Tell me what am I doing wrong?

Authorization is required at https: //test.local , for authentication, cert.pfx certificate and login: password are used. cert.pfx - I exported firefox from a browser to really make sure that the certificate was correct I imported it (into a web browser) on other machines. Authorization was successful.

From the received certificate, I created keystore.jks

openssl pkcs12 -in custom_cert.p12 -out custom_cert.pem -nodes -nokeys openssl pkcs12 -in custom_cert.p12 -out custom_key.pem -nodes -nocerts openssl pkcs8 -topk8 -nocrypt -in custom_key.pem -inform PEM -out custom_key.der -outform DER openssl x509 -in custom_cert.pem -inform PEM -out custom_cert.der -outform DER

This is how my connection looks like.

 String URL = "test.local"; try { KeyStore kS = KeyStore.getInstance( KeyStore.getDefaultType() ); FileInputStream fIS = new FileInputStream("keystore.jks"); kS.load(fIS, "123456".toCharArray()); KeyManagerFactory kMF = KeyManagerFactory.getInstance("SunX509"); kMF.init(kS, "123456".toCharArray()); KeyManager[] kMs = kMF.getKeyManagers(); TrustManagerFactory tMF = TrustManagerFactory.getInstance("SunX509"); tMF.init(kS); TrustManager[] tM = tMF.getTrustManagers(); SSLContext sslContext = SSLContext.getInstance("SSL"); sslContext.init(kMs, tM, new SecureRandom()); SSLContext.setDefault(sslContext); javax.net.ssl.SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory(); SSLSocket sslClientSocket = (SSLSocket) sslSocketFactory.createSocket(URL,443); sslClientSocket.startHandshake(); HttpHost targetHost = new HttpHost(URL, 443, "https"); SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER); CredentialsProvider credsProvider = new BasicCredentialsProvider(); credsProvider.setCredentials( new AuthScope(targetHost.getHostName(),443), new UsernamePasswordCredentials("Fedya.Ivakin", "191919")); HttpClient httpclient = HttpClients.custom() .setSSLSocketFactory(sslsf) .setDefaultCredentialsProvider(credsProvider) .setSslcontext(sslContext) .build(); AuthCache authCache = new BasicAuthCache(); BasicScheme basicAuth = new BasicScheme(); authCache.put(targetHost, basicAuth); HttpClientContext context = HttpClientContext.create(); context.setCredentialsProvider(credsProvider); HttpGet httpget = new HttpGet("/"); HttpResponse response = httpclient.execute(targetHost, httpget, context); System.out.println(response.getStatusLine());

As a result, I get HTTP / 1.1 403 Forbidden.

Although there are no errors, where to dig? Tell me please.

    2 answers 2

    A bunch of sites rummaged. I met such statements that pkcs12 does not understand java certificates and need to convert them and a lot of other things. But this is how I am authorized by the certificate + login password.

     String URL = "https://test.local:443"; URL url = new URL(URL); HttpsURLConnection con = (HttpsURLConnection) url.openConnection(); con.setSSLSocketFactory(getFactory1(new File("key/User.pfx"), "123456")); Authenticator.setDefault(new MyAuthenticator()); con.setAllowUserInteraction(true); con.setRequestMethod("GET"); con.connect();

    domain must be specified exactly through two slashes, plus it is not necessary to specify a zone (ru and tp). For example, the login and password we have is such Ivan.Petrov@domain.ru is the login, 123456 is the password

     class MyAuthenticator extends Authenticator { protected PasswordAuthentication getPasswordAuthentication() { return new PasswordAuthentication("domain\\Ivan.Petrov", "123456".toCharArray()); } }

    ==

     private SSLSocketFactory getFactory1(File pKeyFile, String pKeyPassword) throws NoSuchAlgorithmException, KeyStoreException, IOException, CertificateException, UnrecoverableKeyException, KeyManagementException { KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); KeyStore keyStore = KeyStore.getInstance("PKCS12"); InputStream keyInput = new FileInputStream(pKeyFile); keyStore.load(keyInput, pKeyPassword.toCharArray()); keyInput.close(); keyManagerFactory.init(keyStore, pKeyPassword.toCharArray()); TrustManager[] trustAllCerts = new TrustManager[]{ new X509TrustManager() { @Override public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { //To change body of implemented methods use File | Settings | File Templates. } public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } public void checkServerTrusted(X509Certificate[] certs, String authType) { } } }; SSLContext context = SSLContext.getInstance("TLS"); context.init(keyManagerFactory.getKeyManagers(), trustAllCerts, new SecureRandom()); return context.getSocketFactory(); }

    Nothing had to convert and TP. You need to export the user's certificate from the browser and upload it to the application.

    • Nothing had to convert and TP. You need to export the user's certificate from the browser and upload it to the application. - G1yyK

    Hello, try as described here.