Java Secure Socket Extension
Java Secure Socket Extension (JSSE) provides the transport security for WebSphere Application Server. It provides application programming interface (API) framework and the implementation of the APIs, for Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, including functionality for data encryption, message integrity and authentication.
JSSE APIs are integrated into the Java 2 SDK, Standard Edition (J2SDK), Version 1.4. The API package for JSSE APIs is javax.net.ssl.*. Documentation for using JSSE APIs can be found in the J2SE 1.4.2 JavaDoc located at http://java.sun.com/j2se/1.4.2/docs/api/index.html.
Several JSSE providers ship with the J2SDK Version 1.4 that comes with WebSphere Application Server. The IBMJSSE provider is used in previous WebSphere releases. Associated with the IBMJSSE provider is the IBMJSSEFIPS provider, which is used when FIPS is enabled on the server. Both of these providers do not work with the JMS and HTTP transports in WebSphere Application Server Version 6. These transports take advantage of the J2SDK Verison 1.4 network input/output (NIO) asynchronous channels.
The HTTP and JMS transports use a new IBMJSSE2 provider. All other transports in WebSphere Application Server Version 6 currently use the IBMJSSE2 provider, but can be switched to the old IBMJSSE provider, if necessary (specified in the SSL repertoire configuration).
For more information on the new IBMJSSE2 provider, please review the documentation located in http://www.ibm.com/developerworks/java/jdk/security/142/jsse2docs.zip. After it is unzipped, the JSSE2 Reference Guide can be found at jsse2Docs/JSSE2RefGuide.html, the JSSE2 API documentation can be found at jsse2Docs/api/index.html and finally, the JSSE2 samples can be found at jsse2Docs/samples.
Customizing Java Secure Socket Extension
Customizable item | Default | How to customize |
---|---|---|
X509Certificate | X509Certificate implementation from IBM | cert.provider.x509v1 security property |
HTTPS protocol | Implementation from IBM | java.protocol.handler.pkgs system property |
Cryptography Package Provider | IBMJSSE | A security.provider.n= line in security properties file. See description. |
Default keystore | None | * javax.net.ssl.keyStore system property |
Default truststore | jssecacerts, if it exists. Otherwise, cacerts | * javax.net.ssl.trustStore system property |
Default key manager factory | IbmX509 | ssl.KeyManagerFactory.algorithm security property |
Default trust manager factory | IbmX509 | ssl.TrustManagerFactory.algorithm security property |
For aspects that you can customize by setting a system property, statically set the system property by using the -D option of the Java command (you can set the system property using the administrative console), or set the system property dynamically by calling the java.lang.System.setProperty method in your code: System.setProperty(propertyName,"propertyValue").
For aspects that you can customize by setting a Java security property, statically specify a security property value in the java.security properties file, which is located in the install_root/java/jre/lib/security directory. The security property is propertyName=propertyValue. Dynamically set the Java security property by calling the java.security.Security.setProperty method in your code.
Application Programming Interface
You can find more information documented for the JSSE APIs if you download and unzip the http://www.ibm.com/developerworks/java/jdk/security/142/jsse2Docs.zip and look at the jsse2Docs/api/index.html file.
Samples using Java Secure Socket Extension
Files | Description |
---|---|
ClientJsse.java | Demonstrates a simple client and server interaction using JSSE. All enabled cipher suites are used. |
OldServerJsse.java | Back-level samples |
ServerPKCS12Jsse.java | Demonstrates a simple client and server interaction using JSSE with the PKCS12 keystore file. All enabled cipher suites are used. |
ClientPKCS12Jsse.java | Demonstrates a simple client and server interaction using JSSE with the PKCS12 keystore file. All enabled cipher suites are used. |
UseHttps.java | Demonstrates accessing an SSL or non-SSL Web server using the Java protocol handler of the com.ibm.net.ssl.www.protocol class. The URL is specified with the http or https prefix. The HTML returned from this site displays. |
Permissions for Java 2 security
Debugging
By configuring through the javax.net.debug system property, JSSE provides the following dynamic debug tracing: -Djavax.net.debug=true.
A value of true turns on the trace facility, provided that the debug version of JSSE is installed.
Documentation
See the Security: Resources for learning article for documentation references to JSSE.
JCE
Java Cryptography Extension (JCE) provides cryptographic, key and hash algorithms for WebSphere Application Server. It provides a framework and implementations for encryption, key generation, key agreement, and Message Authentication Code (MAC) algorithms. Support for encryption includes symmetric, asymmetric, block and stream ciphers.
IBMJCE
For further information, see the http://www.ibm.com/developerworks/java/jdk/security/142/jceDocs.zip file.
IBMJCEFIPS
Application Programming Interface
There is more information documented for the JCE APIs in the http://www.ibm.com/developerworks/java/jdk/security/jceDocs.zip file.
Samples using Java Cryptography Extension
File | Description |
---|---|
SampleDSASignature.java | Demonstrates how to generate a pair of DSA keys (a public key and a private key) and use the key to digitally sign a message using the SHA1with DSA algorithm |
SampleMarsCrypto.java | Demonstrates how to generate a Mars secret key, and how to do Mars encryption and decryption |
SampleMessageDigests.java | Demonstrates how to use the message digest for MD2 and MD5 algorithms |
SampleRSACrypto.java | Demonstrates how to generate an RSA key pair, and how to do RSA encryption and decryption |
SampleRSASignatures.java | Demonstrates how to generate a pair of RSA keys (a public key and a private key) and use the key to digitally sign a message using the SHA1withRSA algorithm |
SampleX509Verification.java | Demonstrates how to verify X509 Certificates |
Documentation
Refer to the Security: Resources for learning for documentation on JCE.
Related tasks
Configuring to use cryptographic tokens