6
Hello.
I’m looking to develop a login system similar to what government portals use ( E-CAC, NFE and the like ), where E-CNPJ is used to log in.
I did the following:
1) I created and signed an RSA private key for the server:
keytool -genkey -alias tomcat -keyalg RSA
keytool -selfcert -alias tomcat
2) I have configured Tomcat:
<Connector port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="${user.home}/.keystore" keystorePass="password"
clientAuth="true" sslProtocol="TLS"/>
It worked perfectly and I was able to access https://localhost:8443/
3) I installed the ICP-Brazil chain
I followed exactly the steps described here: http://www.iti.gov.br/noticias/188-atualizacao/473...-cadeia-icpbrasil-java-windows
4) I implemented Servlet:
@WebServlet(name = "LerCertificado", urlPatterns = {"/lercertificado"})
public class LerCertificado extends HttpServlet {
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
try (PrintWriter out = response.getWriter()) {
out.println("<html>");
out.println("<head><title>ServletLerCertificado</title></head>");
out.println("<body>");
out.println("<p>Certificado digital:</p>");
String cipherSuite = (String) request.getAttribute("javax.servlet.request.cipher_suite");
if (cipherSuite != null) {
java.security.cert.X509Certificate certChain[] = (java.security.cert.X509Certificate[]) request
.getAttribute("javax.servlet.request.X509Certificate");
if (certChain != null) {
System.out.println("Array size: " + certChain.length);
for (int i = 0; i < certChain.length; i++) {
String certInfo = "Client Certificate [" + i + "] = "
+ certChain[i].toString();
out.println(certInfo);
}
} else {
out.println("Cliente sem Certificado Digital 1");
}
} else {
out.println("Cliente sem Certificado Digital 2");
}
out.println("</body></html>");
}
}
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}
}
But it doesn’t work. Always falls in the "Client without Digital Certificate 1"
I even tested on an AWS server (I just did not do step 3) with valid SSL certificate and also did not work.
Any idea what might be wrong?
All these sites use digital certificates to connect you may not have a digital certificate in A1 model and so this returned the message: "Client without Digital Certificate 1".
– gleison costa