TibrvSdContext.setDaemonCert()
Method
Declaration
static voidsetDaemonCert(
java.lang.String daemonName,
java.lang.String daemonCert)
throws TibrvException
Purpose
Register trust in a secure daemon.
Remarks
When any program transport connects to a secure daemon, it verifies the daemon’s identity using TLS protocols. Certificates registered using this method identify trustworthy daemons. Programs divulge user names and passwords to daemons that present registered certificates.
|
Parameter |
Description |
|
|
Register a certificate for a secure daemon with this name. For the syntax and semantics of this parameter, see Daemon Name, below. |
|
|
Register this public certificate. The text of this certificate must be in PEM encoding. See also Certificate. |
Daemon Name
The daemon name is a three-part string of the form:
ssl:host:port_number
This string must be identical to the string you supply as the daemon argument to the transport creation call; see TibrvRvdTransport().
Colon characters (:) separate the three parts.
ssl indicates the protocol to use when attempting to connect to the daemon.
host indicates the host computer of the secure daemon. You can specify this host either as a network IP address, or a hostname. Omitting this part specifies the local host.
port_number specifies the port number where the secure daemon listens for TLS connections.
(This syntax is similar to the syntax connecting to remote daemons, with the addition of the prefix ssl.)
In place of this three-part string, you can also supply the constant TibrvSdContext.TIBRV_SECURE_DAEMON_ANY_NAME. This form lets you register a catch-all certificate that applies to any secure daemon for which you have not explicitly registered another certificate. For example, you might use this form when several secure daemons share the same certificate.
Certificate
For important details, see CA-Signed Certificates on page 171 in .
In place of an actual certificate, you can also supply the constant TibrvSdContext.TIBRV_SECURE_DAEMON_ANY_CERT. The program accepts any certificate from the named secure daemon. For example, you might use this form when testing a secure daemon configuration, before generating any actual certificates.
Any Name and Any Certificate
Notice that the constants TibrvSdContext.TIBRV_SECURE_DAEMON_ANY_NAME and TibrvSdContext.TIBRV_SECURE_DAEMON_ANY_CERT each eliminate one of the two security checks before transmitting sensitive identification data to a secure daemon. We strongly discourage using both of these constants simultaneously, because that would eliminate all security checks, leaving the program vulnerable to unauthorized daemons.