4.10 Using SSL

Jolt can use SSL as the preferred secure transport mechanism instead of default Link Level Encryption. To enable Jolt to use SSL, the JSL must be configured with '-s secure_port' in the TUXEDO UBBCONFIG file.

Jolt client library automatically chooses SSL if the JSL connection port is the SSL port. The SSL requires Jolt client to provide information about the location of the X.509 certificate, the private key, and passphrase that is used to encrypt the passphrase.

There are five attributes added to the JoltSessionAttributes class to handle these requirement:

  • KEYSTORE—file path for client private key and X.509 certificate
  • KSPASSPHRASE—key store passphrase
  • TRUSTSTORE—trust store file path for trusted X.509 certificates
  • TSPASSPHRASE—trust store passphrase
  • KEYPASSPHRASE—private key passphrase

Jolt client library uses the third-party Java Secure Socket Extension (JSSE) implementation for SSL communication. The following JSSE implementations have been tested:

  • Sun JSSE implementation bundled in Sun JRE 8.0
  • Sun JSSE implementation bundled in HP JRE 8.0
  • IBM JSSE implementation bundled in IBM JRE 8.0

Note:

Starting with JDK release 8u31, the SSLv3 protocol is deactivated and is not available by default. If SSLv3 is required, the protocol can be reactivated by removing "SSLv3" from the jdk.tls.disabledAlgorithms property in the <JRE_HOME>/lib/security/java.security file, or by dynamically setting this Security property to "true" before JSSE is initialized.

The following listing 4‑15 shows a Jolt client code example that makes it possible to use SSL when communicating with JSL/JSH.

Listing Using SSL in Jolt Client Code

import java.util.*;
import bea.jolt.*;

public class simpcl extends Object {    
    private String       userName          = null;
    private String       userRole          = null;
    private String       appPassword       = null;
    private String       userPassword      = null;  
    private JoltSessionAttributes attr     = null;
    private JoltSession         session    = null;  
    private JoltRemoteService   toupper    = null;
    private JoltTransaction     trans      = null;

    // JSL is configured with '-s 5555'
   // the communication between jolt client and JSH will use SSL
   private String               address = new String('//cerebrum:5555');

  public static void main(String args[]) {
       simpcl c = new simpcl();
       c.doTest();
}
  public void doTest() {
      attr = new JoltSessionAttributes();

     // adding these session attribute
    attr.setString(attr.APPADDRESS, address);
    attr.setString(attr.TRUSTSTORE,'c:\\samples\\samplecacerts');
    attr.setString(attr.KEYSTORE, 'c:\\samples\\client\\testkeys');

    // Only key store and key will be protected by passphrase in this
sample.
    // But optionly the trust store can also be protected by a passphrase
      // although it is not in this sample.
      attr.setString(attr.KSPASSPHRASE, 'passphrase');
      attr.setString(attr.KEYPASSPHRASE, 'passphrase');
      attr.setInt(attr.IDLETIMEOUT, 300);


      userName = 'juser';
      userRole = 'JUSER';
      userPassword = 'abcd';
      appPassword = 'abcd';

      session = new JoltSession(attr, userName, userRole, userPassword,
                              appPassword);
      // access a Tuxedo TOUPPER service  
      toupper = new JoltRemoteService('TOUPPER', session);
      toupper.addString('STRING', 'string');
      trans = new JoltTransaction(60, session);    
      try {
          toupper.call(trans);
      } catch (ApplicationException ae) {
         ae.printStackTrace();
         System.exit(1);
      }

        String retString = toupper.getStringDef('STRING', null);
        trans.commit();
        System.out.println(' returned: ' + retString);
        session.endSession();
        return;
    }
}