Skip to main content

Java_Connect_File_Cert.java

Loads the certificate and private key from a password-protected PKCS#12 file.

/*****************************************************************************************
*
* Java_Connect_File_Cert.java
*
* Connects to the Key Server as a certificate principal using a file-backed PKCS#12
* (.p12) key store.
*
* This is AM08 X509Authentication: the client presents the certificate from the PKCS#12
* and signs a server-issued challenge with the matching private key. It runs over the
* ordinary server-auth-only SSL port -- it does NOT need a mutual-TLS (verifyClient=1)
* listener. That is what distinguishes it from Java_Connect_Cert.java, which demonstrates
* the SSLM (mutual-TLS) path via TEAgentSSLMConnection.
*
* The certificate must already be enrolled on the Key Server (see the "tecert importca /
* importuser" flow); the stored transport subject is the certificate's CN.
*
******************************************************************************************/

import com.eruces.teagent.FileX509Context;
import com.eruces.teagent.TEAgentConnection;
import com.eruces.teagent.TEAgentConnectionFactory;
import com.eruces.teagent.TEAgentException;
import com.eruces.teagent.TEConnectionType;

public class Java_Connect_File_Cert {

private String m_strServerName;
private int m_nPort;
private String m_strP12File;
private String m_strPasswd;
private TEAgentConnection m_conn;

public void connect(String strServerName, int nPort, String strP12File, String strPasswd) throws TEAgentException
{
m_strServerName = strServerName;
m_nPort = nPort;
m_strP12File = strP12File;
m_strPasswd = strPasswd;

// Load the certificate and private key from the PKCS#12 file. FileX509Context is
// the file-backed, soft-key X509Context; the PKCS#11 variant is the hardware one.
FileX509Context ctx = FileX509Context.getInstance();
ctx.open(m_strP12File, m_strPasswd);

// AM08 runs over the ordinary SSL port, so this is an ordinary SECURE_SOCKET
// connection -- the certificate authentication happens inside it.
m_conn = TEAgentConnectionFactory.getConnection(TEConnectionType.SECURE_SOCKET);
m_conn.open(m_strServerName, m_nPort, ctx);

System.out.println("Connected to " + m_strServerName + " at " + m_nPort + " as certificate user.");
}

public void showLoginID()
{
System.out.println("Login ID: " + m_conn.getLoginID());
}

public void disconnect() throws TEAgentException
{
// Close connection
m_conn.close();
System.out.println("Disconnected from " + m_strServerName);
}

public static void main(String[] args)
{
try
{
Java_Connect_File_Cert java_connect = new Java_Connect_File_Cert();
// Key Server SSL port. Provide an enrolled PKCS#12 file and its password.
java_connect.connect("sampleserver", 8888, "user.p12", "password1A");
java_connect.showLoginID();
java_connect.disconnect();
}
catch (TEAgentException te)
{
te.printStackTrace();
}
}
}