4.10 Using SSL
Jolt can use SSL as the preferred secure transport mechanism instead of default Link Level Encryption. To enable Jolt to use SSL, the JSL
must be configured with '-s secure_port
' in the TUXEDO UBBCONFIG
file.
Jolt client library automatically chooses SSL if the
JSL
connection port is the SSL port. The SSL requires
Jolt client to provide information about the location of the X.509
certificate, the private key, and passphrase that is used to
encrypt the passphrase.
There are five attributes added to the
JoltSessionAttributes
class to handle these
requirement:
-
KEYSTORE
—file path for client private key and X.509 certificate -
KSPASSPHRASE
—key store passphrase -
TRUSTSTORE
—trust store file path for trusted X.509 certificates -
TSPASSPHRASE
—trust store passphrase -
KEYPASSPHRASE
—private key passphrase
Jolt client library uses the third-party Java Secure Socket Extension (JSSE) implementation for SSL communication. The following JSSE implementations have been tested:
- Sun JSSE implementation bundled in Sun JRE 8.0
- Sun JSSE implementation bundled in HP JRE 8.0
- IBM JSSE implementation bundled in IBM JRE 8.0
Note:
Starting with JDK release 8u31, theSSLv3
protocol is deactivated and is not available by default. If SSLv3
is required, the protocol can be reactivated by removing "SSLv3
" from the jdk.tls.disabledAlgorithms
property in the <JRE_HOME>/lib/security/java.security
file, or by dynamically setting this Security property to "true
" before JSSE is initialized.
The following listing 4‑15 shows a Jolt client code
example that makes it possible to use SSL when communicating with
JSL
/JSH
.
Listing Using SSL in Jolt Client Code
import java.util.*;
import bea.jolt.*;
public class simpcl extends Object {
private String userName = null;
private String userRole = null;
private String appPassword = null;
private String userPassword = null;
private JoltSessionAttributes attr = null;
private JoltSession session = null;
private JoltRemoteService toupper = null;
private JoltTransaction trans = null;
// JSL is configured with '-s 5555'
// the communication between jolt client and JSH will use SSL
private String address = new String('//cerebrum:5555');
public static void main(String args[]) {
simpcl c = new simpcl();
c.doTest();
}
public void doTest() {
attr = new JoltSessionAttributes();
// adding these session attribute
attr.setString(attr.APPADDRESS, address);
attr.setString(attr.TRUSTSTORE,'c:\\samples\\samplecacerts');
attr.setString(attr.KEYSTORE, 'c:\\samples\\client\\testkeys');
// Only key store and key will be protected by passphrase in this
sample.
// But optionly the trust store can also be protected by a passphrase
// although it is not in this sample.
attr.setString(attr.KSPASSPHRASE, 'passphrase');
attr.setString(attr.KEYPASSPHRASE, 'passphrase');
attr.setInt(attr.IDLETIMEOUT, 300);
userName = 'juser';
userRole = 'JUSER';
userPassword = 'abcd';
appPassword = 'abcd';
session = new JoltSession(attr, userName, userRole, userPassword,
appPassword);
// access a Tuxedo TOUPPER service
toupper = new JoltRemoteService('TOUPPER', session);
toupper.addString('STRING', 'string');
trans = new JoltTransaction(60, session);
try {
toupper.call(trans);
} catch (ApplicationException ae) {
ae.printStackTrace();
System.exit(1);
}
String retString = toupper.getStringDef('STRING', null);
trans.commit();
System.out.println(' returned: ' + retString);
session.endSession();
return;
}
}
Parent topic: Using the Jolt Class Library