[jacorb-developer] Examples of configuring SSL Authentication programmatically

Alka Nand alka.nand at gmail.com
Tue Jul 24 16:51:11 CEST 2012


I am using Jacorb 3.0

I have been successful in setting up a properties file to enabe SSL and
specifythe JKS keystore and the password as shown in the SSL Demo program.
I set up the Keystore to contain the CA certificate and the device
certificates and keys.

I am able to successfully set up a PKI connection with the device using
this properties file.

Now I need to do the same thing programmatically. I was previously doing
this with Orbix using the SecurityLevel2::SecurityManager. I could get the
PrincipalAuthenticator from that and then call Authenticate on the
PrincipalAuthenticator.

I have 2 questions:

1. Does anybody have have examples of setting up the Security configuration
and authenthicating programmatically that they can share? The SSL demo
example uses the properterties file and does not have programming examples.

2. How do i specify different passwords for the Keystore and for the device
certificates? The Demo example uses the same. The Jacorb reference guide
does not say how to do that either.

My properties file looks like this

jacorb.security.support_ssl=on

# This interceptor is only here so that the demo server can print out the
client certificate
# It is not required for SSL to work
org.omg.PortableInterceptor.ORBInitializerClass.ForwardInit=org.jacorb.security.ssl.sun_jsse.SecurityServiceInitializer

# IIOP/SSL parameters (numbers are hex values, without the leading "0x"):
# EstablishTrustInClient = 40
# EstablishTrustInTarget = 20
# mutual authentication = 60
jacorb.security.ssl.server.supported_options=60
jacorb.security.ssl.server.required_options=60

jacorb.ssl.socket_factory=org.jacorb.security.ssl.sun_jsse.SSLSocketFactory
jacorb.ssl.server_socket_factory=org.jacorb.security.ssl.sun_jsse.SSLServerSocketFactory

jacorb.security.keystore=jsse_server_ks
jacorb.security.keystore_password=jsse_server_ks_pass

# Read trusted certificates from the keystore
jacorb.security.jsse.trustees_from_ks=on

jacorb.security.jsse.log.verbosity=4
jacorb.security.ssl.supportedprotocols=TLSv1,SSLv3
jacorb.security.ssl.enabled_protocols=TLSv1,SSLv3
jacorb.security.ssl.protocols=TLSv1,SSLv3
jacorb.security.ssl.client.protocols=TLSv1,SSLv3
jacorb.security.ssl.server.protocols=TLSv1,SSLv3

jacorb.security.ssl.client.supported_options=60
jacorb.security.ssl.client.required_options=60
#jacorb.security.ssl.client.supported_options=0
#jacorb.security.ssl.client.required_options=0

#Client options too
#jacorb.security.keystore_password=jsse_client_ks_pass
#jacorb.security.keystore=jsse_client_ks

# Read trusted certificates from the keystore
#jacorb.security.jsse.trustees_from_ks=on

#jacorb.security.jsse.log.verbosity=4
jacorb.security.ssl.supportedprotocols=TLSv1,SSLv3
jacorb.security.ssl.client.protocols=TLSv1,SSLv3

Thanks!
alka


More information about the jacorb-developer mailing list