Java API
HSM Dinamo
Loading...
Looking for...
No entries found
JCASSL.java

Example of TLS v1.2 authentication with a site using mutual authentication.

See Note on examples.
package doxy.examples;
import java.io.BufferedInputStream;
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Principal;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Enumeration;
import java.util.Iterator;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
public class JCASSL {
static void printUsage()
{
System.out.println("Usage: <url> <path to host full cert chain> <key alias>");
System.out.println("Ex.: https://nfe.fazenda.sp.gov.br/ws/nfestatusservico2.asmx ./sefaz-sp.p7b mykey");
}
public static void main(String[] args) {
if(3 != args.length)
{
printUsage();
return;
}
try
{
String httpURL = args[0];
String chainPath = args[1];
String keyAlias = args[2];
/* Adds provider to JVM, dynamically. */
Security.addProvider(new br.com.trueaccess.provider.netdfence.ND());
/*
* The TACV keystore type does not physically remove objects from the HSM.
* This will make it easier to "filter" the keys in the key store.
*/
KeyStore ks = KeyStore.getInstance("TACV", "ND");
ks.load(null, "".toCharArray());
/* Filters the keystore keys, leaving only the specified alias. */
FilterKeyStore(keyAlias, ks);
/*
* Configures key store, trust store and connection parameters.
* */
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, "".toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
tmf.init(getTrustKeyStore(chainPath));
SSLContext sc = SSLContext.getInstance("TLSv1.2");
sc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
SSLSocketFactory ssf = sc.getSocketFactory();
URL url = new URL(httpURL);
HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
connection.setSSLSocketFactory(ssf);
connection.setRequestMethod("GET");
connection.setRequestProperty("User-Agent", "Java Client 1.0");
connection.setRequestProperty("Accept", "text/html,application/xhtml+xml,application/xml");
connection.setUseCaches(false);
connection.setDoOutput(true);
connection.connect();
/*
* Lists the host's certificate chain.
* This is the string sent by the host itself.
*
* */
System.out.println("Host chain(received from host): ");
System.out.println();
Certificate[] serverCertificate = connection.getServerCertificates();
int i = 0;
for (Certificate certificate : serverCertificate) {
if (certificate instanceof X509Certificate) {
X509Certificate x509cert = (X509Certificate) certificate;
Main main = x509cert.getSubjectDN();
System.out.println("["+ i + "] " + "Subject: " + main);
main = x509cert.getIssuerDN();
System.out.println("Issuer: " + main);
i++;
}
}
System.out.println();
/*
* Shows the content of the page accessed.
*/
printContent(connection);
connection.disconnect();
}
catch (Exception e)
{
e.printStackTrace();
}
}
static void printContent(HttpsURLConnection connection)
{
if(null!= connection)
{
try {
System.out.println("URL content:");
System.out.println();
BufferedReader buffReader =
new BufferedReader(new InputStreamReader(connection.getInputStream()));
String input;
while ((input = buffReader.readLine()) != null)
{
System.out.println(input);
}
buffReader.close();
} catch (Exception e)
{
e.printStackTrace();
}
}
}
static KeyStore getTrustKeyStore(String chainPath)
{
String pwd = "12345678";
KeyStore kstrusted = null;
try {
kstrusted = KeyStore.getInstance("JKS");
kstrusted.load(null, pwd.toCharArray());
//import client key
FileInputStream fistrusted = new FileInputStream(chainPath);
BufferedInputStream bistrusted = new BufferedInputStream(fistrusted);
CertificateFactory cftrusted = CertificateFactory.getInstance("X.509");
Collection c = cftrusted.generateCertificates(bistrusted);
Iterator it = c.iterator();
int i = 0;
while (it.hasNext()) {
Certificate cert = (Certificate)it.next();
kstrusted.setCertificateEntry(""+i++, cert);
}
}
catch(Exception e)
{
e.printStackTrace();
}
return kstrusted;
}
static void FilterKeyStore(String keyAlias, KeyStore keyStore)
{
try {
Enumeration<String> keysInHSM = keyStore.aliases();
while(keysInHSM.hasMoreElements())
{
String nextKey = (String)keysInHSM.nextElement();
if(0 != nextKey.compareTo(keyAlias))
{
keyStore.deleteEntry(nextKey);
}
}
} catch (KeyStoreException e) {
e.printStackTrace();
}
}
}
Generated by Doxygen / Doxygen Awesome