vSphere Automation SDK provides mechanisms for creating remote stubs to give clients access to vSphere Automation services.
The sequence of tasks you must follow to create a remote stub starts with creating a ProtocolFactory. You use the protocol factory object to create a ProtocolConnection. Connection objects provide the basis for creating stub interfaces tovSphere Automation services.
When you establish a connection to the vSphere Automation endpoint, you can create a StubFactory object and a StubConfiguration object. With these objects, you can create the remote stub for the vSphere Automation service that you want to access.
The complete connection sequence also includes SSL truststore support and a temporary StubConfiguration that you use for SAML token authentication and session creation.
- SSL Handshake
-
The
vSphere Automation endpoint (
https://host/api) is an SSL‐enabled service that requires client authentication during login. The SSL connection relies on certificate verification supported by the Java security architecture. The Java security architecture defines truststores for SSL connections. A truststore contains vCenter Single Sign-On credentials. You use a truststore to verify credentials from a
vCenter Server instance.
The vSphere Automation SDK for Java includes an SSL utility sample code that supports the creation of a truststore for the HTTP connection, com.vmware.vcloud.suite.samples.common.SslUtil.
Note: The vSphere Automation SDK for Java SSL utility creates an instance of the Java security certificate class X509TrustManager. This instance declares an override client-side method, checkServerTrusted, that accepts all HTTPS certificates. This method is suitable only for development environments. For a production environment, do not use the X509TrustManager override methods. Instead, set up a truststore for use by the default X509TrustManager implementation.
For greater security, use an external utility to create a certificate store:
keytool -import -noprompt -trustcacerts \ -alias <alias name> \ -file <certificate file> \ -keystore <truststore filename> \ -storepass <truststore password>
