hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jack Wang <pipa...@yahoo.com>
Subject Re: How to access ssl web protected by usbkey with httpclient ?
Date Tue, 05 Dec 2006 06:24:08 GMT
Julius Davies,

Sorry, For the moment, I have no chance to test PKCS#11, for the security consideration, 
there is no dll file for java PKCS#11 to work. So It seems I have no way to work it out.

wj

--- Julius Davies <juliusdavies@gmail.com>写道:
> Hi, Jack,
> 
> Our end goal is to have the RSA private key on the device be part of
> our SSL handshake.  If that means actually extracting the private key
> from the device, that's okay.  But I suspect  instead the device will
> actually always keep the private key to itself, and will actually do
> part of the SSL handshake itself.  That's the only way it makes sense
> to me.  But yeah, ultimately, the RSA private key has to be involved
> in our SSL session.  (Are you able to extract the RSA Private Key???
> It should contain at least the 6 integers just like we see here:
> http://java.sun.com/j2se/1.5.0/docs/api/java/security/spec/RSAPrivateCrtKeySpec.html
> )
> 
> Anyway, can you run this code for me, and report back any problems?
> Don't forget to create a java "pkcs11.cfg" file using this as a
> reference:
> 
> http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html#Config
> 
> Look like the java "pkcs11.cfg" file you create will tell Java to go
> look in that Windows DLL file.
> 
> public static void main( String[] args ) throws Exception {
>  String configName = "/path/to/pkcs11.cfg";
>  Provider p = new sun.security.pkcs11.SunPKCS11(configName);
>  Security.addProvider(p);
> 
>  char[] pin = "secret".toCharArray();
>  KeyStore ks = KeyStore.getInstance("PKCS11");
>  ks.load(null, pin);
>  System.out.println( ks );
> }
> 
> 
> yours,
> 
> Julius
> 

--- Jack Wang <pipashu@yahoo.com>写道:
> Hi, Julius Davies,
> 
> I remember the last time's test, after I import the web's public cert key to local jdk
CACERTS,
> when I access the https web site with the usbkey, it reports following exception:
> "javax.net.ssl.SSLHandshakeException: unknown certificate".  I don't know why. In this
test
> there
> is no PIN input dialog, and I didn't import the usbkey public key to jdk CACERTS, I simply
use
> the
> following code: 
> 
>     HttpClient httpclient = new HttpClient();
>     GetMethod httpget = new GetMethod("https://.../"); 
>     try { 
>         httpclient.executeMethod(httpget);
>         System.out.println(httpget.getStatusLine());
>     } finally {
>         httpget.releaseConnection();
>     }
> 
> So I wonder if I should get the private key or where should I input the PIN password
when I
> access
> the https web site. What steps should I do to access ssl web protected by usbkey with
httpclient
> ?
> 
> --- Julius Davies <juliusdavies@gmail.com>写道:
> 
> > ps.  looks like this is the format for the config file:
> > 
> > http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html#Config
> 
> For the moment, I have no chance to test PKCS#11. It's said the usbkey's JKCS#11 is closed
for
> the
> security consideration. So only after I get the usbkey's PKCS#11 implementation which
is
> contained
> in a dll file, should I get the private key by calling java pkcs interface. 
> 
> > 
> > On 12/2/06, Julius Davies <juliusdavies@gmail.com> wrote:
> > > Hi, Jack,
> > >
> > > I'm interested in working on this a little, if you'll indulge me.
> > > I've never used a usbkey and I don't have one.  So we'll probably have
> > > to email a lot.
> 
> OK. I am very pleased.
> 
> > >
> > > For starters, does this work?  No exceptions are thrown if the usb key
> > > is plugged in, and a simple command-line Java program is run?  (Maybe
> > > try Java 5 or newer).
> 
> Yes I use Java 5. There is no problem if I access http web site and https wbe site without
> usbkey
> protected using httpclient. 
> 
> > >
> > > // Using docs from:
> > > // http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html
> > > public static void main( String[] args ) throws Exception {
> > >
> > >   String configName = "/opt/bar/cfg/pkcs11.cfg";
> > >   Provider p = new sun.security.pkcs11.SunPKCS11(configName);
> > >   Security.addProvider(p);
> > >
> > >   char[] pin = "secret".toCharArray();
> > >   KeyStore ks = KeyStore.getInstance("PKCS11");
> > >   ks.load(null, pin);
> > >   System.out.println( ks );
> > > }
> > >
> > >
> > > And how do you want your user to enter the PIN?  Can they put it in a
> > > properties file (ick)?  Or do you want some kind of Swing dialogue?
> > > Or perhaps Java 6's new support for taking passwords on the console
> > > (aka: standard-in) without echoing it back?
> 
> There is no requirements as for how to input PIN. My only requirement is to grasp all
the data
> spreaded in many html pages, these pages are passed in ssl and protected by usbkey.
> 
> > >
> > > Will the users be un-plugging and re-plugging the usbkey while the
> > > Java program is running?
> > >
> 
> I think the user can plug the usbkey first, and if needed he can input the PIN password
> manually,
> then he runs my program.
> 
> > > yours,
> > >
> > > Julius
> > >
> > >


	

	
		
___________________________________________________________ 
Mp3疯狂搜-新歌热歌高速下
http://music.yahoo.com.cn/?source=mail_mailbox_footer

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org


Mime
View raw message