src.com.ibm.as400.access.SecureAS400 Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of jt400 Show documentation
Show all versions of jt400 Show documentation
The Open Source version of the IBM Toolbox for Java
///////////////////////////////////////////////////////////////////////////////
//
// JTOpen (IBM Toolbox for Java - OSS version)
//
// Filename: SecureAS400.java
//
// The source code contained herein is licensed under the IBM Public License
// Version 1.0, which has been approved by the Open Source Initiative.
// Copyright (C) 1997-2003 International Business Machines Corporation and
// others. All rights reserved.
//
// Note: This class was moved 10/20/2010 from the include tree to the
// src tree.
//
///////////////////////////////////////////////////////////////////////////////
package com.ibm.as400.access;
import java.beans.PropertyVetoException;
import java.io.IOException;
import java.lang.reflect.Method;
import com.ibm.as400.security.auth.ProfileTokenCredential;
/**
Represents a secure system sign-on. Secure Sockets Layer (SSL) connections are used to provide encrypted communications. This function requires an SSL capable system at release V4R4 or later.
**/
public class SecureAS400 extends AS400
{
static final long serialVersionUID = 4L;
/**
Constant indicating that encryption should only be done on the connection between the client and the proxy server.
**/
public static final int CLIENT_TO_PROXY_SERVER = 1;
/**
Constant indicating that encryption should only be done on the connection between the proxy server and the system.
**/
public static final int PROXY_SERVER_TO_SERVER = 2;
/**
@deprecated Use CLIENT_TO_SERVER instead.
**/
public static final int CLINT_TO_SERVER = 3;
/**
Constant indicating that encryption should be done in both the connection between the client and the proxy server and the connection between the proxy server and the system.
**/
public static final int CLIENT_TO_SERVER = 3;
/**
* Indicate whether the cipher suites changed by the caller. We add this for iNav.
*/
/* @P4A*/
public static boolean changeCipherSuites = false;
public static String[] newCipherSuites;
private void construct()
{
if (Trace.traceOn_) Trace.log(Trace.DIAGNOSTIC, "Turning SSL connections on.");
useSSLConnection_ = new SSLOptions();
// Check for proxy encryption mode system property, if not set or not valid retain default of 3.
String prop = SystemProperties.getProperty(SystemProperties.SECUREAS400_PROXY_ENCRYPTION_MODE);
if (prop != null && (prop.equals("1") || prop.equals("2")))
{
useSSLConnection_.proxyEncryptionMode_ = Integer.parseInt(prop);
}
}
/**
Constructs a SecureAS400 object.
**/
public SecureAS400()
{
super();
if (Trace.traceOn_) Trace.log(Trace.DIAGNOSTIC, "Constructing SecureAS400 object.");
construct();
}
/**
Constructs a SecureAS400 object. It uses the specified system name.
@param systemName The name of the system.
**/
public SecureAS400(String systemName)
{
super(systemName);
if (Trace.traceOn_) Trace.log(Trace.DIAGNOSTIC, "Constructing SecureAS400 object.");
construct();
}
/**
Constructs a SecureAS400 object. It uses the specified system name and user ID. When the sign-on prompt is displayed, the user is able to specify the password. Note that the user ID may be overridden.
@param systemName The name of the system.
@param userId The user profile name to use to authenticate to the system.
**/
public SecureAS400(String systemName, String userId)
{
super(systemName, userId);
if (Trace.traceOn_) Trace.log(Trace.DIAGNOSTIC, "Constructing SecureAS400 object.");
construct();
}
/**
Constructs a SecureAS400 object. It uses the specified system name and profile token.
@param systemName The name of the system. Use localhost to access data locally.
@param profileToken The profile token to use to authenticate to the system.
**/
public SecureAS400(String systemName, ProfileTokenCredential profileToken)
{
super(systemName, profileToken);
if (Trace.traceOn_) Trace.log(Trace.DIAGNOSTIC, "Constructing SecureAS400 object.");
construct();
}
/**
Constructs a SecureAS400 object. It uses the specified system name, user ID, and password. No sign-on prompt is displayed unless the sign-on fails.
@param systemName The name of the system.
@param userId The user profile name to use to authenticate to the system.
@param password The user profile password to use to authenticate to the system.
**/
public SecureAS400(String systemName, String userId, String password)
{
super(systemName, userId, password);
if (Trace.traceOn_) Trace.log(Trace.DIAGNOSTIC, "Constructing SecureAS400 object.");
construct();
}
/**
Constructs a SecureAS400 object. It uses the specified system, user ID, and password. No sign-on prompt is displayed unless the sign-on fails.
@param systemName The name of the system.
@param userId The user profile name to use to authenticate to the system.
@param password The user profile password to use to authenticate to the system.
@param proxyServer The name and port in the format serverName[:port]. If no port is specified, a default will be used.
**/
public SecureAS400(String systemName, String userId, String password, String proxyServer)
{
super(systemName, userId, password, proxyServer);
if (Trace.traceOn_) Trace.log(Trace.DIAGNOSTIC, "Constructing SecureAS400 object.");
construct();
}
/**
Constructs a SecureAS400 object. It uses the same system name and user ID. This does not create a clone. The new SecureAS400 object has the same behavior, but results in a new set of socket connections.
@param system A previously instantiated AS400 or SecureAS400 object.
**/
public SecureAS400(AS400 system)
{
super(system);
if (Trace.traceOn_) Trace.log(Trace.DIAGNOSTIC, "Constructing SecureAS400 object.");
construct();
// If passed in system has SSL options, deep copy them.
if (system.useSSLConnection_ != null)
{
useSSLConnection_.proxyEncryptionMode_ = system.useSSLConnection_.proxyEncryptionMode_;
}
}
/**
Validates the user ID and password against the system, and if successful, adds the information to the password cache.
@param systemName The name of the system.
@param userId The user profile name.
@param password The user profile password.
@exception AS400SecurityException If a security or authority error occurs.
@exception IOException If an error occurs while communicating with the system.
**/
public static void addPasswordCacheEntry(String systemName, String userId, String password) throws AS400SecurityException, IOException
{
if (Trace.traceOn_) Trace.log(Trace.DIAGNOSTIC, "Adding password cache entry, system name: '" + systemName + "' user ID: '" + userId + "'");
addPasswordCacheEntry(new SecureAS400(systemName, userId, password));
}
/**
Validates the user ID and password against the system, and if successful, adds the information to the password cache.
@param systemName The name of the system.
@param userId The user profile name.
@param password The user profile password.
@param proxyServer The name and port in the format serverName[:port]. If no port is specified, a default will be used.
@exception AS400SecurityException If a security or authority error occurs.
@exception IOException If an error occurs while communicating with the system.
**/
public static void addPasswordCacheEntry(String systemName, String userId, String password, String proxyServer) throws AS400SecurityException, IOException
{
if (Trace.traceOn_) Trace.log(Trace.DIAGNOSTIC, "Adding password cache entry, system name: '" + systemName + "' user ID: '" + userId + "' proxy server: '" + proxyServer + "'");
addPasswordCacheEntry(new SecureAS400(systemName, userId, password, proxyServer));
}
/**
Returns the key ring class name used for SSL communications with the system. The class com.ibm.as400.access.KeyRing is the default and will be returned if not overridden.
@return The key ring class name.
@deprecated
**/
public String getKeyRingName()
{
if (Trace.traceOn_) Trace.log(Trace.DIAGNOSTIC, "Getting key ring name: null" );
return null;
}
/**
Returns the proxy encryption mode. The proxy encryption mode specifies which portions of the communications between the client, proxy server, and IBM i system are encrypted.
@return The proxy encryption mode.
**/
public int getProxyEncryptionMode()
{
if (Trace.traceOn_) Trace.log(Trace.DIAGNOSTIC, "Getting proxy encryption mode:", useSSLConnection_.proxyEncryptionMode_);
return useSSLConnection_.proxyEncryptionMode_;
}
/**
Sets the key ring class name used for SSL communications with the system.
This method is no longer supported because sslight is not longer supported.
@param keyRingName The key ring class name.
@exception PropertyVetoException If any of the registered listeners vetos the property change.
**/
public void setKeyRingName(String keyRingName) throws PropertyVetoException
{
Trace.log(Trace.ERROR, "Cannot set key ring class name -- no sslight support ");
throw new ExtendedIllegalStateException("keyRingName", ExtendedIllegalStateException.IMPLEMENTATION_NOT_FOUND);
}
/**
Sets the key ring class name used for SSL communications with the system.
This method is no longer available since support for sslight has been removed.
@param keyRingName The key ring class name.
@param keyRingPassword The password for the key ring class.
@exception PropertyVetoException If any of the registered listeners vetos the property change.
**/
public void setKeyRingName(String keyRingName, String keyRingPassword) throws PropertyVetoException
{
Trace.log(Trace.ERROR, "Cannot set key ring class name -- no sslight support ");
throw new ExtendedIllegalStateException("keyRingName", ExtendedIllegalStateException.IMPLEMENTATION_NOT_FOUND);
}
/**
Sets the key ring password used for SSL communications with the system.
@param keyRingPassword The password for the key ring class.
@deprecated
**/
public void setKeyRingPassword(String keyRingPassword)
{
Trace.log(Trace.ERROR, "Cannot set key ring class password.");
throw new ExtendedIllegalStateException("keyRingPassword", ExtendedIllegalStateException.PROPERTY_NOT_CHANGED);
}
/**
Sets the proxy encryption mode. The proxy encryption mode specifies which portions of the communications between the client, proxy server, and IBM i system are encrypted. The default is to encrypt all communications. This value is ignored if a proxy server is not used.
Valid proxy encryption modes are:
{@link #CLIENT_TO_PROXY_SERVER CLIENT_TO_PROXY_SERVER} - encrypt between client and proxy server.
{@link #PROXY_SERVER_TO_SERVER PROXY_SERVER_TO_SERVER} - encrypt between proxy server and IBM i system.
{@link #CLIENT_TO_SERVER CLIENT_TO_SERVER} - encrypt both portions of connection.
@param proxyEncryptionMode The proxy encryption mode.
@exception PropertyVetoException If any of the registered listeners vetos the property change.
**/
public void setProxyEncryptionMode(int proxyEncryptionMode) throws PropertyVetoException
{
if (Trace.traceOn_) Trace.log(Trace.DIAGNOSTIC, "Setting proxy encryption mode:", proxyEncryptionMode);
// Validate parameter.
if (proxyEncryptionMode < CLIENT_TO_PROXY_SERVER ||
proxyEncryptionMode > CLIENT_TO_SERVER)
{
Trace.log(Trace.ERROR, "Value of parameter 'proxyEncryptionMode' is not valid:", proxyEncryptionMode);
throw new ExtendedIllegalArgumentException("proxyEncryptionMode (" + proxyEncryptionMode + ")", ExtendedIllegalArgumentException.PARAMETER_VALUE_NOT_VALID);
}
if (propertiesFrozen_)
{
Trace.log(Trace.ERROR, "Cannot set proxy encryption mode after connection has been made.");
throw new ExtendedIllegalStateException("proxyEncryptionMode", ExtendedIllegalStateException.PROPERTY_NOT_CHANGED);
}
Integer oldValue = new Integer(useSSLConnection_.proxyEncryptionMode_);
Integer newValue = new Integer(proxyEncryptionMode);
if (vetoableChangeListeners_ != null)
{
vetoableChangeListeners_.fireVetoableChange("proxyEncryptionMode", oldValue, newValue);
}
useSSLConnection_.proxyEncryptionMode_ = proxyEncryptionMode;
if (propertyChangeListeners_ != null)
{
propertyChangeListeners_.firePropertyChange("proxyEncryptionMode", oldValue, newValue);
}
}
public void setEnabledCipherSuites(String [] suites){//@P4
if(suites !=null && suites.length>0){
changeCipherSuites = true;
newCipherSuites = suites;
}
}
}