5-20 Programming Security for Oracle WebLogic Server
Example 5–8 MyListener HandshakeCompletedListener Sample Code Fragments
package examples.security.sslclient; import java.io.File;
import java.io.IOException; import java.io.InputStream;
import java.io.OutputStream; import java.io.FileInputStream;
import javax.net.ssl.HandshakeCompletedListener; import java.util.Hashtable;
import javax.net.ssl.SSLSession; ...
public class MyListener implements HandshakeCompletedListener {
public void handshakeCompletedjavax.net.ssl.HandshakeCompletedEvent
event {
SSLSession session = event.getSession; System.out.printlnHandshake Completed with peer +
session.getPeerHost; System.out.println cipher: + session.getCipherSuite;
Certificate[] certs = null; try
{ certs = session.getPeerCertificates;
} catch SSLPeerUnverifiedException puv
{ certs = null;
} if certs = null
{ System.out.println peer certificates:;
for int z=0; zcerts.length; z++
System.out.println certs[+z+]: + certs[z]; }
else {
System.out.printlnNo peer certificates presented; }
} }
5.4.8 Using an SSLContext
The SSLContext class is used to programmatically configure SSL and to retain SSL session information. Each instance can be configured with the keys, certificate chains,
and trusted CA certificates that will be used to perform authentication. SSL sockets created with the same SSLContext and used to connect to the same SSL server could
potentially reuse SSL session information. Whether the session information is actually reused depends on the SSL server.
For more information on session caching see SSL Session Behavior in Securing Oracle WebLogic Server. To associate an instance of a trust manager class with its SSL context,
use the weblogic.security.SSL.SSLContext.setTrustManager method.
You can only set up an SSL context programmatically; not by using the Administration Console or the command line. A Java new expression or the getInstance method
Using SSL Authentication in Java Clients 5-21
of the SSLContext class can create an SSLContext object. The getInstance method is static and it generates a new SSLContext object that implements the
specified secure socket protocol. An example of using the SSLContext class is provided in the SSLSocketClient.java sample in the SAMPLES_
HOME\server\examples\src\examples\security\sslclient directory. The SSLSocketClient example shows how to create a new SSL socket factory that will
create a new SSL socket using SSLContext.
Example 5–9 shows a sample instantiation using the getInstance method.
Example 5–9 SSL Context Code Example
import weblogic.security.SSL.SSLContext; SSLcontext sslctx = SSLContext.getInstance https
5.4.9 Using URLs to Make Outbound SSL Connections
You can use a URL object to make an outbound SSL connection from a WebLogic Server instance acting as a client to another WebLogic Server instance. WebLogic
Server supports both one-way and two-way SSL authentication for outbound SSL connections.
For one-way SSL authentication, you use the java.net.URL, java.net.URLConnection, and java.net.HTTPURLConnection classes to make
outbound SSL connections using URL objects. Example 5–10
shows a simpleURL class that supports both HTTP and HTTPS URLs and that only uses these Java classes that
is, no WebLogic classes are required. To use the simpleURL class for one-way SSL authentication HTTPS on WebLogic Server, all that is required is that
weblogic.net be defined in the system property for java.protocols.handler.pkgs.
Example 5–10 One-Way SSL Authentication URL Outbound SSL Connection Class That
Uses Java Classes Only
import java.net.URL; import java.net.URLConnection;
import java.net.HttpURLConnection; import java.io.IOException;
public class simpleURL {
public static void main String [] argv {
if argv.length = 1 {
System.out.printlnPlease provide a URL to connect to; System.exit-1;
} setupHandler;
connectToURLargv[0]; }
private static void setupHandler
Note: Because the simpleURL sample shown in
Example 5–10 defaults trust and hostname checking, this sample requires that you
connect to a real Web server that is trusted and that passes hostname checking by default. Otherwise, you must override trust and
hostname checking on the command line.
5-22 Programming Security for Oracle WebLogic Server
{ java.util.Properties p = System.getProperties;
String s = p.getPropertyjava.protocol.handler.pkgs; if s == null
s = weblogic.net; else if s.indexOfweblogic.net == -1
s += |weblogic.net; p.putjava.protocol.handler.pkgs, s;
System.setPropertiesp; }
private static void connectToURLString theURLSpec {
try {
URL theURL = new URLtheURLSpec; URLConnection urlConnection = theURL.openConnection;
HttpURLConnection connection = null; if urlConnection instanceof HttpURLConnection
{ System.out.printlnThe URL is not using HTTPHTTPS: +
theURLSpec; return;
} connection = HttpURLConnection urlConnection;
connection.connect; String responseStr = \t\t +
connection.getResponseCode + -- + connection.getResponseMessage + \n\t\t +
connection.getContent.getClass.getName + \n; connection.disconnect;
System.out.printlnresponseStr; }
catch IOException ioe {
System.out.printlnFailure processing URL: + theURLSpec; ioe.printStackTrace;
} }
}
For two-way SSL authentication, the weblogic.net.http.HttpsURLConnection class provides a way to specify the security context information for a client, including
the digital certificate and private key of the client. Instances of this class represent an HTTPS connection to a remote object.
The SSLClient sample code demonstrates using the WebLogic URL object to make an outbound SSL connection see
Example 5–11 . The code example shown in
Example 5–11 is excerpted from the SSLClient.java file in the SAMPLES_
HOME\server\examples\src\examples\security\sslclient directory.
Example 5–11 WebLogic Two-Way SSL Authentication URL Outbound SSL Connection
Code Example
wlsUrl = new URLhttps, host, Integer.valueOfsport.intValue, query;
weblogic.net.http.HttpsURLConnection sconnection = new weblogic.net.http.HttpsURLConnectionwlsUrl;
... InputStream [] ins = new InputStream[2];
ins[0] = new FileInputStreamclientkey.pem;
Using SSL Authentication in Java Clients 5-23
ins[1] = new FileInputStreamclient2certs.pem; String pwd = clientkey;
sconnection.loadLocalIdentityins[0], ins[1], pwd.toCharArray;
5.5 SSL Client Code Examples
A complete working SSL authentication sample is provided with the WebLogic Server product. The sample is located in the SAMPLES_
HOME\server\examples\src\examples\security\sslclient directory. For a description of the sample and instructions on how to build, configure, and run this
sample, see the package.html file in the sample directory. You can modify this code example and reuse it.