Hi all,
I need some help about mutual certificate in glassfish on netbeans 6.8. I already imported my self-signed-certificates for server and client in the truststore cacert.jks and created private keys for each of them in the keystore.jks. The next thing I did was to use the Security Mechanism: Mutual Certifacte Security to enable the usage of my self-signed-certificates.....So far so good...Here comes the problem: I looked into Wireshark and I saw the transaction of my selfsigned certifcates between client and server, but now I want to print out the extension(like uri=
http://xxx) from the client-certificate on serverside.
This is my serverside source code :
package org.me.calculator;
import javax.jws.WebMethod;
import javax.jws.WebParam;
import javax.jws.WebService;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.security.cert.CertificateFactory;
import javax.jws.WebMethod;
import javax.jws.WebParam;
import javax.jws.WebService;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.List;
import javax.annotation.security.RolesAllowed;
import javax.servlet.http.*;
/**
*
* @author User
*/
@WebService()
public class CalculatorWS {
/**
* Web service operation
*/
@WebMethod(operationName = "add", action="add")
public int add(@WebParam(name = "i") int i, @WebParam(name = "j") int j) {
int k= i+j;
return k;
}
@WebMethod(operationName = "Extensionthrower", action="Extensionthrower")
@RolesAllowed("users")
public String Extensionthrower() {
HttpServletResponseWrapper response = null;
String clientcert = response.getResponse().toString();
if(clientcert.isEmpty()== false){
try{
InputStream inStream = new ByteArrayInputStream(clientcert.getBytes());
final CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
final X509Certificate cert = (X509Certificate) certificateFactory.generateCertificate(inStream);
java.util.Collection altNames = cert.getSubjectAlternativeNames();
if (altNames.size() > 1) {
throw new Exception("Unable to handle multiple SubjectAltName.");
}
java.util.List item = (java.util.List)altNames.iterator().next();
Integer type = (Integer)item.get(0);
Object value = item.get(1);
String result = null;
switch (type.intValue()) {
case 0: throw new Exception("SubjectAltName of type OtherName not supported.");
case 1: result = "rfc822Name=" + (String)value;
break;
case 2: result = "dNSName=" + (String)value;
break;
case 3: throw new Exception("SubjectAltName of type x400Address not supported.");
case 4: throw new Exception("SubjectAltName of type directoryName not supported.");
case 5: throw new Exception("SubjectAltName of type ediPartyName not supported.");
case 6: result = "uri=" + (String)value;
break;
case 7: result = "ipaddress=" + (String)value;
break;
default: throw new Exception("SubjectAltName of unknown type.");
}
return result;
}catch(Exception e){System.out.println(""+e);}
}
return null;
}
}
When my clietn sends a request to the server, I get the following message:
Servlet ClientServlet at /SecureCalculatorClientApp
Successfully authenticated!
Result: 2 + 2 = 4. Extension: null .<------------------ The right Extension it has to print out is:
http://polizei
I just used the Debug mode and when it gets to line: "final X509Certificate cert = (X509Certificate) certificateFactory.generateCertificate(inStream);" it throws an Exception....Can anyone help me out? Is something with the input "inStream" wrong?
Many thanks in advance
[Message sent by forum member 'armerino']
http://forums.java.net/jive/thread.jspa?messageID=469026