Release 8.1.7
Part Number A85430-01
 Library |
 Product |
 Contents |
 Index |
| Oracle Advanced Security Administrator's Guide Release 8.1.7 Part Number A85430-01 |
|
This appendix provides an overview of the components and usage of the Oracle implementation of Java SSL; a standard extension of the JavaSoft Java platform.
This appendix contains the following sections:
In addition to the SSL APIs and protocol implementation, the Oracle implementation of Java SSL supports the following:
|
Note: SSL-specific exceptions are all subtypes of IOException because it is the exception that can be thrown during I/O operations that produce the need to report such exceptions. |
Choices related to the implementation of cryptographic security code are critically important, and therefore the interface defined by JavaSoft uses JNI native code instead of pure Java.
For example, in some environments hardware to accelerate cryptographic operations is important, and in other environments only specific implementations of cryptographic algorithms are permitted.
A cipher suite combines four kinds of security features and is named in the SSL protocol specification. Before data flows over an SSL connection, both ends attempt to negotiate a cipher suite. This allows them to establish the appropriate protection of their communications within the constraints of the particular combinations of mechanism that are available.
The features associated with a cipher suite are as follows:
The exportable version supports 512 bit keys for key exchange and 40 bit symmetric keys for encryption, and is not considered secure enough for use in commercial applications.
The domestic version supports 768 and 1024 bit asymmetric keys for key exchange and 128 bit symmetric keys for encryption. The domestic version is considered secure enough for use in commercial applications.
Oracle Wallet Manager can be used to generate private key and public key pairs and certificate requests. An appropriate signer's certificate or certificates with the complete certificate chain should be added to produce a complete Oracle Wallet.
If there is a complete wallet with a certificate in Ready status, it can be exported in BASE64 format into a file using the menu option Operation ->ExportWallet. The file can be used to add SSL credentials in a Java SSL based program.
|
More Information: For information on Oracle Wallet Manager, see Chapter 18, Using Oracle Wallet Manager. |
If a user is not using Oracle Wallet Manager, the user can add individual components to a file and use them. In this case, the certificate should be added first, followed by the private key. The CA certificate and other trusted certificates should be added after the certificate and private key.
The examples in this section demonstrate the following:
The example shows an implementation of a client named SecureHelloClient, which connects to a server named SecureHelloServer. The server receives data from the client and sends a hello string.
The example consists of two independently running Java programs: the client program and the server program. The client program is implemented by a single class, SecureHelloClient. The server program is also implemented as a single class, SecureHelloServer, which contains the main method for the server program and performs the work of listening to the port, establishing connections, and data reading from and writing to the socket.
The JDK version 1.1 or 1.2 should be installed with the following jar files in the CLASSPATH environment variable:
The following library should be added to the shared library path:
Add the library path to LD_LIBRARY_PATH environment variable.
Add the library path to PATH environment variable.
This section describes the code that implements the SecureHelloServer program. The server program creates a new SSLServerSocketFactory and sets the required SSL protocol version as follows:
OracleSSLServerSocketFactory sslSrvSocketFactory = (OracleSSLServerSocketFactory)SSLServerSocketFactory.getDefault(); sslSrvSocketFactory.setSSLProtocolVersion(OracleSSLProtocolVersion.SSL_Version_ 3_0);
Two scenarios are possible, depending on whether Oracle Wallet Manager is used.
If Oracle Wallet Manager is used to export the wallet, the setWallet API can be used to populate the OracleSSLCredential object as follows:
OracleSSLCredential sslCredObj = new OracleSSLCredential(); sslCredObj.setWallet("wlt.txt", "wltpasswd"); sslSrvSocketFactory.setSSLCredential(sslCredObj);
If the wallet is not generated by Oracle Wallet Manager, the user must set the following:
The code for this scenario is as follows:
OracleSSLCredential sslCredObj = new OracleSSLCredential(); // Set trusted certificates sslCredObj.addTrustedCert(easQACA); // Construct certificate chain. Place CA at the top // and user certificate at the bottom. The order of // set certificates in the chain is important. You must set // root certificate first, then signer certificates, and finally user // certificate. sslCredObj.addCertChain(rootCA); (set root CA certificate) sslCredObj.addCertChain(signer CA);(set signer certificate) sslCredObj.addCertChain(userCert); (set user certificate) /* * Set private key */ sslCredObj.setPrivateKey(userKey, password);
If the Diffie-Hellman algorithm is being used, setSSLCredentials should be called with a null value as follows:
sslSrvSocketFactory.setSSLCredentials(null);
SSLServerSocket uses a specific port for listening. When writing a server, select a port that is not already dedicated to another service.
In this example, port 8443 is used as follows:
SSLServerSocket sslSrvSocket = (SSLServerSocket)sslSrvSocketFactory.createServerSocket(8443);
SSLServerSocket requires supported ciphers to be set as follows:
String [] ciphers = sslSrvSocket.getSupportedCipherSuites() ; sslSrvSocket.setEnabledCipherSuites(ciphers);
Because this is a server, it is set to SSL server mode as follows:
sslSrvSocket.setUseClientMode(false);
Client authentication is not used in this example, and therefore setNeedClientAuth must be called with the parameter set to false as follows:
sslSrvSocket.setNeedClientAuth(false);
If client authentication is required, set setNeedClientAuth to TRUE.
To accept the client connection, accept() must be called, which returns a socket object. Using this socket, regular reads and writes can be performed similar to a regular socket object by calling getOutputStream() and getInputStream() as follows:
OutputStream out = pSocket.getOutputStream(); InputStream in = pSocket.getInputStream();
After data is exchanged, close all streams and sockets before exiting the application as follows:
out.close(); in.close(); pSocket.close(); sslSrvSocket.close();
The complete SecureHelloServer example for JDKI 1.1 is as follows.
// SecureHelloServer.java import java.net.*; import java.io.*; import java.util.*; import java.lang.*; import javax.net.*; import javax.net.ssl.*; import javax.security.cert.X509Certificate; import oracle.security.ssl.OracleSSLServerSocketFactoryImpl; import oracle.security.ssl.OracleSSLServerSocketFactory; import oracle.security.ssl.OracleSSLProtocolVersion; import oracle.security.ssl.OracleSSLCredential; public class SecureHelloServer { public static void main(String[] args) { // We will use Oracle implementation here java.util.Properties prop = System.getProperties(); prop.put("SSLServerSocketFactoryImplClass", "oracle.security.ssl.OracleSSLServerSocketFactoryImpl"); try { // Get the default socket factory OracleSSLServerSocketFactory sslSrvSocketFactory = (OracleSSLServerSocketFactory)SSLServerSocketFactory.getDefault(); // Set the SSL protocol version sslSrvSocketFactory.setSSLProtocolVersion(OracleSSLProtocolVersion.SSL_Version_3_0); // Create the ssl credential object OracleSSLCredential sslCredObj = new OracleSSLCredential(); // If you are using Oracle's wallet, certdb.txt, you can use setWallet as follows: sslCredObj.setWallet(certdb.txt,password) // If you are not using Oracle Wallet Manager, see the SecureHelloClient // program example. // Add ssl credential to the ssl context sslSrvSocketFactory.setSSLCredentials(sslCredObj); // Create the server socket SSLServerSocket sslSrvSocket = (SSLServerSocket)sslSrvSocketFactory.createServerSocket(8443); // Print the available ciphers String [] ciphers = sslSrvSocket.getSupportedCipherSuites() ; // Select the ciphers you want and put it. // Here we will put all available ciphers. // You can also set particular cipher suite. // Construct a cipher list and in a string array and // pass it to setEnabledCipherSuites. sslSrvSocket.setEnabledCipherSuites(ciphers); // We are creating ssl server socket, so set the mode to false. sslSrvSocket.setUseClientMode(false); // If you want do client side authentication then set it to true. // We won't do client side authintication here. sslSrvSocket.setNeedClientAuth(false); System.out.println("Wating for client..."); // Now accept a client connection Socket pSocket = sslSrvSocket.accept(); if (sslSrvSocket.getNeedClientAuth() == true) { System.out.println("Printing client information:"); X509Certificate[] peerCerts = ((javax.net.ssl.SSLSocket)pSocket).getSession().getPeerCertificateChain(); if (peerCerts != null) { for(int i =0; i ? peerCerts.length; i++) { System.out.println("Peer Certificate ["+i+"] Information:"); System.out.println("- Subject: " + peerCerts[i].getSubjectDN().getName()); System.out.println("- Issuer: " + peerCerts[i].getIssuerDN().getName()); System.out.println("- Version: " + peerCerts[i].getVersion()); System.out.println("- Start Time: " + peerCerts[i].getNotBefore().toString()); System.out.println("- End Time: " + peerCerts[i].getNotAfter().toString()); System.out.println("- Signature Algorithm: " + peerCerts[i].getSigAlgName()); System.out.println("- Serial Number: " + peerCerts[i].getSerialNumber()); } } else System.out.println("Failed to get peer certificates"); } // Now do data exchange with client OutputStream out = pSocket.getOutputStream(); InputStream in = pSocket.getInputStream(); String inputLine, outputLine; byte [] msg = new byte[1024]; int readLen = in.read(msg, 0, msg.length); if(readLen>0) { inputLine = new String(msg, 0, readLen); if(inputLine.startsWith("HELLO")) { outputLine = "Hello !! Current Server Time: " + new Date().toString(); outputLine.getBytes(); out.write(outputLine.getBytes()); } System.out.println("Client Message: " + inputLine ); } else System.out.println("Can't read data from client"); // Close all sockets and streams out.close(); in.close(); pSocket.close(); sslSrvSocket.close(); } catch(SSLException e) { System.out.println("SSL exception caught:"); e.printStackTrace(); } catch(IOException e) { System.out.println("IO exception caught:"); e.printStackTrace(); } catch(Exception e) { System.out.println("Exception caught:"); e.printStackTrace(); } } }
The client program creates a new client SSLSocketFactory and sets the required SSL protocol version as follows:
OracleSSLSocketFactory sSocFactory = (OracleSSLSocketFactory)SSLSocketFactory.getDefault(); sSocFactory.setSSLProtocolVersion(OracleSSLProtocolVersion.SSL_Version_3_0);
Because the RSA algorithm is used, the OracleSSLCredential object is required. Adding trusted certificates is optional. If no trusted certificates are set, the peer certificate will not be verified against any trusted certificates. If the server needs client authentication, the complete certificate chain and client private key must be added to the SSL credential object as follows:
OracleSSLCredential sslCredObj = new OracleSSLCredential(); sslCredObj.addTrustedCert(caCert); sSocFactory.setSSLCredentials(sslCredObj);
Create a SSL socket for connecting to the server by creating a socket with the required host name and port, in this example 8443, as follows:
SSLSocket jsslSoc = (SSLSocket)sSocFactory.createSocket(hostName, 8443);
Set the required ciphers from the supported ciphers as follows:
String [] ciphers = jsslSoc.getSupportedCipherSuites() ; jsslSoc.setEnabledCipherSuites(ciphers);
Set the socket to SSL client mode and call startHandshake() to perform the SSL handshake as follows:
jsslSoc.setUseClientMode(true); jsslSoc.startHandshake();
Obtain the input stream and output stream from the socket and perform standard data input and output as follows:
OutputStream out = jsslSoc.getOutputStream(); InputStream in = jsslSoc.getInputStream();
After data exchange, close all streams and sockets as follows:
out.close(); in.close(); jsslSoc.close();
The complete SecureHelloClient example is as follows.
// SecureHelloClient.java import java.net.*; import java.io.*; import java.util.*; import javax.net.ssl.*; import javax.security.cert.X509Certificate; import oracle.security.ssl.OracleSSLCredential; import oracle.security.ssl.OracleSSLSocketFactory; import oracle.security.ssl.OracleSSLProtocolVersion; import oracle.security.ssl.OracleSSLSession; public class SecureHelloClient { public static void main(String argv[]) { String hostName = "localhost"; if(argv.length != 0) String hostName = argv[0]; // Set the SSLSocketFactoryImpl class as follows: java.util.Properties prop = System.getProperties(); prop.put("SSLSocketFactoryImplClass", "oracle.security.ssl.OracleSSLSocketFactoryImpl"); try { // Get the default socket factory OracleSSLSocketFactory sSocFactory = (OracleSSLSocketFactory)SSLSocketFactory.getDefault(); sSocFactory.setSSLProtocolVersion(OracleSSLProtocolVersion.SSL_Version_3_0); OracleSSLCredential sslCredObj = new OracleSSLCredential(); // Set the certificate chain and private key if the // server requires client authentication sslCredObj.addCertChain(caCert) sslCredObj.addCertchain(userCert) sslCredObj.setPrivateKey(userPvtKey, userPassword) // Populate credential object sslCredObj.addTrustedCert(trustedCert); sSocFactory.setSSLCredentials(sslCredObj); // Create the socket using factory SSLSocket jsslSoc = (SSLSocket)sSocFactory.createSocket(hostName, 8443); String [] ciphers = jsslSoc.getSupportedCipherSuites() ; // Select the ciphers you want and put them. // Here we will put all availabel ciphers jsslSoc.setEnabledCipherSuites(ciphers); // We are creating socket in client mode jsslSoc.setUseClientMode(true); // Do SSL handshake jsslSoc.startHandshake(); // Print negotiated cipher System.out.println("Negotiated Cipher Suite: " +jsslSoc.getSession().getCipherSuite()); System.out.println(""); X509Certificate[] peerCerts = ((javax.net.ssl.SSLSocket)jsslSoc).getSession().getPeerCertificateChain(); if (peerCerts != null) { System.out.println("Printing server information:"); for(int i =0; i ? peerCerts.length; i++) { System.out.println("Peer Certificate ["+i+"] Information:"); System.out.println("- Subject: " + peerCerts[i].getSubjectDN().getName()); System.out.println("- Issuer: " + peerCerts[i].getIssuerDN().getName()); System.out.println("- Version: " + peerCerts[i].getVersion()); System.out.println("- Start Time: " + peerCerts[i].getNotBefore().toString()); System.out.println("- End Time: " + peerCerts[i].getNotAfter().toString()); System.out.println("- Signature Algorithm: " + peerCerts[i].getSigAlgName()); System.out.println("- Serial Number: " + peerCerts[i].getSerialNumber()); } } else System.out.println("Failed to get peer certificates"); // Now do data exchange with client OutputStream out = jsslSoc.getOutputStream(); InputStream in = jsslSoc.getInputStream(); String inputLine, outputLine; byte [] msg = new byte[1024]; outputLine = "HELLO"; out.write(outputLine.getBytes()); int readLen = in.read(msg, 0, msg.length); if(readLen > 0) { inputLine = new String(msg, 0, readLen); System.out.println(""); System.out.println("Server Message:"); System.out.println(inputLine ); } else System.out.println("Can't read data from client"); // Close all sockets and streams out.close(); in.close(); jsslSoc.close(); } catch(SSLException e) { System.out.println("SSL exception caught:"); e.printStackTrace(); } catch(IOException e) { System.out.println("IO exception caught:"); e.printStackTrace(); } catch(Exception e) { System.out.println("Exception caught:"); e.printStackTrace(); } } }
The following example shows how to use the Java SSL Socket with firewall tunnelling.
import java.net.*; import java.io.*; import java.util.*; import java.lang.*; import java.security.cert.*; import javax.net.ssl.*; import oracle.security.ssl.OracleSSLCredential; import oracle.security.ssl.OracleSSLSocketFactory; import oracle.security.ssl.OracleSSLProtocolVersion; public class SSLSocketTest { public static void main(String argv[]) { if(OracleSSLCipher.isSSLLibDomestic()) System.out.println("Domestic SSL library"); else System.out.println("Export SSL library"); String hostName = ""; int i = 0; try { hostName = argv[0]; } catch (Exception e) { hostName = "localhost"; } try { i = (new Integer(argv[1])).intValue(); } catch (Exception e) { i = 443; } String proxy = System.getProperty("PROXY"); String certdb = System.getProperty("CERTDBFILE"); java.util.Properties prop = System.getProperties(); prop.put("SSLSocketFactoryImplClass", "oracle.security.ssl.OracleSSLSocketFactoryImpl"); try { /* * User can set their own x.509 impl. class and the default * is set to the oracle impl. in the factory class * java.security.Security.setProperty("cert.provider.x509v1", * "oracle.security.cert.X509CertificateImpl"); */ // Get the default socket factory OracleSSLSocketFactory sSocFactory = (OracleSSLSocketFactory)OracleSSLSocketFactory.getDefault(); // sSocFactory.setSSLProtocolVersion(OracleSSLProtocolVersion.SSL_Version_3_0_With_2_0_Hello); sSocFactory.setSSLProtocolVersion(OracleSSLProtocolVersion.SSL_Version_3_0); OracleSSLCredential sslCredObj = new OracleSSLCredential(); if (certdb == null) System.out.println("certdb is null"); else sslCredObj.setWallet (certdb, "welcome12"); /* * Populate credential object */ sSocFactory.setSSLCredentials(sslCredObj); SSLSocket jsslSoc = null; // Create a regular java Socket connect to proxy server // www-proxy1 // port 80 Socket soc = new Socket("www-proxy1", 80); if (makeProxyConnection(soc, hostName, i)) { System.out.println("Proxy enable sucessfully"); } // Pass the soc generated using // Java SSLSocket Constructor jsslSoc = (SSLSocket)sSocFactory.createSocket(soc); // Now you can use the jsslSoc for ssl connection // to a ssl server through a proxy server java.security.cert.X509Certificate[] peerCerts = jsslSoc.getSession().getPeerCertificateChain(); exchangeData(jsslSoc); jsslSoc.close(); } catch(Exception e) { e.printStackTrace(); } System.exit(0); } // Connect string needs to be set up for firewall tunnelling connection private static boolean makeProxyConnection(Socket pjsoc, String host, int port) { try { InputStream rawInStream = pjsoc.getInputStream(); OutputStream rawOutStream = pjsoc.getOutputStream(); String portStr = String.valueOf(port); String connString = "CONNECT "+host+":"+portStr+" HTTP/1.0 \n" + "User-Agent: Oracle Proxy Enabled SSL Socket \n\n"; rawOutStream.write(connString.getBytes(), 0, connString.length()); byte[] pxyMsg = new byte[2048]; int rdData = rawInStream.read(pxyMsg, 0, 2048); System.out.println("Proxy Message:\n"+ new String(pxyMsg, 0, rdData)); return true; } catch(Exception e) { return false; } } public static void exchangeData(SSLSocket sslSoc) throws IOException { String outs = "GET / HTTP/1.0 \r\n\r\n"; BufferedInputStream isr = new BufferedInputStream(sslSoc.getInputStream(), 8192); BufferedOutputStream os = new BufferedOutputStream(sslSoc.getOut putStream(), outs.length()); os.write(outs.getBytes(), 0, outs.length()); os.flush(); System.out.println("Server Response:"); System.out.println("----------------"); String srvResp = new String(); byte[] srvmsg = new byte[4096*2]; int n = 0; do { n = isr.read(srvmsg, 0, srvmsg.length); if(n > 0) } os.close(); isr.close(); } }
To enable the security aware applications to do their own validation, Oracle Java SSL code allows handshakes to pass even if trust points are not set for RSA SSL ciphers.
A sample security aware application will not set trust points. It can get the peer certificate chain after the handshake using the following code:
javax.security.cert.x509Certificate[] peerCerts= jsslSoc.getSession() .getPeerCertificateChain();
where jsslSoc is the SSLSocket object used for the connection. Using the certificate chain the individual certificates can be extracted for application specific validation like matching the certificate's distinguished name (DN) against a user database. This is useful when there are large numbers of trust points stored in a database and the application does not want to pass all of them to the SSL layer. The application can extract the relevant trust points and match them against certificates in the peer certificate chain. However, the application must match the certificates in the chain against their trust points to verify whether the chain can be trusted or not.
Security unaware applications that always want the trust point check should ensure that trust points are set in the application itself.
The following is the class hierarchy for the extensions to the Java SSL package for JDK 1.2.
class java.lang.Objectclass java.security.cert.Certificateclass java.security.cert.X509Certificate (implements java.security.cert.X509Extension)class oracle.security.cert.X509CertificateImplclass java.security.cert.CertificateFactoryclass oracle.security.cert.OracleCertificateFactoryclass oracle.security.ssl.OracleSSLCredential class oracle.security.ssl.OracleSSLSession (implements
javax.net.ssl.SSLSession) class javax.net.ServerSocketFactoryclass javax.net.ssl.SSLServerSocketFactoryclass oracle.security.ssl.OracleSSLServerSocketFactory class oracle.security.ssl.OracleSSLServerSocketFactoryImplclass javax.net.SocketFactoryclass javax.net.ssl.SSLSocketFactoryclass oracle.security.ssl.OracleSSLSocketFactory class oracle.security.ssl.OracleSSLSocketFactoryImpl
The interface hierarchy follows:
interface oracle.security.ssl.OracleSSLProtocolVersion
| Class Summary |
|---|
|
Interfaces |
|
Classes |
public class OracleSSLCredential extends java.lang.Object java.lang.Object | +--oracle.security.ssl.OracleSSLCredential
| Member Summary |
|---|
|
Constructors |
|
Methods |
| Inherited Member Summary |
|---|
|
Methods inherited from class java.lang.Object |
|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
public OracleSSLCredential()
public void addCertChain(byte[] certChainCert)
public void addCertChain(java.lang.String b64certChainCert)
public void addTrustedCert(byte[] trustedCert)
public void removeCertChainCert(int index)
public void removeTrustedCert(int index)
public void setPrivateKey(byte[] pvtKey, java.lang.String password)
public void setPrivateKey(java.lang.String b64PvtKey, java.lang.String password)
public void setWallet(java.lang.String wltPath, java.lang.String password)
public java.lang.String toString()
java.lang.Object.toString() in class java.lang.Object
oracle.security.sslpublic interface OracleSSLProtocolVersion
OracleSSLServerSocket
| Member Summary |
|
|---|---|
|
Fields |
|
|
SSL protocol version 2.0 |
|
|
SSL protocol version 3.0 |
|
|
SSL protocol version 3.0 only |
|
|
SSL protocol version 3.0 with 2.0 hello |
|
|
SSL protocol version undetermined |
public static final int SSL_Version_2_0
SSL protocol version 2.0
1.0
public static final int SSL_Version_3_0
SSL protocol version 3.0
1.0
public static final int SSL_Version_3_0_Only
SSL protocol version 3.0 only
1.0
public static final int SSL_Version_3_0_With_2_0_Hello
SSL protocol version 3.0 with 2.0 hello
1.0
public static final int SSL_Version_Undetermined
SSL protocol version undetermined
1.0
oracle.security.sslpublic abstract class OracleSSLServerSocket implements OracleSSLProtocolVersion oracle.security.ssl.OracleSSLServerSocket
OracleSSLProtocolVersion
| Inherited Member Summary |
|---|
|
Fields inherited from interface OracleSSLProtocolVersion |
|
SSL_Version_2_0, SSL_Version_3_0, SSL_Version_3_0_Only, SSL_Version_3_0_With_2_0_Hello, SSL_Version_Undetermined |
protected OracleSSLServerSocket(int i)
Default constructor. Creates a server socket which uses all network interfaces on the host, and is bound to the specified port.
port - the port number, or 0 to use any free port.
IOException - IO error when creating the socket.
1.0
oracle.security.ssl.SSLServerSocketImpl
protected OracleSSLServerSocket(int i, int j)
Creates a a server socket which uses all network interfaces on the host, is bound to a the specified port, and uses the specified connection backlog.
port - the specified port, or 0 to use any free port.
backlog - the maximum length of the queue.
IOException - IO error when creating the socket.
1.0
oracle.security.ssl.SSLServerSocketImpl
protected OracleSSLServerSocket(int i, int j, java.net.InetAddress inetAddr)
Creats a server socket which uses only the specified network interface on the local host, is bound to a the specified port, and uses the specified connection backlog.
port - the local TCP port
backlog - the listen backlog
bindAddr - the local InetAddress the server will bind to
IOException - IO error when creating the socket.
1.0
oracle.security.ssl.SSLServerSocketImpl
public abstract void setSSLProtocolVersion(int version)
Sets the SSL protocol version
version - SSL protocol version
1.0
oracle.security.sslpublic abstract class OracleSSLServerSocketFactory oracle.security.ssl.OracleSSLServerSocketFactory
OracleSSLServerSocketFactoryImpl
| Member Summary |
|
|---|---|
|
Constructors |
|
|
|
|
|
Methods |
|
|
Creates authentication contexts (holding private keys, certificate chains, and similar data) for ssl connection |
|
|
Sets the SSL protocol version |
public OracleSSLServerSocketFactory()
public abstract void setSSLCredentials(OracleSSLCredential sslCredential)
Creates authentication contexts (holding private keys, certificate chains, and similar data) for ssl connection
none
1.0
public abstract void setSSLProtocolVersion(int version)
Sets the SSL protocol version
version - SSL protocol version
1.0
oracle.security.sslpublic class OracleSSLServerSocketFactoryImpl extends OracleSSLServerSocketFactory OracleSSLServerSocketFactory | +--oracle.security.ssl.OracleSSLServerSocketFactoryImpl
public OracleSSLServerSocketFactoryImpl()
Default constructor
1.0
public java.net.ServerSocket createServerSocket(int port)
Returns a server socket which uses all network interfaces on the host, and is bound to the specified port.
port - the port number, or 0 to use any free port.
a new instance of SSLServerSocketImpl.
IOException - IO error when creating the socket.
1.0
oracle.security.ssl.SSLServerSocketImpl
public java.net.ServerSocket createServerSocket(int i, int j)
Returns a server socket which uses all network interfaces on the host, is bound to a the specified port, and uses the specified connection backlog.
port - the specified port, or 0 to use any free port.
backlog - the maximum length of the queue.
a new instance of SSLServerSocketImpl.
IOException - IO error when creating the socket.
1.0
oracle.security.ssl.SSLServerSocketImpl
public java.net.ServerSocket createServerSocket(int i, int j, java.net.InetAddress inetAddress)
Returns a server socket which uses only the specified network interface on the local host, is bound to a the specified port, and uses the specified connection backlog.
port - the local TCP port
backlog - the listen backlog
bindAddr - the local InetAddress the server will bind to
a new instance of SSLServerSocketImpl.
IOException - IO error when creating the socket.
1.0
oracle.security.ssl.SSLServerSocketImpl
public java.lang.String[] getDefaultCipherSuites()
Returns the list of cipher suites which are enabled by default. Unless a different list is enabled, handshaking on an SSL connection will use one of these cipher suites. The minimum quality of service for these defaults requires confidentiality protection and server authentication.
an array of default cipher suites strings
1.0
public java.lang.String[] getSupportedCipherSuites()
Returns the names of the cipher suites which could be enabled for use on an SSL connection created by this factory. Normally, only a subset of these will actually be enabled by default, since this list may include cipher suites which do not meet quality of service requirements for those defaults. Such cipher suites are useful in specialized applications.
an array of supported cipher suites strings
1.0
public void setSSLCredentials(OracleSSLCredential sslCredential)
Creates authentication contexts (holding private keys, certificate chains, and similar data) for ssl connection
setSSLCredentials(OracleSSLCredential) in class OracleSSLServerSocketFactory
none
1.0
public void setSSLProtocolVersion(int version)
Sets the SSL protocol version
setSSLProtocolVersion(int) in class OracleSSLServerSocketFactory
version - SSL protocol version
1.0
oracle.security.sslpublic class OracleSSLSession oracle.security.ssl.OracleSSLSession
public OracleSSLSession()
public java.lang.String getCipherSuite()
Returns the name of the SSL cipher suite which is used for all connections in the session. This defines the level of protection provided to the data sent on the connection, including the kind of encryption used and most aspects of how authentication is done.
The name of the session's cipher suite in String format
1.0
public long getCreationTime()
Returns the time at which this Session representation was created, in milliseconds since midnight, January 1, 1970 UTC.
creation time in long format
1.0
public byte[] getId()
Returns the identifier assigned to this Session.
byte array
1.0
public long getLastAccessedTime()
Returns the last time this Session representation was accessed by the session level infrastructure, in * milliseconds since midnight, January 1, 1970 UTC. Access indicates a new connection being established using session data. Application level operations, such as getting or setting a value associated with the session, are not reflected in this access time.
This information is particularly useful in session management policies. For example, a session manager thread could leave all sessions in a given context which haven't been used in a long time; or, the sessions might be sorted according to age to optimize some task.
last accessed time in long format
1.0
public java.lang.String getNegotiatedProtocolVersion()
public java.security.cert.X509Certificate[] getPeerCertificateChain()
Returns the cert chain presented by the peer.
array of peer X.509 certificates, with the peers own cert first in the chain, and with the "root" CA last.
1.0
public java.lang.String getPeerHost()
Returns the peer host name
Peer hostname in String format
1.0
public byte[][] getPeerRawCertificateChain()
public oracle.security.ssl.SSLSessionContext getSessionContext()
Returns the context in which this session is bound. This context may be unavailable in some environments, in which case this method returns null.
SSLSessionContext
1.0
public java.lang.Object getValue(java.lang.String name)
Returns the object bound to the given name in the session's application layer data. Returns null if there is no such binding.
name - The name of the binding to find.
The value bound to that name, or null if the binding does not exist.
1.0
public java.lang.String[] getValueNames()
Returns an array of the names of all the application layer data objects bound into the Session. return the array of value names
1.0
public void invalidate()
Invalidates the session. Future connections will not be able to resume or join this session.
1.0
public void putValue(java.lang.String name, java.lang.Object obj)
Binds the specified object into the session's application layer data with the given name. Any existing binding with the same name is replaced. If the new (or existing) value implements the SSLSessionBindingListener interface, it is notified appropriately.
name - - the name to which the data object will be bound. This may not be null.
value - - the data object to be bound. This may not be null.
1.0
public void removeValue(java.lang.String name)
Removes the object bound to the given name in the session's application layer data. Does nothing if there is no object bound to the given name. If the value implements the SessionBindingListener interface, it is notified appropriately.
name - - the name of the object to remove
1.0
public void setSSLSessionContext(byte[] ssl_session)
Sets the ssl session context pointer for native layer
ssl_session - in byte array format
1.0
oracle.security.sslpublic abstract class OracleSSLSocketFactory oracle.security.ssl.OracleSSLSocketFactory
OracleSSLSocketFactoryImpl
public OracleSSLSocketFactory()
public abstract java.net.Socket createSocket(java.net.Socket soc)
Creates an SSL Socket based on an existing plain socket
Socket
1.0
public abstract void setSSLCredentials(OracleSSLCredential sslCredential)
Creates authentication contexts (holding private keys, certificate chains, and similar data) for ssl connection
none
1.0
public abstract void setSSLProtocolVersion(int version)
Sets the SSL protocol version
version - SSL protocol version
1.0
oracle.security.sslpublic class OracleSSLSocketFactoryImpl extends OracleSSLSocketFactory OracleSSLSocketFactory | +--oracle.security.ssl.OracleSSLSocketFactoryImpl
public OracleSSLSocketFactoryImpl()
Default constructor
1.0
public java.net.Socket createSocket(java.net.InetAddress inetAddress, int port)
Returns a connected client socket to the specified port number on the specified host.
host - the server name to connect in InetAddress format
port - the port number, or 0 to use any free port.
a new instance of SSLSocketImpl.
IOException - IO error when creating the socket.
1.0
oracle.security.ssl.SSLSocketImpl
public java.net.Socket createSocket(java.net.InetAddress inetAddress1, int port1, java.net.InetAddress inetAddress2, int port2)
Creates a socket and connects it to the specified remote address on the specified remote port. The Socket will also bind() to the local address and port supplied.
address - the remote address
port - the remote port
localAddr - the local address the socket is bound to
localPort - the local port the socket is bound to
IOException - IO error when creating the socket.
1.0
oracle.security.ssl.SSLSocketImpl
public java.net.Socket createSocket(java.net.Socket soc)
Returns a ssl client socket from an existing socket
createSocket(Socket) in class OracleSSLSocketFactory
an - socket object
a new instance of SSLSocketImpl.
IOException - IO error when creating the socket.
1.0
oracle.security.ssl.SSLSocketImpl
public java.net.Socket createSocket(java.lang.String host, int port)
Returns a connected client socket to the specified port number on the specified host.
host - the server name to connect
port - the port number, or 0 to use any free port.
a new instance of SSLSocketImpl.
IOException - IO error when creating the socket.
1.0
oracle.security.ssl.SSLSocketImpl
public java.net.Socket createSocket(java.lang.String host, int port1, java.net.InetAddress inetAddress, int port2)
Returns a socket and connects it to the specified remote host on the specified remote port. The Socket will also bind to the local address and port supplied.
host - the name of the remote host
port - the remote port
localAddr - the local address the socket is bound to
localPort - the local port the socket is bound to
IOException - IO error when creating the socket.
1.0
oracle.security.ssl.SSLSocketImpl
public java.lang.String[] getDefaultCipherSuites()
Returns the list of cipher suites which are enabled by default. Unless a different list is enabled, handshaking on an SSL connection will use one of these cipher suites. The minimum quality of service for these defaults requires confidentiality protection and server authentication.
an array of default cipher suites strings
1.0
public java.lang.String[] getSupportedCipherSuites()
Returns the names of the cipher suites which could be enabled for use on an SSL connection created by this factory. Normally, only a subset of these will actually be enabled by default, since this list may include cipher suites which do not meet quality of service requirements for those defaults. Such cipher suites are useful in specialized applications.
an array of supported cipher suites strings
1.0
public void setSSLCredentials(OracleSSLCredential sslCredential)
Creates authentication contexts (holding private keys, certificate chains, and similar data) for ssl connection
setSSLCredentials(OracleSSLCredential) in class OracleSSLSocketFactory
none
1.0
public void setSSLProtocolVersion(int version)
Sets the SSL protocol version
setSSLProtocolVersion(int) in class OracleSSLSocketFactory
version - SSL protocol version
1.0
oracle.security.sslpublic class SSLSocketSession oracle.security.ssl.SSLSocketSession
| Member Summary |
|
|---|---|
|
Constructors |
|
|
|
|
|
Methods |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
getSessionContext Returns the context in which this session is bound. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
protected SSLSocketSession()
public java.lang.String getCipherSuite()
public long getCreationTime()
public byte[] getId()
public long getLastAccessedTime()
public oracle.security.ssl.X509Certificate[] getPeerCertificateChain()
public java.lang.String getPeerHost()
public oracle.security.ssl.SSLSessionContext getSessionContext()
getSessionContext Returns the context in which this session is bound. This context may be unavailable in some environments, in which case this method returns null.
public java.lang.Object getValue(java.lang.String name)
public java.lang.String[] getValueNames()
public void invalidate()
public void putValue(java.lang.String name, java.lang.Object obj)
public void removeValue(java.lang.String name)
public class SSLSocketTest extends java.lang.Object java.lang.Object | +--java.security.cert.Certificate | +--java.security.cert.X509Certificate | +--oracle.security.cert.X509CertificateImpl
public class X509CertificateImpl
extends java.security.cert.X509Certificate
private X509CertificateHelper _x509CertHelper
public X509CertificateImpl()
Construct a uninitialized X509 Cert on which decode must later be called (or which may be deserialized).
public X509CertificateImpl(byte[] buf) throws java.security.cert.CertificateException
Unmarshals a certificate from its encoded form, parsing the BER encoded bytes. This form of constructor is used by agents which need to examine and use certificate contents. That is, this is one of the more commonly used constructors.
public X509CertificateImpl(byte[] buf, int offset, int len) throws java.security.cert.CertificateException
Instantiates an X509Certificate with input certificate data
buff - - the certificate data buffer
offset - - offset of the data buffer
len - - the data buffer length
public void X509Certificate(java.io.InputStream in) throws java.io.IOException
Instantiates an X509Certificate object, and initializes it with the data read from the input stream inStream. The implementation is provided by the class specified as the value of the cert.provider.x509v1 property in the security properties file.
DER - encoded InputStream data
1.0
public void decode(java.io.InputStream in) throws java.io.IOException
Decodes the input stream data and instantiates an X509Certificate object, and initializes it with the data read from the input stream inStream.
DER - encoded InputStream data
1.0
public boolean equals(java.lang.Object obj)
Checks for the equality
Certificate - object
equals in class java.security.cert.Certificate
1.0
public void checkValidity() throws java.security.cert.CertificateExpiredException, java.security.cert.CertificateNotYetValidException
Checks for the validity of the certificate with current time
CertificateExpiredException, - CertificateNotYetValidException
checkValidity in class java.security.cert.X509Certificate
1.0
public void checkValidity(java.util.Date date) throws java.security.cert.CertificateExpiredException, java.security.cert.CertificateNotYetValidException
Checks for the validity of the certificate with given time
CertificateExpiredException, - CertificateNotYetValidException
checkValidity in class java.security.cert.X509Certificate
1.0
public void verify(java.security.PublicKey key) throws java.security.cert.CertificateException
Checks for the validity of the input public key for this certificate
key - -PublicKey
CertificateException -
verify in class java.security.cert.Certificate
1.0
public void verify(java.security.PublicKey key, java.lang.String sigProvider) throws java.security.cert.CertificateException
Checks for the validity of the input public key for this certificate
key - - PublicKey
sigProvider - - Provider
CertificateException -
verify in class java.security.cert.Certificate
1.0
public java.security.Principal getSubjectDN()
Returns the certificate subject DN
Subject name
getSubjectDN in class java.security.cert.X509Certificate
1.0
java.security.Principal
public java.security.Principal getIssuerDN()
Returns the certificate issuer DN
issuer name
getIssuerDN in class java.security.cert.X509Certificate
1.0
java.security.Principal
public int getVersion()
Returns the certificate version
version value
getVersion in class java.security.cert.X509Certificate
1.0
public java.math.BigInteger getSerialNumber()
Gets the serialNumber value from the certificate. The serial number is an integer assigned by the certification authority to each certificate. It must be unique for each certificate issued by a given CA (i.e., the issuer name and serial number identify a unique certificate).
the serial number.
getSerialNumber in class java.security.cert.X509Certificate
1.0
public java.lang.String getSigAlgName()
Returns the signature algorithm
signature algorithm
getSigAlgName in class java.security.cert.X509Certificate
1.0
public java.lang.String getSigAlgOID()
Returns the signature algorithm OID
signature algorithm OID
getSigAlgOID in class java.security.cert.X509Certificate
1.0
public byte[] getSigAlgParams()
Returns the signature algorithm parameters
signature algorithm parameters
getSigAlgParams in class java.security.cert.X509Certificate
1.0
public java.util.Date getNotBefore()
Returns the date when this certificate will be valid
date when this certificate will be valid
getNotBefore in class java.security.cert.X509Certificate
1.0
public java.util.Date getNotAfter()
Returns the date when this certificate will expired
date when this certificate will expired
getNotAfter in class java.security.cert.X509Certificate
1.0
public byte[] getEncoded() throws java.security.cert.CertificateEncodingException
Returns the encoded certificate
byte array data of this certificate
getEncoded in class java.security.cert.Certificate
1.0
public java.security.PublicKey getPublicKey()
Returns the encoded certificate
public key of this certificate
getPublicKey in class java.security.cert.Certificate
1.0
PublicKey
public int hashCode()
Returns the public key of this certificate
returns the hash coded
hashCode in class java.security.cert.Certificate
1.0
public java.lang.String toString()
Returns information about this certificate
information of this certificate in string format
toString in class java.security.cert.Certificate
1.0
public boolean[] getSubjectUniqueID()
getSubjectUniqueID in class java.security.cert.X509Certificate
public byte[] getSignature()
getSignature in class java.security.cert.X509Certificate
public int getBasicConstraints()
getBasicConstraints in class java.security.cert.X509Certificate
Overrides:
getIssuerUniqueID in class java.security.cert.X509Certificate
public boolean[] getKeyUsage()
getKeyUsage in class java.security.cert.X509Certificate
public byte[] getTBSCertificate()
throws java.security.cert.CertificateEncodingException
getTBSCertificate in class java.security.cert.X509Certificate
public java.util.Set getCriticalExtensionOIDs()
getCriticalExtensionOIDs in class java.security.cert.X509Certificate
public byte[] getExtensionValue(java.lang.String oid)
getExtensionValue in class java.security.cert.X509Certificate
public java.util.Set getNonCriticalExtensionOIDs()
getNonCriticalExtensionOIDs in class java.security.cert.X509Certificate
public boolean hasUnsupportedCriticalExtension()
hasUnsupportedCriticalExtension in class java.security.cert.X509Certificate
|
 Copyright © 1996-2000, Oracle Corporation. All Rights Reserved. |
|