[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-ssl] Problems with authenticating a client certificate



Hi,
I configured a IIS-5.0 web server to require a client certificate and mapped
a web site directory to certain client certificate and a certain NT account.
When I'm trying to reach this pager with Iexplorer - the web site asks the
certificate from me and everything works fine, but, when I'm trying to do
this with my java
program, I'm getting a message "This page requires a client certificate",
although we already loaded the right client certificate in our program.
If I'm using a wrong certificate I'm getting a message "You are not
authorized to view this page".
If I'm removing the certificate map and configuring the web site to only
request a client certificate it works fine.

My code is:

		URL url = new URL(strUrl);
		  System.out.println("Connecting to " + url + "...");
  		HttpsURLConnection con =
(HttpsURLConnection)url.openConnection();

  		SSLClientContext context = new SSLClientContext();
	
		// add the private key to the session
		if (bUsesClientCert)
		{
			try
			{
				KeyAndCertificate kac;        
				
				// getting the password in the format we
want
				int iPassLength = strPassword.length();
				int i;
			
				char[] achPassword = new char[iPassLength];
				for (i=0;i<iPassLength;i++)
					achPassword[i] =
strPassword.charAt(i);
			
			     
				PKCS12 pkcs12 = new PKCS12(new
FileInputStream(strCertPath));
			    pkcs12.decrypt(achPassword);
			     
			    if (pkcs12.verify(achPassword))
					System.out.println("Ok, verified");
			    else
				{
					System.out.println("not verified");
					return "cert Not verified";
				}
				
			    CertificateBag[] cb;
			    cb = pkcs12.getCertificateBags();
			     
			    X509Certificate[] cert;
			    cert = CertificateBag.getCertificates(cb);
			     
			    KeyBag kb;
			    kb = pkcs12.getKeyBag();

			    kac = new KeyAndCertificate(kb.getPrivateKey(),
cert);
			    //System.out.println("creato il key and
certificate.");                  
			    context.addClientCredentials(cert,
kb.getPrivateKey());
			}
			catch (Exception e)
			{	
				System.out.println(e.toString());
			}
		}
			
  		// make whatever settings we want in the context
  		// ...
		con.setAllowUserInteraction(true);
		con.setDefaultAllowUserInteraction(true);
		
  		con.setSSLContext(context);


danny & noam
--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl