dbeayon
asked on
HTTPS Authentication
I am trying to post to a aspx site and need some help generating the correct script in JAVA. HEre is what I have for instructions:
All clearinghouses will use ID and Password as the default authentication requirements. (e.g. no individual 3rd party certificates will be required beyond the normal ubiquitous SSL Internet certification process). User ID and Password authentication is based on a scripted process to be contained in the header of the HTTP Post Message, and not through a forms-based authentication model.
Certificate Information
All certificates are server side certificates that are generated internally. These certificates will not be verifiable through third party Certificate Authorities. The clearing house must accept the certificates as valid for the encryption process.
Authorization Process
Authorization is performed through HTTP Basic Authentication. In the Authentication request, the user agent supplies a header formatted in accordance with RFC 1617;
Authorization: Basic userid:password
The userid:password text is base64-encoded. The authorization request header for ;
Authorization: Basic joe:user will actually be transmitted as, Authorization Basic Q2hyaXNqOk1hcmlz.
The server will validate the user information and supply either a 200 : OK response with session cookies attached, or a 401 Not Authorized message. Once a user has been authorized, the user may then begin to post transactions
-----------------
I have the certificate correctly stored in the keystore, so tha part is ok. you may substitute the url for any known site, and create the test.txt file to have the code function. I have the following code so far:
import java.text.*;
import java.net.*;
import java.util.*;
import java.io.*;
import java.lang.*;
public class test
{
public static void main(String[] args)
{
try
{
URL PageUrl;
URLConnection GetConn = null;
GetConn = null;
PageUrl = new URL("https://mysecuresite.ashx");
//The above line returns error message:
//unable to find valid certification path to requested target
final String login ="login";
final String password ="password";
Authenticator.setDefault(n ew Authenticator() {
protected PasswordAuthentication getPasswordAuthentication( ) {
return new PasswordAuthentication (login, password.toCharArray());
}
});
GetConn = PageUrl.openConnection();
//establish connection:
GetConn.connect();
InputStreamReader ReadIn = new InputStreamReader(GetConn. getInputSt ream());
BufferedReader BufData = new BufferedReader(ReadIn);
String TextFileName = ("C:/test.txt");
FileWriter FWriter = new FileWriter(TextFileName);
BufferedWriter BWriter = new BufferedWriter(FWriter);
String UrlData = null;
while ((UrlData = BufData.readLine()) != null)
{
BWriter.write(UrlData);
BWriter.newLine();
}
BWriter.close();
}//end try
catch(IOException io)
{
System.out.println(io);
}
}
}
All clearinghouses will use ID and Password as the default authentication requirements. (e.g. no individual 3rd party certificates will be required beyond the normal ubiquitous SSL Internet certification process). User ID and Password authentication is based on a scripted process to be contained in the header of the HTTP Post Message, and not through a forms-based authentication model.
Certificate Information
All certificates are server side certificates that are generated internally. These certificates will not be verifiable through third party Certificate Authorities. The clearing house must accept the certificates as valid for the encryption process.
Authorization Process
Authorization is performed through HTTP Basic Authentication. In the Authentication request, the user agent supplies a header formatted in accordance with RFC 1617;
Authorization: Basic userid:password
The userid:password text is base64-encoded. The authorization request header for ;
Authorization: Basic joe:user will actually be transmitted as, Authorization Basic Q2hyaXNqOk1hcmlz.
The server will validate the user information and supply either a 200 : OK response with session cookies attached, or a 401 Not Authorized message. Once a user has been authorized, the user may then begin to post transactions
-----------------
I have the certificate correctly stored in the keystore, so tha part is ok. you may substitute the url for any known site, and create the test.txt file to have the code function. I have the following code so far:
import java.text.*;
import java.net.*;
import java.util.*;
import java.io.*;
import java.lang.*;
public class test
{
public static void main(String[] args)
{
try
{
URL PageUrl;
URLConnection GetConn = null;
GetConn = null;
PageUrl = new URL("https://mysecuresite.ashx");
//The above line returns error message:
//unable to find valid certification path to requested target
final String login ="login";
final String password ="password";
Authenticator.setDefault(n
protected PasswordAuthentication getPasswordAuthentication(
return new PasswordAuthentication (login, password.toCharArray());
}
});
GetConn = PageUrl.openConnection();
//establish connection:
GetConn.connect();
InputStreamReader ReadIn = new InputStreamReader(GetConn.
BufferedReader BufData = new BufferedReader(ReadIn);
String TextFileName = ("C:/test.txt");
FileWriter FWriter = new FileWriter(TextFileName);
BufferedWriter BWriter = new BufferedWriter(FWriter);
String UrlData = null;
while ((UrlData = BufData.readLine()) != null)
{
BWriter.write(UrlData);
BWriter.newLine();
}
BWriter.close();
}//end try
catch(IOException io)
{
System.out.println(io);
}
}
}
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
btw, having the real url would be a help
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
have u fixed your keystore?
ASKER
I beleive so....
java InstallCert devrt.neblueconnect.com
Loading KeyStore C:\Program Files\Java\jre1.6.0_05\lib \security\ cacerts...
Opening connection to devrt.neblueconnect.com:44 3...
Starting SSL handshake...
No errors, certificate is already trusted
Server sent 2 certificate(s):
1 Subject CN=devrt.neblueconnect.com , OU=IS, O=BlueCross BlueShield of Nebraska
, L=Omaha, ST=Nebraska, C=US
Issuer CN=BCBSNEPRDCA, DC=BCBSNEPRD, DC=com
sha1 df 1c 67 44 a1 50 77 50 2d 7f 39 84 a1 de bc bb d5 9f 5d af
md5 13 39 c2 61 3c 35 00 a8 dc 4f 24 cd 61 2f 21 95
2 Subject CN=BCBSNEPRDCA, DC=BCBSNEPRD, DC=com
Issuer CN=BCBSNERootCA, DC=BCBSNEPRD, DC=COM
sha1 ad 89 60 5a d4 b8 0d 2d 36 3e 52 84 34 a3 e6 26 ad cc c4 e4
md5 5a 87 c2 56 60 71 2b c6 3f 34 79 ce ea 0a b8 fe
Enter certificate to add to trusted keystore or 'q' to quit: [1]
1
[
[
Version: V3
Subject: CN=devrt.neblueconnect.com , OU=IS, O=BlueCross BlueShield of Nebraska
, L=Omaha, ST=Nebraska, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 10423883125751017177575849 6553781943 2274547833 8042479676 5429104578 613
75686350563393872462567460 4450455798 8445975663 3671351183 7205425050 2181939629 5107
83496482433359920158786259 2027889042 1777279865 9991018203 2078282848 5529983833 7966
21755018497124796169610661 7966255685 0940319011 4957327117 8514432793 8614674577 4673
public exponent: 65537
Validity: [From: Mon Feb 26 15:27:02 EST 2007,
To: Wed Feb 25 15:27:02 EST 2009]
Issuer: CN=BCBSNEPRDCA, DC=BCBSNEPRD, DC=com
SerialNumber: [ 15361097 00020000 030f]
Certificate Extensions: 7
[1]: ObjectId: 1.3.6.1.4.1.311.20.2 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 14 1E 12 00 57 00 65 00 62 00 53 00 65 00 72 .....W.e.b.S.e.r
0010: 00 76 00 65 00 72 .v.e.r
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 8C 8D 1E AF B9 0B 51 03 C6 1B C3 03 F8 EF E1 91 ......Q.........
0010: EB 6E 9D FA .n..
]
]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 77 1D D6 B2 8F 29 47 76 1C 59 68 3E 44 FE 68 5F w....)Gv.Yh>D.h_
0010: 03 B1 E2 6F ...o
]
]
[4]: ObjectId: 1.2.840.113549.1.9.15 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 37 30 35 30 0E 06 08 2A 86 48 86 F7 0D 03 02 .7050...*.H.....
0010: 02 02 00 80 30 0E 06 08 2A 86 48 86 F7 0D 03 04 ....0...*.H.....
0020: 02 02 00 80 30 07 06 05 2B 0E 03 02 07 30 0A 06 ....0...+....0..
0030: 08 2A 86 48 86 F7 0D 03 07 .*.H.....
[5]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
]
[6]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
]
[7]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[accessMethod: 1.3.6.1.5.5.7.48.2
accessLocation: URIName: ldap:///CN=BCBSNEPRDCA,CN= AIA,CN=Pub lic%20Key% 20Serv
ices,CN=Services,CN=Config uration,DC =BCBSNEPRD ,DC=com?cA Certificat e?base?obj ectC
lass=certificationAuthorit y, accessMethod: 1.3.6.1.5.5.7.48.2
accessLocation: URIName: http://mgtoma04prd.bcbsneprd.com/CertEnroll/mgtoma04
prd.BCBSNEPRD.COM_BCBSNEPR DCA(2).crt ]
]
Unparseable certificate extensions: 1
[1]: ObjectId: 2.5.29.31 Criticality=false
Unparseable CRLDistributionPoints extension due to
java.io.IOException: invalid URI name:file://\\mgtoma04prd. BCBSNEPRD. COM\CertEn r
oll\BCBSNEPRDCA.crl
0000: 30 82 01 43 30 82 01 3F A0 82 01 3B A0 82 01 37 0..C0..?...;...7
0010: 86 81 B8 6C 64 61 70 3A 2F 2F 2F 43 4E 3D 42 43 ...ldap:///CN=BC
0020: 42 53 4E 45 50 52 44 43 41 2C 43 4E 3D 6D 67 74 BSNEPRDCA,CN=mgt
0030: 6F 6D 61 30 34 70 72 64 2C 43 4E 3D 43 44 50 2C oma04prd,CN=CDP,
0040: 43 4E 3D 50 75 62 6C 69 63 25 32 30 4B 65 79 25 CN=Public%20Key%
0050: 32 30 53 65 72 76 69 63 65 73 2C 43 4E 3D 53 65 20Services,CN=Se
0060: 72 76 69 63 65 73 2C 43 4E 3D 43 6F 6E 66 69 67 rvices,CN=Config
0070: 75 72 61 74 69 6F 6E 2C 44 43 3D 42 43 42 53 4E uration,DC=BCBSN
0080: 45 50 52 44 2C 44 43 3D 63 6F 6D 3F 63 65 72 74 EPRD,DC=com?cert
0090: 69 66 69 63 61 74 65 52 65 76 6F 63 61 74 69 6F ificateRevocatio
00A0: 6E 4C 69 73 74 3F 62 61 73 65 3F 6F 62 6A 65 63 nList?base?objec
00B0: 74 43 6C 61 73 73 3D 63 52 4C 44 69 73 74 72 69 tClass=cRLDistri
00C0: 62 75 74 69 6F 6E 50 6F 69 6E 74 86 3B 68 74 74 butionPoint.;htt
00D0: 70 3A 2F 2F 6D 67 74 6F 6D 61 30 34 70 72 64 2E p://mgtoma04prd.
00E0: 62 63 62 73 6E 65 70 72 64 2E 63 6F 6D 2F 43 65 bcbsneprd.com/Ce
00F0: 72 74 45 6E 72 6F 6C 6C 2F 42 43 42 53 4E 45 50 rtEnroll/BCBSNEP
0100: 52 44 43 41 2E 63 72 6C 86 3D 66 69 6C 65 3A 2F RDCA.crl.=file:/
0110: 2F 5C 5C 6D 67 74 6F 6D 61 30 34 70 72 64 2E 42 /\\mgtoma04prd.B
0120: 43 42 53 4E 45 50 52 44 2E 43 4F 4D 5C 43 65 72 CBSNEPRD.COM\Cer
0130: 74 45 6E 72 6F 6C 6C 5C 42 43 42 53 4E 45 50 52 tEnroll\BCBSNEPR
0140: 44 43 41 2E 63 72 6C DCA.crl
]
Algorithm: [SHA1withRSA]
Signature:
0000: 0C F3 BF 46 F3 8D 34 9B 2D 3B BA EC 08 39 80 6A ...F..4.-;...9.j
0010: 7E 64 3A AC F8 5C 98 D3 9C D3 8B 5E 2E CF AD 82 .d:..\.....^....
0020: B0 38 9A 50 21 05 4C FB CB 98 96 35 B7 DA F8 20 .8.P!.L....5...
0030: 6D 0C F9 FA B1 52 12 10 5B D9 EA 72 EC 7E 92 8D m....R..[..r....
0040: B3 81 5E 5F 04 66 40 DB 48 FB FC 2A DB 98 40 4C ..^_.f@.H..*..@L
0050: BE 3F 21 81 70 AB 33 9B 6F 03 5E 18 EA 0D 37 E4 .?!.p.3.o.^...7.
0060: EC 63 7E ED EC FC C2 96 CD 9D DD 6F 2F 65 51 76 .c.........o/eQv
0070: 44 10 8B 0C EE 16 59 40 D6 26 23 CB 72 93 5E 47 D.....Y@.&#.r.^G
]
Added certificate to keystore 'jssecacerts' using alias 'devrt.neblueconnect.com
-1'
java InstallCert devrt.neblueconnect.com
Loading KeyStore C:\Program Files\Java\jre1.6.0_05\lib
Opening connection to devrt.neblueconnect.com:44
Starting SSL handshake...
No errors, certificate is already trusted
Server sent 2 certificate(s):
1 Subject CN=devrt.neblueconnect.com
, L=Omaha, ST=Nebraska, C=US
Issuer CN=BCBSNEPRDCA, DC=BCBSNEPRD, DC=com
sha1 df 1c 67 44 a1 50 77 50 2d 7f 39 84 a1 de bc bb d5 9f 5d af
md5 13 39 c2 61 3c 35 00 a8 dc 4f 24 cd 61 2f 21 95
2 Subject CN=BCBSNEPRDCA, DC=BCBSNEPRD, DC=com
Issuer CN=BCBSNERootCA, DC=BCBSNEPRD, DC=COM
sha1 ad 89 60 5a d4 b8 0d 2d 36 3e 52 84 34 a3 e6 26 ad cc c4 e4
md5 5a 87 c2 56 60 71 2b c6 3f 34 79 ce ea 0a b8 fe
Enter certificate to add to trusted keystore or 'q' to quit: [1]
1
[
[
Version: V3
Subject: CN=devrt.neblueconnect.com
, L=Omaha, ST=Nebraska, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 10423883125751017177575849
75686350563393872462567460
83496482433359920158786259
21755018497124796169610661
public exponent: 65537
Validity: [From: Mon Feb 26 15:27:02 EST 2007,
To: Wed Feb 25 15:27:02 EST 2009]
Issuer: CN=BCBSNEPRDCA, DC=BCBSNEPRD, DC=com
SerialNumber: [ 15361097 00020000 030f]
Certificate Extensions: 7
[1]: ObjectId: 1.3.6.1.4.1.311.20.2 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 14 1E 12 00 57 00 65 00 62 00 53 00 65 00 72 .....W.e.b.S.e.r
0010: 00 76 00 65 00 72 .v.e.r
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 8C 8D 1E AF B9 0B 51 03 C6 1B C3 03 F8 EF E1 91 ......Q.........
0010: EB 6E 9D FA .n..
]
]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 77 1D D6 B2 8F 29 47 76 1C 59 68 3E 44 FE 68 5F w....)Gv.Yh>D.h_
0010: 03 B1 E2 6F ...o
]
]
[4]: ObjectId: 1.2.840.113549.1.9.15 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 37 30 35 30 0E 06 08 2A 86 48 86 F7 0D 03 02 .7050...*.H.....
0010: 02 02 00 80 30 0E 06 08 2A 86 48 86 F7 0D 03 04 ....0...*.H.....
0020: 02 02 00 80 30 07 06 05 2B 0E 03 02 07 30 0A 06 ....0...+....0..
0030: 08 2A 86 48 86 F7 0D 03 07 .*.H.....
[5]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
]
[6]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
]
[7]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[accessMethod: 1.3.6.1.5.5.7.48.2
accessLocation: URIName: ldap:///CN=BCBSNEPRDCA,CN=
ices,CN=Services,CN=Config
lass=certificationAuthorit
accessLocation: URIName: http://mgtoma04prd.bcbsneprd.com/CertEnroll/mgtoma04
prd.BCBSNEPRD.COM_BCBSNEPR
]
Unparseable certificate extensions: 1
[1]: ObjectId: 2.5.29.31 Criticality=false
Unparseable CRLDistributionPoints extension due to
java.io.IOException: invalid URI name:file://\\mgtoma04prd.
oll\BCBSNEPRDCA.crl
0000: 30 82 01 43 30 82 01 3F A0 82 01 3B A0 82 01 37 0..C0..?...;...7
0010: 86 81 B8 6C 64 61 70 3A 2F 2F 2F 43 4E 3D 42 43 ...ldap:///CN=BC
0020: 42 53 4E 45 50 52 44 43 41 2C 43 4E 3D 6D 67 74 BSNEPRDCA,CN=mgt
0030: 6F 6D 61 30 34 70 72 64 2C 43 4E 3D 43 44 50 2C oma04prd,CN=CDP,
0040: 43 4E 3D 50 75 62 6C 69 63 25 32 30 4B 65 79 25 CN=Public%20Key%
0050: 32 30 53 65 72 76 69 63 65 73 2C 43 4E 3D 53 65 20Services,CN=Se
0060: 72 76 69 63 65 73 2C 43 4E 3D 43 6F 6E 66 69 67 rvices,CN=Config
0070: 75 72 61 74 69 6F 6E 2C 44 43 3D 42 43 42 53 4E uration,DC=BCBSN
0080: 45 50 52 44 2C 44 43 3D 63 6F 6D 3F 63 65 72 74 EPRD,DC=com?cert
0090: 69 66 69 63 61 74 65 52 65 76 6F 63 61 74 69 6F ificateRevocatio
00A0: 6E 4C 69 73 74 3F 62 61 73 65 3F 6F 62 6A 65 63 nList?base?objec
00B0: 74 43 6C 61 73 73 3D 63 52 4C 44 69 73 74 72 69 tClass=cRLDistri
00C0: 62 75 74 69 6F 6E 50 6F 69 6E 74 86 3B 68 74 74 butionPoint.;htt
00D0: 70 3A 2F 2F 6D 67 74 6F 6D 61 30 34 70 72 64 2E p://mgtoma04prd.
00E0: 62 63 62 73 6E 65 70 72 64 2E 63 6F 6D 2F 43 65 bcbsneprd.com/Ce
00F0: 72 74 45 6E 72 6F 6C 6C 2F 42 43 42 53 4E 45 50 rtEnroll/BCBSNEP
0100: 52 44 43 41 2E 63 72 6C 86 3D 66 69 6C 65 3A 2F RDCA.crl.=file:/
0110: 2F 5C 5C 6D 67 74 6F 6D 61 30 34 70 72 64 2E 42 /\\mgtoma04prd.B
0120: 43 42 53 4E 45 50 52 44 2E 43 4F 4D 5C 43 65 72 CBSNEPRD.COM\Cer
0130: 74 45 6E 72 6F 6C 6C 5C 42 43 42 53 4E 45 50 52 tEnroll\BCBSNEPR
0140: 44 43 41 2E 63 72 6C DCA.crl
]
Algorithm: [SHA1withRSA]
Signature:
0000: 0C F3 BF 46 F3 8D 34 9B 2D 3B BA EC 08 39 80 6A ...F..4.-;...9.j
0010: 7E 64 3A AC F8 5C 98 D3 9C D3 8B 5E 2E CF AD 82 .d:..\.....^....
0020: B0 38 9A 50 21 05 4C FB CB 98 96 35 B7 DA F8 20 .8.P!.L....5...
0030: 6D 0C F9 FA B1 52 12 10 5B D9 EA 72 EC 7E 92 8D m....R..[..r....
0040: B3 81 5E 5F 04 66 40 DB 48 FB FC 2A DB 98 40 4C ..^_.f@.H..*..@L
0050: BE 3F 21 81 70 AB 33 9B 6F 03 5E 18 EA 0D 37 E4 .?!.p.3.o.^...7.
0060: EC 63 7E ED EC FC C2 96 CD 9D DD 6F 2F 65 51 76 .c.........o/eQv
0070: 44 10 8B 0C EE 16 59 40 D6 26 23 CB 72 93 5E 47 D.....Y@.&#.r.^G
]
Added certificate to keystore 'jssecacerts' using alias 'devrt.neblueconnect.com
-1'
ASKER
Getting there...
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><title>
Untitled Page
</title></head>
<body>
<form name="form1" method="post" action="default.aspx" id="form1">
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJNzgzNDMwNTM zZGS2wEgEt bHpOBncMu1 wNdck0jTYF Q==" />
<div>
</div>
</form>
</body>
</html>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><title>
Untitled Page
</title></head>
<body>
<form name="form1" method="post" action="default.aspx" id="form1">
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJNzgzNDMwNTM
<div>
</div>
</form>
</body>
</html>
ASKER
I was able to accomplish my goal. I ended up using HttpURLConnection. I will split the points
:-)
ASKER