Client Certificate Authentication Example

Q

How to write a SSL client program that use a client certificate? The SSL is asking for client certificate authentication.

✍: FYIcenter

A

When an SSL server program is asking for client certificate authentication, it is usually coded as the following:

      serverSocket.setNeedClientAuth(true);

In the SSL client program, you need to follow these steps to provide the client certificate:

1. Load the keystore file that contains the client certificate. Remember to specify the keystore password as shown below:

      ks = KeyStore.getInstance("JKS");
      ks.load(new FileInputStream("client.jks"), "fyicenter".toCharArray());

2. Create an KeyManagerFactory instance and initialize it with the keystore.

      KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
      kmf.init(ks, "fyicenter".toCharArray());

3. Create an SSLContext instance and initialize it with Key Managers:

      SSLContext ctx = SSLContext.getInstance("TLS");
      ctx.init(kmf.getKeyManagers(), null, null);

4. Create an SSLServerSocket instance and set it to listen mode to accept incoming client requests:

      SSLServerSocketFactory ssf = ctx.getServerSocketFactory();
      SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket(port);
      SSLSocket socket = (SSLSocket) ss.accept();

Here is the entire sample program code that takes a client certificate key store file and communicates to a SSL server that asks for client certificate:

// Copyright (c) FYIcenter.com
import java.net.*;
import java.io.*;
import javax.net.ssl.*;
import java.security.KeyStore;

public class SslClientCertificateCmd {
   public static void main(String[] args) throws Exception {
      String host = "www.oracle.com";
      int port = 443;
      String url = "http://www.oracle.com/index.html";
      if (args.length < 3) {
          System.out.println("USAGE: java SslClientCmd host port url");
          System.exit(-1);
      }
      host = args[0];
      port = Integer.parseInt(args[1]);
      url = args[2];

      KeyStore ks = KeyStore.getInstance("JKS");
      ks.load(new FileInputStream("client.jks"), "fyicenter".toCharArray());
      System.out.println(ks.getCertificate("client"));
    
      KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
      kmf.init(ks, "fyicenter".toCharArray());

      SSLContext ctx = SSLContext.getInstance("TLS");
      ctx.init(kmf.getKeyManagers(), null, null);
    
    SSLSocketFactory factory = factory = ctx.getSocketFactory();
    SSLSocket socket = (SSLSocket)factory.createSocket(host, port);
    socket.startHandshake();

      PrintWriter out = new PrintWriter(new BufferedWriter(
         new OutputStreamWriter(socket.getOutputStream())));
      out.println("GET "+url+" HTTP/1.1");
      out.println();
      out.flush();

      BufferedReader in = new BufferedReader(new InputStreamReader(
         socket.getInputStream()));
      String line = in.readLine();
      while (line.length()>0) {
         System.out.println(line);
         line = in.readLine();
      }

      in.close();
      out.close();
      socket.close();
   }
}
d

 

Key Manager Not Sending Client Certificate

Create SSL Client Certificate with "keytool"

Examples for jsse.jar - Java Secure Socket Extension

⇑⇑ FAQ for jsse.jar - Java Secure Socket Extension

2018-06-12, 1467🔥, 0💬