Link to home
Create AccountLog in
Avatar of dbeayon
dbeayon

asked on

HTTPS Authentication

I am trying to post to a aspx site and need some help generating the correct script in JAVA.  HEre is what I have for instructions:

All clearinghouses will use ID and Password as the default authentication requirements. (e.g. no individual 3rd party certificates will be required beyond the normal ubiquitous SSL Internet certification process).  User ID and Password authentication is based on a scripted process to be contained in the header of the HTTP Post Message, and not through a forms-based authentication model.

Certificate Information
All certificates are server side certificates that are generated internally.  These certificates will not be verifiable through third party Certificate Authorities.  The clearing house must accept the certificates as valid for the encryption process.

Authorization Process
Authorization is performed through HTTP Basic Authentication.  In the Authentication request, the user agent supplies a header formatted in accordance with RFC 1617;

Authorization: Basic userid:password

The userid:password text is base64-encoded.  The authorization request header for ;
Authorization: Basic joe:user will actually be transmitted as,  Authorization Basic Q2hyaXNqOk1hcmlz.
The server will validate the user information and supply either a 200 : OK response with session cookies attached, or a 401 Not Authorized message.  Once a user has been authorized, the user may then begin to post transactions

-----------------

I have the certificate correctly stored in the keystore, so tha part is ok.   you may substitute the url for any known site, and create the test.txt file to have the code function.  I have the following code so far:

import java.text.*;
import java.net.*;
import java.util.*;
import java.io.*;
import java.lang.*;


public class test
{
      public static void main(String[] args)
      {
           try
                  {
                    URL PageUrl;
                    URLConnection GetConn = null;
                    GetConn = null;
                   
                   
                    PageUrl = new URL("https://mysecuresite.ashx");
                    //The above line returns error message:
                    //unable to find valid certification path to requested target
                    final String login ="login";
                    final String password ="password";
                    Authenticator.setDefault(new Authenticator() {
                        protected PasswordAuthentication getPasswordAuthentication() {
                            return new PasswordAuthentication (login, password.toCharArray());
                        }
                    });                    
                     GetConn = PageUrl.openConnection();
                    //establish connection:
                    GetConn.connect();    
                    InputStreamReader ReadIn = new InputStreamReader(GetConn.getInputStream());
                    BufferedReader BufData = new BufferedReader(ReadIn);
                    String TextFileName = ("C:/test.txt");
                    FileWriter FWriter = new FileWriter(TextFileName);
                    BufferedWriter BWriter = new BufferedWriter(FWriter);
                    String UrlData = null;
                    while ((UrlData = BufData.readLine()) != null)
                    {
                          BWriter.write(UrlData);
                          BWriter.newLine();
                    }
                    BWriter.close();
              }//end try
              catch(IOException io)
              {
                   System.out.println(io);
              }
      }
}
ASKER CERTIFIED SOLUTION
Avatar of CEHJ
CEHJ
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of dbeayon
dbeayon

ASKER

let me look into it.  
btw, having the real url would be a help
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Avatar of dbeayon

ASKER

Here is where I am trying to get to:

https://devrt.neblueconnect.com/EdiProcessor.ashx
have u fixed your keystore?

Avatar of dbeayon

ASKER

I beleive so....


java InstallCert devrt.neblueconnect.com
Loading KeyStore C:\Program Files\Java\jre1.6.0_05\lib\security\cacerts...
Opening connection to devrt.neblueconnect.com:443...
Starting SSL handshake...

No errors, certificate is already trusted

Server sent 2 certificate(s):

 1 Subject CN=devrt.neblueconnect.com, OU=IS, O=BlueCross BlueShield of Nebraska
, L=Omaha, ST=Nebraska, C=US
   Issuer  CN=BCBSNEPRDCA, DC=BCBSNEPRD, DC=com
   sha1    df 1c 67 44 a1 50 77 50 2d 7f 39 84 a1 de bc bb d5 9f 5d af
   md5     13 39 c2 61 3c 35 00 a8 dc 4f 24 cd 61 2f 21 95

 2 Subject CN=BCBSNEPRDCA, DC=BCBSNEPRD, DC=com
   Issuer  CN=BCBSNERootCA, DC=BCBSNEPRD, DC=COM
   sha1    ad 89 60 5a d4 b8 0d 2d 36 3e 52 84 34 a3 e6 26 ad cc c4 e4
   md5     5a 87 c2 56 60 71 2b c6 3f 34 79 ce ea 0a b8 fe

Enter certificate to add to trusted keystore or 'q' to quit: [1]
1

[
[
  Version: V3
  Subject: CN=devrt.neblueconnect.com, OU=IS, O=BlueCross BlueShield of Nebraska
, L=Omaha, ST=Nebraska, C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  modulus: 104238831257510171775758496553781943227454783380424796765429104578613
75686350563393872462567460445045579884459756633671351183720542505021819396295107
83496482433359920158786259202788904217772798659991018203207828284855299838337966
21755018497124796169610661796625568509403190114957327117851443279386146745774673

  public exponent: 65537
  Validity: [From: Mon Feb 26 15:27:02 EST 2007,
               To: Wed Feb 25 15:27:02 EST 2009]
  Issuer: CN=BCBSNEPRDCA, DC=BCBSNEPRD, DC=com
  SerialNumber: [    15361097 00020000 030f]

Certificate Extensions: 7
[1]: ObjectId: 1.3.6.1.4.1.311.20.2 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 14 1E 12 00 57 00 65   00 62 00 53 00 65 00 72  .....W.e.b.S.e.r
0010: 00 76 00 65 00 72                                  .v.e.r


[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 8C 8D 1E AF B9 0B 51 03   C6 1B C3 03 F8 EF E1 91  ......Q.........
0010: EB 6E 9D FA                                        .n..
]
]

[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 77 1D D6 B2 8F 29 47 76   1C 59 68 3E 44 FE 68 5F  w....)Gv.Yh>D.h_
0010: 03 B1 E2 6F                                        ...o
]

]

[4]: ObjectId: 1.2.840.113549.1.9.15 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 37 30 35 30 0E 06 08   2A 86 48 86 F7 0D 03 02  .7050...*.H.....
0010: 02 02 00 80 30 0E 06 08   2A 86 48 86 F7 0D 03 04  ....0...*.H.....
0020: 02 02 00 80 30 07 06 05   2B 0E 03 02 07 30 0A 06  ....0...+....0..
0030: 08 2A 86 48 86 F7 0D 03   07                       .*.H.....


[5]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
]

[6]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
  DigitalSignature
  Key_Encipherment
]

[7]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [accessMethod: 1.3.6.1.5.5.7.48.2
   accessLocation: URIName: ldap:///CN=BCBSNEPRDCA,CN=AIA,CN=Public%20Key%20Serv
ices,CN=Services,CN=Configuration,DC=BCBSNEPRD,DC=com?cACertificate?base?objectC
lass=certificationAuthority, accessMethod: 1.3.6.1.5.5.7.48.2
   accessLocation: URIName: http://mgtoma04prd.bcbsneprd.com/CertEnroll/mgtoma04
prd.BCBSNEPRD.COM_BCBSNEPRDCA(2).crt]
]

Unparseable certificate extensions: 1
[1]: ObjectId: 2.5.29.31 Criticality=false
Unparseable CRLDistributionPoints extension due to
java.io.IOException: invalid URI name:file://\\mgtoma04prd.BCBSNEPRD.COM\CertEnr
oll\BCBSNEPRDCA.crl

0000: 30 82 01 43 30 82 01 3F   A0 82 01 3B A0 82 01 37  0..C0..?...;...7
0010: 86 81 B8 6C 64 61 70 3A   2F 2F 2F 43 4E 3D 42 43  ...ldap:///CN=BC
0020: 42 53 4E 45 50 52 44 43   41 2C 43 4E 3D 6D 67 74  BSNEPRDCA,CN=mgt
0030: 6F 6D 61 30 34 70 72 64   2C 43 4E 3D 43 44 50 2C  oma04prd,CN=CDP,
0040: 43 4E 3D 50 75 62 6C 69   63 25 32 30 4B 65 79 25  CN=Public%20Key%
0050: 32 30 53 65 72 76 69 63   65 73 2C 43 4E 3D 53 65  20Services,CN=Se
0060: 72 76 69 63 65 73 2C 43   4E 3D 43 6F 6E 66 69 67  rvices,CN=Config
0070: 75 72 61 74 69 6F 6E 2C   44 43 3D 42 43 42 53 4E  uration,DC=BCBSN
0080: 45 50 52 44 2C 44 43 3D   63 6F 6D 3F 63 65 72 74  EPRD,DC=com?cert
0090: 69 66 69 63 61 74 65 52   65 76 6F 63 61 74 69 6F  ificateRevocatio
00A0: 6E 4C 69 73 74 3F 62 61   73 65 3F 6F 62 6A 65 63  nList?base?objec
00B0: 74 43 6C 61 73 73 3D 63   52 4C 44 69 73 74 72 69  tClass=cRLDistri
00C0: 62 75 74 69 6F 6E 50 6F   69 6E 74 86 3B 68 74 74  butionPoint.;htt
00D0: 70 3A 2F 2F 6D 67 74 6F   6D 61 30 34 70 72 64 2E  p://mgtoma04prd.
00E0: 62 63 62 73 6E 65 70 72   64 2E 63 6F 6D 2F 43 65  bcbsneprd.com/Ce
00F0: 72 74 45 6E 72 6F 6C 6C   2F 42 43 42 53 4E 45 50  rtEnroll/BCBSNEP
0100: 52 44 43 41 2E 63 72 6C   86 3D 66 69 6C 65 3A 2F  RDCA.crl.=file:/
0110: 2F 5C 5C 6D 67 74 6F 6D   61 30 34 70 72 64 2E 42  /\\mgtoma04prd.B
0120: 43 42 53 4E 45 50 52 44   2E 43 4F 4D 5C 43 65 72  CBSNEPRD.COM\Cer
0130: 74 45 6E 72 6F 6C 6C 5C   42 43 42 53 4E 45 50 52  tEnroll\BCBSNEPR
0140: 44 43 41 2E 63 72 6C                               DCA.crl

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 0C F3 BF 46 F3 8D 34 9B   2D 3B BA EC 08 39 80 6A  ...F..4.-;...9.j
0010: 7E 64 3A AC F8 5C 98 D3   9C D3 8B 5E 2E CF AD 82  .d:..\.....^....
0020: B0 38 9A 50 21 05 4C FB   CB 98 96 35 B7 DA F8 20  .8.P!.L....5...
0030: 6D 0C F9 FA B1 52 12 10   5B D9 EA 72 EC 7E 92 8D  m....R..[..r....
0040: B3 81 5E 5F 04 66 40 DB   48 FB FC 2A DB 98 40 4C  ..^_.f@.H..*..@L
0050: BE 3F 21 81 70 AB 33 9B   6F 03 5E 18 EA 0D 37 E4  .?!.p.3.o.^...7.
0060: EC 63 7E ED EC FC C2 96   CD 9D DD 6F 2F 65 51 76  .c.........o/eQv
0070: 44 10 8B 0C EE 16 59 40   D6 26 23 CB 72 93 5E 47  D.....Y@.&#.r.^G

]

Added certificate to keystore 'jssecacerts' using alias 'devrt.neblueconnect.com
-1'

Avatar of dbeayon

ASKER

Getting there...


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><title>
      Untitled Page
</title></head>
<body>
    <form name="form1" method="post" action="default.aspx" id="form1">
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJNzgzNDMwNTMzZGS2wEgEtbHpOBncMu1wNdck0jTYFQ==" />

    <div>
   
    </div>
    </form>
</body>
</html>
Avatar of dbeayon

ASKER

I was able to accomplish my goal.  I ended up using HttpURLConnection.  I will split the points
:-)