• Post Reply Bookmark Topic Watch Topic
  • New Topic

SSL and client Authentication issue  RSS feed

 
Ben Harrison
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello, I've tried searching and searching, and I'm not having an success. Here's my problem:

I'm trying to write a java application that connects to an https page that has client authentication enabled. Just incase that is not the right terminology, if you're in a web-browser, and go to a url: https://ssl.ssl.ssl/index.htm it pops up and says, which certificate would you like to use? you hit ok, then it asks for your password. It then returns the page. I would like to do this in JAVA, where I connect to the page in code, and get the resulting page back. I've tried several ways. Currently, I'm trying jakarta HTTPClient. But I know I'm implementing it wrong, it blows up trying with the handshake . I'm lost on how to go about passing the client log-in information to the website. I can do it with a regular http request, but that does me no good

Any help would be GREATLY appreciated. All the java developers I ask around haven't had to do it. It seems like someone would have had to do it...

Thanks

Ben
 
Ben Harrison
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
oh, and let me add, I'll be working on this until I figure it out...SOOO..even if you don't know an exact answer, if you can point me to another library like Jakarta HTTPClient, or anything that might help me solve the problem, I'll investigate it more and hopefully find something.

Ben
 
Roy Ben Ami
Ranch Hand
Posts: 732
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

If i'm not mistaken the JSSE package is what you looking for.

I am not too familiar with it but i think it provides the entire SSL process, including the optional mutual authentication that you want.

However, this requires you to use a lot of dirty work (writing the sockets, parsing the web data etc...).

Maybe this will point you to the right direction, and if not then ignore this post

Here is the link:
JSSE
[ January 26, 2006: Message edited by: Roy Ben Ami ]
 
Ulf Dittmer
Rancher
Posts: 42972
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There are two issues here: HTTPS (by means of SSL) and authentication. The two have nothing to do with each other. To use HTTPS in your app, you use javax.net.HttpsUrlConnection instead fo java.net.HttpUrlCOnnection, and you should be all set.

As regards authentication, there is a chapter in the HttpClient user guide on this topic.

By the way, you do not need to deal with JSSE. Either javax.net.HttpsUrlConnection or the HttpClient package (whichever of the two you are using) will handle this for you.
[ January 26, 2006: Message edited by: Ulf Dittmer ]
 
Roy Ben Ami
Ranch Hand
Posts: 732
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sorry, my mistake.

Ulf is right (as usual)

I thought you meant "crypto authentication" (in which case they are related since SSL uses many different algorithms for such authentication via the certificates you mentioned - both mutual and one way).

I didn't read your post correctly, and sorry to mix you up.
 
Ben Harrison
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
tried the authentication stuff, but am getting an error:

SunCertPathBuilderException: unable to find valid certification path to requested target

Here's the code I'm trying:


hopefully I didn't miss type anything above...
[ January 31, 2006: Message edited by: Ben Harrison ]
 
Don't get me started about those stupid light bulbs.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!