• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

Entrust Toolkit API for security

 
Ranch Hand
Posts: 230
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All,

Has anyone used entrust APIs for Security. I would like to use Entrust APIs to get hold of client certificate and extract the 'Common Name' from that to be used for authorization.

ANy inputs towards this will help. Any other easy way without "Entrust", please let me know.

If anyone has experience in Entrust, please give me some sample code and let me know on the JARS that I need to have in my library.

Thanks a lot!
 
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi -
I'm assuming:

1) "get hold of client certificate" = read a cert into memory
2) "extract the 'Common Name'" = parse the distinguished name

I'm not familiar with the Entrust API. I don't know whether you need it.

To answer #1, which application server are you using?

To answer #2, once you have a certificate chain in memory, preferably in an array of X509Certificate objects, call getSubjectDN() on the X509 object and use the String API to locate the CN.

Cheers.
 
Manikandan Jayaraman
Ranch Hand
Posts: 230
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks. I use, Websphere Application Server 6.1.0.x

How should I go about my first question now?
[ July 31, 2008: Message edited by: Manikandan Jayaraman ]
 
Set Cruz
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I was hoping you'd say your app server is JBoss/Tomcat. Does Websphere allow you to configure authorization realms where you can declare a callback handler where the cert chain is passed in?
 
Manikandan Jayaraman
Ranch Hand
Posts: 230
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am yet to research on this :-) But I have heard that we can have a 'Trust Association Interceptor' do this.

Looks like I need to think more on this side. But you can just let me know on the steps that you feel, I should go about. I will see what in WebSphere we have in analogy to that!

Many Thanks for your help.
 
Set Cruz
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If I had to outline the steps for JBoss/Tomcat:
- SSL enable your port with client authentication turned on in server.xml
- Alternatively, configure your web.xml with a <login-config> element and <auth-method>CLIENT-CERT</auth-method>
-Create a JBoss callback handler class that implements org.jboss.security.CertificatePrincipal
-Declare your callback handler class in the "certificatePrincipal" attribute of the "Realm" element in server.xml

You'll notice that CertificatePrincipal will pass in the certificate chain in an array X509Certificate[].

- call getSubjectDN() on the relevant X509Certificate
- use the String API to capture the CN

Cheers
 
Manikandan Jayaraman
Ranch Hand
Posts: 230
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I just got the array of java.security.cert.X509Certificate associated with the HttpServletRequest to get hold of the certificate, inside my web service.

The code:



Thanks a lot, Set!
Mani
 
We noticed he had no friends. So we gave him this tiny ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic