Skip to Main Content
Forums

Java Programming

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Passing header data to X509Certificate object

807605Aug 24 2007 — edited Aug 24 2007
I am trying to get an x509 PKI certificate passed from a hardware PKI device to the java.security.cert.X509Certificate[] object, and am having some difficulty. Let me describe what I am trying to accomplish first:

We have a hardware device (Citrix Netscaler) which challenges users for PKI certificates and inserts the certificate, or parts of it as we choose, into HTTP headers. The Netscaler sits out front of an Oracle SSO server which is also challenging the user for a PKI certificate. I want the Oracle piece to process the certificate only to identify the user, not from a PKI standpoint (path processing), so the additional certificate prompt is unneccessary. We cannot use the Oracle SSO server to path process the PKI certificate because of corporate rules: the Netscaler must do the path processing. I still want Oracle to handle the certificate as if it challenged the user for it however.

I would like to hand off the certificate in the HTTP header to the following code, but am unsure how to do it:
java.security.cert.X509Certificate[] l_clientCerts =
(java.security.cert.X509Certificate[])(request.getAttribute("javax.servlet.request.X509Certificate"));			
if((l_clientCerts != null) && (l_clientCerts.length == 1)){
sun.misc.BASE64Encoder   l_base64Encoder = new sun.misc.BASE64Encoder();
for(int i=0; i< l_clientCerts.length; i++){
try
{
out.println("<B>The following user certificate was found. Please press the Register button to create or update this user.</B>");
out.println("<br></br>");
java.security.cert.X509Certificate l_usrCert = l_clientCerts[0];
java.security.Principal l_usrPrincipal = l_usrCert.getSubjectDN();
String l_certDN = l_usrPrincipal.getName().toUpperCase();
int l_indx1 = l_certDN.indexOf('=');
int l_indx2 = l_certDN.indexOf(',', l_indx1 + 2);
String l_usrNickName = l_certDN.substring(l_indx1+1 , l_indx2);
This code is incomplete and only shown for reference. The certificate in the header I am getting from the Netscaler is a string, but this is not
the data type expected by the java.security.cert.X509Certificate object. I have tried pulling and referencing the header here:
java.security.cert.X509Certificate[] l_clientCerts =
(java.security.cert.X509Certificate[])(request.getHeader("name of header here"));
but that doesn't work because the Cast fails. Does anyone have any suggestions on how to pass the certificate as a string: 
-----BEGIN CERTIFICATE-----
blah, blah, blah
-----END CERTIFICATE-------
into the java.security.cert.X509Certificate object so I can let Oracle SSO process it as if it retrieved it itself? Thanks in advance!

Paul
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Sep 21 2007
Added on Aug 24 2007
1 comment
485 views