se.entra.phantom.rapp

Class SSLRemoteApplication

java.lang.Object

se.entra.phantom.rapp.RemoteApplication

se.entra.phantom.rapp.SSLRemoteApplication

All Implemented Interfaces:

TrustManager, X509TrustManager

public class SSLRemoteApplication
extends RemoteApplication
implements X509TrustManager

Use this class to establish an SSL socket connection to a Server in order to process remote application calls to a server application.

Note: The SSL connection is not supported for Applets calling this API (i.e. inside a browser). The calling Java code must be run as a Java Application, Servlet, etc.

See Also:

RemoteApplication

Field Summary

Fields inherited from class se.entra.phantom.rapp.RemoteApplication

CONNECTION_ALLOWED, EVENT_ERROR, EVENT_INFORMATIONAL, EVENT_WARNING, RAPP_CLOSE, RAPP_GET_REPLY, RAPP_ID_TRANS, RAPP_LOG_EVENT, RAPP_REPLY_DATA, RAPP_REPLY_ERROR, RAPP_REQUEST_ACK, RAPP_REQUEST_DATA, RAPP_REQUEST_NACK, RAPP_STATUS_TRANS, STATUS_ERROR, STATUS_OK, STATUS_REDIRECTION, TRANSACTION_LEVEL

Constructor Summary

Constructors

Constructor and Description
SSLRemoteApplication(String applicationName) Creates a new instance of the SSL Remote Application class using the specified applicationName without a previous connection (i.e.
SSLRemoteApplication(String applicationName, String sessionID) Creates a new instance of the SSL Remote Application class using the specified applicationName and a previous sessionID (if non-null).

Method Summary

Modifier and Type	Method and Description
void	checkClientTrusted(X509Certificate[] chain, String authType) Given the partial or complete certificate chain provided by the peer, build a certificate path to a trusted root and return if it can be validated and is trusted for client SSL authentication based on the authentication type.
void	checkServerTrusted(X509Certificate[] chain, String authType) Given the partial or complete certificate chain provided by the peer, build a certificate path to a trusted root and return if it can be validated and is trusted for server SSL authentication based on the authentication type.
protected String	connect(String hostName, int port) Connects to a server over an SSL socket.
X509Certificate[]	getAcceptedIssuers() Gets an array of certificate authority certificates which are trusted for authenticating peers.
String	paramString() Gets the parameter string for this class for testing purposes.
void	setClientCertificate(String certificateFileName, String privateKeyPassword) Sets the client certificate file name to use if the server application in the server requires "client certificates".
void	setStrongEncryption(boolean doStrongEncryption) Selects 128 bit encryption (true) or not (false).

Methods inherited from class se.entra.phantom.rapp.RemoteApplication

close, connect, connect, getReply, getServerHostAddress, getServerPort, getSessionID, hasBlockingReply, inDebugMode, isConnected, isSessionIDReconnectable, logDebugOutput, logServerEvent, requestClose, requestTransaction, setAuthentication, setDebugMode, setServer, setServers, setStaticDebugMode, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

SSLRemoteApplication

public SSLRemoteApplication(String applicationName)

Creates a new instance of the SSL Remote Application class using the specified applicationName without a previous connection (i.e. a sessionID).

Use the method setStrongEncryption to select 128 bit encryption (true) or not (false).

Use the method setClientCertificate to define the file name to use if a "client certificate" is used for the application in the server.

Use the calls setServer or setServers to set up the servers to contact.

If user authentication is required, use the method setAuthentication to set it up.

After this has been done, call the connect method to establish a connection.

Parameters:

applicationName - The application name to use.

See Also:

setStrongEncryption(boolean), setClientCertificate(java.lang.String, java.lang.String)

SSLRemoteApplication

public SSLRemoteApplication(String applicationName,
                            String sessionID)

Creates a new instance of the SSL Remote Application class using the specified applicationName and a previous sessionID (if non-null).

Use the method setStrongEncryption to select 128 bit encryption (true) or not (false), default is strong.

Use the method setClientCertificate to define the file name to use if a "client certificate" is used for the application in the server.

Use the calls setServer or setServers to set up the servers to contact.

If user authentication is required, use the method setAuthentication to set it up.

After this has been done, call the connect method to establish a connection.

Parameters:

applicationName - The application name to use.

sessionID - The previously connection session ID or null for none.

See Also:

setStrongEncryption(boolean), setClientCertificate(java.lang.String, java.lang.String)

Method Detail

setStrongEncryption

public void setStrongEncryption(boolean doStrongEncryption)

Selects 128 bit encryption (true) or not (false).

Parameters:

doStrongEncryption - Select true to use 128 bit encryption of false for less.

setClientCertificate

public void setClientCertificate(String certificateFileName,
                                 String privateKeyPassword)

Sets the client certificate file name to use if the server application in the server requires "client certificates".

Parameters:

certificateFileName - The certificate file name or null for none.

privateKeyPassword - The private key password or null for none.

connect

protected String connect(String hostName,
                         int port)
                  throws UnknownHostException,
                         IOException

Connects to a server over an SSL socket.

Overrides:

connect in class RemoteApplication

Returns:

String the name of the redirection server, null for OK. The return value has the form "host:port".

Throws:

IOException - if an I/O error occurs when creating the socket.

UnknownHostException - Thrown to indicate that the IP address of a host could not be determined.

checkClientTrusted

public void checkClientTrusted(X509Certificate[] chain,
                               String authType)
                        throws CertificateException

Given the partial or complete certificate chain provided by the peer, build a certificate path to a trusted root and return if it can be validated and is trusted for client SSL authentication based on the authentication type.

Specified by:

checkClientTrusted in interface X509TrustManager

Parameters:

chain - The peer certificate chain.

authType - The authentication type based on the client certificate.

Throws:

CertificateException - Always, a client doesn't connect in our case.

checkServerTrusted

public void checkServerTrusted(X509Certificate[] chain,
                               String authType)
                        throws CertificateException

Given the partial or complete certificate chain provided by the peer, build a certificate path to a trusted root and return if it can be validated and is trusted for server SSL authentication based on the authentication type.

The authentication type is the key exchange algorithm portion of the cipher suites represented as a String, such as "RSA", "DHE_DSS". Note: for some exportable cipher suites, the key exchange algorithm is determined at run time during the handshake. For instance, for TLS_RSA_EXPORT_WITH_RC4_40_MD5, the authType should be RSA_EXPORT when an ephemeral RSA key is used for the key exchange, and RSA when the key from the server certificate is used. Checking is case-sensitive.

Specified by:

checkServerTrusted in interface X509TrustManager

Parameters:

chain - The peer certificate chain.

authType - The authentication type based on the client certificate.

Throws:

CertificateException - Always, a client doesn't connect in our case.

getAcceptedIssuers

public X509Certificate[] getAcceptedIssuers()

Gets an array of certificate authority certificates which are trusted for authenticating peers.

Specified by:

getAcceptedIssuers in interface X509TrustManager

Returns:

a non-null (possibly empty) array of acceptable CA issuer certificates.

paramString

public String paramString()

Gets the parameter string for this class for testing purposes.

Overrides:

paramString in class RemoteApplication