Establishing a secure connection
To establish
a secure connection to EAServer,
follow these steps:
-
Create
an instance of the SSLServiceProvider object. -
Optionally use the GetGlobalProperty function
to obtain security information from the server. -
Set properties required by the server using the SetGlobalProperty function.
-
Connect to the server using the ConnectToServer function
of the Connection object.
Creating an instance of SSLServiceProvider
This code creates an instance of the SSLServiceProvider object:
1 |
SSLServiceProvider sp<br>GetContextService( "SSLServiceProvider", sp ) |
Getting information from the server
Use GetGlobalProperty to obtain information
about the security characteristics of the server. This example gets
information about supported CipherSuites from the availableQop property,
and displays the information in a drop-down list:
1 |
int i, rc<br>string ls_values[]<br> <br>rc = sp.GetGlobalProperty("availableQop", ls_values)<br> <br>IF rc <> 0 THEN<br>   MessageBox("Get Qop Failed", "rc = " + string(rc))<br>   RETURN<br>END IF<br> <br>FOR i = 1 to UpperBound(ls_values)<br>   ddlb_1.AddItem( ls_values[i] )<br>NEXT<br>RETURN |
Setting global properties
Before you connect to the server, you must set required global
properties. This code sets qop to the value sybpks_intl
and pin to the value sybase:
1 |
int rc<br> <br>rc = sp.SetGlobalProperty( "qop", "sybpks_intl" )<br>IF rc <> 0 THEN<br>   MessageBox( "Setting QOP Failed", &<br>      "rc = " + string(rc) )<br>ELSE<br>   MessageBox( "Set SSL QOP Property", "succeeded" )<br>END IF<br>rc = sp.SetGlobalProperty( "pin", "sybase" )<br>IF rc <> 0 THEN<br>   MessageBox( "Setting PIN Failed", &<br>      "rc = " + string(rc) )<br>ELSE<br>   MessageBox( "Set SSL PIN Property", "succeeded" )<br>END IF |
Most of the properties set using SetGlobalProperty can
be set only once for the lifetime of the client executable. The
properties remain in effect when the client disconnects from or
reconnects to the server.
When you run a client application in PowerBuilder, you can
set global properties only once during the
PowerBuilder session. You will need to restart PowerBuilder each
time you test the code that sets global SSL properties.
If you want to use an instance of the SSLCallback object to
obtain user input interactively, you need to set the global property
CallBackImpl. See “Using SSL callbacks”.
Connecting to the server
When you begin a secure session, the client and server exchange
messages in the SSL handshake process. The client provides information
that the server needs in order to communicate with the server, then
the server must always authenticate itself to the client before
the process can continue. If the server requires client authentication,
the client must be authenticated before the process can continue.
When the required authentication is complete, the client and server
create symmetric keys that will be used for encryption, decryption, and
tamper detection in the SSL session. To catch any exceptions that
are raised during this process, you should enclose the ConnectToServer call
in a try-catch block.
When you establish a secure connection, use iiops
instead
of iiop
in the location property
of the connection object. The server typically listens for secure
connections on ports 2001 or 2002. This example uses a Connection object, g_connect,
that has been declared as a global variable. The example uses the
options property of the Connection object to specify a different CypherSuite
for this connection:
1 |
long l_rc<br>g_connect.userid = sle_user.text<br>g_connect.password = sle_password.text<br>g_connect.driver = "jaguar"<br>g_connect.application = "myserverpkg"<br>g_connect.location = "iiops://myserver:2001"<br>g_connect.options = "ORBqop='sybpks_simple'"<br> <br>TRY<br>   l_rc = g_connect.ConnectToServer()<br>CATCH (userabortedexception uae)   <br>   MessageBox("UserAbortedException Caught", &<br>      "ConnectToServer caught: " + uae.getMessage() )<br>   l_rc = 999<br> <br>CATCH ( CORBASystemException cse )<br>   MessageBox("CORBASystemException Caught", &<br>      "ConnectToServer caught: " + cse.getMessage() )<br>   l_rc = 998<br>END TRY<br>IF l_rc <> 0 THEN<br>   MessageBox("Error", "Connection Failed - code: " &<br>      + string(l_rc) )<br>   MessageBox("Error Info", "ErrorCode= " &<br>      + string(g_connect.ErrCode) + "~nErrText= " &<br>      + g_connect.ErrText)<br>ELSE<br>   MessageBox("OK", "Connection Established")<br>END IF |
Troubleshooting connections
When a secure connection fails, the error message that displays
is the same as for insecure connections. It does not provide any
additional information about the reason for failure. To obtain more
information in a log file, you can enable the ORBLogIIOP option
and specify a value for the ORBLogFile option. In the example above,
you would replace the g_connect.options
statement
with something like this:
1 |
g_connect.options = "ORBqop='sybpks_simple'" + &<br>  "ORBLogIIOP='TRUE', ORBLogFile='d: empORBLog.txt'" |
Alternatively, you can set the JAG_LOGFILE environment
variable to specify the log file in which initialization errors
are recorded.