示例:开发定制信任管理器以便制定定制 SSL 信任决策

以下示例是样本定制信任管理器。定制信任管理器不会制定任何信任决策,而是使用它引用的 X.509 证书中的信息来制定决策。

在构建定制信任管理器并将其打包后,在纯客户机的 ssl.client.props 文件中配置它,或者通过管理控制台中的 SSLConfiguration TrustManager 链接配置它。有关信任管理器的更多信息,请参阅信任管理器对 X.509 证书信任决策的控制
注: 此示例仅应用作示例,并且不受支持。
import java.security.cert.X509Certificate;
import javax.net.ssl.*;
import com.ibm.wsspi.ssl.TrustManagerExtendedInfo;

public final class CustomTrustManager implements X509TrustManager,
TrustManagerExtendedInfo
{
    private static ThreadLocal threadLocStorage = new ThreadLocal();
    private java.util.Properties sslConfig = null;
    private java.util.Properties props = null;

    public CustomTrustManager()
    {
    }

    /**
     * Method called by WebSphere Application Server run time to set the target
     * host information and potentially other connection info in the future.
     * This needs to be set on ThreadLocal since the same trust manager can be
     * used by multiple connections.
     * 
     * @param java.util.Map - Contains information about the connection.
     */
    public void setExtendedInfo(java.util.Map info)
    {
        threadLocStorage.set(info);
    }

    /**
     * Method called internally to retrieve information about the connection. 
     * 
     * @return java.util.Map - Contains information about the connection.
     */
    private java.util.Map getExtendedInfo()
    {
        return (java.util.Map) threadLocStorage.get();
    }

    /**
     * Method called by WebSphere Application Server run time to set the custom
     * properties.
     * 
     * @param java.util.Properties - custom props
     */
    public void setCustomProperties(java.util.Properties customProps)
    {
        props = customProps;
    }

    /**
     * Method called internally to the custom properties set in the Trust Manager
     * configuration.
     * 
     * @return java.util.Properties - information set in the configuration.
     */
    private java.util.Properties getCustomProperties()
    {
        return props;
    }

    /**
     * Method called by WebSphere Application Server runtime to set the SSL
     * configuration properties being used for this connection.
     * 
     * @param java.util.Properties - contains a property for the SSL configuration.
     */
    public void setSSLConfig(java.util.Properties config)
    {
        sslConfig = config;    
    }

    /**
     * Method called by TrustManager to get access to the SSL configuration for 
     * this connection.
     * 
     * @return java.util.Properties
     */
    public java.util.Properties getSSLConfig ()
    {
        return sslConfig;
    }

    /**
     * Method called on the server-side for establishing trust with a client.
     * See API documentation for javax.net.ssl.X509TrustManager.
     */
    public void checkClientTrusted(X509Certificate[] chain, String authType) 
        throws java.security.cert.CertificateException
    {
        for (int j=0; j<chain.length; j++)
        {
            System.out.println("Client certificate information:");
            System.out.println(  "Subject DN:"  + chain[j].getSubjectDN());
            System.out.println(  "Issuer DN:"  + chain[j].getIssuerDN());
            System.out.println(  "Serial number:"  + chain[j].getSerialNumber());
            System.out.println("");
        }
    }


    /**
     * Method called on the client-side for establishing trust with a server.
     * See API documentation for javax.net.ssl.X509TrustManager.
     */
    public void checkServerTrusted(X509Certificate[] chain, String authType) 
        throws java.security.cert.CertificateException
    {
        for (int j=0; j<chain.length; j++)
        {
            System.out.println("Server certificate information:");
            System.out.println(  "Subject DN:"  + chain[j].getSubjectDN());
            System.out.println(  "Issuer DN:"  + chain[j].getIssuerDN());
            System.out.println(  "Serial number:"  + chain[j].getSerialNumber());
            System.out.println("");
        }
    }

    /**
     * Return an array of certificate authority certificates which are trusted 
     * for authenticating peers. You can return null here since the IbmX509
     * or IbmPKIX will provide a default set of issuers.
     *
     * See API documentation for javax.net.ssl.X509TrustManager.
     */
    public X509Certificate[] getAcceptedIssuers()
    {
        return null;
    }
}

指示主题类型的图标 参考主题



时间戳记图标 最近一次更新时间: last_date
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=rsec_ssldevcustomtrustmgr
文件名:rsec_ssldevcustomtrustmgr.html