I'm trying to access website which needs a client certificate that is
on a smartcard.
Was able to get the certificate from the smartcard as
java.security.cert.Certificate object.
Also was successful in connecting the website via SSL without
certificate.
Found in the forum, that I should try to store the certificate object
in a new TrustStore and
do the SSL connection with that TrustStore:
http://forum.java.sun.com/thread.jspa?forumID=2&threadID=5118972
The communication with the smartcard reader works fine. The sample
code from sun to sign some data
with the client certificate works.
Would be great if someone could help me!
Thanks Adrian
My Code:
im****t java.io.BufferedReader;
im****t java.io.BufferedWriter;
im****t java.io.File;
im****t java.io.FileInputStream;
im****t java.io.InputStream;
im****t java.io.InputStreamReader;
im****t java.io.OutputStreamWriter;
im****t java.io.PrintWriter;
im****t java.security.KeyStore;
im****t java.security.*;
im****t java.security.cert.*;
im****t java.security.cert.Certificate;
im****t java.util.Enumeration;
im****t javax.net.ssl.*;
public class SSLSocketClientWithClientAuth {
public static void main(String[] args) throws Exception {
String host = "www.testpage.com";
int ****t = 443;
String path = "/login.html";
//get certificate from smartcard
String alias = "Firstname Lastname";
KeyStore scks = KeyStore.getInstance("Windows-MY");
scks.load(null, null);
Certificate cert = scks.getCertificate(alias);
//store certificate in new keystore
KeyStore ks = KeyStore.getInstance("jks");
ks.load(null, null);
ks.setCertificateEntry("cardcert", cert);
//check if certificate is in keystore -> yes it is
for (Enumeration<String> e = ks.aliases() ; e.hasMoreElements() ;)
{
String al = e.nextElement().toString();
System.out.println("CERTIFICATE: " + al);
System.out.println(ks.getCertificate(al));
}
// setup trustmanager
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
// Setup SSLContext with above trustmanager.
SSLContext sslcont = SSLContext.getInstance("SSL");
sslcont.init(null, tmf.getTrustManagers(), new SecureRandom());
SSLSocketFactory factory = sslcont.getSocketFactory();
System.out.println("Opening connection to " + host + ":" + ****t +
path + "...");
SSLSocket socket = (SSLSocket) factory.createSocket(host, ****t);
socket.setSoTimeout(10000);
System.out.println("Starting SSL handshake...");
socket.startHandshake();
System.out.println();
System.out.println("Get Page " + host + ":" + ****t + path);
System.out.println();
PrintWriter out = new PrintWriter(new BufferedWriter(new
OutputStreamWriter(socket.getOutputStream())));
out.println("GET " + path + " HTTP/1.0");
out.println();
out.flush();
BufferedReader in = new BufferedReader(new
InputStreamReader(socket.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
out.close();
socket.close();
}
}
Error:
Exception in thread "main" javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:
174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:
1591)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:
187)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:
181)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:
975)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:
123)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:
516)
at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:
454)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:
884)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:
1096)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:
1123)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:
1107)
at
SSLSocketClientWithClientAuth.main(SSLSocketClientWithClientAuth.java:
75)
Caused by: sun.security.validator.ValidatorException: PKIX path
building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:
285)
at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:
191)
at sun.security.validator.Validator.validate(Validator.java:218)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:
126)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:
209)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:
249)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:
954)
.... 8 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:
174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:
280)
.... 14 more
|
