 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / Security / August 2008Loading keystores from a smartcard
Hello. I want to connect to an Apache server using ssl (so https protocol), with client certificate in a smartcard. On the website there is an html page and a java applet. While loading the applet, the client is required to present his client certificate, though it has been already loaded when i connect to the server (and so it is on the firefox keystore), and then the applet is not loaded (classNotFound Exception is raised). I think the problem is the client certificate is not found in java keystore. In the smartcard, I have 2 certificates: one for authenticate, and the other for sign. How could i proceed to load the both certificates from the smartcard, using java.security.KeyStore ? (actually l can load only signature certificate) Note that i have a pkcs11 provider. Every idea is welcome to solve my problem <snip> > While loading the applet, the client is > required to present his client certificate, though it has been already I have no idea what you're trying to accomplish here, but... <snip> How could i proceed to load the > both certificates from the smartcard, using java.security.KeyStore ? > (actually l can load only signature certificate) To access the client keystore you need access to the client. The user (obviously) has access to the keystore - he's sitting in front of the console. You could have a html page before the page with the applet with instructions on how to load his certificate into his store.  SignatureDave Miller Java Web Hosting http://www.cheap-jsp-hosting.com/ I solved my problem. In fact i had to install jss (some dll and a jar file to place in the current jre) in mozilla firefox. This done, the JVM can access the firefox keystore and the client authentication is OK (and so the applet is loaded). I also must check "Use certificates and keys in browser keystore" in the java control panel->advanced- >security. > I solved my problem. In fact i had to install jss (some dll and a jar > file to place in the current jre) in mozilla firefox. This done, the > JVM can access the firefox keystore and the client authentication is > OK (and so the applet is loaded). I also must check "Use certificates > and keys in browser keystore" in the java control panel->advanced- >> security. If you have access to the client side, there are many ways to load certs. Applets are usually delivered to clients to which you do not have access. SignatureDave Miller Java Web Hosting at: http://www.cheap-jsp-hosting.com/ I had an other question, but i couldn't found any response. I have two certificates in my smartcard. How can i load the both certificates. I tryed this code char[] pin = smartCardPIN.toCharArray(); KeyStore keyStore = null; try{ keyStore = KeyStore.getInstance("PKCS11");// }catch(Exception e){ e.printStackTrace(); } keyStore.load(null, pin); Enumeration aliases = keyStore.aliases(); if (aliases.hasMoreElements()) { String alias = (String)aliases.nextElement(); System.out.println("alias:"+alias); //getting the certificate chain and the private key Certificate[] certificationChain = keyStore.getCertificateChain(alias); PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, null); .... } ... But aliases enumeration has only one element, since it prints "Signature certificate" (the alias of my signature certificate) It seems that the other certificate is not loaded. Maybe i must instantiate a new keystore ? Maybe the problem (if it's a problem) is due to my pkcs11 provider. Do you have any suggestion? Thanks for your answers > I had an other question, but i couldn't found any response. I have two > certificates in my smartcard. How can i load the both certificates. [quoted text clipped - 24 lines] > > But aliases enumeration has only one element, since it prints You've created a keystore and placed one element into it. When you say "show me elements" it... shows you the one that you've entered. I've never tried to manipulate the keystore on the client's machine so I won't be any help there. My sense is that doing so would take a bit of a hack (or crack). As the keystore holds the keys (literally) to the client's security, the JVM probably tries to keep it pretty well locked up. SignatureDave Miller Java Web Hosting at: http://www.cheap-jsp-hosting.com/ My bad, the keystore does contain the both certificates. In my code, replace " if (aliases.hasMoreElements()) " with "while ( aliases.hasMoreElements() ){ ... Sorry for such a trivial error lol So everything is OK. Thanks for the time you spent answering my questions (whose some are a little bit stupid..) On Tue, 29 Jul 2008 06:40:21 -0700 (PDT), Thomaspantalacci311@hotmail.com wrote, quoted or indirectly quoted someone who said : >I think the problem is the client certificate is not found in java >keystore. In the smartcard, I have 2 certificates: one for >authenticate, and the other for sign. How could i proceed to load the >both certificates from the smartcard, using java.security.KeyStore ? >(actually l can load only signature certificate) >Note that i have a pkcs11 provider. First get rid of the complication of the smartcard by copying your keystore to hard disk. Then have a read up on keytool for all the things you can do with it. see http://mindprod.com/jgloss/keytoolexe.html Keytool has a big restriction. It will never export a private key. You have to use the private keys on the certs inside the keystore. SignatureRoedy Green Canadian Mind Products The Java Glossary http://mindprod.com Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.