Using SSL Authentication in Java Clients 5-9
The weblogic.net.http.HttpsURLConnection class provides methods for determining the negotiated cipher suite, gettingsetting a hostname verifier, getting
the servers certificate chain, and gettingsetting an SSLSocketFactory in order to create new SSL sockets.
The SSLClient code example uses the weblogic.net.http.HttpsURLConnection class to make an outbound SSL connection. The SSLClient code example is available in
the examples.security.sslclient package in the SAMPLES_ HOME\server\examples\src\examples\security\sslclient directory.
5.4.2 Writing SSL Clients
This section uses examples to show how to write various types of SSL clients. Examples of the following types of SSL clients are provided:
■
Section 5.4.2.1, SSLClient Sample
■
Section 5.4.2.2, SSLSocketClient Sample
■
Section 5.4.3, Using Two-Way SSL Authentication
5.4.2.1 SSLClient Sample
The SSLClient sample demonstrates how to use the WebLogic SSL library to make outgoing SSL connections using URL and URLConnection objects. It shows both how
to do this from a stand-alone application as well as from a servlet in WebLogic Server.
Example 5–2 shows code fragments from the SSLClient example; the complete
example is located at SAMPLES_ HOME\server\examples\src\examples\security\sslclient directory in the
SSLClient.java file.
Example 5–2 SSLClient Sample Code Fragments
package examples.security.sslclient; import java.io.;
import java.net.URL; import java.security.Provider;
import javax.servlet.ServletOutputStream; ...
This method contains an example of how to use the URL and URLConnection objects to create a new SSL connection, using
WebLogic SSL client classes. public void wlsURLConnectString host, String port,
String sport, String query, OutputStream out
throws Exception { ...
URL wlsUrl = null; try {
wlsUrl = new URLhttp, host, Integer.valueOfport.intValue,
Note: WebLogic Server acting as an SSL client uses the servers
identity certificate for outgoing SSL connections. Applications running on WebLogic Server and using the previously described SSL APIs do
not share the servers identity certificates by default, only the trust.
5-10 Programming Security for Oracle WebLogic Server
query; weblogic.net.http.HttpURLConnection connection =
new weblogic.net.http.HttpURLConnectionwlsUrl; tryConnectionconnection, out;
} ...
wlsUrl = new URLhttps, host, Integer.valueOfsport.intValue,
query; weblogic.net.http.HttpsURLConnection sconnection =
new weblogic.net.http.HttpsURLConnectionwlsUrl; ...
5.4.2.2 SSLSocketClient Sample
The SSLSocketClient sample demonstrates how to use SSL sockets to go directly to the secure port to connect to a JSP served by an instance of WebLogic Server and display
the results of that connection. It shows how to implement the following functions:
■
Initializing an SSLContext with client identity, a HostnameVerifier, and a TrustManager
■
Loading a keystore and retrieving the private key and certificate chain
■
Using an SSLSocketFactory
■
Using HTTPS to connect to a JSP served by WebLogic Server
■
Implementing the javax.net.ssl.HandshakeCompletedListener interface
■
Creating a dummy implementation of the weblogic.security.SSL.HostnameVerifier class to verify that the server
the example connects to is running on the desired host
Example 5–3 shows code fragments from the SSLSocketClient example; the complete
example is located at SAMPLES_ HOME\server\examples\src\examples\security\sslclient directory in the
SSLSocketClient.java file. The SSLClientServlet example in the sslclient directory is a simple servlet wrapper of the SSLClient example.
Example 5–3 SSLSocketClient Sample Code Fragments
package examples.security.sslclient; import java.io.;
import java.security.KeyStore; import java.security.PrivateKey;
import java.security.cert.Certificate; import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.SSLSocket; import weblogic.security.SSL.HostnameVerifier;
import weblogic.security.SSL.SSLContext; import weblogic.security.SSL.SSLSocketFactory;
import weblogic.security.SSL.TrustManager; ...
SSLContext sslCtx = SSLContext.getInstancehttps; File KeyStoreFile = new File mykeystore;
... Open the keystore, retrieve the private key, and certificate chain
KeyStore ks = KeyStore.getInstancejks; ks.loadnew FileInputStreammykeystore, null;
PrivateKey key = PrivateKeyks.getKeymykey,
Using SSL Authentication in Java Clients 5-11
testkey.toCharArray; Certificate [] certChain = ks.getCertificateChainmykey;
sslCtx.loadLocalIdentitycertChain, key; HostnameVerifier hVerifier = null;
if argv.length 3 hVerifier = new NulledHostnameVerifier;
else hVerifier = HostnameVerifier
Class.forNameargv[2].newInstance;
sslCtx.setHostnameVerifierhVerifier; TrustManager tManager = new NulledTrustManager;
sslCtx.setTrustManagertManager; System.out.println Creating new SSLSocketFactory with SSLContext;
SSLSocketFactory sslSF = SSLSocketFactory
sslCtx.getSocketFactory; System.out.println Creating and opening new SSLSocket with
SSLSocketFactory; using createSocketString hostname, int port
SSLSocket sslSock = SSLSocket sslSF.createSocketargv[0], new Integerargv[1].intValue;
System.out.println SSLSocket created;
HandshakeCompletedListener mListener = null; mListener = new MyListener;
sslSock.addHandshakeCompletedListenernew MyListener; ...
5.4.3 Using Two-Way SSL Authentication