Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Security >> Java Secure Socket Extension (JSSE)

URGENT : Reading a cert sent by the client

Hi,

I am using Apache/Jserv with JSSE 1.0.2 and JDK1.2.2

No problems if I connect to a https site and retrieve the content through a servlet.

When someone connects to my servlet through https protocol, then the client needs to send his certificate to my server. Then I need to read the contents of the certificate in my servlet code.

Once I get the certificate I can use X509Certificate class to extract all the information.

But how should I get certificate sent by the client in my code.

Please help me...

[557 byte] By [glow007] at [2007-9-26 3:47:32]
«« How to set the focus of JTable?
»» WHAT IS FORUM?
# 1
In you servlet, use code like...request.getAttribute("javax.servlet.request.X509Certificate");
neville_sequeira at 2007-6-29 12:30:17 > top of Java-index,Security,Java Secure Socket Extension (JSSE)...
# 2
I have tried using this, but it is retrieving null...While connecting to my servlet, client needs to give his certificate, then the server verifies the certificate's validity.In my servlet code, I need to get the certificate given by any client.
glow007 at 2007-6-29 12:30:17 > top of Java-index,Security,Java Secure Socket Extension (JSSE)...
# 3

a. See section 5.7 - SSL Attributes of servlet 2.2 specifications. There it is cleary mentioned about the name "javax.servlet.request.X509Certificate".

b. What servlet container are you using to deploy your servlets ?

c. Maybe you should post the relevant portion of your servlet code.

neville_sequeira at 2007-6-29 12:30:17 > top of Java-index,Security,Java Secure Socket Extension (JSSE)...
# 4
Besides, what type of client is it ?Is it a browser ? Is it a java application ? How is the certificate configured for use in the client ?Are you sure the client sends the certificate to the server ?
neville_sequeira at 2007-6-29 12:30:17 > top of Java-index,Security,Java Secure Socket Extension (JSSE)...
# 5
Thank you very much for the solution, Neville....I am working on the code...Sorry for not updating the topic...
glow007 at 2007-6-29 12:30:17 > top of Java-index,Security,Java Secure Socket Extension (JSSE)...
# 6

did you solved it ? Can you send the client certificate trough code ?

can you tell me or send me the fragment of code you are using to do that ?

Nowadays I have a code to import the server certificate but I can't send the client's certificate to the server........

FelipeGaucho at 2007-6-29 12:30:17 > top of Java-index,Security,Java Secure Socket Extension (JSSE)...
# 7

I am very sorry for the delay...

I have solved the problem.

Here is the solution for this problem.

I have used Oracle's implementation of Java SSL. The following three

files http_client.jar, javax-ssl-1_2.jar, jssl-1_2.jar

should be in CLASSPATH.

In httpd.conf add

(1) SSLVerifyClient require

(2) SSLCACertificateFile /path/file /*point to the CA file which can

verify client certificate - typically a file called CA-bundle.crt. */

(3) Add the following lines :

<Location /servlet>

SSLOptions +StdEnvVars +ExportCertData

</Location>

In jserv.conf

(4) ApJServMount /servlet /root ( should be there by default )

(5) ApJServEnvVar SSL_CLIENT_CERT MY_CLIENT_CERTIFICATE

Here is a snippet of code:

public class Hello extends HttpServlet

{

public void doGet (HttpServletRequest request, HttpServletResponse

response)

throws ServletException, IOException

{

PrintWriter out;

String title = "Example Apache JServ Servlet";

// set content type and other response header fields first

response.setContentType("text/html");

// then write the data of the response

out = response.getWriter();

// test client certificate fields

String sCert =

(String)request.getAttribute("org.apache.jserv.MY_CLIENT_CERTIFICATE");

out.println("<HTML><HEAD><TITLE>");

out.println(title);

out.println("</TITLE></HEAD><BODY bgcolor=\"#FFFFFF\">");

out.println("<H2> client Certificate , is " + sCert +

"!

");

java.security.cert.X509Certificate xCert =

getX509Certificate(sCert);

out.println("<H2> Subject DN, is " + xCert.getSubjectDN() +

"!

");

//Do whatever you want with the certificate.....

out.println("</BODY></HTML>");

out.close();

}

private java.security.cert.X509Certificate

getX509Certificate(java.lang.String trimmedCertificate )

{

String beginCert = "--BEGIN CERTIFICATE--";

String endCert = "--END CERTIFICATE--";

int start = trimmedCertificate.indexOf(beginCert);

int end= trimmedCertificate.indexOf(endCert);

String mainCertificate =

trimmedCertificate.substring(beginCert.length(), end);

try

{

byte data[];

BASE64Decoder decoder = new BASE64Decoder();

data = decoder.decodeBuffer(mainCertificate);

CertificateFactory cF =

CertificateFactory.getInstance("X509");

ByteArrayInputStream bAIS = new ByteArrayInputStream(data);

X509Certificate cert =

(X509Certificate)cF.generateCertificate(bAIS);

//Do whatever you want with the certificate.....

bAIS.close();

return cert;

} catch(Exception ) {

e.printStackTrace();

}

return null;

}

}

Please let me know if you want any information regarding this.

my id is naveen.patha@oracle.com

glow007 at 2007-6-29 12:30:17 > top of Java-index,Security,Java Secure Socket Extension (JSSE)...
# 8
For completeness sake http://forum.java.sun.com/thread.jsp?forum=4&thread=171718
neville_sequeira at 2007-6-29 12:30:17 > top of Java-index,Security,Java Secure Socket Extension (JSSE)...
Security
Java Secure Socket Extension (JSSE)

Security New Topic

Security Hot Topic

Security

All Classified