an overview of the components and usage of the Oracle implementation of Java SSL; a standard extension of the JavaSoft Java platform.

This appendix contains the following sections:

Oracle Java SSL Features

In addition to the SSL APIs and protocol implementation, the Oracle implementation of Java SSL supports the following:

Choices related to the implementation of cryptographic security code are critically important, and therefore the interface defined by JavaSoft uses JNI native code instead of pure Java.

For example, in some environments hardware to accelerate cryptographic operations is important, and in other environments only specific implementations of cryptographic algorithms are permitted.

SSL Cipher Suite Supported in Oracle Java SSL

A cipher suite combines four kinds of security features and is named in the SSL protocol specification. Before data flows over an SSL connection, both ends attempt to negotiate a cipher suite. This allows them to establish the appropriate protection of their communications within the constraints of the particular combinations of mechanism that are available.

The features associated with a cipher suite are as follows:

Certificate and Key Management with Oracle Wallet Manager

Oracle Wallet Manager can be used to generate private key and public key pairs and certificate requests. An appropriate signer's certificate or certificates with the complete certificate chain should be added to produce a complete Oracle Wallet.

If there is a complete wallet with a certificate in Ready status, it can be exported in BASE64 format into a file using the menu option Operation ->ExportWallet. The file can be used to add SSL credentials in a Java SSL based program.


More Information:

For information on Oracle Wallet Manager, see Chapter 18, Using Oracle Wallet Manager


If a user is not using Oracle Wallet Manager, the user can add individual components to a file and use them. In this case, the certificate should be added first, followed by the private key. The CA certificate and other trusted certificates should be added after the certificate and private key.

Oracle Java SSL Examples

The examples in this section demonstrate the following:

The example shows an implementation of a client named SecureHelloClient, which connects to a server named SecureHelloServer. The server receives data from the client and sends a hello string.

The example consists of two independently running Java programs: the client program and the server program. The client program is implemented by a single class, SecureHelloClient. The server program is also implemented as a single class, SecureHelloServer, which contains the main method for the server program and performs the work of listening to the port, establishing connections, and data reading from and writing to the socket.

Prerequisites

The JDK version 1.1 or 1.2 should be installed with the following jar files in the CLASSPATH environment variable:

The following library should be added to the shared library path:

SecureHelloServer Program

This section describes the code that implements the SecureHelloServer program. The server program creates a new SSLServerSocketFactory and sets the required SSL protocol version as follows:

OracleSSLServerSocketFactory sslSrvSocketFactory 
     = (OracleSSLServerSocketFactory)SSLServerSocketFactory.getDefault();
sslSrvSocketFactory.setSSLProtocolVersion(OracleSSLProtocolVersion.SSL_Version_
3_0);

Two scenarios are possible, depending on whether Oracle Wallet Manager is used.

If Oracle Wallet Manager is used to export the wallet, the setWallet API can be used to populate the OracleSSLCredential object as follows:

OracleSSLCredential sslCredObj = new OracleSSLCredential();
sslCredObj.setWallet("wlt.txt", "wltpasswd");
sslSrvSocketFactory.setSSLCredential(sslCredObj);


Note:

The absolute path must be specified for wlt.txt if it is not in the current directory. 


If the wallet is not generated by Oracle Wallet Manager, the user must set the following:

The code for this scenario is as follows:

OracleSSLCredential sslCredObj = new OracleSSLCredential();
// Set trusted certificates
sslCredObj.addTrustedCert(easQACA);

// Construct certificate chain. Place CA at the top
// and user certificate at the bottom. The order of
// set certificates in the chain is important. You must set
// root certificate first, then signer certificates, and finally user 
// certificate.
sslCredObj.addCertChain(rootCA); (set root CA certificate)
sslCredObj.addCertChain(signer CA);(set signer certificate)
sslCredObj.addCertChain(userCert); (set user certificate)

/*
 * Set private key
*/
sslCredObj.setPrivateKey(userKey, password);

If the Diffie-Hellman algorithm is being used, setSSLCredentials should be called with a null value as follows:

sslSrvSocketFactory.setSSLCredentials(null);

SSLServerSocket uses a specific port for listening. When writing a server, select a port that is not already dedicated to another service.

In this example, port 8443 is used as follows:

SSLServerSocket sslSrvSocket = 
     (SSLServerSocket)sslSrvSocketFactory.createServerSocket(8443);

SSLServerSocket requires supported ciphers to be set as follows:

String [] ciphers = sslSrvSocket.getSupportedCipherSuites() ;
sslSrvSocket.setEnabledCipherSuites(ciphers);

Because this is a server, it is set to SSL server mode as follows:

sslSrvSocket.setUseClientMode(false); 


Note:

You can also use the client node to connect to another server. 


Client authentication is not used in this example, and therefore setNeedClientAuth must be called with the parameter set to false as follows:

sslSrvSocket.setNeedClientAuth(false); 

If client authentication is required, set setNeedClientAuth to TRUE.

To accept the client connection, accept() must be called, which returns a socket object. Using this socket, regular reads and writes can be performed similar to a regular socket object by calling getOutputStream() and getInputStream() as follows:

OutputStream  out = pSocket.getOutputStream(); 
InputStream   in  = pSocket.getInputStream(); 

After data is exchanged, close all streams and sockets before exiting the application as follows:

out.close();
in.close();
pSocket.close();
sslSrvSocket.close();


Note:

The SSL package is used with the certificate package. However, there is a different certificate package for different JDK releases. Import the correct certificate package as follows:

  • For JDK 1.1, import javax.security.cert.X509Certificate

  • For JDK 1.2, import java.security.cert.X509Certificate

 

The complete SecureHelloServer example for JDKI 1.1 is as follows.

 // SecureHelloServer.java 

     import java.net.*; 
     import java.io.*; 
     import java.util.*; 
     import java.lang.*; 

     import javax.net.*; 
     import javax.net.ssl.*; 

     import javax.security.cert.X509Certificate; 
     import oracle.security.ssl.OracleSSLServerSocketFactoryImpl; 
     import oracle.security.ssl.OracleSSLServerSocketFactory; 
     import oracle.security.ssl.OracleSSLProtocolVersion; 
     import oracle.security.ssl.OracleSSLCredential; 
       

     public class SecureHelloServer 
     { 
         public static void main(String[] args) 
         { 
             // We will use Oracle implementation here 
             java.util.Properties prop = System.getProperties(); 
             prop.put("SSLServerSocketFactoryImplClass", 
                   "oracle.security.ssl.OracleSSLServerSocketFactoryImpl"); 
             try 
             { 
                 // Get the default socket factory 
                 OracleSSLServerSocketFactory sslSrvSocketFactory 
                      = (OracleSSLServerSocketFactory)SSLServerSocketFactory.getDefault(); 

                 // Set the SSL protocol version 
                 sslSrvSocketFactory.setSSLProtocolVersion(OracleSSLProtocolVersion.SSL_Version_3_0); 

                 // Create the ssl credential object 
                 OracleSSLCredential sslCredObj = new OracleSSLCredential(); 

                                                  // If you are using Oracle's wallet, certdb.txt, you can use setWallet as follows:
                 sslCredObj.setWallet(certdb.txt,password)

                 // If you are not using Oracle Wallet Manager, see the SecureHelloClient
                 // program example.
                 
                     // Add ssl credential to the ssl context 
                 sslSrvSocketFactory.setSSLCredentials(sslCredObj); 

                 // Create the server socket 
                 SSLServerSocket sslSrvSocket = 
                  (SSLServerSocket)sslSrvSocketFactory.createServerSocket(8443); 

                 // Print the available ciphers 
                 String [] ciphers = sslSrvSocket.getSupportedCipherSuites() ; 

                 // Select the ciphers you want and put it. 
                 // Here we will put all available ciphers. 
                 // You can also set particular cipher suite.
                 // Construct a cipher list and in a string array and
                 // pass it to setEnabledCipherSuites.
                 sslSrvSocket.setEnabledCipherSuites(ciphers); 

                 // We are creating ssl server socket, so set the mode to false. 
                 sslSrvSocket.setUseClientMode(false); 

                 // If you want  do client side authentication then set it to true. 
                 // We won't do client side authintication here. 
                 sslSrvSocket.setNeedClientAuth(false); 
       

                 System.out.println("Wating for client..."); 
                 // Now accept a client connection 
                 Socket pSocket = sslSrvSocket.accept(); 

                 if (sslSrvSocket.getNeedClientAuth() == true) 
                { 
                     System.out.println("Printing client information:"); 
                     X509Certificate[] peerCerts 
                             =
     ((javax.net.ssl.SSLSocket)pSocket).getSession().getPeerCertificateChain(); 

                      if (peerCerts != null) 
                      { 
                           for(int i =0; i ? peerCerts.length; i++) 
                           { 
                               System.out.println("Peer Certificate  ["+i+"] Information:"); 
                               System.out.println("- Subject: " +
     peerCerts[i].getSubjectDN().getName()); 
                               System.out.println("- Issuer: " + peerCerts[i].getIssuerDN().getName()); 
                               System.out.println("- Version: " + peerCerts[i].getVersion()); 
                               System.out.println("- Start Time: " +
     peerCerts[i].getNotBefore().toString()); 
                               System.out.println("- End Time: " +
     peerCerts[i].getNotAfter().toString()); 
                               System.out.println("- Signature Algorithm: " +
     peerCerts[i].getSigAlgName()); 
                               System.out.println("- Serial Number: " + peerCerts[i].getSerialNumber());

                          } 
                      } 
                      else 
                         System.out.println("Failed to get peer certificates"); 
                  } 

                 // Now do data exchange with client 
                 OutputStream  out = pSocket.getOutputStream(); 
                 InputStream   in  = pSocket.getInputStream(); 

                 String inputLine, outputLine; 
                 byte []  msg = new byte[1024]; 

                 int readLen = in.read(msg, 0, msg.length); 
                 if(readLen>0) 
                 { 
                     inputLine = new String(msg, 0, readLen); 
                     if(inputLine.startsWith("HELLO")) 
                     { 
                         outputLine = "Hello !! Current Server Time: " + new Date().toString(); 
                         outputLine.getBytes(); 
                         out.write(outputLine.getBytes()); 
                     } 
                     System.out.println("Client Message: " + inputLine ); 
                 } 
                 else 
                     System.out.println("Can't read data from client"); 

                 // Close all sockets and streams 
                 out.close(); 
                 in.close(); 
                 pSocket.close(); 
                 sslSrvSocket.close(); 
             } 
             catch(SSLException e) 
             { 
                 System.out.println("SSL exception caught:"); 
                 e.printStackTrace(); 
             } 
             catch(IOException e) 
             { 
                 System.out.println("IO exception caught:"); 
                 e.printStackTrace(); 
             } 
             catch(Exception e) 
             { 
                 System.out.println("Exception caught:"); 
                 e.printStackTrace(); 
             } 
         } 
     } 

SecureHelloClient Program

The client program creates a new client SSLSocketFactory and sets the required SSL protocol version as follows:

             OracleSSLSocketFactory sSocFactory 
                  = (OracleSSLSocketFactory)SSLSocketFactory.getDefault(); 
             sSocFactory.setSSLProtocolVersion(OracleSSLProtocolVersion.SSL_Version_3_0); 

Because the RSA algorithm is used, the OracleSSLCredential object is required. Adding trusted certificates is optional. If no trusted certificates are set, the peer certificate will not be verified against any trusted certificates. If the server needs client authentication, the complete certificate chain and client private key must be added to the SSL credential object as follows:

OracleSSLCredential sslCredObj = new OracleSSLCredential(); 
sslCredObj.addTrustedCert(caCert); 
sSocFactory.setSSLCredentials(sslCredObj); 

Create a SSL socket for connecting to the server by creating a socket with the required host name and port, in this example 8443, as follows:

SSLSocket jsslSoc = 
     (SSLSocket)sSocFactory.createSocket(hostName, 8443);

Set the required ciphers from the supported ciphers as follows:

String [] ciphers = jsslSoc.getSupportedCipherSuites() ; 
jsslSoc.setEnabledCipherSuites(ciphers); 

Set the socket to SSL client mode and call startHandshake() to perform the SSL handshake as follows:

jsslSoc.setUseClientMode(true); 
jsslSoc.startHandshake(); 



Note:

setUseClientMode is set to TRUE by default. 


Obtain the input stream and output stream from the socket and perform standard data input and output as follows:

OutputStream  out = jsslSoc.getOutputStream(); 
InputStream   in  = jsslSoc.getInputStream(); 

After data exchange, close all streams and sockets as follows:

out.close(); 
in.close(); 
jsslSoc.close(); 


Note:

The SSL package is used with the certificate package. However, there is a different certificate package for different JDK versions. Import the correct certificate package as follows:

  • For JDK 1.1, import javax.security.cert.X509Certificate

  • For JDK 1.2, import java.security.cert.X509Certificate

 

The complete SecureHelloClient example is as follows.

// SecureHelloClient.java 
     import java.net.*; 
     import java.io.*; 
     import java.util.*; 

     import javax.net.ssl.*; 

     import javax.security.cert.X509Certificate; 
     import oracle.security.ssl.OracleSSLCredential; 
     import oracle.security.ssl.OracleSSLSocketFactory; 
     import oracle.security.ssl.OracleSSLProtocolVersion; 
     import oracle.security.ssl.OracleSSLSession; 

     public class SecureHelloClient 
     { 
         public static void main(String argv[]) 
         { 
             String hostName = "localhost"; 
             if(argv.length != 0) 
               String hostName = argv[0]; 

             // Set the SSLSocketFactoryImpl class as follows:
             java.util.Properties prop = System.getProperties(); 
             prop.put("SSLSocketFactoryImplClass", 
                 "oracle.security.ssl.OracleSSLSocketFactoryImpl"); 

             try 
             { 
                 // Get the default socket factory 
                 OracleSSLSocketFactory sSocFactory 
                     = (OracleSSLSocketFactory)SSLSocketFactory.getDefault(); 

                 sSocFactory.setSSLProtocolVersion(OracleSSLProtocolVersion.SSL_Version_3_0); 

                 OracleSSLCredential sslCredObj = new OracleSSLCredential(); 

                 // Set the certificate chain and private key if the
                 // server requires client authentication
                 sslCredObj.addCertChain(caCert)
                 sslCredObj.addCertchain(userCert)
                 sslCredObj.setPrivateKey(userPvtKey, userPassword)

                 // Populate credential object 
                 sslCredObj.addTrustedCert(trustedCert); 
                 sSocFactory.setSSLCredentials(sslCredObj); 

                 // Create the socket using factory 
                 SSLSocket jsslSoc = 
                     (SSLSocket)sSocFactory.createSocket(hostName, 8443); 

                 String [] ciphers = jsslSoc.getSupportedCipherSuites() ; 

                 // Select the ciphers you want and put them. 
                 // Here we will put all availabel ciphers 
                 jsslSoc.setEnabledCipherSuites(ciphers); 

                 // We are creating socket in client mode 
                 jsslSoc.setUseClientMode(true); 

                 // Do SSL handshake 
                 jsslSoc.startHandshake(); 

                 // Print negotiated cipher 
                 System.out.println("Negotiated Cipher Suite: " 
                     +jsslSoc.getSession().getCipherSuite()); 

                 System.out.println(""); 
                 X509Certificate[] peerCerts 
                         = ((javax.net.ssl.SSLSocket)jsslSoc).getSession().getPeerCertificateChain(); 

                  if (peerCerts != null) 
                  { 
                       System.out.println("Printing server information:"); 
                       for(int i =0; i ? peerCerts.length; i++) 
                       { 
                           System.out.println("Peer Certificate  ["+i+"] Information:"); 
                           System.out.println("- Subject: " + peerCerts[i].getSubjectDN().getName()); 
                           System.out.println("- Issuer: " + peerCerts[i].getIssuerDN().getName()); 
                           System.out.println("- Version: " + peerCerts[i].getVersion()); 
                           System.out.println("- Start Time: " +
     peerCerts[i].getNotBefore().toString()); 
                           System.out.println("- End Time: " + peerCerts[i].getNotAfter().toString()); 
                           System.out.println("- Signature Algorithm: " + peerCerts[i].getSigAlgName());

                           System.out.println("- Serial Number: " + peerCerts[i].getSerialNumber()); 
                      } 
                  } 
                  else 
                     System.out.println("Failed to get peer certificates"); 

                 // Now do data exchange with client 
                 OutputStream  out = jsslSoc.getOutputStream(); 
                 InputStream   in  = jsslSoc.getInputStream(); 

                 String inputLine, outputLine; 
                 byte []  msg = new byte[1024]; 

                 outputLine = "HELLO"; 
                 out.write(outputLine.getBytes()); 
                 int readLen = in.read(msg, 0, msg.length); 
                 if(readLen > 0) 
                 { 
                     inputLine = new String(msg, 0, readLen); 
                     System.out.println(""); 
                     System.out.println("Server Message:"); 
                     System.out.println(inputLine ); 
                 } 
                 else 
                    System.out.println("Can't read data from client"); 

                 // Close all sockets and streams 
                 out.close(); 
                 in.close(); 
                 jsslSoc.close(); 
             } 
             catch(SSLException e) 
             { 
                 System.out.println("SSL exception caught:"); 
                 e.printStackTrace(); 
             } 
             catch(IOException e) 
             { 
                 System.out.println("IO exception caught:"); 
                 e.printStackTrace(); 
             } 
             catch(Exception e) 
             { 
                 System.out.println("Exception caught:"); 
                 e.printStackTrace(); 
             } 
         } 
     }

Firewall Tunnelling Program Using the SSL Socket

The following example shows how to use the Java SSL Socket with firewall tunnelling.

import java.net.*;
import java.io.*;
import java.util.*;
import java.lang.*;

import java.security.cert.*;
import javax.net.ssl.*;

import oracle.security.ssl.OracleSSLCredential;
import oracle.security.ssl.OracleSSLSocketFactory;
import oracle.security.ssl.OracleSSLProtocolVersion;

public class SSLSocketTest
{
    public static void main(String argv[])
    {

        if(OracleSSLCipher.isSSLLibDomestic())
            System.out.println("Domestic SSL library");
        else
            System.out.println("Export SSL library");

        String hostName = "";
        int i           = 0;

        try 
        {
            hostName = argv[0];
        } catch (Exception e) 
        {
            hostName = "localhost";
        }

        try
        {
            i = (new Integer(argv[1])).intValue();
        } 
        catch (Exception e) 
        {
            i = 443;
        }
            
        String proxy = System.getProperty("PROXY");
        String certdb = System.getProperty("CERTDBFILE");

        java.util.Properties prop = System.getProperties();
        prop.put("SSLSocketFactoryImplClass", "oracle.security.ssl.OracleSSLSocketFactoryImpl");

        try
        {
           /*
            * User can set their own x.509 impl. class and the default 
            * is set to the oracle impl. in the factory class
            * java.security.Security.setProperty("cert.provider.x509v1", 
            * "oracle.security.cert.X509CertificateImpl");
            */

            // Get the default socket factory
            OracleSSLSocketFactory sSocFactory 
                = (OracleSSLSocketFactory)OracleSSLSocketFactory.getDefault();

            // sSocFactory.setSSLProtocolVersion(OracleSSLProtocolVersion.SSL_Version_3_0_With_2_0_Hello);
            sSocFactory.setSSLProtocolVersion(OracleSSLProtocolVersion.SSL_Version_3_0);

            OracleSSLCredential sslCredObj = new OracleSSLCredential();
            
            if (certdb == null)
              System.out.println("certdb is null");
            else
              sslCredObj.setWallet (certdb, "welcome12");

            /*
             * Populate credential object
             */

             sSocFactory.setSSLCredentials(sslCredObj);

            SSLSocket jsslSoc = null; 

            // Create a regular java Socket connect to proxy server
            // www-proxy1
            // port 80

            Socket soc = new Socket("www-proxy1", 80);
            if (makeProxyConnection(soc, hostName, i))
            {
              System.out.println("Proxy enable sucessfully");
            }
            // Pass the soc generated using 
            // Java SSLSocket Constructor
            jsslSoc = (SSLSocket)sSocFactory.createSocket(soc);
            
            // Now you can use the jsslSoc for ssl connection
            // to a ssl server through a proxy server
            java.security.cert.X509Certificate[] peerCerts  
              = jsslSoc.getSession().getPeerCertificateChain(); 
             
            exchangeData(jsslSoc); 
             
            jsslSoc.close(); 


        }
        catch(Exception e)
        {
                 e.printStackTrace();
        }
        System.exit(0);
    }

    // Connect string needs to be set up for firewall tunnelling connection
    private static boolean makeProxyConnection(Socket pjsoc, String host, int port)
    {
        try
        {
          InputStream  rawInStream  = pjsoc.getInputStream();
          OutputStream rawOutStream = pjsoc.getOutputStream();
          String portStr = String.valueOf(port);
          String connString 
            =   "CONNECT "+host+":"+portStr+" HTTP/1.0 \n"
            + "User-Agent: Oracle Proxy Enabled SSL Socket \n\n";
          rawOutStream.write(connString.getBytes(), 0, connString.length());
          byte[] pxyMsg = new byte[2048];
          int rdData = rawInStream.read(pxyMsg, 0, 2048);
          System.out.println("Proxy Message:\n"+ new String(pxyMsg, 0, rdData));
          return true;
        }
        catch(Exception e)
        {
          return false;
        }
}
    public static void exchangeData(SSLSocket sslSoc) throws
        IOException 
    { 
 
      String outs = "GET / HTTP/1.0 \r\n\r\n"; 
 
      BufferedInputStream isr = new
      BufferedInputStream(sslSoc.getInputStream(), 8192);       
      BufferedOutputStream os = new
      BufferedOutputStream(sslSoc.getOut putStream(), outs.length()); 
 
      os.write(outs.getBytes(), 0, outs.length()); 
      os.flush(); 
      System.out.println("Server Response:");     
      System.out.println("----------------");     
 
      String srvResp = new String(); 
      byte[] srvmsg = new byte[4096*2]; 
      int n = 0; 
      do 
      { 
            n = isr.read(srvmsg, 0, srvmsg.length); 
        if(n > 0) 
      }
      os.close();
      isr.close();
    }


}

Security Aware Applications Support

To enable the security aware applications to do their own validation, Oracle Java SSL code allows handshakes to pass even if trust points are not set for RSA SSL ciphers.

A sample security aware application will not set trust points. It can get the peer certificate chain after the handshake using the following code:

javax.security.cert.x509Certificate[] peerCerts

= jsslSoc.getSession() .getPeerCertificateChain();

where jsslSoc is the SSLSocket object used for the connection. Using the certificate chain the individual certificates can be extracted for application specific validation like matching the certificate's distinguished name (DN) against a user database. This is useful when there are large numbers of trust points stored in a database and the application does not want to pass all of them to the SSL layer. The application can extract the relevant trust points and match them against certificates in the peer certificate chain. However, the application must match the certificates in the chain against their trust points to verify whether the chain can be trusted or not.

Security unaware applications that always want the trust point check should ensure that trust points are set in the application itself.

Class Hierarchy for Extensions to the Java SSL Package

The following is the class hierarchy for the extensions to the Java SSL package for JDK 1.2.

class java.lang.Object

class java.security.cert.Certificate
class java.security.cert.X509Certificate (implements 
java.security.cert.X509Extension) 
class oracle.security.cert.X509CertificateImpl
class java.security.cert.CertificateFactory
class oracle.security.cert.OracleCertificateFactory
class oracle.security.ssl.OracleSSLCredential
class oracle.security.ssl.OracleSSLSession (implements
javax.net.ssl.SSLSession) class javax.net.ServerSocketFactory
class javax.net.ssl.SSLServerSocketFactory
class oracle.security.ssl.OracleSSLServerSocketFactory
    class oracle.security.ssl.OracleSSLServerSocketFactoryImpl
class javax.net.SocketFactory
class javax.net.ssl.SSLSocketFactory
class oracle.security.ssl.OracleSSLSocketFactory
    class oracle.security.ssl.OracleSSLSocketFactoryImpl

More Information:

See the current Java documentation for information on complete class packages.  

Interface Hierarchy

The interface hierarchy follows:

interface oracle.security.ssl.OracleSSLProtocolVersion

oracle.security.ssl

Description

Class Summary 

Interfaces 

OracleSSLProtocolVersion 

Classes 

OracleSSLCredential 

OracleSSLServerSocket 

OracleSSLServerSocketFactory 

OracleSSLServerSocketFactoryImpl 

OracleSSLSession 

OracleSSLSocketFactory 

OracleSSLSocketFactoryImpl 

SSLSocketSession 

oracle.security.ssl


OracleSSLCredential

Syntax

public class OracleSSLCredential extends java.lang.Object
 
java.lang.Object
  |
  +--oracle.security.ssl.OracleSSLCredential

Description

Member Summary 

Constructors 

OracleSSLCredential() 

Methods 

addCertChain(byte[]) 

addCertChain(String) 

addTrustedCert(byte[]) 

addTrustedCert(String) 

removeCertChainCert(int) 

removeTrustedCert(int) 

setPrivateKey(byte[], String) 

setPrivateKey(String, String) 

setWallet(String, String) 

toString() 

Inherited Member Summary 

Methods inherited from class java.lang.Object 

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait 


Constructors


OracleSSLCredential()

public  OracleSSLCredential()

Methods


addCertChain(byte[])

public void addCertChain(byte[] certChainCert)

addCertChain(String)

public void addCertChain(java.lang.String b64certChainCert)

addTrustedCert(byte[])

public void addTrustedCert(byte[] trustedCert)

addTrustedCert(String)


removeCertChainCert(int)

public void removeCertChainCert(int index)

removeTrustedCert(int)

public void removeTrustedCert(int index)

setPrivateKey(byte[], String)

public void setPrivateKey(byte[] pvtKey, java.lang.String password)

setPrivateKey(String, String)

public void setPrivateKey(java.lang.String b64PvtKey, java.lang.String password)

setWallet(String, String)

public void setWallet(java.lang.String wltPath, java.lang.String password)

toString()

public java.lang.String toString()

Overrides:

java.lang.Object.toString() in class java.lang.Object

oracle.security.ssl

OracleSSLProtocolVersion

Syntax

public interface OracleSSLProtocolVersion

All Known Implementing Classes:

OracleSSLServerSocket

Description

Member Summary 

 

Fields 

 

SSL_Version_2_0 

SSL protocol version 2.0 

SSL_Version_3_0 

SSL protocol version 3.0 

SSL_Version_3_0_Only 

SSL protocol version 3.0 only 

SSL_Version_3_0_With_2_0_Hello 

SSL protocol version 3.0 with 2.0 hello 

SSL_Version_Undetermined 

SSL protocol version undetermined 


Fields


SSL_Version_2_0

public static final int SSL_Version_2_0

SSL protocol version 2.0

Since:

1.0


SSL_Version_3_0

public static final int SSL_Version_3_0

SSL protocol version 3.0

Since:

1.0


SSL_Version_3_0_Only

public static final int SSL_Version_3_0_Only

SSL protocol version 3.0 only

Since:

1.0


SSL_Version_3_0_With_2_0_Hello

public static final int SSL_Version_3_0_With_2_0_Hello

SSL protocol version 3.0 with 2.0 hello

Since:

1.0


SSL_Version_Undetermined

public static final int SSL_Version_Undetermined

SSL protocol version undetermined

Since:

1.0

oracle.security.ssl

OracleSSLServerSocket

Syntax

public abstract class OracleSSLServerSocket implements OracleSSLProtocolVersion
 
oracle.security.ssl.OracleSSLServerSocket

All Implemented Interfaces:

OracleSSLProtocolVersion

Description

Member Summary 

 

Constructors 

 

OracleSSLServerSocket(int) 

Default constructor. Creates a server socket which uses all network interfaces on the host, and is bound to the specified port. 

OracleSSLServerSocket(int, int) 

Creates a a server socket which uses all network interfaces on the host, is bound to a the specified port, and uses the specified connection backlog. 

OracleSSLServerSocket(int, int, InetAddress) 

Creates a server socket which uses only the specified network interface on the local host, is bound to a the specified port, and uses the specified connection backlog. 

Methods 

 

setSSLProtocolVersion(int) 

Sets the SSL protocol version 

Inherited Member Summary 

Fields inherited from interface OracleSSLProtocolVersion 

SSL_Version_2_0, SSL_Version_3_0, SSL_Version_3_0_Only, SSL_Version_3_0_With_2_0_Hello, SSL_Version_Undetermined 


Constructors


OracleSSLServerSocket(int)

protected  OracleSSLServerSocket(int i)

Default constructor. Creates a server socket which uses all network interfaces on the host, and is bound to the specified port.

Parameters:

port - the port number, or 0 to use any free port.

Throws:

IOException - IO error when creating the socket.

Since:

1.0

See Also:

oracle.security.ssl.SSLServerSocketImpl


OracleSSLServerSocket(int, int)

protected  OracleSSLServerSocket(int i, int j)

Creates a a server socket which uses all network interfaces on the host, is bound to a the specified port, and uses the specified connection backlog.

Parameters:

port - the specified port, or 0 to use any free port.

backlog - the maximum length of the queue.

Throws:

IOException - IO error when creating the socket.

Since:

1.0

See Also:

oracle.security.ssl.SSLServerSocketImpl


OracleSSLServerSocket(int, int, InetAddress)

protected  OracleSSLServerSocket(int i, int j, java.net.InetAddress inetAddr)

Creats a server socket which uses only the specified network interface on the local host, is bound to a the specified port, and uses the specified connection backlog.

Parameters:

port - the local TCP port

backlog - the listen backlog

bindAddr - the local InetAddress the server will bind to

Throws:

IOException - IO error when creating the socket.

Since:

1.0

See Also:

oracle.security.ssl.SSLServerSocketImpl


Methods


setSSLProtocolVersion(int)

public abstract void setSSLProtocolVersion(int version)

Sets the SSL protocol version

Parameters:

version - SSL protocol version

Throws:

Since:

1.0

oracle.security.ssl

OracleSSLServerSocketFactory

Syntax

public abstract class OracleSSLServerSocketFactory
 
oracle.security.ssl.OracleSSLServerSocketFactory

Direct Known Subclasses:

OracleSSLServerSocketFactoryImpl

Description

Member Summary 

 

Constructors 

 

OracleSSLServerSocketFactory() 

 

Methods 

 

setSSLCredentials(OracleSSLCredential) 

Creates authentication contexts (holding private keys, certificate chains, and similar data) for ssl connection 

setSSLProtocolVersion(int) 

Sets the SSL protocol version 


Constructors


OracleSSLServerSocketFactory()

public  OracleSSLServerSocketFactory()

Methods


setSSLCredentials(OracleSSLCredential)

public abstract void setSSLCredentials(OracleSSLCredential sslCredential)

Creates authentication contexts (holding private keys, certificate chains, and similar data) for ssl connection

Returns:

none

Since:

1.0


setSSLProtocolVersion(int)

public abstract void setSSLProtocolVersion(int version)

Sets the SSL protocol version

Parameters:

version - SSL protocol version

Throws:

Since:

1.0

oracle.security.ssl

OracleSSLServerSocketFactoryImpl

Syntax

public class OracleSSLServerSocketFactoryImpl extends 
OracleSSLServerSocketFactory
 
OracleSSLServerSocketFactory
  |
  +--oracle.security.ssl.OracleSSLServerSocketFactoryImpl

Description

Member Summary 

 

Constructors 

 

OracleSSLServerSocketFactoryImpl() 

Default constructor 

Methods 

 

createServerSocket(int) 

Returns a server socket which uses all network interfaces on the host, and is bound to the specified port. 

createServerSocket(int, int) 

Returns a server socket which uses all network interfaces on the host, is bound to a the specified port, and uses the specified connection backlog. 

createServerSocket(int, int, InetAddress) 

Returns a server socket which uses only the specified network interface on the local host, is bound to a the specified port, and uses the specified connection backlog. 

getDefaultCipherSuites() 

Returns the list of cipher suites which are enabled by default. 

getSupportedCipherSuites() 

Returns the names of the cipher suites which could be enabled for use on an SSL connection created by this factory. 

setSSLCredentials(OracleSSLCredential) 

Creates authentication contexts (holding private keys, certificate chains, and similar data) for ssl connection 

setSSLProtocolVersion(int) 

Sets the SSL protocol version 


Constructors


OracleSSLServerSocketFactoryImpl()

public  OracleSSLServerSocketFactoryImpl()

Default constructor

Since:

1.0


Methods


createServerSocket(int)

public java.net.ServerSocket createServerSocket(int port)

Returns a server socket which uses all network interfaces on the host, and is bound to the specified port.

Parameters:

port - the port number, or 0 to use any free port.

Returns:

a new instance of SSLServerSocketImpl.

Throws:

IOException - IO error when creating the socket.

Since:

1.0

See Also:

oracle.security.ssl.SSLServerSocketImpl


createServerSocket(int, int)

public java.net.ServerSocket createServerSocket(int i, int j)

Returns a server socket which uses all network interfaces on the host, is bound to a the specified port, and uses the specified connection backlog.

Parameters:

port - the specified port, or 0 to use any free port.

backlog - the maximum length of the queue.

Returns:

a new instance of SSLServerSocketImpl.

Throws:

IOException - IO error when creating the socket.

Since:

1.0

See Also:

oracle.security.ssl.SSLServerSocketImpl


createServerSocket(int, int, InetAddress)

public java.net.ServerSocket createServerSocket(int i, int j, 
java.net.InetAddress inetAddress)

Returns a server socket which uses only the specified network interface on the local host, is bound to a the specified port, and uses the specified connection backlog.

Parameters:

port - the local TCP port

backlog - the listen backlog

bindAddr - the local InetAddress the server will bind to

Returns:

a new instance of SSLServerSocketImpl.

Throws:

IOException - IO error when creating the socket.

Since:

1.0

See Also:

oracle.security.ssl.SSLServerSocketImpl


getDefaultCipherSuites()

public java.lang.String[] getDefaultCipherSuites()

Returns the list of cipher suites which are enabled by default. Unless a different list is enabled, handshaking on an SSL connection will use one of these cipher suites. The minimum quality of service for these defaults requires confidentiality protection and server authentication.

Returns:

an array of default cipher suites strings

Since:

1.0


getSupportedCipherSuites()

public java.lang.String[] getSupportedCipherSuites()

Returns the names of the cipher suites which could be enabled for use on an SSL connection created by this factory. Normally, only a subset of these will actually be enabled by default, since this list may include cipher suites which do not meet quality of service requirements for those defaults. Such cipher suites are useful in specialized applications.

Returns:

an array of supported cipher suites strings

Since:

1.0


setSSLCredentials(OracleSSLCredential)

public void setSSLCredentials(OracleSSLCredential sslCredential)

Creates authentication contexts (holding private keys, certificate chains, and similar data) for ssl connection

Overrides:

setSSLCredentials(OracleSSLCredential) in class OracleSSLServerSocketFactory

Returns:

none

Since:

1.0


setSSLProtocolVersion(int)

public void setSSLProtocolVersion(int version)

Sets the SSL protocol version

Overrides:

setSSLProtocolVersion(int) in class OracleSSLServerSocketFactory

Parameters:

version - SSL protocol version

Throws:

Since:

1.0

oracle.security.ssl

OracleSSLSession

Syntax

public class OracleSSLSession
 
oracle.security.ssl.OracleSSLSession

Description

Member Summary 

 

Constructors 

 

OracleSSLSession() 

 

Methods 

 

getCipherSuite() 

Returns the name of the SSL cipher suite which is used for all connections in the session. 

getCreationTime() 

Returns the time at which this Session representation was created, in milliseconds since midnight, January 1, 1970 UTC. 

getId() 

Returns the identifier assigned to this Session. 

getLastAccessedTime() 

Returns the last time this Session representation was accessed by the session level infrastructure, in * milliseconds since midnight, January 1, 1970 UTC. 

getNegotiatedProtocolVersion() 

 

getPeerCertificateChain() 

Returns the cert chain presented by the peer. 

getPeerHost() 

Returns the peer host name 

getPeerRawCertificateChain() 

 

getSessionContext() 

Returns the context in which this session is bound. 

getValue(String) 

Returns the object bound to the given name in the session's application layer data. 

getValueNames() 

Returns an array of the names of all the application layer data objects bound into the Session. 

invalidate() 

Invalidates the session. 

putValue(String, Object) 

Binds the specified object into the session's application layer data with the given name. 

removeValue(String) 

Removes the object bound to the given name in the session's application layer data. 

setSSLSessionContext(byte[]) 

Sets the ssl session context pointer for native layer 


Constructors


OracleSSLSession()

public  OracleSSLSession()

Methods


getCipherSuite()

public java.lang.String getCipherSuite()

Returns the name of the SSL cipher suite which is used for all connections in the session. This defines the level of protection provided to the data sent on the connection, including the kind of encryption used and most aspects of how authentication is done.

Returns:

The name of the session's cipher suite in String format

Since:

1.0


getCreationTime()

public long getCreationTime()

Returns the time at which this Session representation was created, in milliseconds since midnight, January 1, 1970 UTC.

Returns:

creation time in long format

Since:

1.0


getId()

public byte[] getId()

Returns the identifier assigned to this Session.

Returns:

byte array

Since:

1.0


getLastAccessedTime()

public long getLastAccessedTime()

Returns the last time this Session representation was accessed by the session level infrastructure, in * milliseconds since midnight, January 1, 1970 UTC. Access indicates a new connection being established using session data. Application level operations, such as getting or setting a value associated with the session, are not reflected in this access time.

This information is particularly useful in session management policies. For example, a session manager thread could leave all sessions in a given context which haven't been used in a long time; or, the sessions might be sorted according to age to optimize some task.

Returns:

last accessed time in long format

Since:

1.0


getNegotiatedProtocolVersion()

public java.lang.String getNegotiatedProtocolVersion()

getPeerCertificateChain()

public java.security.cert.X509Certificate[] getPeerCertificateChain()

Returns the cert chain presented by the peer.

Returns:

array of peer X.509 certificates, with the peers own cert first in the chain, and with the "root" CA last.

Throws:

Since:

1.0


getPeerHost()

public java.lang.String getPeerHost()

Returns the peer host name

Returns:

Peer hostname in String format

Since:

1.0


getPeerRawCertificateChain()

public byte[][] getPeerRawCertificateChain()

getSessionContext()

public oracle.security.ssl.SSLSessionContext getSessionContext()

Returns the context in which this session is bound. This context may be unavailable in some environments, in which case this method returns null.

Returns:

SSLSessionContext

Since:

1.0


getValue(String)

public java.lang.Object getValue(java.lang.String name)

Returns the object bound to the given name in the session's application layer data. Returns null if there is no such binding.

Parameters:

name - The name of the binding to find.

Returns:

The value bound to that name, or null if the binding does not exist.

Since:

1.0


getValueNames()

public java.lang.String[] getValueNames()

Returns an array of the names of all the application layer data objects bound into the Session. return the array of value names

Since:

1.0


invalidate()

public void invalidate()

Invalidates the session. Future connections will not be able to resume or join this session.

Since:

1.0


putValue(String, Object)

public void putValue(java.lang.String name, java.lang.Object obj)

Binds the specified object into the session's application layer data with the given name. Any existing binding with the same name is replaced. If the new (or existing) value implements the SSLSessionBindingListener interface, it is notified appropriately.

Parameters:

name - - the name to which the data object will be bound. This may not be null.

value - - the data object to be bound. This may not be null.

Since:

1.0


removeValue(String)

public void removeValue(java.lang.String name)

Removes the object bound to the given name in the session's application layer data. Does nothing if there is no object bound to the given name. If the value implements the SessionBindingListener interface, it is notified appropriately.

Parameters:

name - - the name of the object to remove

Since:

1.0


setSSLSessionContext(byte[])

public void setSSLSessionContext(byte[] ssl_session)

Sets the ssl session context pointer for native layer

Parameters:

ssl_session - in byte array format

Since:

1.0

oracle.security.ssl

OracleSSLSocketFactory

Syntax

public abstract class OracleSSLSocketFactory
 
oracle.security.ssl.OracleSSLSocketFactory

Direct Known Subclasses:

OracleSSLSocketFactoryImpl

Member Summary 

 

Constructors 

 

OracleSSLSocketFactory() 

 

Methods 

 

createSocket(Socket) 

Creates an SSL Socket based on an existing plain socket 

setSSLCredentials(OracleSSLCredential) 

Creates authentication contexts (holding private keys, certificate chains, and similar data) for ssl connection 

setSSLProtocolVersion(int) 

Sets the SSL protocol version 


Constructors


OracleSSLSocketFactory()

public  OracleSSLSocketFactory()

Methods


createSocket(Socket)

public abstract java.net.Socket createSocket(java.net.Socket soc)

Creates an SSL Socket based on an existing plain socket

Returns:

Socket

Since:

1.0


setSSLCredentials(OracleSSLCredential)

public abstract void setSSLCredentials(OracleSSLCredential sslCredential)

Creates authentication contexts (holding private keys, certificate chains, and similar data) for ssl connection

Returns:

none

Since:

1.0


setSSLProtocolVersion(int)

public abstract void setSSLProtocolVersion(int version)

Sets the SSL protocol version

Parameters:

version - SSL protocol version

Throws:

Since:

1.0

oracle.security.ssl

OracleSSLSocketFactoryImpl

Syntax

public class OracleSSLSocketFactoryImpl extends OracleSSLSocketFactory
 
OracleSSLSocketFactory
  |
  +--oracle.security.ssl.OracleSSLSocketFactoryImpl

Description

Member Summary 

 

Constructors 

 

OracleSSLSocketFactoryImpl() 

Default constructor 

Methods 

 

createSocket(InetAddress, int) 

Returns a connected client socket to the specified port number on the specified host. 

createSocket(InetAddress, int, InetAddress, int) 

Creates a socket and connects it to the specified remote address on the specified remote port. 

createSocket(Socket) 

Returns a ssl client socket from an existing socket 

createSocket(String, int) 

Returns a connected client socket to the specified port number on the specified host. 

createSocket(String, int, InetAddress, int) 

Returns a socket and connects it to the specified remote host on the specified remote port. 

getDefaultCipherSuites() 

Returns the list of cipher suites which are enabled by default. 

getSupportedCipherSuites() 

Returns the names of the cipher suites which could be enabled for use on an SSL connection created by this factory. 

setSSLCredentials(OracleSSLCredential) 

Creates authentication contexts (holding private keys, certificate chains, and similar data) for ssl connection 

setSSLProtocolVersion(int) 

Sets the SSL protocol version 


Constructors


OracleSSLSocketFactoryImpl()

public  OracleSSLSocketFactoryImpl()

Default constructor

Since:

1.0


Methods


createSocket(InetAddress, int)

public java.net.Socket createSocket(java.net.InetAddress inetAddress, int port)

Returns a connected client socket to the specified port number on the specified host.

Parameters:

host - the server name to connect in InetAddress format

port - the port number, or 0 to use any free port.

Returns:

a new instance of SSLSocketImpl.

Throws:

IOException - IO error when creating the socket.

Since:

1.0

See Also:

oracle.security.ssl.SSLSocketImpl


createSocket(InetAddress, int, InetAddress, int)

public java.net.Socket createSocket(java.net.InetAddress inetAddress1, int 
port1, java.net.InetAddress inetAddress2, int port2)

Creates a socket and connects it to the specified remote address on the specified remote port. The Socket will also bind() to the local address and port supplied.

Parameters:

address - the remote address

port - the remote port

localAddr - the local address the socket is bound to

localPort - the local port the socket is bound to

Throws:

IOException - IO error when creating the socket.

Since:

1.0

See Also:

oracle.security.ssl.SSLSocketImpl


createSocket(Socket)

public java.net.Socket createSocket(java.net.Socket soc)

Returns a ssl client socket from an existing socket

Overrides:

createSocket(Socket) in class OracleSSLSocketFactory

Parameters:

an - socket object

Returns:

a new instance of SSLSocketImpl.

Throws:

IOException - IO error when creating the socket.

Since:

1.0

See Also:

oracle.security.ssl.SSLSocketImpl


createSocket(String, int)

public java.net.Socket createSocket(java.lang.String host, int port)

Returns a connected client socket to the specified port number on the specified host.

Parameters:

host - the server name to connect

port - the port number, or 0 to use any free port.

Returns:

a new instance of SSLSocketImpl.

Throws:

IOException - IO error when creating the socket.

Since:

1.0

See Also:

oracle.security.ssl.SSLSocketImpl


createSocket(String, int, InetAddress, int)

public java.net.Socket createSocket(java.lang.String host, int port1, 
java.net.InetAddress inetAddress, int port2)

Returns a socket and connects it to the specified remote host on the specified remote port. The Socket will also bind to the local address and port supplied.

Parameters:

host - the name of the remote host

port - the remote port

localAddr - the local address the socket is bound to

localPort - the local port the socket is bound to

Throws:

IOException - IO error when creating the socket.

Since:

1.0

See Also:

oracle.security.ssl.SSLSocketImpl


getDefaultCipherSuites()

public java.lang.String[] getDefaultCipherSuites()

Returns the list of cipher suites which are enabled by default. Unless a different list is enabled, handshaking on an SSL connection will use one of these cipher suites. The minimum quality of service for these defaults requires confidentiality protection and server authentication.

Returns:

an array of default cipher suites strings

Since:

1.0


getSupportedCipherSuites()

public java.lang.String[] getSupportedCipherSuites()

Returns the names of the cipher suites which could be enabled for use on an SSL connection created by this factory. Normally, only a subset of these will actually be enabled by default, since this list may include cipher suites which do not meet quality of service requirements for those defaults. Such cipher suites are useful in specialized applications.

Returns:

an array of supported cipher suites strings

Since:

1.0


setSSLCredentials(OracleSSLCredential)

public void setSSLCredentials(OracleSSLCredential sslCredential)

Creates authentication contexts (holding private keys, certificate chains, and similar data) for ssl connection

Overrides:

setSSLCredentials(OracleSSLCredential) in class OracleSSLSocketFactory

Returns:

none

Since:

1.0


setSSLProtocolVersion(int)

public void setSSLProtocolVersion(int version)

Sets the SSL protocol version

Overrides:

setSSLProtocolVersion(int) in class OracleSSLSocketFactory

Parameters:

version - SSL protocol version

Throws:

Since:

1.0

oracle.security.ssl

SSLSocketSession

Syntax

public class SSLSocketSession
 
oracle.security.ssl.SSLSocketSession

Description

Member Summary 

 

Constructors 

 

SSLSocketSession() 

 

Methods 

 

getCipherSuite() 

 

getCreationTime() 

 

getId() 

 

getLastAccessedTime() 

 

getPeerCertificateChain() 

 

getPeerHost() 

 

getSessionContext() 

getSessionContext Returns the context in which this session is bound. 

getValue(String) 

 

getValueNames() 

 

invalidate() 

 

putValue(String, Object) 

 

removeValue(String) 

 


Constructors


SSLSocketSession()

protected  SSLSocketSession()

Methods


getCipherSuite()

public java.lang.String getCipherSuite()

getCreationTime()

public long getCreationTime()

getId()

public byte[] getId()

getLastAccessedTime()

public long getLastAccessedTime()

getPeerCertificateChain()

public oracle.security.ssl.X509Certificate[] getPeerCertificateChain()

getPeerHost()

public java.lang.String getPeerHost()

getSessionContext()

public oracle.security.ssl.SSLSessionContext getSessionContext()

getSessionContext Returns the context in which this session is bound. This context may be unavailable in some environments, in which case this method returns null.


getValue(String)

public java.lang.Object getValue(java.lang.String name)

getValueNames()

public java.lang.String[] getValueNames()

invalidate()

public void invalidate()

putValue(String, Object)

public void putValue(java.lang.String name, java.lang.Object obj)

removeValue(String)

public void removeValue(java.lang.String name)

oracle.security.cert


X509CertificateImpl

Syntax

public class SSLSocketTest extends java.lang.Object
 
java.lang.Object
  |
  +--java.security.cert.Certificate
        |
        +--java.security.cert.X509Certificate
              |
              +--oracle.security.cert.X509CertificateImpl

public class X509CertificateImpl

extends java.security.cert.X509Certificate

Description

Member Summary 

 

Fields 

 

private 

 

X509CertificateHelper 

 

_x509CertHelper 

Fields inherited from class java.security.cert.Certificate type 

Constructors 

 

X509CertificateImpl()  

Construct a uninitialized X509 Cert on which decode must later be called (or which may be deserialized). 

X509CertificateImpl(byte[] buf)  

Unmarshals a certificate from its encoded form, parsing the BER encoded bytes. 

X509CertificateImpl(byte[] buf, int offset, int len)  

Instantiates an X509Certificate with input certificate data 

Methods 

 

checkValidity()  

Checks for the validity of the certificate with current time 

checkValidity(java.util.Date date)  

Checks for the validity of the certificate with given time 

decode(java.io.InputStream in)  

Decodes the input stream data and instantiates an X509Certificate object, and initializes it with the data read from the input stream inStream. 

equals(java.lang.Object obj)  

Checks for the equality 

getBasicConstraints()  

 

getCriticalExtensionOIDs()  

 

getEncoded()  

Returns the encoded certificate 

getExtensionValue(java.lang.String oid)  

 

getIssuerDN()  

Returns the certificate issuer DN 

getIssuerUniqueID()  

 

getKeyUsage() 

 

getNonCriticalExtensionOIDs()  

 

getNotAfter()  

Returns the date when this certificate will expired 

getNotBefore()  

Returns the date when this certificate will be valid 

getPublicKey() 

Returns the encoded certificate 

getSerialNumber()  

Gets the serialNumber value from the certificate. 

getSigAlgName()  

Returns the signature algorithm 

getSigAlgOID()  

Returns the signature algorithm OID 

getSigAlgParams()  

Returns the signature algorithm parameters 

getSignature()  

 

getSubjectDN() 

Returns the certificate subject DN 

getSubjectUniqueID()  

 

getTBSCertificate()  

 

getVersion()  

Returns the certificate version 

hashCode()  

Returns the public key of this certificate 

hasUnsupportedCriticalExtension() 

 

toString()  

Returns information about this certificate 

verify(java.security.PublicKey key)  

Checks for the validity of the input public key for this certificate 

verify(java.security.PublicKey key, java.lang.String sigProvider) 

Checks for the validity of the input public key for this certificate 

X509Certificate(java.io.InputStream in)  

Instantiates an X509Certificate object, and initializes it with the data read from the input stream inStream. 

Inherited Member Summary 

Methods inherited from class java.security.cert.Certificate

getType 

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, registerNatives, wait, wait, wait 


Fields


_x509CertHelper

private X509CertificateHelper _x509CertHelper

Constructors


X509CertificateImpl

public X509CertificateImpl()

Construct a uninitialized X509 Cert on which decode must later be called (or which may be deserialized).


X509CertificateImpl

public X509CertificateImpl(byte[] buf)
throws java.security.cert.CertificateException

Unmarshals a certificate from its encoded form, parsing the BER encoded bytes. This form of constructor is used by agents which need to examine and use certificate contents. That is, this is one of the more commonly used constructors.


X509CertificateImpl

public X509CertificateImpl(byte[] buf,
int offset,
int len)
throws java.security.cert.CertificateException

Instantiates an X509Certificate with input certificate data

Parameters:

buff - - the certificate data buffer

offset - - offset of the data buffer

len - - the data buffer length


Methods


X509Certificate

public void X509Certificate(java.io.InputStream in)
throws java.io.IOException

Instantiates an X509Certificate object, and initializes it with the data read from the input stream inStream. The implementation is provided by the class specified as the value of the cert.provider.x509v1 property in the security properties file.


Note:

Only one DER-encoded certificate is expected to be in the input stream. 


Parameters:

DER - encoded InputStream data

Since:

1.0


decode

public void decode(java.io.InputStream in)
throws java.io.IOException

Decodes the input stream data and instantiates an X509Certificate object, and initializes it with the data read from the input stream inStream.

Parameters:

DER - encoded InputStream data

Since:

1.0


equals

public boolean equals(java.lang.Object obj)

Checks for the equality

Parameters:

Certificate - object

Overrides:

equals in class java.security.cert.Certificate

Since:

1.0


checkValidity

public void checkValidity()
throws java.security.cert.CertificateExpiredException,
java.security.cert.CertificateNotYetValidException

Checks for the validity of the certificate with current time

Throws:

CertificateExpiredException, - CertificateNotYetValidException

Overrides:

checkValidity in class java.security.cert.X509Certificate

Since:

1.0


checkValidity

public void checkValidity(java.util.Date date)
throws java.security.cert.CertificateExpiredException,
java.security.cert.CertificateNotYetValidException

Checks for the validity of the certificate with given time

Throws:

CertificateExpiredException, - CertificateNotYetValidException

Overrides:

checkValidity in class java.security.cert.X509Certificate

Since:

1.0


verify

public void verify(java.security.PublicKey key)
throws java.security.cert.CertificateException

Checks for the validity of the input public key for this certificate

Parameters:

key - -PublicKey

Throws:

CertificateException -

Overrides:

verify in class java.security.cert.Certificate

Since:

1.0


verify

public void verify(java.security.PublicKey key,
java.lang.String sigProvider)
throws java.security.cert.CertificateException

Checks for the validity of the input public key for this certificate

Parameters:

key - - PublicKey

sigProvider - - Provider

Throws:

CertificateException -

Overrides:

verify in class java.security.cert.Certificate

Since:

1.0


getSubjectDN

public java.security.Principal getSubjectDN()

Returns the certificate subject DN

Returns:

Subject name

Overrides:

getSubjectDN in class java.security.cert.X509Certificate

Since:

1.0

See Also:

java.security.Principal


getIssuerDN

public java.security.Principal getIssuerDN()

Returns the certificate issuer DN

Returns:

issuer name

Overrides:

getIssuerDN in class java.security.cert.X509Certificate

Since:

1.0

See Also:

java.security.Principal


getVersion

public int getVersion()

Returns the certificate version

Returns:

version value

Overrides:

getVersion in class java.security.cert.X509Certificate

Since:

1.0


getSerialNumber

public java.math.BigInteger getSerialNumber()

Gets the serialNumber value from the certificate. The serial number is an integer assigned by the certification authority to each certificate. It must be unique for each certificate issued by a given CA (i.e., the issuer name and serial number identify a unique certificate).

Returns:

the serial number.

Overrides:

getSerialNumber in class java.security.cert.X509Certificate

Since:

1.0


getSigAlgName

public java.lang.String getSigAlgName()

Returns the signature algorithm

Returns:

signature algorithm

Overrides:

getSigAlgName in class java.security.cert.X509Certificate

Since:

1.0


getSigAlgOID

public java.lang.String getSigAlgOID()

Returns the signature algorithm OID

Returns:

signature algorithm OID

Overrides:

getSigAlgOID in class java.security.cert.X509Certificate

Since:

1.0


getSigAlgParams

public byte[] getSigAlgParams()

Returns the signature algorithm parameters

Returns:

signature algorithm parameters

Overrides:

getSigAlgParams in class java.security.cert.X509Certificate

Since:

1.0


getNotBefore

public java.util.Date getNotBefore()

Returns the date when this certificate will be valid

Returns:

date when this certificate will be valid

Overrides:

getNotBefore in class java.security.cert.X509Certificate

Since:

1.0


getNotAfter

public java.util.Date getNotAfter()

Returns the date when this certificate will expired

Returns:

date when this certificate will expired

Overrides:

getNotAfter in class java.security.cert.X509Certificate

Since:

1.0


getEncoded

public byte[] getEncoded()
throws java.security.cert.CertificateEncodingException

Returns the encoded certificate

Returns:

byte array data of this certificate

Overrides:

getEncoded in class java.security.cert.Certificate

Since:

1.0


getPublicKey

public java.security.PublicKey getPublicKey()

Returns the encoded certificate

Returns:

public key of this certificate

Overrides:

getPublicKey in class java.security.cert.Certificate

Since:

1.0

See Also:

PublicKey


hashCode

public int hashCode()

Returns the public key of this certificate

Returns:

returns the hash coded

Overrides:

hashCode in class java.security.cert.Certificate

Since:

1.0


toString

public java.lang.String toString()

Returns information about this certificate

Returns:

information of this certificate in string format

Overrides:

toString in class java.security.cert.Certificate

Since:

1.0


getSubjectUniqueID

public boolean[] getSubjectUniqueID()

Overrides:

getSubjectUniqueID in class java.security.cert.X509Certificate


getSignature

public byte[] getSignature()

Overrides:

getSignature in class java.security.cert.X509Certificate


getBasicConstraints

public int getBasicConstraints()

Overrides:

getBasicConstraints in class java.security.cert.X509Certificate


getIssuerUniqueID

public boolean[] getIssuerUniqueID()

Overrides:

getIssuerUniqueID in class java.security.cert.X509Certificate


getKeyUsage

public boolean[] getKeyUsage()

Overrides:

getKeyUsage in class java.security.cert.X509Certificate


getTBSCertificate

public byte[] getTBSCertificate()

throws java.security.cert.CertificateEncodingException

Overrides:

getTBSCertificate in class java.security.cert.X509Certificate


getCriticalExtensionOIDs

public java.util.Set getCriticalExtensionOIDs()

Overrides:

getCriticalExtensionOIDs in class java.security.cert.X509Certificate


getExtensionValue

public byte[] getExtensionValue(java.lang.String oid)

Overrides:

getExtensionValue in class java.security.cert.X509Certificate


getNonCriticalExtensionOIDs

public java.util.Set getNonCriticalExtensionOIDs()

Overrides:

getNonCriticalExtensionOIDs in class java.security.cert.X509Certificate


hasUnsupportedCriticalExtension

public boolean hasUnsupportedCriticalExtension()

Overrides:

hasUnsupportedCriticalExtension in class java.security.cert.X509Certificate


Go to previous page Go to next page
Oracle
Copyright © 1996-2000, Oracle Corporation.

All Rights Reserved.

Library

Product

Contents

Index