IBM WebSphere Application ServerTM
Release 8

com.ibm.websphere.ssl
Class JSSEHelper

java.lang.Object
  extended by com.ibm.websphere.ssl.JSSEHelper

public class JSSEHelper
extends java.lang.Object

This class is for components and applications to utilize the SSL configuration framework for selecting SSL configurations and turning them into SSL objects such as SSLContext, Properties, URLStreamHandlers, and SocketFactories.

Since:
WAS 6.1
Version:
1.0

Field Summary
static java.lang.String CONNECTION_INFO_CERT_MAPPING_HOST
           Property used in the connection information Map to define the host which is being connected to for dynamic selection of the certificate map.
static java.lang.String CONNECTION_INFO_DIRECTION
           Variable used for the connection information to determine SSLContext validation rules.
static java.lang.String CONNECTION_INFO_ENDPOINT_NAME
           Property used in the connection information Map to define the endpoint for dynamic and group selection.
static java.lang.String CONNECTION_INFO_IS_WEB_CONTAINER_INBOUND
           Property used to determine if the connection is a Web Container inbound connection.
static java.lang.String CONNECTION_INFO_REMOTE_HOST
           Property used in the connection information Map to define the remote host which is being connected to for dynamic selection.
static java.lang.String CONNECTION_INFO_REMOTE_PORT
           Property used in the connection information Map to define the remote port which is being connected to for dynamic selection.
static java.lang.String DIRECTION_INBOUND
           Variable used when the direction of the SSLContext is inbound.
static java.lang.String DIRECTION_OUTBOUND
           Variable used when the direction of the SSLContext is outbound.
static java.lang.String DIRECTION_UNKNOWN
           Variable used when the direction of the SSLContext is not currently known.
static java.lang.String ENDPOINT_ADMIN_IPC
           EndPoint name when using IPC protocol from the IPC connector for outbound connections.
static java.lang.String ENDPOINT_ADMIN_SOAP
           EndPoint name when using SOAP protocol from the SOAP connector for outbound connections.
static java.lang.String ENDPOINT_BUS_CLIENT
           EndPoint name when using BUS_CLIENT protocol for outbound connections.
static java.lang.String ENDPOINT_BUS_TO_BUS
           EndPoint name when using ENDPOINT_BUS_TO_BUS protocol for outbound connections.
static java.lang.String ENDPOINT_BUS_TO_WEBSPHERE_MQ
           EndPoint name when using ENDPOINT_BUS_TO_WEBSPHERE_MQ protocol for outbound connections.
static java.lang.String ENDPOINT_CLIENT_TO_WEBSPHERE_MQ
           EndPoint name when using ENDPOINT_CLIENT_TO_WEBSPHERE_MQ protocol for outbound connections.
static java.lang.String ENDPOINT_HTTP
           EndPoint name when using HTTP protocol for outbound connections.
static java.lang.String ENDPOINT_IIOP
           EndPoint name when using IIOP protocol for outbound connections.
static java.lang.String ENDPOINT_JMS
           EndPoint name when using JMS protocol for outbound connections.
static java.lang.String ENDPOINT_LDAP
           EndPoint name when using LDAP (JNDI) protocol for outbound connections.
static java.lang.String ENDPOINT_SIP
           EndPoint name when using SIP protocol for outbound connections.
static int SECURITY_MODE_FIPS_140_2
           Variable indicating FIPS status - FIPS 140-2
static int SECURITY_MODE_FIPS_DISABLED
           Variable indicating FIPS status - FIPS is disabled.
static int SECURITY_MODE_SP_800_131_STRICT
           Variable indicating FIPS status - SP 800-131 Strict
static int SECURITY_MODE_SP_800_131_TRANSITION
           Variable indicating FIPS status - SP 800-131 Transition
static int SECURITY_MODE_SUITE_B_128
           Variable indicating FIPS status - SUITE B 128
static int SECURITY_MODE_SUITE_B_192
           Variable indicating FIPS status - Suite B 192
 
Constructor Summary
JSSEHelper()
           
 
Method Summary
 void deregisterSSLConfigChangeListener(SSLConfigChangeListener listener)
           This method removes the specific SSLConfigChangeListener from the list of active listeners.
 boolean doesSSLConfigExist(java.lang.String sslAliasName)
           This method checks to ensure the SSL configuration name is known in the management scope where the API is called.
 int getFipsInfo()
           This method provides current FIPS configuration information
 java.util.Map getInboundConnectionInfo()
           This method is used to obtain information about the connection on the thread of execution.
static JSSEHelper getInstance()
           This method returns an instance of the JSSEHelper class.
 java.util.Map getOutboundConnectionInfo()
           This method is used to obtain information about the connection on the thread of execution.
 java.util.Properties getProperties(java.lang.String sslAliasName)
           This method returns the SSL properties given a specific SSL configuration alias.
 java.util.Properties getProperties(java.lang.String sslAliasName, java.util.Map connectionInfo, SSLConfigChangeListener listener)
           This method returns the effective SSL properties object for use by an SSL application or component.
 javax.net.ssl.SSLContext getSSLContext(java.util.Map connectionInfo, java.util.Properties props)
           This method creates an SSLContext given a specific direction ("inbound" or "outbound") and the SSL properties needed to create the SSLContext.
 javax.net.ssl.SSLContext getSSLContext(java.lang.String sslAliasName, java.util.Map connectionInfo, SSLConfigChangeListener listener)
           This method creates an SSLContext for use by an SSL application or component.
 java.util.Properties getSSLPropertiesOnThread()
           This method allows the retrieving of SSL properties on the thread of execution.
 javax.net.ssl.SSLServerSocketFactory getSSLServerSocketFactory(java.util.Properties props)
           This method creates an SSLServerSocketFactory given the SSL configuration properties specified.
 javax.net.ssl.SSLServerSocketFactory getSSLServerSocketFactory(java.lang.String sslAliasName, java.util.Map connectionInfo, SSLConfigChangeListener listener)
           This method creates an SSLSocketFactory for use by an SSL application or component.
 javax.net.ssl.SSLSocketFactory getSSLSocketFactory(java.util.Map connectionInfo, java.util.Properties props)
           This method creates an SSLContext based on the SSL properties specified.
 javax.net.ssl.SSLSocketFactory getSSLSocketFactory(java.lang.String sslAliasName, java.util.Map connectionInfo, SSLConfigChangeListener listener)
           This method creates an SSLSocketFactory for use by an SSL application or component.
 java.net.URLStreamHandler getURLStreamHandler(java.util.Properties props)
           This method creates a URLStreamHandler specific SSL properties.
 java.net.URLStreamHandler getURLStreamHandler(java.lang.String sslAliasName, java.util.Map connectionInfo, SSLConfigChangeListener listener)
           This method creates a URLStreamHandler for use by an SSL application or component.
 void loadClientSSLPropertiesFromURL(java.lang.String configURL, boolean reinitialize)
           This method loads a client-side SSL properties file in the exact same format as the "ssl.client.props".
 void registerSSLConfigChangeListener(java.lang.String sslAliasName, java.util.Map connectionInfo, SSLConfigChangeListener listener)
           This method registers an SSLConfigChangeListener for the specific SSL configuration chosen based upon the parameters passed in using the precedence logic described in the JavaDoc for the getSSLContext API.
 void reinitializeClientDefaultSSLProperties()
           This method causes a reinitialization of the SSL properties that are located in default locations for sas.client.props, soap.client.props or ssl.client.props.
 void setInboundConnectionInfo(java.util.Map connectionInfo)
           This method sets information about the connection on the thread of execution.
 void setOutboundConnectionInfo(java.util.Map connectionInfo)
           This method sets information about the connection on the thread of execution.
 void setSSLPropertiesOnThread(java.util.Properties props)
           This method allows the setting of SSL properties on the thread of execution.
 void validateSSLProperties(java.util.Properties props)
           This method attempts to create an SSLContext using the properties provided.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

DIRECTION_INBOUND

public static final java.lang.String DIRECTION_INBOUND

Variable used when the direction of the SSLContext is inbound. This is associated to receiving requests or server-side sockets, etc. This helps with validation of the required SSL attributes.

See Also:
Constant Field Values

DIRECTION_OUTBOUND

public static final java.lang.String DIRECTION_OUTBOUND

Variable used when the direction of the SSLContext is outbound. This is associated to sending requests or client-side sockets, etc. This helps with validation of the required SSL attributes.

See Also:
Constant Field Values

DIRECTION_UNKNOWN

public static final java.lang.String DIRECTION_UNKNOWN

Variable used when the direction of the SSLContext is not currently known. This will require that a TrustStore and KeyStore are both specified.

See Also:
Constant Field Values

ENDPOINT_IIOP

public static final java.lang.String ENDPOINT_IIOP

EndPoint name when using IIOP protocol for outbound connections.

See Also:
Constant Field Values

ENDPOINT_HTTP

public static final java.lang.String ENDPOINT_HTTP

EndPoint name when using HTTP protocol for outbound connections.

See Also:
Constant Field Values

ENDPOINT_SIP

public static final java.lang.String ENDPOINT_SIP

EndPoint name when using SIP protocol for outbound connections.

See Also:
Constant Field Values

ENDPOINT_JMS

public static final java.lang.String ENDPOINT_JMS

EndPoint name when using JMS protocol for outbound connections.

See Also:
Constant Field Values

ENDPOINT_BUS_CLIENT

public static final java.lang.String ENDPOINT_BUS_CLIENT

EndPoint name when using BUS_CLIENT protocol for outbound connections.

See Also:
Constant Field Values

ENDPOINT_BUS_TO_WEBSPHERE_MQ

public static final java.lang.String ENDPOINT_BUS_TO_WEBSPHERE_MQ

EndPoint name when using ENDPOINT_BUS_TO_WEBSPHERE_MQ protocol for outbound connections.

See Also:
Constant Field Values

ENDPOINT_BUS_TO_BUS

public static final java.lang.String ENDPOINT_BUS_TO_BUS

EndPoint name when using ENDPOINT_BUS_TO_BUS protocol for outbound connections.

See Also:
Constant Field Values

ENDPOINT_CLIENT_TO_WEBSPHERE_MQ

public static final java.lang.String ENDPOINT_CLIENT_TO_WEBSPHERE_MQ

EndPoint name when using ENDPOINT_CLIENT_TO_WEBSPHERE_MQ protocol for outbound connections.

See Also:
Constant Field Values

ENDPOINT_LDAP

public static final java.lang.String ENDPOINT_LDAP

EndPoint name when using LDAP (JNDI) protocol for outbound connections.

See Also:
Constant Field Values

ENDPOINT_ADMIN_SOAP

public static final java.lang.String ENDPOINT_ADMIN_SOAP

EndPoint name when using SOAP protocol from the SOAP connector for outbound connections.

See Also:
Constant Field Values

ENDPOINT_ADMIN_IPC

public static final java.lang.String ENDPOINT_ADMIN_IPC

EndPoint name when using IPC protocol from the IPC connector for outbound connections.

See Also:
Constant Field Values

CONNECTION_INFO_DIRECTION

public static final java.lang.String CONNECTION_INFO_DIRECTION

Variable used for the connection information to determine SSLContext validation rules.

See Also:
Constant Field Values

CONNECTION_INFO_ENDPOINT_NAME

public static final java.lang.String CONNECTION_INFO_ENDPOINT_NAME

Property used in the connection information Map to define the endpoint for dynamic and group selection.

See Also:
Constant Field Values

CONNECTION_INFO_REMOTE_HOST

public static final java.lang.String CONNECTION_INFO_REMOTE_HOST

Property used in the connection information Map to define the remote host which is being connected to for dynamic selection. The host can be in the DNS or IP formats. It is preferred to be in the DNS format. The format should match the com.ibm.ssl.dynamicSelectionInfo property information in order for a match to occur.

See Also:
Constant Field Values

CONNECTION_INFO_REMOTE_PORT

public static final java.lang.String CONNECTION_INFO_REMOTE_PORT

Property used in the connection information Map to define the remote port which is being connected to for dynamic selection. The port should be the exact port being connected to so an accurate dynamic selection can be made.

See Also:
Constant Field Values

CONNECTION_INFO_CERT_MAPPING_HOST

public static final java.lang.String CONNECTION_INFO_CERT_MAPPING_HOST

Property used in the connection information Map to define the host which is being connected to for dynamic selection of the certificate map. The host should be in the IP format.

See Also:
Constant Field Values

CONNECTION_INFO_IS_WEB_CONTAINER_INBOUND

public static final java.lang.String CONNECTION_INFO_IS_WEB_CONTAINER_INBOUND

Property used to determine if the connection is a Web Container inbound connection.

See Also:
Constant Field Values

SECURITY_MODE_FIPS_DISABLED

public static final int SECURITY_MODE_FIPS_DISABLED

Variable indicating FIPS status - FIPS is disabled.

See Also:
Constant Field Values

SECURITY_MODE_FIPS_140_2

public static final int SECURITY_MODE_FIPS_140_2

Variable indicating FIPS status - FIPS 140-2

See Also:
Constant Field Values

SECURITY_MODE_SP_800_131_TRANSITION

public static final int SECURITY_MODE_SP_800_131_TRANSITION

Variable indicating FIPS status - SP 800-131 Transition

See Also:
Constant Field Values

SECURITY_MODE_SP_800_131_STRICT

public static final int SECURITY_MODE_SP_800_131_STRICT

Variable indicating FIPS status - SP 800-131 Strict

See Also:
Constant Field Values

SECURITY_MODE_SUITE_B_128

public static final int SECURITY_MODE_SUITE_B_128

Variable indicating FIPS status - SUITE B 128

See Also:
Constant Field Values

SECURITY_MODE_SUITE_B_192

public static final int SECURITY_MODE_SUITE_B_192

Variable indicating FIPS status - Suite B 192

See Also:
Constant Field Values
Constructor Detail

JSSEHelper

public JSSEHelper()
Method Detail

getInstance

public static JSSEHelper getInstance()

This method returns an instance of the JSSEHelper class. This is the proper way to get a reference of this API class.

Returns:
JSSEHelper

setSSLPropertiesOnThread

public void setSSLPropertiesOnThread(java.util.Properties props)

This method allows the setting of SSL properties on the thread of execution. This has the highest precedence in terms of selection rules. When the SSL runtime finds SSL properties on the thread, this should be used before anything else in the selection process.

It's important to clear the thread after use, especially where thread pools are used. It is not cleared up automatically. Pass in "null" to this API to clear it.

When Java 2 Security is enabled, access to call this method requires WebSphereRuntimePermission "setSSLConfig" to be granted.

Parameters:
java.util.Properties -

getSSLPropertiesOnThread

public java.util.Properties getSSLPropertiesOnThread()

This method allows the retrieving of SSL properties on the thread of execution. This can be used for verification purposes or to communicate SSL properties among components running on the same thread.

When Java 2 Security is enabled, access to call this method requires WebSphereRuntimePermission "getSSLConfig" to be granted.

Returns:
java.util.Properties

getProperties

public java.util.Properties getProperties(java.lang.String sslAliasName)
                                   throws SSLException

This method returns the SSL properties given a specific SSL configuration alias.

When Java 2 Security is enabled, access to call this method requires WebSphereRuntimePermission "getSSLConfig" to be granted.

Parameters:
String - sslAliasName
Returns:
java.util.Properties
Throws:
SSLException

getSSLContext

public javax.net.ssl.SSLContext getSSLContext(java.util.Map connectionInfo,
                                              java.util.Properties props)
                                       throws SSLException

This method creates an SSLContext given a specific direction ("inbound" or "outbound") and the SSL properties needed to create the SSLContext. The properties can be retrieved from the SSL configuration using the getProperties API in this class.

Parameters:
java.util.Map - connectionInfo - contains information about the connection direction, host, port, etc.
java.util.Properties - sslProps - the SSL properties
Returns:
javax.net.ssl.SSLContext
Throws:
SSLException

getURLStreamHandler

public java.net.URLStreamHandler getURLStreamHandler(java.util.Properties props)
                                              throws SSLException

This method creates a URLStreamHandler specific SSL properties. The URLStreamHandler is used for outbound URL connections.

Parameters:
java.util.Properties - sslProps - the SSL properties (connectionInfo derived from URL)
Returns:
java.net.URLStreamHandler
Throws:
SSLException

getSSLServerSocketFactory

public javax.net.ssl.SSLServerSocketFactory getSSLServerSocketFactory(java.util.Properties props)
                                                               throws SSLException

This method creates an SSLServerSocketFactory given the SSL configuration properties specified. The properties can be retrieved from the SSL configuration using the getProperties API in this class.

Parameters:
java.util.Properties - sslProps
Returns:
javax.net.ssl.SSLServerSocketFactory
Throws:
SSLException

getSSLSocketFactory

public javax.net.ssl.SSLSocketFactory getSSLSocketFactory(java.util.Map connectionInfo,
                                                          java.util.Properties props)
                                                   throws SSLException

This method creates an SSLContext based on the SSL properties specified. The properties can be retrieved from the SSL configuration using the getProperties API in this class. The connectionInfo can be used by a custom TrustManager for further trust evaluation.

Parameters:
java.util.Map - connectionInfo - contains information about the connection direction, endpoint, host, port, etc.
java.util.Properties - sslProps - the SSL properties that will be used.
Returns:
javax.net.ssl.SSLSocketFactory
Throws:
SSLException

getSSLContext

public javax.net.ssl.SSLContext getSSLContext(java.lang.String sslAliasName,
                                              java.util.Map connectionInfo,
                                              SSLConfigChangeListener listener)
                                       throws SSLException

This method creates an SSLContext for use by an SSL application or component. Precedence logic will determine which parameters are used for creating the SSLContext. The selection precendence rules are:

1. Programmatic - The SSL properties have been set on the thread of execution using the setPropertiesOnThread API. This is used for "outbound" directions only.

2. Dynamic - The remoteHost/remotePort String(s) will contain the target host DNS, host, or host/port. A configuration panel and command task for making the SSL configuration association with this target information is provided.

3. Direct - The sslAliasName parameter, when specified, will be used to choose the alias directly from the SSL configurations.

4. Grouping - Finally, the management scope which this API is called from will be the deciding factor in choosing an SSL configuration. A topology view is provided in the AdminConsole for associating SSL configurations with management scopes. Inheritance plays a role so associations at higher levels will be inherited at lower levels, unless overridden at the lower levels. The endPoint parameter is used in combination with the scope which this API is calling from. If the endPoint is not specified, the API will look at the server, cluster, node, nodegroup, and finally cell. There will always be an SSL configuration associated with the Cell, so this API guarantees selecting an SSL configuration.

When Java 2 Security is enabled, access to call this method requires WebSphereRuntimePermission "getSSLConfig" to be granted.

Parameters:
String - sslAliasName - Used in direct selection. The alias name of a specific SSL configuration (optional). You can pass in "null" here.
java.util.Map - connectionInfo - Used in dynamic selection and by custom TrustManagers. This refers to the remote connection information. The current properties known by the runtime include:

Example OUTBOUND case (endpoint refers more to protocol used since outbound names are not well-known): com.ibm.ssl.remoteHost="hostname.ibm.com" com.ibm.ssl.remotePort="9809" com.ibm.ssl.direction="outbound" com.ibm.ssl.endPointName="IIOP"

Example INBOUND case (endpoint name matches serverindex endpoint): com.ibm.ssl.direction="inbound" com.ibm.ssl.endPointName="CSIV2_SSL_MUTUALAUTH_LISTENER_ADDRESS"

It's highly recommended to supply these properties when possible.
com.ibm.websphere.ssl.SSLConfigChangeListener - - This is used to notify the caller of this API that the SSL configuration changed in the runtime. It's up to the caller to decide if they want to call this API again to get the new SSLContext for the configuration. Passing in NULL indicates no notification is desired. See the com.ibm.websphere.ssl.SSLConfigChangeListener interface for more information.
Returns:
javax.net.ssl.SSLContext
Throws:
SSLException

getURLStreamHandler

public java.net.URLStreamHandler getURLStreamHandler(java.lang.String sslAliasName,
                                                     java.util.Map connectionInfo,
                                                     SSLConfigChangeListener listener)
                                              throws SSLException

This method creates a URLStreamHandler for use by an SSL application or component. Precedence logic will determine which parameters are used for creating the URLStreamHandler. See the JavaDoc for getSSLContext with the same parameters for more info on the behavior of this API.

When Java 2 Security is enabled, access to call this method requires WebSphereRuntimePermission "getSSLConfig" to be granted.

Parameters:
java.lang.String - sslAliasName
java.util.Map - connectionInfo
com.ibm.websphere.ssl.SSLConfigChangeListener -
Returns:
java.net.URLStreamHandler
Throws:
SSLException

getSSLSocketFactory

public javax.net.ssl.SSLSocketFactory getSSLSocketFactory(java.lang.String sslAliasName,
                                                          java.util.Map connectionInfo,
                                                          SSLConfigChangeListener listener)
                                                   throws SSLException

This method creates an SSLSocketFactory for use by an SSL application or component. Precedence logic will determine which parameters are used for creating the SSLSocketFactory. See the JavaDoc for getSSLContext with the same parameters for more info on the behavior of this API.

When Java 2 Security is enabled, access to call this method requires WebSphereRuntimePermission "getSSLConfig" to be granted.

Parameters:
java.lang.String - sslAliasName
java.util.Map - connectionInfo
com.ibm.websphere.ssl.SSLConfigChangeListener -
Returns:
javax.net.ssl.SSLSocketFactory
Throws:
SSLException

getSSLServerSocketFactory

public javax.net.ssl.SSLServerSocketFactory getSSLServerSocketFactory(java.lang.String sslAliasName,
                                                                      java.util.Map connectionInfo,
                                                                      SSLConfigChangeListener listener)
                                                               throws SSLException

This method creates an SSLSocketFactory for use by an SSL application or component. Precedence logic will determine which parameters are used for creating the SSLSocketFactory. See the JavaDoc for getSSLContext with the same parameters for more info on the behavior of this API.

When Java 2 Security is enabled, access to call this method requires WebSphereRuntimePermission "getSSLConfig" to be granted.

Parameters:
java.lang.String - sslAliasName (optional)
java.util.Map - connectionInfo (optional)
com.ibm.websphere.ssl.SSLConfigChangeListener - (optional)
Returns:
javax.net.ssl.SSLServerSocketFactory
Throws:
SSLException

getProperties

public java.util.Properties getProperties(java.lang.String sslAliasName,
                                          java.util.Map connectionInfo,
                                          SSLConfigChangeListener listener)
                                   throws SSLException

This method returns the effective SSL properties object for use by an SSL application or component. Precedence logic will determine which parameters are used for creating the Properties. See the JavaDoc for getSSLContext with the same parameters for more info on the behavior of this API. If the SSLConfigChangeListener is non null, it must be deregistered by deregisterSSLConfigChangeListener when it is no longer needed.

When Java 2 Security is enabled, access to call this method requires WebSphereRuntimePermission "getSSLConfig" to be granted.

Parameters:
java.lang.String - sslAliasName (optional)
java.util.Map - connectionInfo (optional)
com.ibm.websphere.ssl.SSLConfigChangeListener - (optional)
Returns:
java.util.Properties
Throws:
SSLException

registerSSLConfigChangeListener

public void registerSSLConfigChangeListener(java.lang.String sslAliasName,
                                            java.util.Map connectionInfo,
                                            SSLConfigChangeListener listener)
                                     throws SSLException

This method registers an SSLConfigChangeListener for the specific SSL configuration chosen based upon the parameters passed in using the precedence logic described in the JavaDoc for the getSSLContext API. The SSLConfigChangeListener must be deregistered by deregisterSSLConfigChangeListener when it is no longer needed.

Parameters:
String - sslAliasName
java.util.Map - connectionInfo
com.ibm.websphere.ssl.SSLConfigChangeListener -
Throws:
SSLException

deregisterSSLConfigChangeListener

public void deregisterSSLConfigChangeListener(SSLConfigChangeListener listener)
                                       throws SSLException

This method removes the specific SSLConfigChangeListener from the list of active listeners.

Parameters:
SSLConfigChangeListener -
Throws:
SSLException

doesSSLConfigExist

public boolean doesSSLConfigExist(java.lang.String sslAliasName)

This method checks to ensure the SSL configuration name is known in the management scope where the API is called. It will return true if the SSL configuration name is found in the scope. Otherwise, false will be returned.

Parameters:
String - sslAliasName

loadClientSSLPropertiesFromURL

public void loadClientSSLPropertiesFromURL(java.lang.String configURL,
                                           boolean reinitialize)

This method loads a client-side SSL properties file in the exact same format as the "ssl.client.props". The reinitialize flag should be set to "true" if this file has already been loaded once and you intend the changes to send notifications to listeners interested in knowing about changes to the SSL configurations. If this is the first time loading this configURL, set reinitialize to "false".

Parameters:
String - configURL - the file containing one or more SSL configurations Example: file:C:/WebSphere/AppServer/profiles/Dmgr01/properties/ssl.client.props
boolean - reinitialize - if this configURL was loaded already, this should be true, otherwise false.
See Also:
com.ibm.websphere.ssl.JSSEHelper.reinitializeClientDefaultSSLProperties

reinitializeClientDefaultSSLProperties

public void reinitializeClientDefaultSSLProperties()

This method causes a reinitialization of the SSL properties that are located in default locations for sas.client.props, soap.client.props or ssl.client.props. Additional SSL configurations can be specified in the ssl.client.props.

See Also:
com.ibm.websphere.ssl.JSSEHelper.loadClientSSLPropertiesFromURL

validateSSLProperties

public void validateSSLProperties(java.util.Properties props)
                           throws SSLException

This method attempts to create an SSLContext using the properties provided. It is assumed the API is called on the node where the KeyStore information specified in the properties resides.

Parameters:
java.util.Properties -
Throws:
SSLException

getInboundConnectionInfo

public java.util.Map getInboundConnectionInfo()

This method is used to obtain information about the connection on the thread of execution. This connection information can then be used from Custom Key and Trust Managers.

Returns:
java.util.Map

setInboundConnectionInfo

public void setInboundConnectionInfo(java.util.Map connectionInfo)

This method sets information about the connection on the thread of execution. This connection information can then be used from Custom Key and Trust Managers. This method is invoked prior to an SSL handshake.

It's important to clear the thread after use, especially where thread pools are used. It is not cleared up automatically. Pass in "null" to this API to clear it.

Parameters:
java.util.Map - connectionInfo - Used in dynamic selection and by custom KeyManagers. This refers to the inbound connection information. For certificate mapping usage these properties need to be provided, for example: com.ibm.ssl.certMappingHost="hostname.ibm.com" com.ibm.ssl.isWebContainerInbound= new Boolean(true);

getOutboundConnectionInfo

public java.util.Map getOutboundConnectionInfo()

This method is used to obtain information about the connection on the thread of execution. This connection information can then be used to set the connection information prior to creating and SSL socket.

Returns:
java.util.Map

setOutboundConnectionInfo

public void setOutboundConnectionInfo(java.util.Map connectionInfo)

This method sets information about the connection on the thread of execution. This method is invoked prior to creating an SSL socket.

It's important to clear the thread after use, especially where thread pools are used. It is not cleared up automatically. Pass in "null" to this API to clear it.

Parameters:
java.util.Map - connectionInfo - Used

getFipsInfo

public int getFipsInfo()

This method provides current FIPS configuration information

Returns:
integer that represents current FIPS status JSSEHelper.SECURITY_MODE_FIPS_DISABLED = 0 JSSEHelper.SECURITY_MODE_FIPS_140_2 = 1; JSSEHelper.SECURITY_MODE_SP_800_131_TRANSITION = 2; JSSEHelper.SECURITY_MODE_SP_800_131_STRICT = 3; JSSEHelper.SECURITY_MODE_SUITE_B_128 = 4; JSSEHelper.SECURITY_MODE_SUITE_B_192 = 5;

IBM WebSphere Application ServerTM
Release 8