Package nl.nikhef.slcshttps

Provides classes to communicate with an online CA, in particular the one implemented by SURFnet in collaboration with the Max Planck Institute for Psycholinguistics and Nikhef, in order to setup client-side authentication for https connections.

See:
Description

Interface Summary

PKCS12Https.PKCS12Communicator	Interface for PKCS12Https communication with the user.
SURFCAHttps.SURFCACommunicator	Interface for SURFCAHttps communication with the user.

Class Summary

CAConnection	This class provides methods to post data to a (CA) website and retrieve and store the response.
CAHttps	Abstract class for communication to a Certificate Authority (CA), an implementation should include methods to initialize (e.g authenticate at an Online CA) and to retrieve and store a certificate.
PKCS12Https	Implementation of the abstract CAHttps for importing a PKCS12 file from disk.
PKCS12Https.StdioComm	This Implementation uses only stdio/stderr for I/O.
SURFCAHttps	Implementation of the abstract CAHttps for obtaining a certificate from the SURFnet online CA.
SURFCAHttps.StdioComm	Implementation of a SURFCAHttps.SURFCACommunicator using simple text via stdin/stderr/stdout.
TestSURFCA	Test class providing a TestSURFCA.main(String[]) method to test SURFCAHttps and PKCS12Https.

Package nl.nikhef.slcshttps Description

Provides classes to communicate with an online CA, in particular the one implemented by SURFnet in collaboration with the Max Planck Institute for Psycholinguistics and Nikhef, in order to setup client-side authentication for https connections.

For testing purposes a main() method is provided by TestSURFCA, which shows PKCS12Https and SURFCAHttps. It can be called using e.g.:

  java -D... -jar slcshttps_jdk15_v0.1.jar "https://www.nikhef.nl/~msalle/cert/showcert?nohtml=1"

where ... denote any of the following properties:

• nl.nikhef.slcshttps.CERT_URL
  Contains the URL used to POST the CSR to, and get the Certificate from as response. Used by SURFCAHttps.
• nl.nikhef.slcshttps.AUTH_URL
  The webbrowser goes to either the value of this property plus the CSR hash if it starts with http(s):// or uses it as a postfix to the value of nl.nikhef.slcshttps.CERT_URL and then adds the CSR hash. Used by SURFCAHttps.
• nl.nikhef.slcshttps.comm
  Used to determine whether to use stdio or popups for user communication by classes SURFCAHttps, PKCS12Https and TrustManagerImpl. For SURFCAHttps another way to communicate is used by the SURFCAInitDialog which hence also ignores this setting by implementing and empty SURFCAHttps.SURFCACommunicator. Other applications using this package probably want to provide their own implementations of these communicator interfaces SURFCAHttps.SURFCACommunicator, PKCS12Https.PKCS12Communicator and TrustManagerImpl.TrustCommunicator.
  values: stdio popup
• nl.nikhef.slcshttps.https
  Whether to use HttpsURLConnection or HttxURLConnection (which is firefox-like in its asking for confirmation about invalid server certificates). The default is to use "mask", which means it's behaving as if only HttxURLConnection is used, but in practise also HttpsURLConnection is setup for using the client side certificates. Value "both" does practically the same except for the CAPanel/SerialPanel classes: value "both" will show for both HttpsURLConnection and HttxURLConnection which certificate is in use for client side authentication, while value "mask" will only show HttxURLConnection (although both will be set).
  values: https httx both mask
• nl.nikhef.slcshttps.acknowledge
  Whether to show confirmation on succesful importing of certificate.
  values: true false

Since:

0.1

See Also:

http://www.nikhef.nl/pub/projects/grid/slcshttps/