在Apache服务器和SSL配置中启用请求客户端证书。所有这些都适用于浏览器,例如Chrome。但我们正在尝试使用SmartCard证书PKCS11直接创建客户端应用程序进行身份验证(无需浏览器)。
这是主要代码:
String configName = "d:/config.txt";
SunPKCS11 sunpkcs11 = new SunPKCS11(configName);
Security.addProvider(sunpkcs11);
KeyStore keyStore = null;
keyStore = KeyStore.getInstance("PKCS11",sunpkcs11);
keyStore.load(null, pin.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(keyStore, pin.toCharArray());
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(kmf.getKeyManagers(), null, null);
SSLContext.setDefault(ctx);
final SSLSocketFactory factory = ctx.getSocketFactory();
final SSLSocket socket = (SSLSocket) factory.createSocket("xx.xx.xx.xx", 443);
socket.startHandshake();
PrintWriter out = new PrintWriter(socket.getOutputStream());
String fileName = "/Login";
out.print("GET " + fileName + " HTTP/1.0\r\n");
out.print("\r\n");
out.flush();
BufferedReader in = new BufferedReader(new InputStreamReader(socket.getInputStream()));
String line;
while ((line = in.readLine()) != null)
System.out.println(line);
握手步骤运行时发生错误。
堆栈跟踪异常:
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failu
在Apache日志中,我们得到了这个:
Certificate Verification: Error (20): unable to get local issuer certificate
Java App出现此错误:
Warning: no suitable certificate found - continuing without client authentication
*** Certificate chain
<Empty>
答案 0 :(得分:1)
SSLContext似乎无法正确使用PKCS#11提供程序访问智能卡,然后服务器因为客户端尚未发送签名而关闭连接。
¿您能否附上整个握手日志以详细查看每个步骤?
-Djavax.net.debug=ssl
Chrome使用Windows KeyStore,因此情况并非如此。因为您的java代码使用的是SunPKCS11提供程序。
您是否尝试通过Windows KeyStore使用智能卡?
KeyStore keystore = KeyStore.getInstance("Windows-MY");
keystore.load(null, null);