Installing the HTTPS protocol handler  SSL properties

Chapter 4: Using SSL in Java Clients

Specifying protocol handlers at runtime

If you must use more than one HTTPS protocol handler in one EAServer or in one client application, you must call one of the java.net.URL constructors that takes a java.net.URLStreamHandler as a parameter. The specified java.net.URLStreamHandler instance overrides the default handler for the protocol specified by the URL. For example, to specify the EAServer HTTPS handler, use code like this:

import java.net.*;
import com.sybase.jaguar.net.JagURLStreamHandlerFactory;
import com.sybase.jaguar.net.HttpsURLConnection;

....

String url_string = "https://localhost:8081/index.html";

// The URL stream handler factory is required to create a stream
// handler.
JagURLStreamHandlerFactory fact = new JagURLStreamHandlerFactory();

// Extract the protocol from the front of the URL string
String protocol = url_string.substring(0, url_string.indexOf(":"));

// If the protocol is HTTPS, use the EAServer HTTPS handler. Otherwise,
// use the default handler
java.net.URL url;
if (protocol.equals("https"))
{
    url = new URL((URL)null, url_string,
        fact.createURLStreamHandler(protocol));
} else
{
    url = new URL(url_string);
}

StepsCreating HTTPS connections

  1. Configure or install the EAServer HTTPS protocol handler as described in “Installing the HTTPS protocol handler”.

  2. Create URL and URLConnection instances. If connecting to an EAServer, specify the address of an HTTPS listener that supports the desired level of security. For example:

    URL url = new URL("https://myhost:8081/index.html");
URLConnection conn = url.openConnection();

  3. Verify that the object returned by URL.openConnection is of class com.sybase.jaguar.net.HttpsURLConnection, then set SSL properties for the connection. “SSL properties” describes the SSL properties that can be set. At a minimum, you must specify the qop and pin properties, as well as the certificateLabel property if using mutual authentication. For example:

    if (conn instanceof HttpsURLConnection)
{
  HttpsURLConnection https_conn =     (HttpsURLConnection) conn;
  try
  {
    https_conn.setSSLProperty( "qop","sybpks_intl" ); 
    https_conn.setSSLProperty( "pin", "secret");
    https_conn.setSSLProperty(
           "certificateLabel", "John Smith");
  } 
  catch ( CtsSecurity.InvalidPropertyException ipe )
  {
    System.err.println( ipe );
  }
  catch ( CtsSecurity.InvalidValueException ive )
  {
    System.err.println( ive );
  }

  4. Open the connection, for example:

    conn.connect();

Once the connection is open, you can perform any valid operation for a connection that uses java.net.HTTPUrlConnection. You can also call the getSessionInfo method to retrieve a CtsSecurity.SSLSessionInfo instance that allows you to verify the SSL connection parameters. For example:

java.net.URLConnection conn;
... deleted code that constructed URLConnection ...
if (conn instanceof HttpsURLConnection)
{
  HttpsURLConnection https_conn =     (HttpsURLConnection) conn;
  CtsSecurity.SSLSessionInfo sessInfo = 
    https_conn.getSessionInfo();

The SSLSessionInfo methods allow you to determine the SSL session properties, such as the server’s address, the client certificate in use, the server certificate in use, and so forth. For more information, see the Interface Repository documentation for the CtsSecurity::SSLSessionInfo interface.




Copyright © 2006. Sybase Inc. All rights reserved. SSL properties

View this document as PDF