Security Providers

Description - This provider creates a reusable configuration for providing authentication and data encryption via TLS/SSL.

Runtime Class - com.iwaysoftware.eclipse.template.SslContextProviderType



Parameter Groups

 ParameterTypeDescription
*Keystore:stringConfigured Security Provider for the keystore you wish to use for this SSL context. Choose "default" to use the default SSL Keystore Provider. Keystores hold private keys.

Click below for a definition:
*Truststore:stringConfigured Security Provider for the truststore you wish to use for this SSL context. Choose "default" to use the default SSL Keystore Provider. Truststores hold the certificate of Trusted CAs used to verify peer certificates.

Click below for a definition:
*Security Protocol:stringSpecify the version of security protocol that should be used. During SSL handshake, a negotiation selects the protocol to be used from the best mutually supported. This field sets the minimum acceptable security protocol. If the handshake cannot select a mutually supported protocol, the connection fails.

Select from one of the following options:
  • Default {Default}
  • SSL {SSL}
  • SSLv3 {SSLv3}
  • TLS {TLS}
  • TLSv1 {TLSv1}
  • TLSv1.1 {TLSv1.1}
  • TLSv1.2 {TLSv1.2}
Hostname Verification:booleanIf true, client SSL connections using this provider will attempt to verify that the server's certificate matches its host name.
Client Authentication:booleanIf true, servers using this provider will use SSL client authentication, that is, the server must receive and authenticate a certificate from the client as part of the SSL handshake.
* - denotes required
 ParameterTypeDescription
Cache Size:integerThe maximum number of SSL sessions that will be retained in the session cache. Sessions in the cache can be reconnected with less overhead than those not cached.
Timeout:integerMaximum length of time (in seconds) that an SSL session can remain in the cache.
* - denotes required
 ParameterTypeDescription
JCE PKIX Trust Manager Provider:stringJCE provider to construct PKIX Trust Manager. Choose 'Not Specified' for default.

Select from one of the following options:
  • NOT_SPECIFIED {NOT_SPECIFIED}
  • SunJSSE {SunJSSE}
JCE Signature Provider:stringJCE provider used to verify digital certificate signatures during handshake.

Select from one of the following options:
  • NOT_SPECIFIED {NOT_SPECIFIED}
  • SUN {SUN}
  • SunRsaSign {SunRsaSign}
  • SunEC {SunEC}
  • SunJSSE {SunJSSE}
  • SunMSCAPI {SunMSCAPI}
* - denotes required
 ParameterTypeDescription
Certificate Store:stringCertificate store from which certificate revocation lists are loaded.

Click below for a definition:
Enable Certificate Revocation:booleanEnable CRL or OCSP checking of certificates during handshake.
* - denotes required
 ParameterTypeDescription
JCE SSL Context Provider:stringJCE Provider for the SSL Context

Select from one of the following options:
  • NOT_SPECIFIED {NOT_SPECIFIED}
  • SunJSSE {SunJSSE}
Server Key Alias:stringAlias for the key to be used to identify secure servers using this SSL context. If not supplied, the key will be selected using JSSE default behavior.
Client Key Alias:stringAlias for the key to be used to identify secure clients using this SSL context. If not supplied, the key will be selected using JSSE default behavior.
OCSP Responder:stringName of the OCSP Responder provider. This verifies the status of certificates online instead of relying on Certificate Revocation Lists.

Click below for a definition:
    null
Enabled Cipher Suites:stringIf supplied, only cipher suites on this list will be enabled for SSL sockets or SSL engines created using this provider. The user must take care that enabled cipher suites are supported by other components specified. Enter as comma-delimited list or use FILE() function. If left blank, all available cipher suites will be enabled and be available during SSL negotiation.
* - denotes required

Description - SSH Client is the repository of all host SSH keys and the client's private keys.
 
Runtime Class - com.iwaysoftware.eclipse.template.SshClientProviderType


 

Parameter Groups

  Parameter Type Description
* User Name string User ID on the SSH-enabled server
  Password password User's password on the SSH-enabled server
  Private Key string Path to the private key file for public-key authentication.
  Passphrase password Passphrase used to protect the Private Key
  Validate Host Keys boolean If set to true keys sent from SSH hosts are validated; if valid the keys are cached by this server. If false then any host key will be accepted by this server.
  Host Key Repository string Path to the Known Host Keys repository on this server.
* - denotes required


Description - An Online Certificate Status Protocol responder is an online service that verifies the validity of certificates. OCSP removes the need for Certificate Revocation Lists by delegating the task to a centralized server.

Runtime Class - com.iwaysoftware.eclipse.template.OcspResponderProviderType



Parameter Groups

 ParameterTypeDescription
*Responder URLstringLocation of the OCSP responder. For example http://ocsp.example.net:80
Certificate Subject NamestringSubject name of the OCSP responder's certificate. For example CN=OCSP Responder, O=XYZ Corp.
Certificate Issuer NamestringIssuer name of the OCSP responder's certificate. For example CN=Enterprise CA, O=XYZ Corp. This property is required if the Certificate Subject Name is not specified.
Certificate Serial NumberstringSerial number of the OCSP responder's certificate. For example 1234567890123456789. This property is required if the Certificate Subject Name is not specified.
*Certificate StorestringCertificate store where the responder certificate can be retrieved.

Select from one of the following options:
*HTTP Client ProviderstringHTTP client provider that manages outgoing connections to the responder.

Select from one of the following options:
* - denotes required

Description - LDAP CertStore Providers define how certificates and CRLs can be found in an LDAP database.
 
Runtime Class - com.iwaysoftware.eclipse.template.LdapCertstoreProviderType


 

Parameter Groups

  Parameter Type Description
* URL string URL to reach LDAP directory. LDAP URL's are in the form ldap://host[:port]
  Base DN string Base DN
  Search For Serial Number In string If not null the serial number of the certificate is searched in this LDAP attribute.
  User Certificate Attribute string Attribute name(s) in the LDAP directory where end certificates are stored. Separated by space. Defaults to userCertificate.
  CA Certificate Attribute string Attribute name(s) in the LDAP directory where CA certificates are stored. Separated by space. Defaults to cACertificate.
  Cross-Certificate Attribute string Attribute name(s), where the cross certificates are stored. Separated by space. Defaults to crossCertificatePair.
  Certificate Revocation List Attribute string Attribute name(s) in the LDAP directory where CRLs are stored. Separated by space. Defaults to certificateRevocationList.
  LDAP User Certificate Attribute Name string The attribute name(s) in the LDAP directory where to search for the attribute value of the specified userCertificateSubjectAttributeName. E.g. if cn is used to put information about the subject for end certificates, then specify cn. Defaults to cn.
  LDAP CA Certificate Attribute Name string The attribute name(s) in the LDAP directory where to search for the attribute value of the specified cACertificateSubjectAttributeName. E.g. if ou is used to put information about the subject for CA certificates, then specify ou. Defaults to: cn ou o
  LDAP Cross-Certificate Attribute Name string The attribute name(s) in the LDAP directory where to search for the attribute value of the specified crossCertificateSubjectAttributeName. E.g. if o is used to put information about the subject for cross certificates, then specify o. Defaults to: cn ou o
  LDAP Certificate Revocation List Attribute Name string The attribute name(s) in the LDAP directory where to search for the attribute value of the specified certificateRevocationListIssuerAttributeName. E.g. if ou is used to put information about the issuer of CRLs, specify ou. Defaults to: cn ou o
  User Certificate Subject Attribute Name string Attribute(s) in the subject of the certificate which is used to be searched in the ldapUserCertificateAttributeName. E.g. the cn attribute of the DN could be used. Defaults to cn.
  CA Certificate Subject Attribute Name string Attribute(s) in the subject of the certificate which is used to be searched in the ldapCACertificateAttributeName. E.g. the ou attribute of the DN could be used. Defaults to: o ou
  Cross-Certificate Subject Attribute Name string Attribute(s) in the subject of the cross certificate which is used to be searched in the ldapCrossCertificateAttributeName. E.g. the o attribute of the DN may be appropriate. Defaults to: o ou
  Certificate Revocation List Issuer Attribute Name string Attribute(s) in the issuer of the CRL which is used to be searched in the ldapCertificateRevocationListAttributeName. E.g. the o or ou attribute may be used. Defaults to: o ou
* - denotes required


Description - This provider creates a resusable configuration for managing keystores.
 
Runtime Class - com.iwaysoftware.eclipse.template.KeystoreProviderType


 

Parameter Groups

  Parameter Type Description
* Path: string Location of the keystore file or "NONE" if using PKCS11
  Password: password Keystore password
* Type: string Keystore type

Select from one of the following options:
  • CaseExactJKS {CaseExactJKS}
  • JCEKS {JCEKS}
  • JKS {JKS}
  • PKCS12 {PKCS12}
  • Windows-MY {Windows-MY}
  • Windows-ROOT {Windows-ROOT}
  • BCPKCS12 {BCPKCS12}
  • BKS {BKS}
  • BKS-V1 {BKS-V1}
  • BouncyCastle {BouncyCastle}
  • DKS {DKS}
  • PKCS12-3DES-3DES {PKCS12-3DES-3DES}
  • PKCS12-3DES-40RC2 {PKCS12-3DES-40RC2}
  • PKCS12-DEF {PKCS12-DEF}
  • PKCS12-DEF-3DES-3DES {PKCS12-DEF-3DES-3DES}
  • PKCS12-DEF-3DES-40RC2 {PKCS12-DEF-3DES-40RC2}
* - denotes required
  Parameter Type Description
  KeyStore JCE Provider: string JCE Provider implementing this Keystore type

Select from one of the following options:
  • NOT_SPECIFIED {NOT_SPECIFIED}
  • SUN {SUN}
  • SunJSSE {SunJSSE}
  • SunJCE {SunJCE}
  • SunMSCAPI {SunMSCAPI}
  Callback Handler: string The fully qualified class name of a Callback handler that will satisfy authentication callbacks for the keystore. The callback handler must satisfy the javax.security.auth.callback.CallbackHandler interface and be available on iSM's classpath.
  Reload Period: string Minimum time to wait before the provider checks if the KeyStore needs to be reloaded. The format is [xxh][xxm]xx[s]. Enter 0 to check for reload every time the KeyStore is requested. Leave the parameter empty to never reload the KeyStore. A file based KeyStore is reloaded only if the file was modified since last reload.
* - denotes required


Description - Directory CertStore Providers define directories from which certificates and CRLs can be loaded into a certifcate store.
 
Runtime Class - com.iwaysoftware.eclipse.template.DirectoryCertstoreProviderType


 

Parameter Groups

  Parameter Type Description
* CertStore Location string CertStore directory location.
  Certificate Factory JCE Provider string JCE Provider to use when creating the X.509 Certificate Factory

Select from one of the following options:
  • NOT_SPECIFIED {NOT_SPECIFIED}
  • SUN {SUN}
  • BC {BC}
  Reload Period string Minimum time to wait before the provider checks if the directory contents was modified, hereby forcing the CertStore to be reloaded. The format is [xxh][xxm]xx[s]. Enter 0 to check the directory every time the CertStore is requested. Leave the parameter empty to never reload the CertStore.
* - denotes required