The AS Java can also be the client component for HTTPS connections. To use such connections in applications, we provide the secure connection factory (class: SecureConnectionFactory ).
Although the secure connection factory's primary purpose is to provide the framework to set up HTTPS connections where the AS Java is the client component, you can also use the factory to establish HTTP connections.
Keystores
To be a client for HTTPS connections, the AS Java must be able to verify the identity of the servers that it connects to. For this purpose, the secure connection factory uses the trusted store keystore. Store the CA root certificates belonging to the trusted CAs in this keystore. If connections should use SSL with mutual authentication, then the AS Java must also possess its own key pair to use for SSL, along with the corresponding public-key certificate. The secure connection factory uses the credentials keystore to store these items.
Connection Types
You can use the factory to create HTTPS connections using a URL or you can create an SSL socket instance. When setting up a URL connection, you can use the secure connection factory to establish a connection that uses both the HTTP and the SSL layers. For cases where the HTTP connection is established using a different method, for example, when using extended HTTP features such as WebDav, then use the secure connection factory to create only the SSL socket.
Logging
The secure connection factory uses the AS Java's logging API. Any debugging messages from the underlying SAPJava Cryptographic Toolkit are written to the location com.sap.security.core.server.https.IAIK using the severity level DEBUG .
The SSL routines are performed using the SAPJava Cryptographic Toolkit, which is deployed on the AS Java during the installation process.
To enable your application to be an HTTPS client for connections, the application must perform the following steps.
In this step, you set up the two keystores for the secure connection factory, the trusted store and the credentials keystore.
There are also methods available for additional functions, for example, for supporting the use of proxy servers or for comparing the target server's host name with the server name found in its public-key certificate. For more information, see Interfaces and Classes for Using the Secure Connection Factory and the JavaDocs for the SecureConnectionFactory class.