You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Jack Wang <pi...@yahoo.com> on 2006/12/04 05:08:15 UTC
回复: Re: How to access ssl web protected by usbkey with httpclient ?
Hi, Julius Davies,
I remember the last time's test, after I import the web's public cert key to local jdk CACERTS,
when I access the https web site with the usbkey, it reports following exception:
"javax.net.ssl.SSLHandshakeException: unknown certificate". I don't know why. In this test there
is no PIN input dialog, and I didn't import the usbkey public key to jdk CACERTS, I simply use the
following code:
HttpClient httpclient = new HttpClient();
GetMethod httpget = new GetMethod("https://.../");
try {
httpclient.executeMethod(httpget);
System.out.println(httpget.getStatusLine());
} finally {
httpget.releaseConnection();
}
So I wonder if I should get the private key or where should I input the PIN password when I access
the https web site. What steps should I do to access ssl web protected by usbkey with httpclient ?
--- Julius Davies <ju...@gmail.com>写道:
> ps. looks like this is the format for the config file:
>
> http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html#Config
For the moment, I have no chance to test PKCS#11. It's said the usbkey's JKCS#11 is closed for the
security consideration. So only after I get the usbkey's PKCS#11 implementation which is contained
in a dll file, should I get the private key by calling java pkcs interface.
>
> On 12/2/06, Julius Davies <ju...@gmail.com> wrote:
> > Hi, Jack,
> >
> > I'm interested in working on this a little, if you'll indulge me.
> > I've never used a usbkey and I don't have one. So we'll probably have
> > to email a lot.
OK. I am very pleased.
> >
> > For starters, does this work? No exceptions are thrown if the usb key
> > is plugged in, and a simple command-line Java program is run? (Maybe
> > try Java 5 or newer).
Yes I use Java 5. There is no problem if I access http web site and https wbe site without usbkey
protected using httpclient.
> >
> > // Using docs from:
> > // http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html
> > public static void main( String[] args ) throws Exception {
> >
> > String configName = "/opt/bar/cfg/pkcs11.cfg";
> > Provider p = new sun.security.pkcs11.SunPKCS11(configName);
> > Security.addProvider(p);
> >
> > char[] pin = "secret".toCharArray();
> > KeyStore ks = KeyStore.getInstance("PKCS11");
> > ks.load(null, pin);
> > System.out.println( ks );
> > }
> >
> >
> > And how do you want your user to enter the PIN? Can they put it in a
> > properties file (ick)? Or do you want some kind of Swing dialogue?
> > Or perhaps Java 6's new support for taking passwords on the console
> > (aka: standard-in) without echoing it back?
There is no requirements as for how to input PIN. My only requirement is to grasp all the data
spreaded in many html pages, these pages are passed in ssl and protected by usbkey.
> >
> > Will the users be un-plugging and re-plugging the usbkey while the
> > Java program is running?
> >
I think the user can plug the usbkey first, and if needed he can input the PIN password manually,
then he runs my program.
> > yours,
> >
> > Julius
> >
> >
> >
> >
> > On 12/2/06, Jack Wang <pi...@yahoo.com> wrote:
> > > I am new here, so excuse me if i have not read old mails carefully here. I think it is no
> problem
> > > to access normal ssl web site without usbkey certificate. But we can not obtain the private
> key in
> > > usbkey, so
> > >
> > > How can i access usbkey protected ssl web site ?
> > > Should I must use pkcs#11 to get the private key first ?
> > > When should I input the usbkey PIN password in the automation program ?
> > >
> > > Please give me some tips. Thanks in advance.
> > >
> > > wj
> > >
> > >
> --
> yours,
>
> Julius Davies
> 416-652-0183
> http://juliusdavies.ca/
>
___________________________________________________________
情人节,用雅虎邮箱送玫瑰!
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org