|
SAP NetWeaver 7.40 (SP 05) Composition Environment | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object com.sap.security.core.server.https.SecureConnectionFactory
public class SecureConnectionFactory
This factory class should be used within SAP J2EE Server to create
HttpsUrlConnection and SSLSocket instances based on given security
credentials (key stores).
The advantage of this factory is that it hides from application developers
SSL-library specific handling and takes care for such features as verifiying
of certificate chains, session caching, naming checks, etc. Some
configuration can be done using
Utils
class.
Inside this factory IAIK iSaSiLk is used as SSL implementation and w3c-http
extended by IAIK for HTTP/HTTPS, but application developers are dealing only
with standard java classes: Keystore, HttpUrlConnection and Socket.
If an application developer is interested in extended HTTP features like
WebDAV, etc. we want to mention that there is an addition library available
within the J2EE Server which uses this factory for SSL Socket creation but
another paradigma for HTTP Connections.
The SecureConnectionFactory is initialized with 2 Keystores: Trusted Store,
which contains the root certificates belonging to trusted Certificated
Authorities, and an optional Credentials Keystore, containing one or several
pairs of private-key with corresponding certificates, which are to be used
for SSL with mutual authentication.
After initialisation the factory provides two kinds of methods:
which supports https
(and experimentally http
based on W3C implementation) as protocols and returns an instance of
HttpURLConnection
.
which returns an instance of Socket
.
Utils
class to be connection
specific. "https.proxyHost"
and
"https.proxyPort"
."https.nonProxyHosts"
property. The value of this property is a '|' separated list of host names.
The '*' as wildcard character is allowed as first character of a name in the
list. "https.proxyUser"
and "https.proxyPassword"
or
using the methods
Utils.setProxyAuthentication
.
createSocket
method establishes a
connection over proxy see example at
createSocket(String, int, Socket)
or use the method
createSocket(String, int)
.
createURLConnection
is called with a "http"-URL, proxy
settings for HTTP connections should be set separately. This can be done by
setting the System property proxySet
to "true"
and the System properties proxyHost
, and
proxyPort
.null
as
value for aliase or methods without such parameter.
SubjectAltName
and NetscapeSSLServerName
extensions.
See HostnameVerifier
and
DefaultHostnameVerifier
for
details about compearing the name components.
com.sap.security.core.server.https.IAIK
under
severity level DEBUG
.
Copyright (c) 2003 SAP AG.
Field Summary | |
---|---|
boolean |
_isIAIKavailable
|
Constructor Summary | |
---|---|
SecureConnectionFactory(Certificate[] trustedcerts,
Object[] keyandcerts)
This constructor is provided because of some special needs of WEBSERVICES Project. |
|
SecureConnectionFactory(KeyStore keystore)
Creates a new factory based on given credentials. |
|
SecureConnectionFactory(KeyStore truststore,
KeyStore keystore)
Creates a new factory based on given credentials. |
|
SecureConnectionFactory(KeyStore truststore,
Object truststoreCreds,
KeyStore keystore,
Object keystoreCreds)
Creates a new connection factory based on given credentials. |
|
SecureConnectionFactory(String trustview,
String keyview)
Constructor to use within SAP J2EE Server. |
Method Summary | |
---|---|
Socket |
createSocket(InetAddress inetAddr,
int port)
Creates (ssl)socket based on local credentials. |
Socket |
createSocket(InetAddress inetAddr,
int port,
InetAddress clientAddr,
int cport)
Creates (ssl)socket based on local credentials. |
Socket |
createSocket(InetAddress inetAddr,
int port,
InetAddress clientAddr,
int cport,
String[] aliases)
Creates (ssl)socket based on local credentials. |
Socket |
createSocket(InetAddress inetAddr,
int port,
String[] aliases)
Creates (ssl)socket based on local credentials. |
Socket |
createSocket(String host,
int port)
Creates (ssl)socket based on local credentials. |
Socket |
createSocket(String host,
int port,
InetAddress clientAddr,
int cport)
Creates (ssl)socket based on local credentials. |
Socket |
createSocket(String host,
int port,
InetAddress clientAddr,
int cport,
String[] aliases)
Creates (ssl)socket based on local credentials. |
Socket |
createSocket(String host,
int port,
Socket socket)
Creates (ssl)socket based on local credentials. |
Socket |
createSocket(String host,
int port,
Socket socket,
String[] aliases)
Creates (ssl)socket based on local credentials. |
Socket |
createSocket(String host,
int port,
String[] aliases)
Creates (ssl)socket based on local credentials. |
HttpURLConnection |
createURLConnection(String url)
Creates HttpUrlConnection based on local credentials. |
HttpURLConnection |
createURLConnection(String url,
String keyalias)
Creates HttpUrlConnection based on local credentials. |
HttpURLConnection |
createURLConnection(String url,
String[] keyaliases)
Creates HttpUrlConnection based on local credentials. |
HttpURLConnection |
createURLConnection(String protocol,
String host,
int port,
String file)
Creates an a HttpURLConnection based on protocol, host, port and file . |
HttpURLConnection |
createURLConnection(String protocol,
String host,
int port,
String file,
String keyalias)
Creates HttpUrlConnection based on local credentials. |
HttpURLConnection |
createURLConnection(String protocol,
String host,
int port,
String file,
String[] keyaliases)
Creates HttpUrlConnection based on local credentials. |
String |
getConnectionHeader()
Returns the value of the "Connection"- header used by the factory. |
static SecureConnectionFactory |
getDefault()
Creates a default instance of SecureConnectionFactory. |
protected void |
initFactory(Certificate[] trustedcerts,
Object[] keyandcerts)
|
protected void |
initFactory(KeyStore truststore,
Object truststoreCreds,
KeyStore keystore,
Object keystoreCreds)
|
void |
setConnectionHeader(String arg)
Sets the value of the "Connection" - header used by the factory. |
void |
setDefaultSSLContext(Object context)
Allows a customizing of SSLClientContext used be the factory. |
void |
setHostnameVerifier(HostnameVerifier ver)
Sets the hostname verifier. |
void |
setIgnoreServerCertificate(boolean arg)
Acitivates/deactivates verification of server certificate. |
void |
setSSLDebugStream(OutputStream out)
Replicates the debugging outputs to specified output stream. |
void |
setUseProxyForSocketConnection(boolean arg)
Defines whether the createSocket(String, int) and
createSocket(String, int, String[]) methods should determine
proxy setting using System properties. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public boolean _isIAIKavailable
Constructor Detail |
---|
public SecureConnectionFactory(KeyStore keystore)
SecureConnectionFactory(KeyStore, KeyStore)
with
null
as second parameter. setIgnoreServerCertificate(boolean)
method. But it's not recomended to use this method, because it
contradicts with SSL principles.
keystore
- a keystore with trusted certificates for server authentication
and KeyAndCertificate pairs for client authenticationpublic SecureConnectionFactory(KeyStore truststore, KeyStore keystore)
setIgnoreServerCertificate(boolean)
method. But it's not recomended to use this method, because it
contradicts with SSL principles.
truststore
- a keystore with trusted certificates for server authenticationkeystore
- a keystore used for client authenticationpublic SecureConnectionFactory(KeyStore truststore, Object truststoreCreds, KeyStore keystore, Object keystoreCreds)
setIgnoreServerCertificate(boolean)
method. But it's not recomended to use this method, because it
contradicts with SSL principles.
truststore
- a keystore with trusted certificates for server authenticationtruststoreCreds
- is ignored nowkeystore
- a keystore used for client authenticationkeystoreCreds
- is either ignored or if it is an instance of char[] used as
described in KeyStore.getKey(java.lang.String, char[])
public SecureConnectionFactory(String trustview, String keyview)
trustview
- the name of the view containing trusted certificateskeyview
- the name of the view containing client certificates. It can be
identical with trustview.public SecureConnectionFactory(Certificate[] trustedcerts, Object[] keyandcerts)
Method Detail |
---|
public static SecureConnectionFactory getDefault()
protected void initFactory(KeyStore truststore, Object truststoreCreds, KeyStore keystore, Object keystoreCreds)
protected void initFactory(Certificate[] trustedcerts, Object[] keyandcerts)
public void setDefaultSSLContext(Object context)
context
- should be an instance of iaik.security.ssl.SSLClientContext
and contain a nessesory settings for SSL connections.public void setSSLDebugStream(OutputStream out)
out
- OuputStram to write to.public void setIgnoreServerCertificate(boolean arg)
true
will deactivate server
authentication (including naming check) for all connection created with
this factory instance.
public void setHostnameVerifier(HostnameVerifier ver)
factory.setHostnameVerifier(new HostnameVerifier (){
public boolean verify (String urlHostname, String certHostname ) {
// compare the strings on your way
return ...;
}
});
ver
- instance od HostnameVerifierpublic void setUseProxyForSocketConnection(boolean arg)
createSocket(String, int)
and
createSocket(String, int, String[])
methods should determine
proxy setting using System properties.
Default it's set to true
.
public HttpURLConnection createURLConnection(String protocol, String host, int port, String file) throws MalformedURLException, IOException, KeyStoreException
protocol, host, port and file
.
protocol
- http
and https
are supportedhost
- the host name of the target serverport
- the port number on the target serverfile
- the filename on the target server (e.g. /myapp/index.html)
MalformedURLException
- if it was not possible to create a valid URL from input data
IOException
- if an I/O exception occurs
KeyStoreException
- if exception occurs during access to the keystorepublic HttpURLConnection createURLConnection(String protocol, String host, int port, String file, String keyalias) throws MalformedURLException, IOException, KeyStoreException
protocol
- host
- port
- file
- keyalias
-
MalformedURLException
IOException
KeyStoreException
public HttpURLConnection createURLConnection(String protocol, String host, int port, String file, String[] keyaliases) throws MalformedURLException, IOException, KeyStoreException
protocol
- host
- port
- file
- keyaliases
-
MalformedURLException
IOException
KeyStoreException
public HttpURLConnection createURLConnection(String url) throws MalformedURLException, IOException, KeyStoreException
url
-
MalformedURLException
IOException
KeyStoreException
public HttpURLConnection createURLConnection(String url, String keyalias) throws MalformedURLException, IOException, KeyStoreException
url
- keyalias
-
MalformedURLException
IOException
KeyStoreException
public HttpURLConnection createURLConnection(String url, String[] keyaliases) throws MalformedURLException, IOException, KeyStoreException
url
-
MalformedURLException
IOException
KeyStoreException
public Socket createSocket(InetAddress inetAddr, int port) throws IOException
inetAddr
- port
-
IOException
public Socket createSocket(InetAddress inetAddr, int port, String[] aliases) throws IOException
inetAddr
- port
- aliases
-
IOException
public Socket createSocket(String host, int port, InetAddress clientAddr, int cport) throws IOException
host
- port
- clientAddr
- cport
-
IOException
public Socket createSocket(String host, int port, InetAddress clientAddr, int cport, String[] aliases) throws IOException
host
- port
- clientAddr
- cport
- aliases
-
IOException
public Socket createSocket(String host, int port) throws IOException
setUseProxyForSocketConnection
.
createSocket
in interface SocketFactory
IOException
public Socket createSocket(String host, int port, String[] aliases) throws IOException
setUseProxyForSocketConnection
.
IOException
public Socket createSocket(InetAddress inetAddr, int port, InetAddress clientAddr, int cport) throws IOException
IOException
public Socket createSocket(InetAddress inetAddr, int port, InetAddress clientAddr, int cport, String[] aliases) throws IOException
IOException
public Socket createSocket(String host, int port, Socket socket) throws IOException
Socket proxySocket = Utils.getProxySocket(host, _port, proxyuser, proxypwd);
Socket socket = factory.createSocket(_host,_port, proxySocket);
createSocket
in interface SocketFactory
IOException
public Socket createSocket(String host, int port, Socket socket, String[] aliases) throws IOException
Socket proxySocket = Utils.getProxySocket(host, _port, proxyuser, proxypwd);
Socket socket = factory.createSocket(_host,_port, proxySocket);
IOException
public void setConnectionHeader(String arg)
"keep-alive"
.
arg
- value of "Connection" -header (i.e. close or keep-alive)public String getConnectionHeader()
Access Rights |
---|
SC | DC | Public Part | ACH |
---|---|---|---|
[sap.com] CORE-TOOLS
|
[sap.com]
|
default
|
BC-JAS
|
[sap.com] ENGFACADE
|
[sap.com] tc/bl/security/lib
|
api
|
BC-JAS-SEC
|
[sap.com] ENGINEAPI
|
[sap.com]
|
-
|
BC-JAS-SEC
|
[sap.com] ENGINEAPI
|
[sap.com]
|
default
|
BC-JAS-SEC
|
[sap.com] SAP_BUILDT
|
[sap.com] tc/bi/wstech
|
def
|
BC-CTS-CBS-PLG
|
|
SAP NetWeaver 7.40 (SP 05) Composition Environment | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |