com.entrust.toolkit.util

Class HttpsManagerClientJSSE

java.lang.Object

com.entrust.toolkit.util.ManagerTransport

com.entrust.toolkit.util.HttpsManagerClientJSSE

All Implemented Interfaces:

PollableResource

Direct Known Subclasses:

HttpsManagerClient

public class HttpsManagerClientJSSE
extends ManagerTransport

The HttpsManagerClientJSSE class uses the HttpURLConnection class to make a connection to the HttpManagerServlet. This class will work with both HTTP and HTTPS based URL's. The type will be selected automatically based on the protocol specified in the urlString in the constructor.

This class differs from HttpsManagerClient because it uses the URLConnection class to make the network connection instead of using a Socket directly. This will allow the use of the JVM's default URLStreamHandler when making the connection (if desired).

For HTTP based URL's, the SSLSocketFactory and HostnameVerfier parameters may be set to null.

For HTTPS based URL's, the SSLSocketFactory and HostnameVerifier parameters may be used to configure the SSL connection (depending on the URLStreamHandler that is in use). If no SSLSocketFactory is used, the default SSLSocketFactory from the HttpsURLConnection class will be used. If no HostnameVerifier is supplied, the default HostnameVerifier from the HttpsURLConnection class will be used.

To use SSL tunneling:

1. Install the HttpManagerServlet class. The documentation for the HttpManagerServlet class describes how to install this class.
2. Configure the server to enable SSL. The procedure for this step depends on the Web server you use.

Note

When using SSL tunneling, the Toolkit supports client authentication for user login operations. For user creation and user recovery operations, only server authentication is supported.

Since:

8.0

See Also:

HttpManagerServlet, HttpManagerClient

Field Summary

Fields

Modifier and Type	Field and Description
static int	DEFAULT_TIMEOUT The default timeout value used for the http connection and read timeout values.
static java.lang.String	PROTOCOL_PKIX4 Deprecated. proto-PKIX is no longer supported.
static java.lang.String	PROTOCOL_PKIXCMP
static java.lang.String	REQUEST_BEGIN
static java.lang.String	REQUEST_CONTINUE
static java.lang.String	REQUEST_ENDSESSION
static java.lang.String	RESPONSE_NOREAD
static java.lang.String	RESPONSE_READ

Fields inherited from class com.entrust.toolkit.util.ManagerTransport

DEFAULT_CONNECT_TIMEOUT, DEFAULT_SO_LINGER, DEFAULT_SO_TIMEOUT, in, out, recipientAddress

Constructor Summary

Constructors

Constructor and Description
HttpsManagerClientJSSE(java.lang.String urlString) Creates an HttpsManagerClientJSSE object from the specified URLString object.
HttpsManagerClientJSSE(java.lang.String urlString, javax.net.ssl.SSLSocketFactory factory, javax.net.ssl.HostnameVerifier hostnameVerifier, java.net.URLStreamHandler streamHandler) Creates an HttpsManagerClientJSSE object from the specified URLString and port.

Method Summary

Methods

Modifier and Type	Method and Description
void	addHttpHeader(java.lang.String name, java.lang.String value) Adds additional HTTP header information.
void	beginNewSession() Implements the beginNewSession() method of the ManagerTransport class.
void	endSession() Implements the endSession() method of the ManagerTransport class.
java.lang.String	getAddress() Returns the PKI RA's URL address.
int	getPort() Returns the Port that will be used to connect to the Manager tunnel
void	readNegPollRep() This method simply posts any data contained in the internal OutputStream, and reads the result.
byte[]	readPKIXCMPResponse(boolean getResponse) This method flushes the output stream, sends the flushed data to the Manager, and (optionally) reads the response.
void	setConnectionTimeout(int timeout) Sets the connection timeout used when making the connection to the HTTP servlet
void	setReadTimeout(int timeout) Sets the read timeout used when reading data from the HTTP servlet.

Methods inherited from class com.entrust.toolkit.util.ManagerTransport

calculateASNLength, checkStatus, dataReady, DNSLookup, getClientCredentials, getGeneralMessageInfo, getInputStream, getInstance, getInstance, getOutputStream, getSoConnectTimeout, getSoLinger, getSoTimeout, getTrustRoots, isAvailable, periodicPoll, readManagerTransportMessage, readPKIX4Response, setClientCredentials, setClientCredentials, setSoConnectTimeout, setSoLinger, setSoTimeout, setStreams, setTrustRoots

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

REQUEST_BEGIN

public static final java.lang.String REQUEST_BEGIN

See Also:

Constant Field Values

REQUEST_CONTINUE

public static final java.lang.String REQUEST_CONTINUE

See Also:

Constant Field Values

REQUEST_ENDSESSION

public static final java.lang.String REQUEST_ENDSESSION

See Also:

Constant Field Values

RESPONSE_READ

public static final java.lang.String RESPONSE_READ

See Also:

Constant Field Values

RESPONSE_NOREAD

public static final java.lang.String RESPONSE_NOREAD

See Also:

Constant Field Values

PROTOCOL_PKIX4

public static final java.lang.String PROTOCOL_PKIX4

Deprecated. proto-PKIX is no longer supported.

See Also:

Constant Field Values

PROTOCOL_PKIXCMP

public static final java.lang.String PROTOCOL_PKIXCMP

See Also:

Constant Field Values

DEFAULT_TIMEOUT

public static final int DEFAULT_TIMEOUT

The default timeout value used for the http connection and read timeout values. Default is 10 seconds.

See Also:

Constant Field Values

Constructor Detail

HttpsManagerClientJSSE

public HttpsManagerClientJSSE(java.lang.String urlString)
                       throws java.net.MalformedURLException,
                              java.net.UnknownHostException,
                              java.io.IOException

Creates an HttpsManagerClientJSSE object from the specified URLString object. The Port will be obtained from the URL string, or if it does not exist, it will use 443 for https and 80 for http.

Parameters:

urlString - the URL string referring to the Manager servlet.

Throws:

java.net.MalformedURLException - if urlString is not a valid URL

java.io.IOException - if there is an IO problem after connecting to the host.

java.net.UnknownHostException

HttpsManagerClientJSSE

public HttpsManagerClientJSSE(java.lang.String urlString,
                      javax.net.ssl.SSLSocketFactory factory,
                      javax.net.ssl.HostnameVerifier hostnameVerifier,
                      java.net.URLStreamHandler streamHandler)
                       throws java.net.MalformedURLException,
                              java.net.UnknownHostException,
                              java.io.IOException

Creates an HttpsManagerClientJSSE object from the specified URLString and port. The port will be obtained from the URL string, or if it does not exist it will use port 80 for http or 443 for https. If a null SSLSocketFactory is supplied, the default SSLSocketFactory setup for use with the HttpsURLConnection will be used.

If a null HostnameVerifier is supplied, the default HostnameVerifier setup for use with the HttpsURLConnection will be used.

If a null URLStreamHandler is supplied, the default URLStreamStreamHandler for the specified protocol will be used.

Parameters:

urlString - the URL string referring to the Manager servlet.

SSLSocketFactory - The SSLSocketFactory that will be used to create the sockets used by

hostnameVerifier - the HostnameVerifier to use when performing hostname validation on SSL requests

streamHandler - The URLStreamHandler that will be used to perform the protocol side of the connection.

Throws:

java.net.MalformedURLException - if urlString is not a valid URL.

java.io.IOException - if there is an IO problem after connecting to the host.

java.net.UnknownHostException

Method Detail

beginNewSession

public void beginNewSession()

Implements the beginNewSession() method of the ManagerTransport class.

This method is called whenever a new session or request to the PKI Manager is about to be made.

beginNewSession() attempts to establish a socket to the proxy servlet on the Web server. If successful, it marks the connection as available, so that subsequent calls to dataReady() or readData() are allowed to proceed.

Overrides:

beginNewSession in class ManagerTransport

endSession

public void endSession()

Implements the endSession() method of the ManagerTransport class.

This method is called whenever a session is complete. It sends an HTML POST request with the PKIX confirmation to the proxy servlet notifying the servlet that the session is complete. The servlet then closes the connection to the PKI that was opened on behalf on this client.

Overrides:

endSession in class ManagerTransport

readPKIXCMPResponse

public byte[] readPKIXCMPResponse(boolean getResponse)
                           throws java.security.GeneralSecurityException

This method flushes the output stream, sends the flushed data to the Manager, and (optionally) reads the response.

If a response is expected, set the boolean readResponse parameter to 'true' and read the response from the ManagerTransport's input stream (accessed using the getInputStream() method). Alternatively, use the response returned by this method as a byte array.

Overrides:

readPKIXCMPResponse in class ManagerTransport

Returns:

the raw PKIX-CMP message

Throws:

java.security.GeneralSecurityException

readNegPollRep

public void readNegPollRep()
                    throws java.io.IOException

This method simply posts any data contained in the internal OutputStream, and reads the result.

Overrides:

readNegPollRep in class ManagerTransport

Throws:

java.io.IOException

addHttpHeader

public void addHttpHeader(java.lang.String name,
                 java.lang.String value)
                   throws java.lang.IllegalArgumentException

Adds additional HTTP header information.

This method does not check the validity of the HTTP request header. The host, accept, content-type, and content-length fields are ignored because they are reserved for the tunneling request.

Parameters:

name - the header name

value - the header value

Throws:

java.lang.IllegalArgumentException

getAddress

public java.lang.String getAddress()

Returns the PKI RA's URL address.

Overrides:

getAddress in class ManagerTransport

Returns:

The recipient address (For example, https://www.acme.com

getPort

public int getPort()

Returns the Port that will be used to connect to the Manager tunnel

Overrides:

getPort in class ManagerTransport

Returns:

The port used to connect to the PKI

setConnectionTimeout

public void setConnectionTimeout(int timeout)

Sets the connection timeout used when making the connection to the HTTP servlet

Parameters:

timeout - The timeout value in seconds

setReadTimeout

public void setReadTimeout(int timeout)

Sets the read timeout used when reading data from the HTTP servlet.

Parameters:

timeout - The timeout value in seconds