Configuring Java CAPS for SSL Support - Adapters

最新推荐文章于 2022-04-13 14:02:18 发布

太阳火神的美丽人生

最新推荐文章于 2022-04-13 14:02:18 发布

阅读量1.6k

点赞数

<=即时总结=> 同时被 3 个专栏收录

737 篇文章 2 订阅

订阅专栏

语言-Java

134 篇文章 0 订阅

订阅专栏

大数据（Hadoop Spark Storm）

8 篇文章 0 订阅

订阅专栏

Configuring Java CAPS for SSL Support

SSL and Adapters

The use of SSL with HTTP, LDAP, and WebSphere MQ enables data exchanges that are secure from unauthorized interception from hackers or other entities. The adapter's SSL feature provides a secure communications channel for the data exchanges.

The following diagram illustrates the use of SSL with the LDAP Adapter.

Diagram shows how SSL prevents a hacker fromperforming a man-in-the-middle attack.

This SSL feature is supported through the use of Java Secure Socket Extension (JSSE) version 1.0.3.

Currently, the JSSE reference implementation is used. JSSE is a provider-based architecture, which means there is a set of standard interfaces for cryptographic algorithms, hashing algorithms, secured-socket-layered URL stream handlers, and so on.

Because the user is interacting with JSSE through these interfaces, the different components can be mixed and matched as long as the implementation is programmed under the published interfaces. However, some implementations might not support a particular algorithm.

The JSSE 1.0.3 API can support SSL versions 2.0 and 3.0 and TLS version 1.0. These security protocols encapsulate a normal bidirectional stream socket. The JSSE 1.0.3 API adds transparent support for authentication, encryption, and integrity protection. The JSSE reference implementation implements SSL version 3.0 and TLS version 1.0.

The following options available for setting up SSL connectivity with a web server:

Server-side Authentication. The majority of e-commerce web sites are configured for server-side authentication. The adapter requests a certificate from the web server and authenticates the web server by verifying that the certificate can be trusted. Essentially, the adapter performs this operation by looking into its TrustStore for a CA certificate with a public key that can validate the signature on the certificate received from the web server.
Dual Authentication. This option requires authentication from both the adapter and web server. The server side (web server) of the authentication process is the same as that described previously. In addition, the web server requests a certificate from the adapter. The adapter sends its certificate to the web server. The server authenticates the adapter by looking into its TrustStore for a matching trusted CA certificate. The communication channel is established by the process of both parties requesting certificate information.