API Java
HSM Dinamo
Cargando...
Buscando...
No se han encontrado entradas
JCASSL.java

Ejemplo de autenticación TLS v1.2 con un sitio que utiliza autenticación mutua.

Véase la nota sobre ejemplos.
paquete doxy.examples;
import java.io.BufferedInputStream;
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Principal;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Enumeration;
import java.util.Iterator;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
public class JCASSL {
static void printUsage()
{
System.out.println("Usage: <url> <path to host full cert chain> <key alias>");
System.out.println("Ej.: https://nfe.fazenda.sp.gov.br/ws/nfestatusservico2.asmx ./sefaz-sp.p7b miclave");
}
public static void main(String[] args) {
if(3 != args.length)
{
printUsage();
volver;
}
pruebe
{
String httpURL = args[0];
String chainPath = args[1];
String keyAlias = args[2];
/* Añade proveedor a JVM, dinámicamente. */
Security.addProvider(new br.com.trueaccess.provider.netdfence.ND());
/*
* El tipo de almacén de claves TACV no elimina físicamente los objetos del HSM.
* Esto facilitará el "filtrado" de las claves en el almacén de claves.
*/
KeyStore ks = KeyStore.getInstance("TACV", "ND");
ks.load(null, "".toCharArray());
/* Filtra las claves del almacén de claves, dejando sólo el alias especificado. */
FilterKeyStore(keyAlias, ks);
/*
* Configurar el almacén de claves, el almacén de confianza y los parámetros de conexión.
* */
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, "".toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
tmf.init(getTrustKeyStore(chainPath));
SSLContext sc = SSLContext.getInstance("TLSv1.2");
sc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
SSLSocketFactory ssf = sc.getSocketFactory();
URL url = nueva URL(httpURL);
HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
connection.setSSLSocketFactory(ssf);
connection.setRequestMethod("GET");
connection.setRequestProperty("User-Agent", "Java Client 1.0");
connection.setRequestProperty("Accept", "text/html,application/xhtml+xml,application/xml");
connection.setUseCaches(false);
connection.setDoOutput(true);
connection.connect();
/*
* Lista la cadena de certificados del host.
* Esta es la cadena enviada por el propio host.
*
* */
System.out.println("Cadena de host(recibida del host): ");
System.out.println();
Certificado[] serverCertificate = connection.getServerCertificates();
int i = 0;
for (Certificate certificate : serverCertificate) {
if (certificate instanceof X509Certificate) {
X509Certificate x509cert = (X509Certificate) certificado;
Main main = x509cert.getSubjectDN();
System.out.println("["+ i + "] " + "Asunto: " + main);
main = x509cert.getIssuerDN();
System.out.println("Emisor: " + main);
i++;
}
}
System.out.println();
/*
* Muestra el contenido de la página a la que se ha accedido.
*/
printContent(conexión);
connection.disconnect();
}
catch (Excepción e)
{
e.printStackTrace();
}
}
static void printContent(HttpsURLConnection connection)
{
if(null!= conexión)
{
intentar {
System.out.println("Contenido de la URL:");
System.out.println();
BufferedReader buffReader =
new BufferedReader(new InputStreamReader(connection.getInputStream()));
Entrada de cadena;
while ((entrada = buffReader.readLine()) != null)
{
System.out.println(entrada);
}
buffReader.close();
} catch (Exception e)
{
e.printStackTrace();
}
}
}
static KeyStore getTrustKeyStore(String chainPath)
{
String pwd = "12345678";
KeyStore kstrusted = null;
intentar {
kstrusted = KeyStore.getInstance("JKS");
kstrusted.load(null, pwd.toCharArray());
//import client key
FileInputStream fistrusted = new FileInputStream(chainPath);
BufferedInputStream bistrusted = new BufferedInputStream(fistrusted);
CertificateFactory cftrusted = CertificateFactory.getInstance("X.509");
Colección c = cftrusted.generateCertificates(bistrusted);
Iterador it = c.iterator();
int i = 0;
while (it.hasNext()) {
Certificado cert = (Certificado)it.next();
kstrusted.setCertificateEntry(""+i++, cert);
}
}
catch(Excepción e)
{
e.printStackTrace();
}
devolver kstrusted;
}
static void FilterKeyStore(String keyAlias, KeyStore keyStore)
{
intentar {
Enumeration<String> keysInHSM = keyStore.aliases();
while(keysInHSM.hasMoreElements())
{
String nextKey = (String)keysInHSM.nextElement();
if(0 != nextKey.compareTo(keyAlias))
{
keyStore.deleteEntry(nextKey);
}
}
} catch (KeyStoreException e) {
e.printStackTrace();
}
}
}
Generado por Doxygen / Doxygen Awesome