如何使用Java访问需要SafeNet eToken证书的url
下午好 我有一个SafeNet 5100 eToken,里面已经有一个有效的证书,我用它来访问需要它的公司的web应用程序 当我尝试使用web浏览器(如chrome)访问web应用程序时,一切正常,我没有问题。一个来自SafeNet的对话框打开了,我输入了密码,就可以访问这个网站了 我现在要做的是通过一个java程序访问这个web应用程序(我正在使用IDEEclipse编程),但找不到如何做到这一点。是否有来自SafeNet的API来执行此操作或任何在线教程 我正在看这条线,但不明白它是如何工作的。感谢您的帮助如何使用Java访问需要SafeNet eToken证书的url,java,cryptoapi,client-certificates,e-token,Java,Cryptoapi,Client Certificates,E Token,下午好 我有一个SafeNet 5100 eToken,里面已经有一个有效的证书,我用它来访问需要它的公司的web应用程序 当我尝试使用web浏览器(如chrome)访问web应用程序时,一切正常,我没有问题。一个来自SafeNet的对话框打开了,我输入了密码,就可以访问这个网站了 我现在要做的是通过一个java程序访问这个web应用程序(我正在使用IDEEclipse编程),但找不到如何做到这一点。是否有来自SafeNet的API来执行此操作或任何在线教程 我正在看这条线,但不明白它是如何工作
谢谢你我不是安全网专家。您可以尝试使用SAML断言登录到safeNet。Java有用于生成SAML断言的OpenSAML API。我发现了如何实现这一点,这要归功于以下两个线程:
本网站: 首先,如果网站有java默认不信任的证书,则必须创建信任库并将其加载到java的系统属性中。您可以在此处看到如何执行此操作: 然后,您必须找到用于智能卡/eToken的PKCS#11库在您的计算机中的安装位置,在我的计算机中,它位于“C:\Windows\System32\eTPKCS11.dll”中。然后创建一个.cfg文件,如下所示:
name=SafeNet
library=C:\Windows\System32\eTPKCS11.dll
slot=4
System.setProperty("javax.net.ssl.trustStore", "cfgFiles/trustedHttpsCertificates.truestore");
System.setProperty("javax.net.ssl.trustStoreType", "jks");
System.setProperty("javax.net.ssl.trustStorePassword", "oiadad");
Provider newProvider = new SunPKCS11("cfgFiles/etpkcs11.cfg");
Security.addProvider(newProvider);
try {
KeyStore keyStore = KeyStore.getInstance("PKCS11");
keyStore.load(null, "".toCharArray());
KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(keyStore,null);
SSLContext sslContext = SSLContext.getInstance("SSL", "SunJSSE");
sslContext.init(keyFactory.getKeyManagers(), null, null);
sslSocketFactory = sslContext.getSocketFactory();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (NoSuchProviderException e) {
e.printStackTrace();
} catch (UnrecoverableKeyException e1) {
e1.printStackTrace();
} catch (KeyManagementException e1) {
e1.printStackTrace();
}
try {
HttpsURLConnection conn = (HttpsURLConnection)new URL(<your-https-url-here>).openConnection();
conn.setRequestMethod("GET");
conn.setDoInput(true);
conn.setSSLSocketFactory(sslSocketFactory);
int responseCode = conn.getResponseCode();
System.out.println("RESPONSE: " + responseCode);
InputStream inputstream = conn.getInputStream();
InputStreamReader inputstreamreader = new InputStreamReader(inputstream);
BufferedReader bufferedreader = new BufferedReader(inputstreamreader);
String line = null;
String htmlResponse = "";
while ((line = bufferedreader.readLine()) != null) {
htmlResponse += line + "\n";
//System.out.println("html: " + line);
}
} catch (ProtocolException e) {
e.printStackTrace();
} catch (MalformedURLException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
在这里,您可以给它一个名称和指向PKCS#11库的路径。插槽是连接eToken/智能卡的插槽(如果不需要,无需设置)
现在,我的代码如下所示:
name=SafeNet
library=C:\Windows\System32\eTPKCS11.dll
slot=4
System.setProperty("javax.net.ssl.trustStore", "cfgFiles/trustedHttpsCertificates.truestore");
System.setProperty("javax.net.ssl.trustStoreType", "jks");
System.setProperty("javax.net.ssl.trustStorePassword", "oiadad");
Provider newProvider = new SunPKCS11("cfgFiles/etpkcs11.cfg");
Security.addProvider(newProvider);
try {
KeyStore keyStore = KeyStore.getInstance("PKCS11");
keyStore.load(null, "".toCharArray());
KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(keyStore,null);
SSLContext sslContext = SSLContext.getInstance("SSL", "SunJSSE");
sslContext.init(keyFactory.getKeyManagers(), null, null);
sslSocketFactory = sslContext.getSocketFactory();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (NoSuchProviderException e) {
e.printStackTrace();
} catch (UnrecoverableKeyException e1) {
e1.printStackTrace();
} catch (KeyManagementException e1) {
e1.printStackTrace();
}
try {
HttpsURLConnection conn = (HttpsURLConnection)new URL(<your-https-url-here>).openConnection();
conn.setRequestMethod("GET");
conn.setDoInput(true);
conn.setSSLSocketFactory(sslSocketFactory);
int responseCode = conn.getResponseCode();
System.out.println("RESPONSE: " + responseCode);
InputStream inputstream = conn.getInputStream();
InputStreamReader inputstreamreader = new InputStreamReader(inputstream);
BufferedReader bufferedreader = new BufferedReader(inputstreamreader);
String line = null;
String htmlResponse = "";
while ((line = bufferedreader.readLine()) != null) {
htmlResponse += line + "\n";
//System.out.println("html: " + line);
}
} catch (ProtocolException e) {
e.printStackTrace();
} catch (MalformedURLException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
我首先告诉java在哪里可以找到我的信任库。然后,我将路径传递给我的cfg文件,用它创建一个提供程序,并告诉安全部门这个新的提供程序已经存在
在此之后,我初始化并加载一个PKCS11密钥库,给它一个空白密码(如果我愿意,可以传递我的真实密码,但这样会出现一个SafeNet弹出窗口并询问我的密码)
然后我实例化一个KeyManagerFactory和一个SSLSocketFactory。这是使用eToken访问多因素身份验证https URL的最后一步
现在,访问受保护的https网站还有一个技巧,您必须为HttpsURLConnection提供新的SSLSocketFactory。您可以这样做:
name=SafeNet
library=C:\Windows\System32\eTPKCS11.dll
slot=4
System.setProperty("javax.net.ssl.trustStore", "cfgFiles/trustedHttpsCertificates.truestore");
System.setProperty("javax.net.ssl.trustStoreType", "jks");
System.setProperty("javax.net.ssl.trustStorePassword", "oiadad");
Provider newProvider = new SunPKCS11("cfgFiles/etpkcs11.cfg");
Security.addProvider(newProvider);
try {
KeyStore keyStore = KeyStore.getInstance("PKCS11");
keyStore.load(null, "".toCharArray());
KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(keyStore,null);
SSLContext sslContext = SSLContext.getInstance("SSL", "SunJSSE");
sslContext.init(keyFactory.getKeyManagers(), null, null);
sslSocketFactory = sslContext.getSocketFactory();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (NoSuchProviderException e) {
e.printStackTrace();
} catch (UnrecoverableKeyException e1) {
e1.printStackTrace();
} catch (KeyManagementException e1) {
e1.printStackTrace();
}
try {
HttpsURLConnection conn = (HttpsURLConnection)new URL(<your-https-url-here>).openConnection();
conn.setRequestMethod("GET");
conn.setDoInput(true);
conn.setSSLSocketFactory(sslSocketFactory);
int responseCode = conn.getResponseCode();
System.out.println("RESPONSE: " + responseCode);
InputStream inputstream = conn.getInputStream();
InputStreamReader inputstreamreader = new InputStreamReader(inputstream);
BufferedReader bufferedreader = new BufferedReader(inputstreamreader);
String line = null;
String htmlResponse = "";
while ((line = bufferedreader.readLine()) != null) {
htmlResponse += line + "\n";
//System.out.println("html: " + line);
}
} catch (ProtocolException e) {
e.printStackTrace();
} catch (MalformedURLException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
试试看{
HttpsURLConnection conn=(HttpsURLConnection)新URL().openConnection();
conn.setRequestMethod(“GET”);
conn.setDoInput(真);
连接设置插座工厂(sslSocketFactory);
int responseCode=conn.getResponseCode();
System.out.println(“响应:+responseCode”);
InputStream InputStream=conn.getInputStream();
InputStreamReader InputStreamReader=新的InputStreamReader(inputstream);
BufferedReader BufferedReader=新的BufferedReader(inputstreamreader);
字符串行=null;
字符串htmlResponse=“”;
而((line=bufferedreader.readLine())!=null){
htmlResponse+=行+“\n”;
//System.out.println(“html:+行);
}
}捕获(协议例外e){
e、 printStackTrace();
}捕获(格式错误){
e、 printStackTrace();
}捕获(IOE异常){
e、 printStackTrace();
}
我希望这能帮助任何有eToken或智能卡问题的人