Common Access Card (CAC) Authentication Using Java

后端未结

关注

 3  2124

渐次进展 2020-11-30 00:55

I\'m bascially looking for someplace to start learning how to interface with a government CAC card using java.

Ultimately, my goal is to find out how to use

3条回答

醉酒成梦 (楼主)

2020-11-30 01:32

You need to create a file called card.config and include the following lines in it:

name = myConfig library = /path/to/library/that/implements/cac/card/reader

And then try this:

import java.io.*; import java.util.*; import java.security.cert.CertificateException; import java.security.KeyStoreException; import java.security.cert.X509Certificate; import java.security.KeyStore; import java.security.Provider; import java.security.SecureRandom; import java.security.Security; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManagerFactory; public class Test { public static void main(String arg[]) throws Exception { try { //Create our certificates from our CAC Card String configName = "card.config"; Provider p = new sun.security.pkcs11.SunPKCS11(configName); Security.addProvider(p); //Get the pin from user entered data Console c = System.console(); char[] pin = c.readPassword("Enter your PIN: "); KeyStore cac = null; cac = KeyStore.getInstance("PKCS11"); cac.load(null, pin); showInfoAboutCAC(cac); } catch(Exception ex) { //System.out.println("*" + ex.getMessage()); ex.printStackTrace(); System.exit(0); } } public static void showInfoAboutCAC(KeyStore ks) throws KeyStoreException, CertificateException { Enumeration aliases = ks.aliases(); while (aliases.hasMoreElements()) { String alias = aliases.nextElement(); X509Certificate[] cchain = (X509Certificate[]) ks.getCertificateChain(alias); System.out.println("Certificate Chain for : " + alias); for (int i = 0; i < cchain.length; i ++) { System.out.println(i + " SubjectDN: " + cchain[i].getSubjectDN()); System.out.println(i + " IssuerDN: " + cchain[i].getIssuerDN()); } } } }

At this point you have a keystore that you can use to create the ssl socket to talk to the https web server.

0 讨论(0)

查看其它3个回答

发布评论:

提交评论

加载中...

验证码

看不清?

提交回复