An SSL callback class must implement the CtsSecurity.SSLCallbackIntf interface. The ORB invokes callback methods when required SSL settings have not been configured or a setting has an incorrect value. To install the callback, call SSLServiceProvider.setGlobalProperty to set the callbackImpl property, as in the example below:
sslprov.setGlobalProperty("callbackImpl",
"Sample.ClientSSL.SSLCallbackExample.SSLCallbackExampleImpl");
The SSLCallbackIntf methods are as follows:
getCertificateLabel Called when the session requires mutual authentication and a certificate label has not been provided in ORB properties or in SSLServiceProvider global properties. The callback receives an array of available certificate labels as an input parameter, and must return one of them or throw an exception to abort the connection attempt.
getCredentialAttribute Called when additional information is required to use an Entrust certificate, such as the path to the Entrust profile file, or the path to the entrust.ini file.
getPin Called when the certificate password has not been specified in ORB or SSLServiceProvider properties, or if the supplied password was incorrect. The implementation should check the “tokenName” property of the SSLSessionInfo instance to determine whether the requested password is for the Sybase certificate database or for an Entrust profile. Your implementation can throw an CtsSecurity.UserAbortedException to abort the connection attempt.
trustVerify Called when the correct PIN for the certificate database has not been set, or if the server has presented a questionable certificate. The callback response determines whether the connection is allowed and, optionally, whether the certificate should be added to the local EAServer client certificate database.
Reason code |
Description |
|---|---|
CtsSecurity. REASON_TRUSTDBPINNOTSET. value |
The password for the certificate database has not been set. Return CtsSecurity.TRUST_FAILED.value to cause the ORB to call the getPin callback method. |
CtsSecurity. REASON_TRUSTDBLOGINFAILED. value |
The password for the certificate database was incorrect. Return CtsSecurity.TRUST_FAILED.value to cause the ORB to call the getPin callback method. |
CtsSecurity. REASON_UNKNOWN_CA. value |
The root CA in the server’s certificate chain is not listed in the Sybase certificate database. |
CtsSecurity. REASON_CHAIN_EXPIRED. value |
At least one certificate in the server’s certificate chain has expired. |
CtsSecurity. REASON_CHAIN_INCOMPLETE. value |
Servers certificate chain is incomplete. The ORB cannot complete the chain using the CA certificates in the Sybase certificate database. |
You must implement all of these methods in your class. If your implementation of a method does not process the request, throw an org.omg.CORBA.NO_IMPLEMENT exception so that the ORB uses the default response.
For more information about these callback methods, see the documentation for the CtsSecurity::SSLCallback interface in the generated Interface Repository documentation. “Sample Java applications that use SSL” describes the SSL sample applications. These samples include an example SSL callback that interacts with the user.
| Copyright © 2005. Sybase Inc. All rights reserved. |
|
|
