The Secure Connection Factory API for HTTPS Clients 

Use

The SAP J2EE Engine can also be the client component for HTTPS connections. To use such connections in applications, we provide the secure connection factory (class: SecureConnectionFactory).

Although the secure connection factory’s primary purpose is to provide the framework to set up HTTPS connections where the SAP J2EE Engine is the client component, you can also use the factory to establish HTTP connections.

Keystores

To be a client for HTTPS connections, the J2EE Engine must be able to verify the identity of the servers that it connects to. For this purpose, the secure connection factory uses the trusted store keystore. Store the CA root certificates belonging to the trusted CAs in this keystore. If connections should use SSL with mutual authentication, then the J2EE Engine must also possess its own key pair to use for SSL, along with the corresponding public-key certificate. The secure connection factory uses the credentials keystore to store these items.

Connection Types

You can use the factory to create HTTPS connections using a URL or you can create an SSL socket instance. When setting up a URL connection, you can use the secure connection factory to establish a connection that uses both the HTTP and the SSL layers. For cases where the HTTP connection is established using a different method, for example, when using extended HTTP features such as WebDav, then use the secure connection factory to create only the SSL socket.

Logging

The secure connection factory uses the SAP J2EE Engine’s logging API. Any debugging messages from the underlying SAP Java Cryptographic Toolkit are written to the location com.sap.security.core.server.https.IAIK using the severity level DEBUG.

Integration

The SSL routines are performed by the SAP Java Cryptographic Toolkit, which due to export regulations, is not directly available with the SAP J2EE Engine. It is available for download on the SAP Service Marketplace. Note however, that it is not available to all customers.

To obtain the SAP Java Cryptographic Toolkit, see service.sap.com/download. For instructions about how to install it on the SAP J2EE Engine, see Deploying the SAP Java Cryptographic Toolkit in the Administration Manual.

Activities

To enable your application to be an HTTPS client for connections, the application must perform the following steps.

...

       1.      Initialize the secure connection factory.

In this step, you set up the two keystores for the secure connection factory, the trusted store and the credentials keystore.

       2.      Create the connection using an URL or create an SSL socket instance. The methods available are:

¡        CreateURLConnection

¡        CreateSocket

       3.      Manage the connection.

There are also methods available for additional functions, for example, for supporting the use of proxy servers or for comparing the target server’s host name with the server name found in its public-key certificate. For more information, see Interfaces and Classes for Using the Secure Connection Factory and the JavaDocs for the SecureConnectionFactory class.

Example

See Examples for Using the Secure Connection Factory.