Digital Certificate Login ( E-CPF, E-CNPJ ) with Servlet / JSP

Asked

Viewed 1,020 times

6

Hello.

I’m looking to develop a login system similar to what government portals use ( E-CAC, NFE and the like ), where E-CNPJ is used to log in.

I did the following:

1) I created and signed an RSA private key for the server: 

keytool -genkey -alias tomcat -keyalg RSA  
keytool -selfcert -alias tomcat

2) I have configured Tomcat: 

<Connector port="8443" maxThreads="200"  
    scheme="https" secure="true" SSLEnabled="true"  
    keystoreFile="${user.home}/.keystore" keystorePass="password"  
    clientAuth="true" sslProtocol="TLS"/>

It worked perfectly and I was able to access https://localhost:8443/

3) I installed the ICP-Brazil chain

I followed exactly the steps described here: http://www.iti.gov.br/noticias/188-atualizacao/473...-cadeia-icpbrasil-java-windows

4) I implemented Servlet: 

@WebServlet(name = "LerCertificado", urlPatterns = {"/lercertificado"})  
public class LerCertificado extends HttpServlet {  

    protected void processRequest(HttpServletRequest request, HttpServletResponse response)  
            throws ServletException, IOException {  
        response.setContentType("text/html;charset=UTF-8");  
        try (PrintWriter out = response.getWriter()) {  
            out.println("<html>");  
            out.println("<head><title>ServletLerCertificado</title></head>");  
            out.println("<body>");  
            out.println("<p>Certificado digital:</p>");  
            String cipherSuite = (String) request.getAttribute("javax.servlet.request.cipher_suite");  
            if (cipherSuite != null) {  
                java.security.cert.X509Certificate certChain[] = (java.security.cert.X509Certificate[]) request  
                        .getAttribute("javax.servlet.request.X509Certificate");  

                if (certChain != null) {  
                    System.out.println("Array size: " + certChain.length);  
                    for (int i = 0; i < certChain.length; i++) {  
                        String certInfo = "Client Certificate [" + i + "] = "  
                                + certChain[i].toString();  
                        out.println(certInfo);  
                    }  
                } else {  
                    out.println("Cliente sem Certificado Digital 1");  
                }  
            } else {  
                out.println("Cliente sem Certificado Digital 2");  
            }  
            out.println("</body></html>");  
        }  
    }  

    @Override  
    protected void doGet(HttpServletRequest request, HttpServletResponse response)  
            throws ServletException, IOException {  
        processRequest(request, response);  
    }  

    @Override  
    protected void doPost(HttpServletRequest request, HttpServletResponse response)  
            throws ServletException, IOException {  
        processRequest(request, response);  
    }   

}

But it doesn’t work. Always falls in the "Client without Digital Certificate 1"

I even tested on an AWS server (I just did not do step 3) with valid SSL certificate and also did not work.

Any idea what might be wrong?

java jsp tomcat servlet certified

  • All these sites use digital certificates to connect you may not have a digital certificate in A1 model and so this returned the message: "Client without Digital Certificate 1".

No answers

Browser other questions tagged java jsp tomcat servlet certified

You are not signed in. Login or sign up in order to post.