Hi, Julius Davies,
I remember the last time's test, after I import the web's public cert key to
local jdk CACERTS,
when I access the https web site with the usbkey, it reports following
exception:
"javax.net.ssl.SSLHandshakeException: unknown certificate". I don't know why.
In this test there
is no PIN input dialog, and I didn't import the usbkey public key to jdk
CACERTS, I simply use the
following code:
HttpClient httpclient = new HttpClient();
GetMethod httpget = new GetMethod("https://.../";);
try {
httpclient.executeMethod(httpget);
System.out.println(httpget.getStatusLine());
} finally {
httpget.releaseConnection();
}
So I wonder if I should get the private key or where should I input the PIN
password when I access
the https web site. What steps should I do to access ssl web protected by
usbkey with httpclient ?
--- Julius Davies <[EMAIL PROTECTED]>写道:
> ps. looks like this is the format for the config file:
>
> http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html#Config
For the moment, I have no chance to test PKCS#11. It's said the usbkey's
JKCS#11 is closed for the
security consideration. So only after I get the usbkey's PKCS#11 implementation
which is contained
in a dll file, should I get the private key by calling java pkcs interface.
>
> On 12/2/06, Julius Davies <[EMAIL PROTECTED]> wrote:
> > Hi, Jack,
> >
> > I'm interested in working on this a little, if you'll indulge me.
> > I've never used a usbkey and I don't have one. So we'll probably have
> > to email a lot.
OK. I am very pleased.
> >
> > For starters, does this work? No exceptions are thrown if the usb key
> > is plugged in, and a simple command-line Java program is run? (Maybe
> > try Java 5 or newer).
Yes I use Java 5. There is no problem if I access http web site and https wbe
site without usbkey
protected using httpclient.
> >
> > // Using docs from:
> > // http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html
> > public static void main( String[] args ) throws Exception {
> >
> > String configName = "/opt/bar/cfg/pkcs11.cfg";
> > Provider p = new sun.security.pkcs11.SunPKCS11(configName);
> > Security.addProvider(p);
> >
> > char[] pin = "secret".toCharArray();
> > KeyStore ks = KeyStore.getInstance("PKCS11");
> > ks.load(null, pin);
> > System.out.println( ks );
> > }
> >
> >
> > And how do you want your user to enter the PIN? Can they put it in a
> > properties file (ick)? Or do you want some kind of Swing dialogue?
> > Or perhaps Java 6's new support for taking passwords on the console
> > (aka: standard-in) without echoing it back?
There is no requirements as for how to input PIN. My only requirement is to
grasp all the data
spreaded in many html pages, these pages are passed in ssl and protected by
usbkey.
> >
> > Will the users be un-plugging and re-plugging the usbkey while the
> > Java program is running?
> >
I think the user can plug the usbkey first, and if needed he can input the PIN
password manually,
then he runs my program.
> > yours,
> >
> > Julius
> >
> >
> >
> >
> > On 12/2/06, Jack Wang <[EMAIL PROTECTED]> wrote:
> > > I am new here, so excuse me if i have not read old mails carefully here.
> > > I think it is no
> problem
> > > to access normal ssl web site without usbkey certificate. But we can not
> > > obtain the private
> key in
> > > usbkey, so
> > >
> > > How can i access usbkey protected ssl web site ?
> > > Should I must use pkcs#11 to get the private key first ?
> > > When should I input the usbkey PIN password in the automation program ?
> > >
> > > Please give me some tips. Thanks in advance.
> > >
> > > wj
> > >
> > >
> --
> yours,
>
> Julius Davies
> 416-652-0183
> http://juliusdavies.ca/
>
___________________________________________________________
情人节,用雅虎邮箱送玫瑰!
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
