Table 4-1 lists the properties that can be set and retrieved with the HttpsURLConnection getSSLProperty, getGlobalProperty, setSSLProperty, and setGlobalProperty methods. Global properties are set and read with the getGlobalProperty and setGlobalProperty methods. Global properties affect all HTTPS connections, not just the HttpsUrlConnection instance on which they are set. The right column in Table 4-1 lists which methods are valid for each property.
Some properties, if not set or set incorrectly, cause the connection to invoke an SSL callback method. You can install a callback to respond to these cases with the callbackImpl global property. If you do not install an SSL callback, the default callback implementation aborts the connection attempt.
Property name |
Description |
Valid for methods |
|---|---|---|
pin |
Always required when using SSL. Specifies the PKCS #11 token PIN. This is required for logging in to a PKCS #11 token for client authentication and for retrieving trust information. This property cannot be retrieved. If not set, set to “any”, or set incorrectly, the connection invokes the getPin callback method. |
setSSLProperty setGlobalProperty |
certificateLabel |
Required when using mutual authentication. Specifies the client certificate to use if the connection requires mutual authentication. The label is a simple name that identifies an X.509 certificate/private key in a PKCS #11 token. If the property is not set and the connection requires mutual authentication, the connection invokes the getCertificateLabel callback method, passing an array of available certificate names as an input parameter. |
setSSLProperty getSSLProperty setGlobalProperty getGlobalProperty |
qop |
Always required when using SSL. Specifies the name of a security characteristic to use. See “Choosing a security characteristic” for more information. |
setSSLProperty getSSLProperty setGlobalProperty getGlobalProperty |
userData |
Specifies user data (String datatype). This is an optional property. Client code can set user data during connection initialization and access it using SSLSessionInfo::getProperty method in the SSL callback implementation. This may be useful as a mechanism to store connection-level context information that is otherwise not available through the SSLSessionInfo interface. |
setSSLProperty getSSLProperty setGlobalProperty getGlobalProperty |
callbackImpl |
Specifies the name of a Java class that implements the CtsSecurity.SSLCallbackIntf interface. For example: com.acme.AcmeSSLCallback See “Implementing an SSL callback” for more information. |
setGlobalProperty getGlobalProperty |
availableQop |
Retrieve only. A list of available security characteristics. The qop property can be set only to values that appear in this list. |
getGlobalProperty |
availableQopDesc |
Retrieve only. A list of descriptions for the available security characteristics, in the same order as listed in the value of the availableQop property. |
getGlobalProperty |
To use SSL, you must specify the name of an available security characteristic as the value for the qop property. The characteristic describes the CipherSuites the client uses when negotiating an SSL connection. When connecting, the client sends the list of CipherSuites that it uses to the server, and the server selects a cipher suite from that list. The server chooses the first cipher suite in the list that it can use. If the server cannot use any of the available CipherSuites, the connection fails.
Chapter 10, “Security Configuration Tasks” describes the security characteristics that are provided with EAServer. At runtime, you can retrieve a list of characteristics and their descriptions by retrieving the availableQop and availableQopDesc properties.
