Skip to Content
avatar image
Former Member

web service standalone client

I trying to design a standalone client for a web service which uses X509 Certificate based Authentication.

but while attaching the certificate to the stub by using following code

SecurityProtocol securityProtocol = (SecurityProtocol) stub._getGlobalProtocols().getProtocol("SecurityProtocol");

AuthenticationContext context = securityProtocol.getAuthenticationContext();

context.addClientCertificate(certificate, null);

for the last line the documentation says it should have following syntax

addClientCertificate(X509Certificate[] certificates, PrivateKey privateKey);

I have genrated a client certificate. but what about last parameter.

OR else iwant to know weather there is any tutoral for designing Webservice client with Certificate based Authentication

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Feb 21, 2005 at 07:59 PM

    Authentication using X.509 client certificates (SSL mutual authentication) uses a challenge response as part of the SSL handshake.

    You need the certificate <i>and</i> the private key as for authenticating with an X.509 certificate. After all: the certificate only contains the public key and some additional text (subject name, issuer,...). So for authentication, the private key is needed.

    You may i.e. use an PKCS12 file (or .pfx in the Windows world) for reading private key and certificate from a file.

    Some code example using iaik_jce.jar (part for SAP Cryptographic toolkit for Java)

    import iaik.pkcs.pkcs12.CertificateBag;

    import iaik.pkcs.pkcs12.PKCS12;

    import java.io.FileInputStream;

    import java.security.PrivateKey;

    import java.security.cert.X509Certificate;

    //when running outside the engine, add IAIK as

    //crypto provider

    IAIK.addAs14Provider();

    PKCS12 pkcs12 = new PKCS12(new FileInputStream(file));

    pkcs12.decrypt(password.toCharArray());

    PrivateKey pk = pkcs12.getKeyBag().getPrivateKey();

    X509Certificate[] certificates = CertificateBag.getCertificates(pkcs12.getCertificateBags());

    Add comment
    10|10000 characters needed characters exceeded