Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.java.security > #41

SSL with Client Certifica

From "blumentarzan" <blumentarzan@THRWHITE.remove-dii-this>
Subject SSL with Client Certifica
Message-ID <1193408135.948128.193960@z9g2000hsf.googlegroups.com> (permalink)
Newsgroups comp.lang.java.security
Date 2011-04-27 16:07 +0000
Organization TDS.net

Show all headers | View raw

  To: comp.lang.java.security
I'm trying to access website which needs a client certificate that is
on a smartcard.

Was able to get the certificate from the smartcard as
java.security.cert.Certificate object.
Also was successful in connecting the website via SSL without
certificate.

Found in the forum, that I should try to store the certificate object
in a new TrustStore and
do the SSL connection with that TrustStore:
http://forum.java.sun.com/thread.jspa?forumID=2&threadID=5118972

The communication with the smartcard reader works fine. The sample
code from sun to sign some data
with the client certificate works.

Would be great if someone could help me!

Thanks Adrian

My Code:

import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
import java.security.KeyStore;

import java.security.*;
import java.security.cert.*;
import java.security.cert.Certificate;
import java.util.Enumeration;

import javax.net.ssl.*;

public class SSLSocketClientWithClientAuth {

	public static void main(String[] args) throws Exception {

		String host = "www.testpage.com";
		int port = 443;
		String path = "/login.html";


		//get certificate from smartcard
		String alias = "Firstname Lastname";

		KeyStore scks = KeyStore.getInstance("Windows-MY");
		scks.load(null, null);

		Certificate cert = scks.getCertificate(alias);

		//store certificate in new keystore
		KeyStore ks = KeyStore.getInstance("jks");
		ks.load(null, null);
		ks.setCertificateEntry("cardcert", cert);

                //check if certificate is in keystore -> yes it is
		 for (Enumeration<String> e = ks.aliases() ; e.hasMoreElements() ;)
{
        	String al = e.nextElement().toString();
        	System.out.println("CERTIFICATE: " + al);
        	System.out.println(ks.getCertificate(al));
        	}


		// setup trustmanager
		TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
		tmf.init(ks);

		// Setup SSLContext with above trustmanager.
		SSLContext sslcont = SSLContext.getInstance("SSL");
		sslcont.init(null, tmf.getTrustManagers(), new SecureRandom());



		SSLSocketFactory factory = sslcont.getSocketFactory();


		System.out.println("Opening connection to " + host + ":" + port +
path + "...");
		SSLSocket socket = (SSLSocket) factory.createSocket(host, port);
		socket.setSoTimeout(10000);

		System.out.println("Starting SSL handshake...");
		socket.startHandshake();
		System.out.println();

		System.out.println("Get Page " + host + ":" + port + path);
		System.out.println();

		PrintWriter out = new PrintWriter(new BufferedWriter(new
OutputStreamWriter(socket.getOutputStream())));
		out.println("GET " + path + " HTTP/1.0");
		out.println();
		out.flush();

		BufferedReader in = new BufferedReader(new
InputStreamReader(socket.getInputStream()));

		String inputLine;

		while ((inputLine = in.readLine()) != null)
			System.out.println(inputLine);

		in.close();
		out.close();
		socket.close();
	}
}



Error:
Exception in thread "main" javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:
174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:
1591)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:
187)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:
181)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:
975)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:
123)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:
516)
at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:
454)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:
884)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:
1096)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:
1123)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:
1107)
at
SSLSocketClientWithClientAuth.main(SSLSocketClientWithClientAuth.java:
75)
Caused by: sun.security.validator.ValidatorException: PKIX path
building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:
285)
at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:
191)
at sun.security.validator.Validator.validate(Validator.java:218)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:
126)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:
209)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:
249)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:
954)
... 8 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:
174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:
280)
... 14 more

---
 * Synchronet * The Whitehouse BBS --- whitehouse.hulds.com --- check it out free usenet!
--- Synchronet 3.15a-Win32 NewsLink 1.92
Time Warp of the Future BBS - telnet://time.synchro.net:24

Back to comp.lang.java.security | Previous | NextNext in thread | Find similar

Thread

SSL with Client Certifica "blumentarzan" <blumentarzan@THRWHITE.remove-dii-this> - 2011-04-27 16:07 +0000
  Re: SSL with Client Certi "Robert Kochem" <robert.kochem@THRWHITE.remove-dii-this> - 2011-04-27 16:07 +0000
    Re: SSL with Client Certi "blumentarzan" <blumentarzan@THRWHITE.remove-dii-this> - 2011-04-27 16:07 +0000
      Re: SSL with Client Certi "Robert Kochem" <robert.kochem@THRWHITE.remove-dii-this> - 2011-04-27 16:07 +0000

csiph-web