Table 5-2 lists the properties that can be set and retrieved with the HttpsURLConnection getSSLProperty, getGlobalProperty, setSSLProperty, and setGlobalProperty methods. Global properties are set and read with the getGlobalProperty and setGlobalProperty methods. Global properties affect all HTTPS connections, not just the HttpsUrlConnection instance on which they are set. The right column in Table 5-2 lists which methods are valid for each property.
Some properties, if not set or set incorrectly, cause the connection to invoke an SSL callback method. You can install a callback to respond to these cases with the callbackImpl global property. If you do not install an SSL callback, the default callback implementation aborts the connection attempt.
Property name |
Description |
Valid for methods |
|---|---|---|
pin |
Always required when using SSL. Specifies the PKCS #11 token PIN. This is required for logging in to a PKCS #11 token for client authentication and for retrieving trust information. This property cannot be retrieved. If not set, set to “any”, or set incorrectly, the connection invokes the getPin callback method. |
setSSLProperty setGlobalProperty |
certificateLabel |
Required when using mutual authentication. Specifies the client certificate to use if the connection requires mutual authentication. The label is a simple name that identifies an X.509 certificate/private key in a PKCS #11 token. If the property is not set and the connection requires mutual authentication, the connection invokes the getCertificateLabel callback method, passing an array of available certificate names as an input parameter. |
setSSLProperty getSSLProperty setGlobalProperty getGlobalProperty |
qop |
Always required when using SSL. Specifies the name of a security characteristic to use. See “Choosing a security characteristic” for more information. |
setSSLProperty getSSLProperty setGlobalProperty getGlobalProperty |
userData |
Specifies user data (String datatype). This is an optional property. Client code can set user data during connection initialization and access it using SSLSessionInfo::getProperty method in the SSL callback implementation. This may be useful as a mechanism to store connection-level context information that is otherwise not available through the SSLSessionInfo interface. |
setSSLProperty getSSLProperty setGlobalProperty getGlobalProperty |
useEntrustID |
Specifies whether to use the Entrust ID or the Sybase PKCS #11 token for authentication. This is a Boolean (true or false) property. If this property is set to false, Sybase PKCS #11 token properties are valid and Entrust-specific properties are ignored. If this property is set to true, Entrust-specific properties are valid and Sybase PKCS #11 token properties are ignored. |
setSSLProperty getSSLProperty setGlobalProperty getGlobalProperty |
entrustUserProfile |
Specifies the full path to the file containing an Entrust user profile. This property is optional when the Entrust single-login feature is available and required when this feature is not available. If not set, the connection invokes the getCredentialAttribute callback method. |
setSSLProperty getSSLProperty setGlobalProperty getGlobalProperty |
entrustPassword |
Specifies the password for logging in to Entrust with the specified user profile. This property is optional when the Entrust single-login feature is available and required when this feature is not available. If the password is required but not set or set incorrectly, the connection invokes the getPin callback method. This property cannot be retrieved. |
setSSLProperty setGlobalProperty |
entrustIniFile |
Specifies the path name for the Entrust INI file that provides information on how to access Entrust. This is required when the useEntrustid property is set to true. If not set, the connection invokes the getCredentialAttribute callback method. |
setSSLProperty getSSLProperty setGlobalProperty getGlobalProperty |
callbackImpl |
Specifies the name of a Java class that implements the CtsSecurity.SSLCallbackIntf interface. For example: com.acme.AcmeSSLCallback See “Implementing an SSL callback” for more information. |
setGlobalProperty getGlobalProperty |
availableQop |
Retrieve only. A list of available security characteristics. The qop property can be set only to values that appear in this list. |
getGlobalProperty |
availableQopDesc |
Retrieve only. A list of descriptions for the available security characteristics, in the same order as listed in the value of the availableQop property. |
getGlobalProperty |
entrustReady |
Retrieve only. Returns true if Entrust PKI software is available on the client, false otherwise. |
getGlobalProperty |
To use SSL, you must specify the name of an available security characteristic as the value for the qop property. The characteristic describes the CipherSuites the client uses when negotiating an SSL connection. When connecting, the client sends the list of CipherSuites that it uses to the server, and the server selects a cipher suite from that list. The server chooses the first cipher suite in the list that it can use. If the server cannot use any of the available CipherSuites, the connection fails.
Chapter 13, “Security Configuration Tasks” describes the security characteristics that are provided with EAServer. At runtime, you can retrieve a list of characteristics and their descriptions by retrieving the availableQop and availableQopDesc properties.
