Java Reference
In-Depth Information
Fortunately, using HTTPS in your application is as simple as tacking on a couple of
s
characters. When creating the connection, request an
HttpsConnection
from the
Connector
instead, as shown in Listing 12-12.
Listing 12-12.
Requesting an HttpsConnection
HttpsConnection hc = (HttpsConnection)
Connector.open("https://www.noplace.com/");
The resulting
HttpsConnection
implements
HttpConnection
, so you use it the same
way. In addition, you can obtain two additional pieces of information about the connec-
tion: the port on which the server accepted the connection via its
getPort
method, and
details about the negotiated secure connection via its
getSecurityInfo
method.
The
getSecurityInfo
method returns an instance of
SecurityInfo
that describes the
kind of connection established between your application and the remote server; from it,
you can obtain four pieces of information: how the GCF encrypted the transaction, the
bearer protocol, the version of the bearer protocol, and the remote certificate. This infor-
mation is available via the following
SecurityInfo
methods:
•
getCipherSuite
: Returns a
String
naming the cipher suite that the GCF used to
encrypt the transaction
•
getProtocolName
: Returns a
String
indicating the name of the protocol bearing the
transaction
•
getProtocolVersion
: Returns a
String
indicating the version of the protocol bearing
the transaction
•
getServerCertificate
: Returns the certificate of the remote server
The certificate returned by
getServerCertificate
is an object that implements the
Certificate
interface; you can query it for its properties, such as who issued the certifi-
cate and when it will expire.
While adding HTTPS to your application may be easy, crafting a secure application
isn't. As leading computer security expert Gene Spafford has remarked, HTTPS is like
“using an armored truck to transport rolls of pennies between someone on a park bench
and someone doing business from a cardboard box.” To craft a truly secure application,
you must also take responsibility for the data your application exchanges with remote
servers; for example, an e-commerce application should take care to protect a user's cre-
dentials to avoid compromise if the user's device is lost or stolen. I show you some of the
tools that Java ME provides to meet these challenges in Chapter 15.