Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>

Load Client Certificates from MAC Operating system

It is not secure to authenticate an application using plain username and password. Many applications started supporting Certificate based authentication than basic (username + password) authentication.

What is Certificate based authentication?
Certificate based authentication uses a digital certificate to identify a device, user and provide access to resources. Usually this digital certificate is issued by a certificate authority, it contains information like
         a. certificate expiry date
         b. Certificate authority that issued this certificate
         c. Name of the client etc.,
        
While doing certificate authentication, client has to submit the certificate to the server, server validate the authenticity of the certificate and provide access to the client, if the certificate is valid.

How to load client Certificates from Windows Operating system?
The Windows-MY keystore contains the user's private keys and the associated certificate chains.

How to load client certificates from MAC Operating system?
By loading the certificates from key store 'KEYCHAINSTORE', we can load the client certificates from MAC Operating system.

I developed an application 'SystemCertificateLoader.java', it provides following utility methods to load client certificates from windows and mac operating system.

public static List loadClientCertificatesFromWindowsOperatingSystem()
Load client certificates from windows operating system.

public static List loadClientCertificatesFromMacOperatingSystem()
Load client certificates from MAC operating system.

public static List getCertificates(List certificates)
Get all the list of X509Certificate from list of certificates.

Find the following complete working application.

SystemCertificateLoader.java
package com.sample;

import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.List;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

public class SystemCertificateLoader {
private static final Logger logger = LogManager.getLogger();

/**
* Windows-MY keystore contains the user's private keys and the associated
* certificate chains. By using 'SunMSCAPI' provider we can access client
* certificates from windows operating system.
*
* @return
*/
public static ListCertificate> loadClientCertificatesFromWindowsOperatingSystem() {
return getCertificates("WINDOWS-MY", "SunMSCAPI");
}

/**
* KEYCHAINSTORE keystore contains the user's private keys and the associated
* certificate chains. By using 'Apple' provider we can access client
* certificates from MAC operating system.
*
* @return
*/
public static ListCertificate> loadClientCertificatesFromMacOperatingSystem() {
return getCertificates("KEYCHAINSTORE", "Apple");
}

public static ListCertificate> getCertificates(String keyStoreName, String providerName) {

if (keyStoreName == null || keyStoreName.isEmpty()) {
return Collections.emptyList();
}

if (providerName == null || providerName.isEmpty()) {
return Collections.emptyList();
}

ListCertificate> certificates = new ArrayList();

try {
KeyStore systemKeyStore = KeyStore.getInstance(keyStoreName, providerName);
systemKeyStore.load(null, null);

EnumerationString> aliases = systemKeyStore.aliases();

while (aliases.hasMoreElements()) {

try {
String alias = aliases.nextElement();
Certificate certificate = systemKeyStore.getCertificate(alias);
certificates.add(certificate);
} catch (KeyStoreException e) {
logger.error(e);
}

}

} catch (KeyStoreException | NoSuchProviderException e) {
logger.error(e);
} catch (NoSuchAlgorithmException | CertificateException | IOException e) {
logger.error(e);
}
return certificates;
}


/**
* Return all the list of X509Certificate from list of certificates.
* @param certificates
* @return
*/
public static ListX509Certificate> getCertificates(ListCertificate> certificates) {

if (certificates == null || certificates.isEmpty()) {
return Collections.emptyList();
}

ListX509Certificate> x509Certificates = new ArrayList();

for (Certificate certificate : certificates) {

if (!(certificate instanceof X509Certificate)) {
continue;
}

x509Certificates.add((X509Certificate) certificate);

}

return x509Certificates;

}

}

Test.java
package com.sample;

import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.List;

public class Test {

public static void main(String args[]) throws IOException {

ListCertificate> certificates = SystemCertificateLoader.loadClientCertificatesFromWindowsOperatingSystem();

ListX509Certificate> x509Certificates = SystemCertificateLoader.getCertificates(certificates);

for (X509Certificate x509Certificate : x509Certificates) {
System.out.println("DN: " + x509Certificate.getSubjectDN() + ". CN: " + x509Certificate.getIssuerDN());
}

}
}

You may like
Move file to recycle bin
Generate content hash of a file
HOW TO GENERATE SHA1 HASH VALUE OF FILE
HOW TO GENERATE MD5 HASH VALUE OF FILE
List contents of a zip file
Miscellaneous






This post first appeared on Java Tutorial : Blog To Learn Java Programming, please read the originial post: here

Share the post

Load Client Certificates from MAC Operating system

×

Subscribe to Java Tutorial : Blog To Learn Java Programming

Get updates delivered right to your inbox!

Thank you for your subscription

×