Class JSSEHelper
- java.lang.Object
-
- com.ibm.websphere.ssl.JSSEHelper
-
public class JSSEHelper extends java.lang.ObjectThis class is for components and applications to utilize the SSL configuration framework for selecting SSL configurations and turning them into SSL objects such as SSLContext, Properties, URLStreamHandlers, and SocketFactories.
- Since:
- WAS 6.1
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.StringCONNECTION_INFO_CERT_MAPPING_HOSTProperty used in the connection information Map to define the host which is being connected to outbound connections.static java.lang.StringCONNECTION_INFO_DIRECTIONVariable used for the connection information to determine SSLContext validation rules.static java.lang.StringCONNECTION_INFO_ENDPOINT_NAMEProperty used in the connection information Map to define the endpoint.static java.lang.StringCONNECTION_INFO_IS_WEB_CONTAINER_INBOUNDProperty used to determine if the connection is a Web Container inbound connection.static java.lang.StringCONNECTION_INFO_REMOTE_HOSTProperty used in the connection information Map to define the remote host which is being connected to outbound connections.static java.lang.StringCONNECTION_INFO_REMOTE_PORTProperty used in the connection information Map to define the remote port which is being connected to outbound connections.static java.lang.StringDIRECTION_INBOUNDVariable used when the direction of the SSLContext is inbound.static java.lang.StringDIRECTION_OUTBOUNDVariable used when the direction of the SSLContext is outbound.static java.lang.StringDIRECTION_UNKNOWNVariable used when the direction of the SSLContext is not currently known.static java.lang.StringENDPOINT_ADMIN_IPCEndPoint name when using IPC protocol from the IPC connector for outbound connections.static java.lang.StringENDPOINT_ADMIN_SOAPEndPoint name when using SOAP protocol from the SOAP connector for outbound connections.static java.lang.StringENDPOINT_BUS_CLIENTEndPoint name when using BUS_CLIENT protocol for outbound connections.static java.lang.StringENDPOINT_BUS_TO_BUSEndPoint name when using ENDPOINT_BUS_TO_BUS protocol for outbound connections.static java.lang.StringENDPOINT_BUS_TO_WEBSPHERE_MQEndPoint name when using ENDPOINT_BUS_TO_WEBSPHERE_MQ protocol for outbound connections.static java.lang.StringENDPOINT_CLIENT_TO_WEBSPHERE_MQEndPoint name when using ENDPOINT_CLIENT_TO_WEBSPHERE_MQ protocol for outbound connections.static java.lang.StringENDPOINT_HTTPEndPoint name when using HTTP protocol for outbound connections.static java.lang.StringENDPOINT_IIOPEndPoint name when using IIOP protocol for outbound connections.static java.lang.StringENDPOINT_JMSEndPoint name when using JMS protocol for outbound connections.static java.lang.StringENDPOINT_LDAPEndPoint name when using LDAP (JNDI) protocol for outbound connections.static java.lang.StringENDPOINT_SIPEndPoint name when using SIP protocol for outbound connections.
-
Constructor Summary
Constructors Constructor Description JSSEHelper()Constructor.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description voidderegisterSSLConfigChangeListener(SSLConfigChangeListener listener)This method removes the specific SSLConfigChangeListener from the list of active listeners.booleandoesSSLConfigExist(java.lang.String sslAliasName)This method checks to ensure the SSL configuration name is known.java.util.Map<java.lang.String,java.lang.Object>getInboundConnectionInfo()This method is used to obtain information about the connection on the thread of execution.static JSSEHelpergetInstance()This method returns an instance of the JSSEHelper class.java.util.Map<java.lang.String,java.lang.Object>getOutboundConnectionInfo()This method is used to obtain information about the connection on the thread of execution.java.util.PropertiesgetProperties(java.lang.String sslAliasName)This method returns the SSL properties given a specific SSL configuration alias.java.util.PropertiesgetProperties(java.lang.String sslAliasName, java.util.Map<java.lang.String,java.lang.Object> connectionInfo, SSLConfigChangeListener listener)This method returns the effective SSL properties object for use by an SSL application or component.java.util.PropertiesgetProperties(java.lang.String sslAliasName, java.util.Map<java.lang.String,java.lang.Object> connectionInfo, SSLConfigChangeListener listener, boolean tryDefault)LikegetProperties(String, Map, SSLConfigChangeListener), except failing over to the default configuration is a choice.javax.net.ssl.SSLContextgetSSLContext(java.lang.String sslAliasName, java.util.Map<java.lang.String,java.lang.Object> connectionInfo, SSLConfigChangeListener listener)This method creates an SSLContext for use by an SSL application or component.javax.net.ssl.SSLContextgetSSLContext(java.lang.String sslAliasName, java.util.Map<java.lang.String,java.lang.Object> connectionInfo, SSLConfigChangeListener listener, boolean tryDefault)LikegetSSLContext(String, Map, SSLConfigChangeListener), failing over to the default configuration is a choice.javax.net.ssl.SSLContextgetSSLContext(java.util.Map<java.lang.String,java.lang.Object> connectionInfo, java.util.Properties props)This method creates an SSLContext given the SSL properties needed to create the SSLContext.java.util.PropertiesgetSSLPropertiesOnThread()This method allows the retrieving of SSL properties on the thread of execution.javax.net.ssl.SSLServerSocketFactorygetSSLServerSocketFactory(java.lang.String sslAliasName, java.util.Map<java.lang.String,java.lang.Object> connectionInfo, SSLConfigChangeListener listener)This method creates an SSLSocketFactory for use by an SSL application or component.javax.net.ssl.SSLServerSocketFactorygetSSLServerSocketFactory(java.util.Properties props)This method creates an SSLServerSocketFactory given the SSL configuration properties specified.javax.net.ssl.SSLSocketFactorygetSSLSocketFactory(java.lang.String sslAliasName, java.util.Map<java.lang.String,java.lang.Object> connectionInfo, SSLConfigChangeListener listener)This method creates an SSLSocketFactory for use by an SSL application or component.javax.net.ssl.SSLSocketFactorygetSSLSocketFactory(java.util.Map<java.lang.String,java.lang.Object> connectionInfo, java.util.Properties props)This method creates an SSLSocketFactory for use by an SSL application or component.java.net.URLStreamHandlergetURLStreamHandler(java.lang.String sslAliasName, java.util.Map<java.lang.String,java.lang.Object> connectionInfo, SSLConfigChangeListener listener)This method creates a URLStreamHandler for use by an SSL application or component.java.net.URLStreamHandlergetURLStreamHandler(java.util.Properties props)This method creates a URLStreamHandler specific SSL properties.voidregisterSSLConfigChangeListener(java.lang.String sslAliasName, java.util.Map<java.lang.String,java.lang.Object> connectionInfo, SSLConfigChangeListener listener)This method registers an SSLConfigChangeListener for the specific SSL configuration chosen based upon the parameters passed in using the precedence logic described in the JavaDoc for the getSSLContext API.voidreinitializeClientDefaultSSLProperties()This method is not implemented.voidsetInboundConnectionInfo(java.util.Map<java.lang.String,java.lang.Object> connectionInfo)This method sets information about the connection on the thread of execution.voidsetOutboundConnectionInfo(java.util.Map<java.lang.String,java.lang.Object> connectionInfo)This method sets information about the connection on the thread of execution.voidsetSSLPropertiesOnThread(java.util.Properties props)This has the highest precedence in terms of selection rules.voidvalidateSSLProperties(java.util.Properties props)This method attempts to create an SSLContext using the properties provided.
-
-
-
Field Detail
-
DIRECTION_INBOUND
public static final java.lang.String DIRECTION_INBOUND
Variable used when the direction of the SSLContext is inbound. This is associated to receiving requests or server-side sockets, etc. This helps with validation of the required SSL attributes.
- See Also:
- Constant Field Values
-
DIRECTION_OUTBOUND
public static final java.lang.String DIRECTION_OUTBOUND
Variable used when the direction of the SSLContext is outbound. This is associated to sending requests or client-side sockets, etc. This helps with validation of the required SSL attributes.
- See Also:
- Constant Field Values
-
DIRECTION_UNKNOWN
public static final java.lang.String DIRECTION_UNKNOWN
Variable used when the direction of the SSLContext is not currently known. This will require that a TrustStore and KeyStore are both specified.
- See Also:
- Constant Field Values
-
ENDPOINT_IIOP
public static final java.lang.String ENDPOINT_IIOP
EndPoint name when using IIOP protocol for outbound connections. The IIOP endpoint attribute is not used in Liberty. This attribute is available for compatibility purposes only.
- See Also:
- Constant Field Values
-
ENDPOINT_HTTP
public static final java.lang.String ENDPOINT_HTTP
EndPoint name when using HTTP protocol for outbound connections. The HTTP endpoint attribute is not used Liberty. This attribute is available for compatibility purposes only.
- See Also:
- Constant Field Values
-
ENDPOINT_SIP
public static final java.lang.String ENDPOINT_SIP
EndPoint name when using SIP protocol for outbound connections. The SIP endpoint attribute is not used Liberty. This attribute is available for compatibility purposes only.
- See Also:
- Constant Field Values
-
ENDPOINT_JMS
public static final java.lang.String ENDPOINT_JMS
EndPoint name when using JMS protocol for outbound connections. The JMS endpoint attribute is not used in Liberty. This attribute is available for compatibility purposes only.
- See Also:
- Constant Field Values
-
ENDPOINT_BUS_CLIENT
public static final java.lang.String ENDPOINT_BUS_CLIENT
EndPoint name when using BUS_CLIENT protocol for outbound connections. You cannot use the BUS_CLIENT endpoint attribute in Liberty. This attribute is available for compatibility purposes only.
- See Also:
- Constant Field Values
-
ENDPOINT_BUS_TO_WEBSPHERE_MQ
public static final java.lang.String ENDPOINT_BUS_TO_WEBSPHERE_MQ
EndPoint name when using ENDPOINT_BUS_TO_WEBSPHERE_MQ protocol for outbound connections. The ENDPOINT_BUS_TO_WEBSPHERE_MQ endpoint attribute is not in Liberty. This attribute is available for compatibility purposes only.
- See Also:
- Constant Field Values
-
ENDPOINT_BUS_TO_BUS
public static final java.lang.String ENDPOINT_BUS_TO_BUS
EndPoint name when using ENDPOINT_BUS_TO_BUS protocol for outbound connections. The ENDPOINT_BUS_TO_BUS endpoint attribute is not used in Liberty. This attribute is available for compatibility purposes only.
- See Also:
- Constant Field Values
-
ENDPOINT_CLIENT_TO_WEBSPHERE_MQ
public static final java.lang.String ENDPOINT_CLIENT_TO_WEBSPHERE_MQ
EndPoint name when using ENDPOINT_CLIENT_TO_WEBSPHERE_MQ protocol for outbound connections. The ENDPOINT_CLIENT_TO_WEBSPHERE_MQ endpoint attribute is not used in Liberty. This attribute is available for compatibility purposes only.
- See Also:
- Constant Field Values
-
ENDPOINT_LDAP
public static final java.lang.String ENDPOINT_LDAP
EndPoint name when using LDAP (JNDI) protocol for outbound connections. The LDAP endpoint attribute is not used in Liberty. This attribute is available for compatibility purposes only.
- See Also:
- Constant Field Values
-
ENDPOINT_ADMIN_SOAP
public static final java.lang.String ENDPOINT_ADMIN_SOAP
EndPoint name when using SOAP protocol from the SOAP connector for outbound connections. The SOAP endpoint attribute is not used in Liberty. This attribute is available for compatibility purposes only.
- See Also:
- Constant Field Values
-
ENDPOINT_ADMIN_IPC
public static final java.lang.String ENDPOINT_ADMIN_IPC
EndPoint name when using IPC protocol from the IPC connector for outbound connections. The IPC endpoint attribute is not used in Liberty. This attribute is available for compatibility purposes only.
- See Also:
- Constant Field Values
-
CONNECTION_INFO_DIRECTION
public static final java.lang.String CONNECTION_INFO_DIRECTION
Variable used for the connection information to determine SSLContext validation rules. Connection information mapping is not used in Liberty. This variable is available for compatibility purposes only.
- See Also:
- Constant Field Values
-
CONNECTION_INFO_ENDPOINT_NAME
public static final java.lang.String CONNECTION_INFO_ENDPOINT_NAME
Property used in the connection information Map to define the endpoint. Connection information mapping is not used in Liberty. This property is available for compatibility purposes only.
- See Also:
- Constant Field Values
-
CONNECTION_INFO_REMOTE_HOST
public static final java.lang.String CONNECTION_INFO_REMOTE_HOST
Property used in the connection information Map to define the remote host which is being connected to outbound connections. Connection information mapping is not used in Liberty. This property is available for compatibility purposes only.
- See Also:
- Constant Field Values
-
CONNECTION_INFO_REMOTE_PORT
public static final java.lang.String CONNECTION_INFO_REMOTE_PORT
Property used in the connection information Map to define the remote port which is being connected to outbound connections. Connection information mapping is not used in Liberty. This property is available for compatibility purposes only.
- See Also:
- Constant Field Values
-
CONNECTION_INFO_CERT_MAPPING_HOST
public static final java.lang.String CONNECTION_INFO_CERT_MAPPING_HOST
Property used in the connection information Map to define the host which is being connected to outbound connections. Connection information mapping is not used in Liberty. This property is available for compatibility purposes only.
- See Also:
- Constant Field Values
-
CONNECTION_INFO_IS_WEB_CONTAINER_INBOUND
public static final java.lang.String CONNECTION_INFO_IS_WEB_CONTAINER_INBOUND
Property used to determine if the connection is a Web Container inbound connection.
- See Also:
- Constant Field Values
-
-
Method Detail
-
getInstance
public static JSSEHelper getInstance()
This method returns an instance of the JSSEHelper class. This is the proper way to get a reference of this API class.
- Returns:
- JSSEHelper
-
setSSLPropertiesOnThread
public void setSSLPropertiesOnThread(java.util.Properties props)
This has the highest precedence in terms of selection rules. When the SSL runtime finds SSL properties on the thread, this should be used before anything else in the selection process. Using SSL properties from the thread is not support in the Liberty profile. This method exists for compatibility purposes.
It's important to clear the thread after use, especially where thread pools are used. It is not cleared up automatically. Pass in "null" to this API to clear it.
When Java 2 Security is enabled, access to call this method requires WebSphereRuntimePermission "setSSLConfig" to be granted.
- Parameters:
props- The SSL properties to set on the thread.
-
getSSLPropertiesOnThread
public java.util.Properties getSSLPropertiesOnThread()
This method allows the retrieving of SSL properties on the thread of execution. This can be used for verification purposes or to communicate SSL properties among components running on the same thread. Getting SSL properties form the thread is not used in Liberty. This method exits for compatibility purposes only.
When Java 2 Security is enabled, access to call this method requires WebSphereRuntimePermission "getSSLConfig" to be granted.
- Returns:
- Properties
-
getProperties
public java.util.Properties getProperties(java.lang.String sslAliasName) throws SSLExceptionThis method returns the SSL properties given a specific SSL configuration alias.
When Java 2 Security is enabled, access to call this method requires WebSphereRuntimePermission "getSSLConfig" to be granted.
- Parameters:
sslAliasName- - Name of the SSL configuration to get properties for.- Returns:
- Properties
- Throws:
SSLException
-
getSSLContext
public javax.net.ssl.SSLContext getSSLContext(java.util.Map<java.lang.String,java.lang.Object> connectionInfo, java.util.Properties props) throws SSLExceptionThis method creates an SSLContext given the SSL properties needed to create the SSLContext. The properties can be retrieved from the SSL configuration using the getProperties API in this class.
- Parameters:
connectionInfo- - contains information about the connection direction, host, port, etc.props- - the SSL properties- Returns:
- SSLContext
- Throws:
SSLException
-
getURLStreamHandler
public java.net.URLStreamHandler getURLStreamHandler(java.util.Properties props) throws SSLExceptionThis method creates a URLStreamHandler specific SSL properties. The URLStreamHandler is used for outbound URL connections.
- Parameters:
props- - the SSL properties (connectionInfo derived from URL)- Returns:
- URLStreamHandler
- Throws:
SSLException
-
getSSLServerSocketFactory
public javax.net.ssl.SSLServerSocketFactory getSSLServerSocketFactory(java.util.Properties props) throws SSLExceptionThis method creates an SSLServerSocketFactory given the SSL configuration properties specified. The properties can be retrieved from the SSL configuration using the getProperties API in this class.
- Parameters:
props-- Returns:
- SSLServerSocketFactory
- Throws:
SSLException
-
getSSLSocketFactory
public javax.net.ssl.SSLSocketFactory getSSLSocketFactory(java.util.Map<java.lang.String,java.lang.Object> connectionInfo, java.util.Properties props) throws SSLExceptionThis method creates an SSLSocketFactory for use by an SSL application or component. Precedence logic will determine which parameters are used for creating the SSLSocketFactory. See the JavaDoc for getSSLContext with the same parameters for more info on the behavior of this API.
When Java 2 Security is enabled, access to call this method requires WebSphereRuntimePermission "getSSLConfig" to be granted.
- Parameters:
connectionInfo- - This refers to the remote connection information. The current properties known by the runtime include:Example OUTBOUND case (endpoint refers more to protocol used since outbound names are not well-known):
- com.ibm.ssl.remoteHost="hostname.ibm.com"
- com.ibm.ssl.remotePort="9809"
- com.ibm.ssl.direction="outbound"
Example INBOUND case (endpoint name matches serverindex endpoint):
It's highly recommended to supply these properties when possible.com.ibm.ssl.direction="inbound"props- Properties used to configure the SSL socket factory. SeeConstantsfor valid properties.- Returns:
- SSLSocketFactory
- Throws:
SSLException
-
getSSLContext
public javax.net.ssl.SSLContext getSSLContext(java.lang.String sslAliasName, java.util.Map<java.lang.String,java.lang.Object> connectionInfo, SSLConfigChangeListener listener) throws SSLExceptionThis method creates an SSLContext for use by an SSL application or component. Precedence logic will determine which parameters are used for creating the SSLContext. The selection precedence rules are:
- Direct - The sslAliasName parameter, when specified, will be used to choose the alias directly from the SSL configurations.
- Dynamic - The remoteHost/remotePort String(s) will contain the target host, or host and port. A SSL configuration to be use for an outbound connection will be selected based on the host or host and port configured.
When Java 2 Security is enabled, access to call this method requires WebSphereRuntimePermission "getSSLConfig" to be granted.
- Parameters:
sslAliasName- - Used in direct selection. The alias name of a specific SSL configuration (optional). You can pass in "null" here. If sslAliasName is provided but does not exist it will check connection information for a match. Then look for a default if no match with the connection information.connectionInfo- - This refers to the remote connection information. The current properties known by the runtime include:Example OUTBOUND case (endpoint refers more to protocol used since outbound names are not well-known):
- com.ibm.ssl.remoteHost="hostname.ibm.com"
- com.ibm.ssl.remotePort="9809"
- com.ibm.ssl.direction="outbound"
Example INBOUND case (endpoint name matches serverindex endpoint):
It's highly recommended to supply these properties when possible.com.ibm.ssl.direction="inbound"listener- - This is used to notify the caller of this API that the SSL configuration changed in the runtime. It's up to the caller to decide if they want to call this API again to get the new SSLContext for the configuration. Passing in NULL indicates no notification is desired. See the com.ibm.websphere.ssl.SSLConfigChangeListener interface for more information.- Returns:
- SSLContext
- Throws:
SSLException
-
getSSLContext
public javax.net.ssl.SSLContext getSSLContext(java.lang.String sslAliasName, java.util.Map<java.lang.String,java.lang.Object> connectionInfo, SSLConfigChangeListener listener, boolean tryDefault) throws SSLException, SSLConfigurationNotAvailableExceptionLikegetSSLContext(String, Map, SSLConfigChangeListener), failing over to the default configuration is a choice.- Parameters:
sslAliasName- - Used in direct selection. The alias name of a specific SSL configuration (optional). You can pass in "null" here.connectionInfo- - This refers to the remote connection information. The current properties known by the runtime include:Example OUTBOUND case (endpoint refers more to protocol used since outbound names are not well-known):
- com.ibm.ssl.remoteHost="hostname.ibm.com"
- com.ibm.ssl.remotePort="9809"
- com.ibm.ssl.direction="outbound"
Example INBOUND case (endpoint name matches serverindex endpoint):
It's highly recommended to supply these properties when possible.com.ibm.ssl.direction="inbound"listener- - This is used to notify the caller of this API that the SSL configuration changed in the runtime. It's up to the caller to decide if they want to call this API again to get the new SSLContext for the configuration. Passing in NULL indicates no notification is desired. See the com.ibm.websphere.ssl.SSLConfigChangeListener interface for more information.tryDefault- if the specified alias is not available,trueindicates the default configuration should be tried.- Returns:
- Throws:
SSLExceptionSSLConfigurationNotAvailableException
-
getURLStreamHandler
public java.net.URLStreamHandler getURLStreamHandler(java.lang.String sslAliasName, java.util.Map<java.lang.String,java.lang.Object> connectionInfo, SSLConfigChangeListener listener) throws SSLExceptionThis method creates a URLStreamHandler for use by an SSL application or component. Precedence logic will determine which parameters are used for creating the URLStreamHandler. See the JavaDoc for getSSLContext with the same parameters for more info on the behavior of this API.
When Java 2 Security is enabled, access to call this method requires WebSphereRuntimePermission "getSSLConfig" to be granted.
- Parameters:
sslAliasName-connectionInfo-listener-- Returns:
- URLStreamHandler
- Throws:
SSLException
-
getSSLSocketFactory
public javax.net.ssl.SSLSocketFactory getSSLSocketFactory(java.lang.String sslAliasName, java.util.Map<java.lang.String,java.lang.Object> connectionInfo, SSLConfigChangeListener listener) throws SSLExceptionThis method creates an SSLSocketFactory for use by an SSL application or component. Precedence logic will determine which parameters are used for creating the SSLSocketFactory. See the JavaDoc for getSSLContext with the same parameters for more info on the behavior of this API.
When Java 2 Security is enabled, access to call this method requires WebSphereRuntimePermission "getSSLConfig" to be granted.
- Parameters:
sslAliasName- - Used in direct selection. The alias name of a specific SSL configuration (optional). You can pass in "null" here. If sslAliasName is provided but does not exist it will check connection information for a match. Then look for a default if no match with the connection information.connectionInfo- - This refers to the remote connection information. The current properties known by the runtime include:Example OUTBOUND case (endpoint refers more to protocol used since outbound names are not well-known):
- com.ibm.ssl.remoteHost="hostname.ibm.com"
- com.ibm.ssl.remotePort="9809"
- com.ibm.ssl.direction="outbound"
listener- - This is used to notify the caller of this API that the SSL configuration changed in the runtime. It's up to the caller to decide if they want to call this API again to get the new SSLContext for the configuration. Passing in NULL indicates no notification is desired. See the com.ibm.websphere.ssl.SSLConfigChangeListener interface for more information.- Returns:
- SSLSocketFactory
- Throws:
SSLException
-
getSSLServerSocketFactory
public javax.net.ssl.SSLServerSocketFactory getSSLServerSocketFactory(java.lang.String sslAliasName, java.util.Map<java.lang.String,java.lang.Object> connectionInfo, SSLConfigChangeListener listener) throws SSLExceptionThis method creates an SSLSocketFactory for use by an SSL application or component. Precedence logic will determine which parameters are used for creating the SSLSocketFactory. See the JavaDoc for getSSLContext with the same parameters for more info on the behavior of this API.
When Java 2 Security is enabled, access to call this method requires WebSphereRuntimePermission "getSSLConfig" to be granted.
- Parameters:
sslAliasName- - Used in direct selection. The alias name of a specific SSL configuration (optional). You can pass in "null" here. If sslAliasName is provided but does not exist it will check connection information for a match. Then look for a default if no match with the connection information.connectionInfo- - This refers to the remote connection information. The current properties known by the runtime include:Example INBOUND case (endpoint name matches serverindex endpoint):
It's highly recommended to supply these properties when possible.com.ibm.ssl.direction="inbound"listener- - This is used to notify the caller of this API that the SSL configuration changed in the runtime. It's up to the caller to decide if they want to call this API again to get the new SSLContext for the configuration. Passing in NULL indicates no notification is desired. See the com.ibm.websphere.ssl.SSLConfigChangeListener interface for more information.- Returns:
- SSLServerSocketFactory
- Throws:
SSLException
-
getProperties
public java.util.Properties getProperties(java.lang.String sslAliasName, java.util.Map<java.lang.String,java.lang.Object> connectionInfo, SSLConfigChangeListener listener) throws SSLExceptionThis method returns the effective SSL properties object for use by an SSL application or component.
When Java 2 Security is enabled, access to call this method requires WebSphereRuntimePermission "getSSLConfig" to be granted.
- Parameters:
sslAliasName- - Used in direct selection. The alias name of a specific SSL configuration (optional). You can pass in "null" here. If sslAliasName is provided but does not exist it will check connection information for a match. Then look for a default if no match with the connection information.connectionInfo- - This refers to the remote connection information. The current properties known by the runtime include:Example OUTBOUND case (endpoint refers more to protocol used since outbound names are not well-known):
- com.ibm.ssl.remoteHost="hostname.ibm.com"
- com.ibm.ssl.remotePort="9809"
- com.ibm.ssl.direction="outbound"
Example INBOUND case (endpoint name matches serverindex endpoint):
It's highly recommended to supply these properties when possible.com.ibm.ssl.direction="inbound"listener- - This is used to notify the caller of this API that the SSL configuration changed in the runtime. It's up to the caller to decide if they want to call this API again to get the new SSLContext for the configuration. Passing in NULL indicates no notification is desired. See the com.ibm.websphere.ssl.SSLConfigChangeListener interface for more information.- Returns:
- Properties for the requested sslAliasName. If the requested sslAliasName is not avialable, the default properties will be returned. If the default properties are not available, null is returned.
- Throws:
SSLException
-
getProperties
public java.util.Properties getProperties(java.lang.String sslAliasName, java.util.Map<java.lang.String,java.lang.Object> connectionInfo, SSLConfigChangeListener listener, boolean tryDefault) throws SSLExceptionLikegetProperties(String, Map, SSLConfigChangeListener), except failing over to the default configuration is a choice.- Parameters:
sslAliasName- - Used in direct selection. The alias name of a specific SSL configuration (optional). You can pass in "null" here. If sslAliasName is provided but does not exist it will check connection information for a match. Then look for a default if no match with the connection information.connectionInfo- - This refers to the remote connection information. The current properties known by the runtime include:Example OUTBOUND case (endpoint refers more to protocol used since outbound names are not well-known):
- com.ibm.ssl.remoteHost="hostname.ibm.com"
- com.ibm.ssl.remotePort="9809"
- com.ibm.ssl.direction="outbound"
Example INBOUND case (endpoint name matches serverindex endpoint):
It's highly recommended to supply these properties when possible.com.ibm.ssl.direction="inbound"listener- - This is used to notify the caller of this API that the SSL configuration changed in the runtime. It's up to the caller to decide if they want to call this API again to get the new SSLContext for the configuration. Passing in NULL indicates no notification is desired. See the com.ibm.websphere.ssl.SSLConfigChangeListener interface for more information.tryDefault- if the specified alias is not available,trueindicates the default configuration should be tried.- Returns:
- Properties for the requested sslAliasName. If the requested sslAliasName properties are not available, null is returned.
- Throws:
SSLException
-
registerSSLConfigChangeListener
public void registerSSLConfigChangeListener(java.lang.String sslAliasName, java.util.Map<java.lang.String,java.lang.Object> connectionInfo, SSLConfigChangeListener listener) throws SSLExceptionThis method registers an SSLConfigChangeListener for the specific SSL configuration chosen based upon the parameters passed in using the precedence logic described in the JavaDoc for the getSSLContext API. The SSLConfigChangeListener must be deregistered by deregisterSSLConfigChangeListener when it is no longer needed.
- Parameters:
sslAliasName-connectionInfo-listener-- Throws:
SSLException
-
deregisterSSLConfigChangeListener
public void deregisterSSLConfigChangeListener(SSLConfigChangeListener listener) throws SSLException
This method removes the specific SSLConfigChangeListener from the list of active listeners.
- Parameters:
listener-- Throws:
SSLException
-
doesSSLConfigExist
public boolean doesSSLConfigExist(java.lang.String sslAliasName)
This method checks to ensure the SSL configuration name is known.
- Parameters:
sslAliasName- - Name of the SSL configuration to check to see if it exits.- Returns:
- boolean
-
reinitializeClientDefaultSSLProperties
public void reinitializeClientDefaultSSLProperties()
This method is not implemented.
-
validateSSLProperties
public void validateSSLProperties(java.util.Properties props) throws SSLExceptionThis method attempts to create an SSLContext using the properties provided. It is assumed the API is called on the node where the KeyStore information specified in the properties resides.
- Parameters:
props- The SSL properties to validate.- Throws:
SSLException
-
getInboundConnectionInfo
public java.util.Map<java.lang.String,java.lang.Object> getInboundConnectionInfo()
This method is used to obtain information about the connection on the thread of execution. This connection information can then be used from Custom Key and Trust Managers.
- Returns:
- Map
-
setInboundConnectionInfo
public void setInboundConnectionInfo(java.util.Map<java.lang.String,java.lang.Object> connectionInfo)
This method sets information about the connection on the thread of execution. This connection information can then be used from Custom Key and Trust Managers. This method is invoked prior to an SSL handshake.
It's important to clear the thread after use, especially where thread pools are used. It is not cleared up automatically. Pass in "null" to this API to clear it.
- Parameters:
connectionInfo- - This refers to the inbound connection information.
-
getOutboundConnectionInfo
public java.util.Map<java.lang.String,java.lang.Object> getOutboundConnectionInfo()
This method is used to obtain information about the connection on the thread of execution. This connection information can then be used to set the connection information prior to creating and SSL socket.
- Returns:
- Map
-
setOutboundConnectionInfo
public void setOutboundConnectionInfo(java.util.Map<java.lang.String,java.lang.Object> connectionInfo)
This method sets information about the connection on the thread of execution. This method is invoked prior to creating an SSL socket.
It's important to clear the thread after use, especially where thread pools are used. It is not cleared up automatically. Pass in "null" to this API to clear it.
- Parameters:
connectionInfo-
-
-