CarlosScheidecker
asked on
How to read certificates from the browser's keystore databases from both IE and Firefox
Hello experts,
I have a few questions on importing certificates from Browsers: IE and Firefox.
I need to read the certificates from the browser with my servlet. Basically some users browsers have certificates installed in there that are assigned to them. I need to obtain that certificate, convert it to a base64 string and pass it to a SOAP service call to do SSO for that user with that cert. I have written most of it including a class that takes base64 string certificate, convert to a X509 object so that I can parse all the information from it.
On Firefox there are 2 files for their trustore databases, key3.db and cert8.db. I wonder which file would contain the certificates installed on the browser.
Reading java documentation I found out that I can initialize a keystore object with one of those files.
So I've tried something like this method loadStore. I need the password to the file to be able to open it and its type. Hence, how do I get the password for that file? Where does Firefox stores it or is there a standard password for it. In some research docs I found the password should be something like 'changeit'.
Then you have the store type which can be JCEKS, JKS, x.jceks.
So how do I determine which store type I have?
Also, how can I do the same with IE?
The idea is to be able to programmatic import certificates installed on the localbox browser.
For a Linux system, Firefox has a random folder name which is inside each user. Is there any enviroment variable that can give me that? For instance on this box the folder is /home/user1/.mozilla/firef
On Internet Explorer, where would the certificate database be? How do I initialize a KeyStore object reading from those DB files?
I have a few questions on importing certificates from Browsers: IE and Firefox.
I need to read the certificates from the browser with my servlet. Basically some users browsers have certificates installed in there that are assigned to them. I need to obtain that certificate, convert it to a base64 string and pass it to a SOAP service call to do SSO for that user with that cert. I have written most of it including a class that takes base64 string certificate, convert to a X509 object so that I can parse all the information from it.
On Firefox there are 2 files for their trustore databases, key3.db and cert8.db. I wonder which file would contain the certificates installed on the browser.
Reading java documentation I found out that I can initialize a keystore object with one of those files.
So I've tried something like this method loadStore. I need the password to the file to be able to open it and its type. Hence, how do I get the password for that file? Where does Firefox stores it or is there a standard password for it. In some research docs I found the password should be something like 'changeit'.
Then you have the store type which can be JCEKS, JKS, x.jceks.
So how do I determine which store type I have?
Also, how can I do the same with IE?
The idea is to be able to programmatic import certificates installed on the localbox browser.
For a Linux system, Firefox has a random folder name which is inside each user. Is there any enviroment variable that can give me that? For instance on this box the folder is /home/user1/.mozilla/firef
On Internet Explorer, where would the certificate database be? How do I initialize a KeyStore object reading from those DB files?
// loadStore method
public static KeyStore loadStore(String file, String pass, String type) throws Exception {
KeyStore ks = KeyStore.getInstance(type);
FileInputStream is = null;
if (file != null && !file.equals("NONE")) {
is = new FileInputStream(file);
}
ks.load(is, pass.toCharArray());
is.close();
return ks;
}
CEHJ
People attempting to answer this might like to look at the related question: https://www.experts-exchange.com/questions/24419349/How-to-obtain-browser's-certificates-from-Java.html
Pretty sure they use proprietry format. As I mentioned in your other question I don't believe it can be done.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sorry I told you earlier you would need a native solution, thought you want a Java only solution :)