Accessing Remote Data on the Network - Beginning Java ME Platform - page 314

Java Reference

In-Depth Information

Fortunately, using HTTPS in your application is as simple as tacking on a couple of s

characters. When creating the connection, request an HttpsConnection from the Connector

instead, as shown in Listing 12-12.

Listing 12-12. Requesting an HttpsConnection

HttpsConnection hc = (HttpsConnection)

Connector.open("https://www.noplace.com/");

The resulting HttpsConnection implements HttpConnection , so you use it the same

way. In addition, you can obtain two additional pieces of information about the connec-

tion: the port on which the server accepted the connection via its getPort method, and

details about the negotiated secure connection via its getSecurityInfo method.

The getSecurityInfo method returns an instance of SecurityInfo that describes the

kind of connection established between your application and the remote server; from it,

you can obtain four pieces of information: how the GCF encrypted the transaction, the

bearer protocol, the version of the bearer protocol, and the remote certificate. This infor-

mation is available via the following SecurityInfo methods:

• getCipherSuite : Returns a String naming the cipher suite that the GCF used to

encrypt the transaction

• getProtocolName : Returns a String indicating the name of the protocol bearing the

transaction

• getProtocolVersion : Returns a String indicating the version of the protocol bearing

the transaction

• getServerCertificate : Returns the certificate of the remote server

The certificate returned by getServerCertificate is an object that implements the

Certificate interface; you can query it for its properties, such as who issued the certifi-

cate and when it will expire.

While adding HTTPS to your application may be easy, crafting a secure application

isn't. As leading computer security expert Gene Spafford has remarked, HTTPS is like

“using an armored truck to transport rolls of pennies between someone on a park bench

and someone doing business from a cardboard box.” To craft a truly secure application,

you must also take responsibility for the data your application exchanges with remote

servers; for example, an e-commerce application should take care to protect a user's cre-

dentials to avoid compromise if the user's device is lost or stolen. I show you some of the

tools that Java ME provides to meet these challenges in Chapter 15.

Next Page

Beginning Java ME Platform

Search WWH ::

Custom Search

Home