I am using j2sdk1.4, IIS. Trying to serve client certificate
programmatically to the
https site setup on my IIS server
Following is my java code:
import javax.net.ssl.*;
import java.security.*;
import java.security.cert.*;
import java.io.*;
import java.net.*;
public class ClientAuthentication {
private static final String CERTIFICATE_TYPE = "SunX509";
private static final String KEYSTORE_TYPE = "JKS";
private static final String SSL_PROTOCOL = "TLS";
private static final String CERTIFICATE_FACTORY_TYPE = "X.509";
/*
server_cert is filename of trusted server cert
client_cert is filename of personal cert to be given
to server.
certificate files are assumed to be base-64 encoded */
public static void main(String[] args) throws Exception {
System.setProperty ("javax.net.debug", "all");
if (args.length < 3) {
System.out.println("Usage: ClientAuthentication url server_cert
client_cert");
return;
}
String connectURL = args[0];
String serverCertificateFile = args[1];
String clientCertificateFile = args[2];
try {
//KeyStore ks = KeyStore.getInstance(KEYSTORE_TYPE);
KeyStore ks;
ks = KeyStore.getInstance("JKS");
CertificateFactory cf =
CertificateFactory.getInstance(CERTIFICATE_FACTORY_TYPE);
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(CERTIFICATE_TYPE);
KeyManagerFactory kmf =
KeyManagerFactory.getInstance(CERTIFICATE_TYPE);
java.security.Security.addProvider(new
com.sun.net.ssl.internal.ssl.Provider());
//System.setProperty("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");
ks.load(null, null);
X509Certificate the_cert = (X509Certificate)cf.generateCertificate(new
FileInputStream(serverCertificateFile));
ks.setCertificateEntry("server_cert",the_cert);
tmf.init(ks);
ks = KeyStore.getInstance(KEYSTORE_TYPE);
ks.load(null, null);
the_cert = (X509Certificate)cf.generateCertificate(new
FileInputStream(clientCertificateFile));
ks.setCertificateEntry("client_cert",the_cert);
kmf.init(ks, null);
/*
String mypassword;
mypassword = "pass";
ks = KeyStore.getInstance("PKCS12");
ks.load(new FileInputStream(clientCertificateFile),"pass".toCharArray());
kmf.init(ks, "rajesheai".toCharArray());
*/
SSLContext ctx = SSLContext.getInstance(SSL_PROTOCOL);
KeyManager[] km = kmf.getKeyManagers();
TrustManager[] tm = tmf.getTrustManagers();
ctx.init (km, tm, null);
HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());
URL url = new URL(connectURL);
HttpsURLConnection con = (HttpsURLConnection)url.openConnection();
con.setRequestMethod("GET") ;
con.setRequestProperty( "User-Agent", "Mozilla/4.0 (compatible; MSIE
5.5; Windows
NT 5.0; H010818)" );
//con.connect();
if (con.getResponseCode() != HttpsURLConnection.HTTP_OK)
System.out.println ("HttpsURLConnection received response #" +
con.getResponseCode()
+ ": " + con.getResponseMessage());
InputStream in = con.getInputStream();
BufferedReader br = new BufferedReader(new InputStreamReader(in));
System.out.println("Here's the file:");
String line = null;
while ((line = br.readLine()) != null)
System.out.println(line);
} catch(Exception e) {
e.printStackTrace();
}
}
}
Following is the error message:
HttpsURLConnection received response #403: Access Forbidden
java.io.IOException: Server returned HTTP response code: 403 for URL:
https://rajesh-dt/cart/index.html
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLCon
nection.java:697)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:237
)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Das
hoA6275)
at ClientAuthentication.main(ClientAuthentication.java:87) |
