Hi,
I've got a provider who expects the following. Is this possible, and how do I fulfil their request ?
Regards
--
Me (client) establishes an SSL Connection to provider (server).
Provider (server) is expecting to send me (client) a certificate request to authenticate who I am.
Provider (server) expects me to send a SERVER certificate even though I am a client.
--
Can they do this ? They can certainly request a client certificate.
Either way, how do I program the certificate sending ? I have all the usual working, ie. me the client verifying the server certificate presented automatically as part of the HTTPS protocol.
--
Here's a code extract:
import java.io.*;
import java.net.URL;
import java.security.*;
import com.sun.net.ssl.*;
import javax.net.ssl.*;
/*
* TestME
*
*
Test opening a page across HTTPS
*
*/
public class TestME {
private static final
String LOCATION = "https://securehost.com/target.html";
public static void main(String args[]) {
String site = LOCATION;
if (args.length == 1) site = args[0];
System.out.println("URL: " + site);
try {
System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
System.setProperty("javax.net.ssl.trustStore","cacert");
KeyManager kma [] = null;
TrustManager tma [] = {
new S2TrustManager()
};
SSLContext sc = SSLContext.getInstance("SSLv3"); // or TLS or SSL or SSLv3
sc.init(null, null, null); // use default security providers
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
URL location = new URL(site);
HttpsURLConnection shuc = (HttpsURLConnection) location.openConnection();
BufferedReader in = new BufferedReader(new InputStreamReader(location.openStream()));
System.out.println("Reading ...");
String str;
while ((str = in.readLine()) != null) {
System.out.println(str);
}
System.out.println("Finished Reading");
}
catch (IOException e) {
System.err.println(e);
}
catch (KeyManagementException e) {
System.err.println(e);
}
catch (NoSuchAlgorithmException e) {
System.err.println(e);
}
}
}
