Ahoj,
postupil som dalej, ale o moc zas nie.
private static SSLSocketFactory getFactory() throws ...{
KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance("SunX509");
KeyStore keyStore = KeyStore.getInstance("JKS");
InputStream keyInput = new FileInputStream(new
File(clientJksFile));
keyStore.load(keyInput, clientJksPasswd.toCharArray());
keyInput.close();
keyManagerFactory.init(keyStore, clientJksPasswd.toCharArray());
SSLContext context = SSLContext.getInstance("TLS");
context.init(keyManagerFactory.getKeyManagers(), null, new
SecureRandom());
return context.getSocketFactory();
}
void test() {
//private static String ts_url =
"https://www.postsignum.cz/DEMOTSA/TSS_crt/";;
private static String ts_url =
"https://tsa.postsignum.cz/TSS/HttpTspServer/";;
...
Security.addProvider(new BouncyCastleProvider());
// tu mam certifikaty postsignum k overeniu ssl cert path
System.setProperty("javax.net.ssl.trustStore", caJksFile);
System.setProperty("javax.net.ssl.trustStorePassword",
caJksPasswd);
// generuj request
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1,
new byte[20]);
byte[] reqData = request.getEncoded();
// posli request
SSLSocketFactory sslfact = getFactory();
URL url = new URL(ts_url);
HttpsURLConnection c = (HttpsURLConnection) url.openConnection();
c.setSSLSocketFactory(sslfact);
c.setDoOutput(true);
c.setDoInput(true);
c.setRequestMethod("POST");
c.setRequestProperty("Content-type",
"application/timestamp-query");
c.setRequestProperty("Content-length",
String.valueOf(reqData.length));
OutputStream out = c.getOutputStream();
out.write(reqData);
out.flush();
if (c.getResponseCode() != HttpURLConnection.HTTP_OK) {
...
}
V getResponseCode() koncim na javax.net.ssl.SSLHandshakeException:
Received fatal alert: handshake_failure.
Vzhladom na to, ze som skusil aj oficialneho TSA klienta od PostSignum,
ktory koncil s podobnou vynimkou by mohol byt problem
zakopany prave v certifikate a skusim sa vydat najprv touto cestou.
V com mam trosku gulas ale je, ze v aplikacii TSA sa pridava privatny
kluc ( s heslom ), kdezto na autentikaciu sa pouzije certifikat. Ale
predpokladam,
ze ta aplikacia si certifikat vygeneruje z privatneho kluca...
Diky
--
Dusan
Zdravím,
přihlášení je standardní HTTPS přihlášení klientským certifikátem, ne?
Použijte třeba HttpClient z Apache HttpComponents (
http://hc.apache.org/httpcomponents-client-ga/index.html ), použití
HTTPS je tam myslím někde v příkladech.
S pozdravem
Filip Jirsák
2012/5/2 Dusan Zatkovsky <[email protected] <mailto:[email protected]>>
Ahoj,
implementoval niekto z Vas casove razitko od postsignum s
prihlasenim certifikatom?
Vygooglit sa mi nic zatial nepodarilo, v podstate som zatial
pripravil hash a odoslal na
server, ale nemam doriesenu autentifikaciu.
Security.addProvider(new BouncyCastleProvider());
TimeStampRequestGenerator reqGen = new
TimeStampRequestGenerator();
TimeStampRequest request =
reqGen.generate(TSPAlgorithms.SHA1, new byte[20]);
byte[] reqData = request.getEncoded();
String s_url = "https://www.postsignum.cz/DEMOTSA/TSS_crt/";;
URL url = new URL(s_url);
HttpURLConnection c = (HttpURLConnection) url.openConnection();
c.setDoOutput(true);
c.setDoInput(true);
c.setRequestMethod("POST");
c.setRequestProperty("Content-type",
"application/timestamp-query");
c.setRequestProperty("Content-length",
String.valueOf(reqData.length));
OutputStream out = c.getOutputStream();
out.write(reqData);
out.flush();
InputStream in = c.getInputStream();
TimeStampResp resp = TimeStampResp.getInstance(new
ASN1InputStream(in).readObject());
TimeStampResponse response = new TimeStampResponse(resp);
response.validate(request);
Diky
--
Dusan
