Reading Mozilla certificates from an applet

Similar Messages

• How to read security certificates from registry using java 1.4

  Hi All,
  I installed one Security certificate in IE browser. that certificate is UNExportable which contains private keys which are imported to use while server cuommunication.
  Now have to send that certificate for authentication to vendor server using java(J2SDK 1.4).I tried allways to do cummunication but filed due to unabalability of private key.
  Here I want to read that certificate from windows sertificate registry store which is installed from IE.
  Is there any way to read IE installed certificates using java. If so please provide me that code.
  Its very URGENT for me.....please help
  thank you
  Vinod

  while exporting the certificate the am able to export only public keys, private key option is disabled. but those private keys are very important for my communication. I should pass those private keys to vendor for authentication purpose.
  That's way am paling to read certificate from windows registry. but am new to these concepts.
  can anybody have code to read certificates from windows registry using java 1.4?

• Read SAProuter certificate from local.pse

  Hi @ all,
  I want to read-out the information certifications from my SAProuter, which are located in the local.pse
  As I've saw in the internet - following parameter should be used to read out the certification information:
  <PATH> sapgenpse maintain_pk -l -p <PATH \local.pse
  After I've entered the PIN I got following messeage:
  maintain_pk for PSE "<PATH \local.pse"
  PKList is empty
  Do somebody know what does "PKList is empty" means and how can I avoid this message that I can read-out the informations?
  Thanks in advance
  Best regards
  Alexander

  Hi,
  I want to check e.g. the validity of the certifications; serialnumber, Certificate extension, etc.
  as I want to create a complete list of certificates we use in our company in the SAP environment including the certificates from SAProuter.
  To read out these informations I found in the internet the command
  sapgenpse maintain_pk -l -p <PATH \local.pse
  But I just get the message that PKList is empty.
  With the sapgenpse get_my_name -v -n command I can't get these informations.
  Thanks for further updates
  Alexander

• Reading System Spec from an Applet

  Hi guys.
  Can some applet expert tell me what System spec is available to a signed applet to read?
  I'm after stuff like amount of physical memory, free HDD space, cpur speed, gfx card etc - the type of stuff you get from DXDiag. I know the majority of it is not available. I was just wondering what was.
  Thanks.

  Yes, it's possible. Use this:
          Runtime r = Runtime.getRuntime ();
          Process p = r.exec ( command );++ read the help and use http://www.google.com for more informations.

• Applet does not get client certificate from browser (Firefox, IE7)

  I'm writing a web service which runs Tomcat through Apache. One critical requirement is that the service be able to invoke certain device drivers on the end user's machine. Fortunately, there is a Java API for this, so this requirement can be fulfilled using an applet.
  Here's the problem. This is a B2B application, so we're using SSL and requiring client authentication. I'm no web security guru, but I managed to get SSL set up through Apache (with a self-signed certificate for now; we'll get a real one from a real CA when we're ready to go to production). I also managed to set up client authentication by creating my own CA and generating a client certificate, which I then copied to my test client (Win XPSP2) and imported into both Firefox (2.0.0.15) and IE (6.0.2900). The applet is signed with a real certificate, and that causes no problems. And all of the pages for my web service work as expected.
  All except one. The page which is supposed to load the applet pops a dialog stating 'Identification required. Please select certificate to be used for authentication', and presents a list of zero certificates.
  Actually, I get this dialog in Firefox on my XPSP2 box, and also when I test on a Vista Home Premium box running IE 7.0.6000. Puzzlingly, this behavior does NOT occur on my XPSP2 box when running through IE 6.0. It seems that with XPSP2 and IE 6.0, the JVM can manage to obtain the required client certificate from the browser and pass it along to Apache, but the JVM can't do this when running in Firefox or in IE 7.0 on Vista.
  I have gone to the Java Control Panel and verified that the 'Use certificates and keys in browser keystore' option is selected on both boxes.
  I've done a fair amount of research for this (including in this forum) and see that this appears to be a chronic difficulty with applets. What makes it worse is that I don't think I can use the standard workaround, which is to download the applet from a different host/virtual host, because the applet needs to communicate with the web service. Since we have the additional layer of Tomcat container-managed user authentication, the applet needs to be communicating with the server using the same session token as everything else.
  So at this point, I'm stuck. Does anyone know a solution to this problem? Two thoughts (I'm reaching at straws here):
  1) I have the certificate imported in both Firefox and IE as a 'personal' certificate. Is there someplace else I can put it so the JVM will know how to find it? A rather old thread in this forum mentioned something about setting properties in the Java Control Panel, but I see no place in the JCP to specify such properties, so I'm guessing that solution is no longer operative.
  2) I'm using a trick I found on the internet to make the applet load cleanly with both Firefox and IE, namely, I'm using the <OBJECT> tag to specify the applet class and codebase for IE, and then using <COMMENT><EMBED ... /></COMMENT> within the <OBJECT> declaration to specify the information for Firefox. Is there some other way of doing the markup that will give the JVM a hint that it should get a certificate from the browser?
  BTW . . . I would hate to drop support for Firefox, but if someone has an IE-only solution, I'll take it. Unfortunately, I reckon a Firefox-only solution would not fly.
  Thanks all.

  My applet is also signed by a valid certificate. The question of whether the applet is signed/self-signed/unsigned >isn't an issue --- I just wanted you to make sure the Applet runs because it is a know valid Java2 Applet that is 100% signed properly and verified to run.
  This eliminates the possibility that it is a JVM issue. However after reading your message further I am afraid
  it is not relevant to your issue.
  due to the client authentication, my browser (Firefox, IE7) refuses to even download the applet.
  I went to your site, and I can see your applet in both Firefox and IE6. However, I don't believe your site is set up >quite like mine, because it appears I can run your applet whether I have imported your X509 certificate or not. What I >did was:If that is true we are all dead :) No I think you just missed the cert in the IE databse. It doesn't have to be in the
  Applet database to function. Surprise!
  Check your IE/tools/internet options/content tab/certificates/trusted root certification authorities.
  I then opened the Java control panel and verified that the certificate isn't listed there, either. So unless the certificate >is being cached/read from some other location (which could be, this certificate stuff is largely black magic to me), >then your server isn't requiring client authentication, either accidentally or by design.No HyperView is a valid java2 Applet and actually writes to a file "hyperview.dat" though it is probably empty.
  If you click on a component in the view and then on the view and type "dumpgobs" it shoud write out some data about the current graphics objects so you can see it has complete read/write access..
  Further it opens up a complete NIO server ands starts listening for connections on a random port
  (Echoed in your java console) You can connect to it with telnet and watch impressive ping messages all day :)
  This all goes back to a few years BTW back before there was a plugin and there was only Netscape & IE.
  There are actually 2 certificate databases and what loads where depends on which type of cert you are using. Now self signed or not doesn't matter but what does matter is the type of certificate. IE: is it RSA/DSA/Sha1
  etc. The Netscape DB was a Berkley DB and MS used whatever they use. The Cert is a DSA/Sha1 cert
  which I like the best ATM as it (X fingers it stays so) always has worked.
  Sadly that tidbit doesn't help you either I am afraid.
  What I'm trying to do is require client authentication through Apache by including the following markup in a virtual >host definition:
  SSLCACertificateFile D:/Certificates/ca.crt
  SSLVerifyClient require
  SSLVerifyDepth 1You got me there I avoid markup at all costs and only code in C java and assembler :)
  Now unless I am wrong I think you are saying that you want the Applet to push the certificate to the server
  automatically and I don't think this happens. Least I have never heard of this happening from an Applet automatically.
  On my client machine, I have a certificate which was generated using OpenSSL and the ca.crt file listed. Testing >shows that the server is requiring a certificate from the client, and the web browser is always providing it.
  The problem is that when the browser fires up the Java plugin to run an applet, there is not sufficient communication >between the browser and the plugin so that the plugin can obtain the certificate from the browser and provide it to >the server.
  So the server refuses to send the applet bytecode to the JVM, and we're stuck.In terms of implementation ease I think you may have the cart before the horse because I think it would be far easier to run an Applet in the first place to do the authentication, and then send, for example, a jar file to bootstrap and run
  (or some classes) in the event the connection is valid. Then again one never knows it all and there may be some classes which enables the plugin as you wish. I have never heard of this being done with the plugin the way you suggest.
  I am thinking maybe there is another method of doing this I do not know.
  Did you try pushing the cert via JavaScript/LIveConnect?? That way it could run before the Applet and do the authentication.
  Maybe someone else has other ideas; did you try the security forum??
  Sorry but I am afraid that is not much help.
  I did snarf this tidbit which may have some relevance
  The current fix for this bug in Mantis and 1.4.1_02 is using JSSE API, Here are the step:
  In Java control panel, Advanced tab -> Java Runtime Parameters, specify:
  -Djavax.net.ssl.keyStore=<name and path to client keystore file>
  -Djavax.net.ssl.keyStorePassword=<password to access this client keystore file>
  If it is a PKCS12 format keystore, specify:
  -Djavax.net.ssl.keyStoreType=PKCS12
  In our future JRE release 1.5, we will create our own client authentication keystore file for JPI and use that for client authentication, for detail info, please see RFE 4797512.
  Dennis
  Posted Date : 2005-07-28 19:55:50.0Good Luck!
  Sincerely:
  (T)
  Edited by: tswain on 23-Jul-2008 10:07 AM

• Reading from the Applet's JAR file.

  Is it possible to read a file stored in the jar file that the (unsigned) applet is being executed in? I have a line that goes like (in is just an InputStream):
  in = getClass().getResource( "/exercise.xml" ).openStream();
  and then, in another class, i do (bulider is an instance of javax.xml.parsers.DocumentBuilder, created from the DocumentBuilderFactory class):
  doc = builder.parse( in );
  but this always results in a security exception (works fine from the applet viewer). I tried specifying the full path to the .jar file as the codebase, but got the same results. I have not tested this from an actual web server, i am only opening the .html file directly in IE.
  Due to the nature of the application, it is not possible to host the file seperately on a webserver.
  It seems to me that there is no reason an applet shouldnt be allowed to load a file from the .jar it is executing in, could this simply be a problem of the file being local, and thus linked to from a file:// tag?
  Thanks for any help.
  Thomas Stephens

  Hi Guys
  I have figured out this problem. It's got to do with classloader.
  Applet uses a separate classloader. So using the static getSystemResource(),
  we never get contents from applet jar files. The following will work nicely.
  It is noted that you must loacate the applet classloader as in the first line
  and use the non-static method getResource();
  ObjectInJar obj = new ObjectInJar(); // create an object with a class in the jar file.
  ClassLoader cl = obj.getClass().getClassLoader();
  InputStream stream = cl.getResource("your_filepath_in_jar").openStream();
  Cheers.

• Reading and writing to a text file from an Applet

  I'm a novice java programming with very little formal programming training. I've pieced together enough knowledge to do what I've wanted to do so far...
  However, I've been unable to figure out how to read and write to a text file from an Applet (I can do it from a normal java program just fine). Here is a simple example of what I'd like to do (you can also look at it on my website: www.stat.colostate.edu/~leach/test02/test02.html). I know that there is some problem with permission/security but I'm not smart enough to understand what the error messages are telling or understand the few books I have. If anyone can tell me how to get this applet to work, or direct me to some referrences that would help me out I'd really appreciate it.
  Thanks,
  Andy
  import java.applet.Applet;
  import java.net.*;
  import java.awt.*;
  import java.awt.event.*;
  import java.util.*;
  import java.io.*;
  public class test02 extends Applet {
  public Button B_go;
  public GridBagConstraints c;
  public void init() {
  this.setLayout(new GridBagLayout());
  c = new GridBagConstraints();
  c.fill = GridBagConstraints.BOTH;
  B_go = new Button("GO");
  c.gridx=1; c.gridy=0; c.gridwidth=1; c.gridheight=1;
  c.weightx = c.weighty = 0.0;
  B_go.addActionListener(new ActionListener() {
  public void actionPerformed(ActionEvent e) {
  setCursor(Cursor.getPredefinedCursor(Cursor.WAIT_CURSOR));
  print_stuff();
  setCursor(Cursor.getPredefinedCursor(Cursor.DEFAULT_CURSOR));
  this.add(B_go,c);
  public static void print_stuff() {
  try{
  File f = new File("test02.txt");
  PrintWriter out = new PrintWriter(new FileWriter(f));
  out.print("This is test02.txt");
  out.close();
  }catch(IOException e){**/}
  }

  I have almost the exact same problem, and I am in the same situation as you are with respects to the language.
  I am simply trying to create a file and output some garbage to it but my applet always spits back a security violation. I've tried eliminating the restrictions on the applet runner I use but I still get the error.
  My method:
  debug = new Label() ;
  debug.setLocation( 20, 20 ) ;
  debug.setSize( 500, 15 ) ;
  add( debug ) ;
  // output
  try
       OutputStream file = new FileOutputStream( new File( "" + getCodeBase() + "output.txt" ) ) ;
       byte[] buffer = { 1, 2, 3, 4, 5 } ;
       file.write( buffer ) ;
       file.close() ;
  } catch( Exception e )
       debug.setText( e.toString() ) ;
       Can anyone tell why this isnt working?

• Applet won't get client certificate from browser

  Hi,
  We have an applet that runs fine as long as we don't have the web server require a client certificate. This applet runs inside a protected Intranet with a standard client JRE version 1.4.2 The rules of the intranet state that client certificates are required. So we registered our certificates with the JRE plug in in the browser and NaDa...
  I have read all sorts of things out there on the web that says the end user must register a personal Keystore and then we must code the applet to look into the end user's keystore for the certificate and the user must type in their personal password for the keystore into some sort of a form for the applet to read the keystore certificate.
  This sounds illogical and I strongly suspect that I am mis-interpreting what is being said...
  Can anyone help me understand what I am missing? (or perhaps point to a tutorial that has some better info in it...) I have looked at the Sun Java tutorial for applets didn't see any specific info regarding this type of problem- solution.
  Thanks for any pointers or suggestions you might have.
  JpGuy

  Hi,
  We have an applet that runs fine as long as we don't have the web server require a client certificate. This applet runs inside a protected Intranet with a standard client JRE version 1.4.2 The rules of the intranet state that client certificates are required. So we registered our certificates with the JRE plug in in the browser and NaDa...
  I have read all sorts of things out there on the web that says the end user must register a personal Keystore and then we must code the applet to look into the end user's keystore for the certificate and the user must type in their personal password for the keystore into some sort of a form for the applet to read the keystore certificate.
  This sounds illogical and I strongly suspect that I am mis-interpreting what is being said...
  Can anyone help me understand what I am missing? (or perhaps point to a tutorial that has some better info in it...) I have looked at the Sun Java tutorial for applets didn't see any specific info regarding this type of problem- solution.
  Thanks for any pointers or suggestions you might have.
  JpGuy

• Trusted certificates from your previous version of Adobe Reader were found.

  After upgrading Adobe Reader from 10 to 11, some users are getting "Adobe Reader Security - Trusted certificates from your previous version of Adobe Reader were found.  Would you like to import them."  I need to know what registry settings we can modify to either set this automatically to "Import" or "Use Default"  I need to add one of these options into our Adobe Reader Settings GPO that is using group policy preferences.  This only appears for users who have data in C:\Users\%username%\AppData\Roaming\Adobe\Acrobat\10.0\Security and only the very first time the user opens Adobe Reader after the upgrade per user profile on a given server.

  I'm not sure this is true: "If they don't exist then there is no dialog. " Could be, but I've never heard of it.
  However, acrodata files perform a number of functions for several features, so removing them is unwise. Also, they will just come back when a user exercizes certain features.
  Better to just turn off the feature with the supported preference.
  Ben

• Reading the boot sector from an applet

  I want to be able to read the boot sector of a floppy on a Wintel machine from an applet. I realize that I'll need to sign the applet to relax the security restrictions. I suppose that I'll need to use JNI and do the actual disk accesses in C. If that's true, I am not sure if I can bundle up the resulting dll in my jar or cab file along with my class files and have it work.
  So far, my attempts to turn the JNI 'hello world' program into an applet haven't been that successful. I get an InstantiationException when I try to run it. Attempts to run it from appletviewer don't yield any output, exception or otherwise. It runs OK as an application.

  I'm not sure that makes any difference. It has to be packaged up and signed using the appropriate method for the browser or plug-in. I had tried it with IE packaging it as a cab file and signing it with MS tools. I have now tried it with the 1.3.1 plug-in.
  I think the real problem is getting the dll containing the C code to be visible to the client OS. Now I am thinking that the best way to do this would be to have the applet copy the dll from the server if it doesn't already exist on the client and copy it to c:\WINNT\system32 and then run.

• Read/Write from an Applet

  hi,
  I need to read/write from/to a file from an Applet. Reading is no Problem. Actually writing is!
  I have try it but I get some problems with the getOutputStream function.
  Can everybody send me an simple example.

  You are right and I have try it.
  There are some guys with the same problem but there are no answers to the specified problem.

• Get certificate from the browser

  Hi friends!,
  I am working with an application to get files from the client machine, to sign those files with the client's certificate and send those sign to the server.
  The application get the client's certificate from a key store, but I want the applet will get the certificate from the browser.
  Is that possible?.
  Thanks and sorry for my little english. Greetings from Venezuela.

  If all you're looking for is Client SSL Authentication, then you don't need to access the digital certificates through an applet; just enable ClientAuth on your web-server and let the browser handle it for you. While I haven't tried this with Chrome, Safari or Opera, I know for a fact that this works on Firefox and IE.
  If you're trying to access the digital certificates/keys in the browser-keystore for digitally signing some content that the applet creates, you're going to have far more difficulty. About 10-12 years ago, Netscape provided an API that allowed you to digitally sign text-content through JavaScript. That died a quiet death, I think, since I don't know of anyone who used that capability (outside of test environments).
  Years later, Mozilla added the ability to digitally sign XML content using XForms; there is even an add-on for Thunderbird (which uses the same libraries as Firefox for PKCS work): https://addons.mozilla.org/en-US/thunderbird/addon/4522/.
  However, to the best of my knowledge, the only way you can get an applet to access the borwser's keystore today is to have the security policy on the client-machine modified to provide access to the local file-system, and the applet then pretty much deals with the keystore and its objects through JCE.
  But, if I'm reading your post correctly, I think all you're looking for is SSL ClientAuth, for which you don't need to do anything other than enable it on your web-server that hosts the applets, and let the browser do the heavy lifting.
  Arshad Noor
  StrongAuth, Inc.

• How do i make http connection  from an applet to  a servlet

  i am not able to make a http connection from the applet to servlet
  my code for servlet is as follows
  import java.io.*;
  import javax.servlet.*;
  import javax.servlet.http.*;
  public class newDatabaseServlet extends HttpServlet {
  //      Connection con;
  // Statement stmt;
       public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
            resp.setContentType("text/content");
            System.out.println("megha");
            String mthd[] = req.getParameterValues("event");
            System.out.println(mthd.length);
            System.out.println(mthd);
            System.out.println(req.getQueryString());
            // System.out.println("megha");
  PrintWriter fw = new PrintWriter(new FileOutputStream(new File("e:/JRun/servers/default/default-app/mycontent.txt")));
  String s = "this text comes from servlet";
  fw.print(s);
  fw.flush();
            if(mthd[0].equalsIgnoreCase("callEditor")) {
                 openEditor(req,resp);
  public void openEditor(HttpServletRequest req, HttpServletResponse resp) {
       /* try {
            Class.forName("oracle.jdbc.driver.OracleDriver");
       con = DriverManager.getConnection("jdbc:oracle:thin:@pc6:1521:oradba","test","test");
       catch(Exception e) {
            e.printStackTrace();
            try {
                 resp.sendRedirect("/RunApp1.html");
            catch(IOException e) {
                 e.printStackTrace();
  /*try {
       Class.forName("oracle.jdbc.driver.OracleDriver");
  con = DriverManager.getConnection("jdbc:oracle:thin:@pc6:1521:oradba","test","test");
       catch(Exception e) {
       e.printStackTrace();
       resp.setContentType("text/html");
       PrintWriter output = resp.getWriter();
       try {
  stmt = con.createStatement();
  String strContent = "select * from edTable where newsid = 2";
  ResultSet rs = stmt.executeQuery(strContent);
  if(rs.next()) {
                 String newsText = rs.getString(2);
  /* StringBuffer buf = new StringBuffer();
                 buf.append("<B>servlet</B>");
                 try {
                 resp.sendRedirect("RunApp");
            catch(IOException e) {
                 e.printStackTrace();
  //               output.println(buf.toString());
  //          output.close();
  my code for applet is
  import javax.swing.*;
  import java.awt.event.*;
  import java.net.*;
  import java.io.*;
  import java.awt.*;
  import javax.swing.text.*;
  import javax.swing.text.html.*;
  public class EdApplet extends JApplet {
  public void init() {
       Container c;
       c = getContentPane();
  JPanel but = new JPanel();
  c.add(but,BorderLayout.NORTH);
  final JEditorPane je = new JEditorPane();
  JScrollPane jsp = new JScrollPane(je);
  HTMLEditorKit ht = new HTMLEditorKit();
  je.setEditorKit(ht);
  je.setEditable(true);
  HTMLDocument mdoc = (HTMLDocument)ht.createDefaultDocument();
  StyleSheet mcontext =mdoc.getStyleSheet();
  je.setDocument(mdoc);
  c.add(jsp,BorderLayout.CENTER);
  JPanel bot = new JPanel();
  c.add(bot,BorderLayout.SOUTH);
  JButton save = new JButton("save");
  but.add(save);
  String str = getInitialText();
       je.setText(str);
       String servletUrl="http://pc7:8100/servlet/newDatabaseServlet";
  try{
                 URL servletURL = new URL(servletUrl);
                 URLConnection servletConnection = servletURL.openConnection();
            servletConnection.setRequestProperty("event","saveText");
            servletConnection.setDoOutput(true);
            servletConnection.setUseCaches(false);
       catch(Exception e) {
  //          je.setText(e.printStackTrace());
       ActionListener lst = new ActionListener() {
            public void actionPerformed(ActionEvent ae) {
                 String save = je.getText();
                 saveText(save,je);
       save.addActionListener(lst);
  //je.setText("<B>this</B>");
  //URLConnection servletConnection = null;
  /* try {
            String servletUrl="http://pc7:8100/servlet/newDatabaseServlet";
            URL myUrl = new URL(servletUrl);
            servletConnection = myUrl.openConnection();
            servletConnection.setDoOutput(true);
            servletConnection.setUseCaches(false);
       /*     BufferedReader br = new BufferedReader(new InputStreamReader(servletConnection.getInputStream()));
  String t = br.readLine();
  je.setText(t);
       catch(Exception e) {
            e.printStackTrace();
  /* ActionListener lst = new ActionListener() {
            public void actionPerformed(ActionEvent ae) {
                 BufferedReader br = new BufferedReader(new InputStreamReader(servletConnection.getInputStream()));
                 String t = br.readLine();
  je.setText(t);
  click.addActionListener(lst);
  /*void String changeText(UrlConnection con) {
  BufferedReader br = new BufferedReader(new InputStreamReader(con.getInputStream));
  String t = br.readLine();
  return t;
  public String getInitialText()
       //String me = null;
       URLConnection textConnection = null;
       StringBuffer sb = new StringBuffer();
       try {
                 String textUrl="http://pc7:8100/mycontent.txt";
                 URL myUrl = new URL(textUrl);
                 textConnection = myUrl.openConnection();
                 textConnection.setDoInput(true);
                 textConnection.setUseCaches(false);
                 BufferedReader br = new BufferedReader(new InputStreamReader(textConnection.getInputStream()));
                 // me = (String)servletConnection.getContent();
                 String s = null;
                 while((s = br.readLine())!=null) {
                      sb.append(s);
            catch(Exception e) {
                           e.printStackTrace();
                 return sb.toString();
       public void saveText(String saveStr,JEditorPane je) {
            //String saveStr = je.getText();
            //String servletUrl="http://pc7:8100/servlet/newDatabaseServlet?event='saveText'&newsid='2'";
            //String servletGet="http://pc7:8100/servlet/newDatabaseServlet";
            String servletUrl="http://pc7:8100/servlet/newDatabaseServlet";
            //String servletUrl = servletGet + "?"
            //     + URLEncoder.encode("event") + "="
       // + URLEncoder.encode("saveText");
  //     je.setText(servletUrl);
            try {
            URL servletURL = new URL(servletUrl);
            URLConnection servletConnection = servletURL.openConnection();
       //     servletConnection.setRequestProperty("event","saveText");
       servletConnection.setRequestProperty(
       "User-Agent","Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
            //System.out.println("from applet");
            servletConnection.setDoOutput(true);
            servletConnection.setUseCaches(false);
            //Propertiew prop = new Properties();
       //     prop.put("event","saveText");
            PrintStream out = new PrintStream(servletConnection.getOutputStream());
  out.println("event");
  out.close();
       catch(IOException e) {
            je.setText(e.toString());
  kindly tell me what is the error
  what is the best method of doing this
  thanking u in anticipation
  megha sood

  omg O_o
  We cannot debug your code, but:
  Did you try the servlet directly from your browser? Does it work?
  Best regards from Germany,
  r.v.

• How to extract certificates from IE for digital signature

  hi
  how to extract certificates from the cert store provided by Internet Explorer 6.0 and use it to read & verify the digital signatures present in the pc.this is needed in my web based application n i have no idea!!!
  pls help me out
  i have studied a lot about all JCA n JCE but the extraction part still baffles me!!!
  my application will be java based so i can make an applet/ servlet/ jsp
  drop your ideas as soon as u get time as i am stuck in the initial phase itself
  priya_16

  hi
  i've the same problem. i've found this solution, but you need download a JCE Provider that allow you to read the explorer certificate store.
  You can try this one: https://download.assembla.se/jceprovider/
  and the code:
  import se.assembla.*;
  public class Listcerts {  
       public static void list() throws Exception{
            java.security.Security.insertProviderAt(new se.assembla.jce.provider.ms.MSProvider(), 2);
            KeyStore ks = KeyStore.getInstance("MSKS","assembla");
            ks.load(null,null);
            X509Certificate cert=null;
            String alias=null;
            int count=0;
            for (java.util.Enumeration e=ks.aliases();e.hasMoreElements();){
                      alias=(String)e.nextElement();
                      cert=(X509Certificate)ks.getCertificate(alias);
                      System.out.println("\n Certificado alias"+alias+":");
                      System.out.println(cert);
                 count++;
            System.out.println ("NUM CERTS="+count);
  now, i need the same solution for Firefox browser XP
  good luck
  Message was edited by:
  meteko

• Saml2 error validateArtifactRequester: certificate from client is null

  Hi,
  I got this error ArtifactResolutionService.validateArtifactRequester: certificate from client is null, authentication is failed.>
  If you see the log then you can see the handshaking between assertion and indentity works but somehow the assertion refuses the response of the identity
  assertion provider
  ####<12-sep-2009 17:30:24 uur CEST><SAML2Filter: Processing request on URI '/appB/faces/aut/restricted.jspx'>
  ####<12-sep-2009 17:30:24 uur CEST><getServiceTypeFromURI(): request URI is '/appB/faces/aut/restricted.jspx'>
  ####<12-sep-2009 17:30:24 uur CEST><getServiceTypeFromURI(): request URI is not a service URI>
  ####<12-sep-2009 17:30:24 uur CEST><getServiceTypeFromURI(): returning service type 'SPinitiator'>
  ####<12-sep-2009 17:30:24 uur CEST><SP initiating authn request: processing>
  ####<12-sep-2009 17:30:24 uur CEST><SP initiating authn request: partner id is null>
  ####<12-sep-2009 17:30:24 uur CEST><weblogic.security.service.internal.SAMLKeyServiceImpl.getKeyInfo>
  ####<12-sep-2009 17:30:24 uur CEST><weblogic.security.service.internal.SAMLKeyServiceImpl.getKeyStore>
  ####<12-sep-2009 17:30:24 uur CEST><weblogic.security.service.internal.SAMLKeyServiceImpl.getKeyStore Checking if the Keystore file was modified>
  ####<12-sep-2009 17:30:24 uur CEST><SP initiating authn request: use partner binding HTTP/Artifact>
  ####<12-sep-2009 17:30:24 uur CEST><store saml object org.opensaml.saml2.core.impl.AuthnRequestImpl@168c85b, BASE64 encoded artifact is AAQAAMRtlWqk3m9VqV3ySu7qjJcGo08PSwH/NaPWjnhgmqYEpXMWX2STBHg=>
  ####<12-sep-2009 17:30:24 uur CEST><post artifact: false>
  ####<12-sep-2009 17:30:24 uur CEST><local ARS binding location: http://laptopedwin.wh.lan:8001/saml2/idp/sso/artifact>
  ####<12-sep-2009 17:30:24 uur CEST><post form template url: null>
  ####<12-sep-2009 17:30:24 uur CEST><URL encoded artifact: AAQAAMRtlWqk3m9VqV3ySu7qjJcGo08PSwH%2FNaPWjnhgmqYEpXMWX2STBHg%3D>
  ####<12-sep-2009 17:30:24 uur CEST><URL encoded relay state: null>
  ####<12-sep-2009 17:30:24 uur CEST><artifact is sent in http url:http://laptopedwin.wh.lan:8001/saml2/idp/sso/artifact?SAMLart=AAQAAMRtlWqk3m9VqV3ySu7qjJcGo08PSwH%2FNaPWjnhgmqYEpXMWX2STBHg%3D>
  ####<12-sep-2009 17:30:24 uur CEST><SAML2Servlet: Processing request on URI '/saml2/sp/ars/soap'>
  ####<12-sep-2009 17:30:24 uur CEST><getServiceTypeFromURI(): request URI is '/saml2/sp/ars/soap'>
  ####<12-sep-2009 17:30:24 uur CEST><getServiceTypeFromURI(): service URI is '/sp/ars/soap'>
  ####<12-sep-2009 17:30:24 uur CEST><getServiceTypeFromURI(): returning service type 'ARS'>
  ####<12-sep-2009 17:30:24 uur CEST><ArtifactResolutionService.process: get SoapHttpBindingReceiver as receiver and SoapHttpBindingSender as sender.>
  ####<12-sep-2009 17:30:24 uur CEST><ArtifactResolutionService.validateArtifactRequester: certificate from client is null, authentication is failed.>
  ####<12-sep-2009 17:30:24 uur CEST> <Warning> <Security> <LAPTOPEDWIN> <DefaultServer> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1252769424812> <BEA-000000> <[Security:096565]Artifact requester authentication failed.>
  ####<12-sep-2009 17:30:24 uur CEST><SoapHttpBindingSender.sendResponse: Set HTTP headers to prevent HTTP proxies cache SAML protocol messages.>
  ####<12-sep-2009 17:30:24 uur CEST><SoapHttpBindingSender.send: the SOAP envelope to be sent is :
  >
  ####<12-sep-2009 17:30:24 uur CEST> <<?xml version="1.0" encoding="UTF-8"?><soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/"><soap11:Body><samlp:ArtifactResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_0xf34d9596cf9f8d37715fdf3529266b40" InResponseTo="_0xe219b059e77568bc835736caa94d6855" IssueInstant="2009-09-12T15:30:24.812Z" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">jdev_wls</saml:Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/><samlp:StatusMessage>[Security:096565]Artifact requester authentication failed.</samlp:StatusMessage></samlp:Status></samlp:ArtifactResponse></soap11:Body></soap11:Envelope>>
  ####<12-sep-2009 17:35:24 uur CEST> <authn_request - item: _0x9061f430c89cd074398250c710c83045 expired.>
  identity provider
  ####<12-sep-2009 17:30:24 uur CEST><SAML2Servlet: Initialized logger service>
  ####<12-sep-2009 17:30:24 uur CEST><SAML2Servlet: Initialized SAML2 service>
  ####<12-sep-2009 17:30:24 uur CEST><SAML2Servlet: setConfigKey called with key 'default'>
  ####<12-sep-2009 17:30:24 uur CEST><SAML2Servlet: Processing request on URI '/saml2/idp/sso/artifact'>
  ####<12-sep-2009 17:30:24 uur CEST><Redirect URI cache updated.>
  ####<12-sep-2009 17:30:24 uur CEST><weblogic.security.service.internal.SAMLKeyServiceImpl.getKeyInfo>
  ####<12-sep-2009 17:30:24 uur CEST><weblogic.security.service.internal.SAMLKeyServiceImpl.getKeyStore>
  ####<12-sep-2009 17:30:24 uur CEST><weblogic.security.service.internal.SAMLKeyServiceImpl.getKeyStore Checking if the Keystore file was modified>
  ####<12-sep-2009 17:30:24 uur CEST><getServiceTypeFromURI(): request URI is '/saml2/idp/sso/artifact'>
  ####<12-sep-2009 17:30:24 uur CEST><getServiceTypeFromURI(): service URI is '/idp/sso/artifact'>
  ####<12-sep-2009 17:30:24 uur CEST><getServiceTypeFromURI(): returning service type 'SSO'>
  ####<12-sep-2009 17:30:24 uur CEST><Request URI: /saml2/idp/sso/artifact>
  ####<12-sep-2009 17:30:24 uur CEST><Method: GET>
  ####<12-sep-2009 17:30:24 uur CEST><Query string: SAMLart=AAQAAMRtlWqk3m9VqV3ySu7qjJcGo08PSwH%2FNaPWjnhgmqYEpXMWX2STBHg%3D>
  ####<12-sep-2009 17:30:24 uur CEST><     Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-application, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*>
  ####<12-sep-2009 17:30:24 uur CEST><     Referer: http://127.0.0.1:7101/appB/faces/appBStart.jspx;jsessionid=TtbvKr5Myy7hC5y2j9YVZMLp2dxvYlGP3nV8KnJPtnB5svv4cnDL!-453074333?_adf.ctrl-state=m6b65gdxq_4>
  ####<12-sep-2009 17:30:24 uur CEST><     Accept-Language: nl>
  ####<12-sep-2009 17:30:24 uur CEST><     User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)>
  ####<12-sep-2009 17:30:24 uur CEST><     Host: laptopedwin.wh.lan:8001>
  ####<12-sep-2009 17:30:24 uur CEST><     Accept-Encoding: gzip, deflate>
  ####<12-sep-2009 17:30:24 uur CEST><     Connection: Keep-Alive>
  ####<12-sep-2009 17:30:24 uur CEST><     Cache-Control: no-cache>
  ####<12-sep-2009 17:30:24 uur CEST><weblogic.security.service.internal.SAMLKeyServiceImpl.getKeyInfo>
  ####<12-sep-2009 17:30:24 uur CEST><ssl client key:Sun RSA private CRT key, 1024 bits
  modulus: 135256530343776309493378499238723474761809537383354856443783031405724842963590896515127253614442774833330163469306346998433606124817086312759138932710087080464501074410925139095622741276531270633324573257815772267862467588496928149465417098076218732040047455958122894583653703895415828491462423303970267662119
  public exponent: 65537
  private exponent: 70314326087743699962454879977162652930937500017561071746336998641882377889887267410323718367396514008446506086626901479113065301623787031382331559843030136237857866934906267741351110674239213829006129063775109788707087302538026535943257466578949319062480441789214176315827916248430287133081293921721804088033
  prime p: 11974625102832097583118096114610793613205242504983701060834332690026001982375077665162762308523793650653350947197100038932023730202787298553029195261347327
  prime q: 11295262205059515784067784104204404656057034968759802138195417174670025481580489505249455835611140503620524999898446032906677280702668039750528726228078297
  prime exponent p: 10636051419212951957075964614303506523311875298802298281157626077164099690190818102244374273181234298154969131746805474255337189050985724645168110919912251
  prime exponent q: 9180707495599589343206474566470241653094376286920321960074362300079694178141042692915879784722129977674567430529173188898986608915112396683265394948155617
  crt coefficient: 3999529359604887198322520465212803445668432210961019729502103914530388247742016641237995952808703712482862506414062073383339683451433625683775233168415551, ssl client cert chain:[Ljava.security.cert.Certificate;@767c0d>
  ####<12-sep-2009 17:30:24 uur CEST><get BASE64 encoded artifact from http request, value is:AAQAAMRtlWqk3m9VqV3ySu7qjJcGo08PSwH/NaPWjnhgmqYEpXMWX2STBHg=>
  ####<12-sep-2009 17:30:24 uur CEST><ArtifactResolver: sha-1 hash value of remote partner id is '0xc46d956aa4de6f55a95df24aeeea8c9706a34f0f'>
  ####<12-sep-2009 17:30:24 uur CEST><ArtifactResolver: found remote partner 'jdev' with entity ID 'jdev_wls'>
  ####<12-sep-2009 17:30:24 uur CEST><ArtifactResolver: returning partner: [email protected]779>
  ####<12-sep-2009 17:30:24 uur CEST><partner entityid isjdev_wls, end point index is:0>
  ####<12-sep-2009 17:30:24 uur CEST><find end point:[email protected]2a7, binding location is:http://laptopedwin.wh.lan:7101/saml2/sp/ars/soap>
  ####<12-sep-2009 17:30:24 uur CEST><<?xml version="1.0" encoding="UTF-8"?><samlp:ArtifactResolve xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_0xe219b059e77568bc835736caa94d6855" IssueInstant="2009-09-12T15:30:24.671Z" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">soa</saml:Issuer><samlp:Artifact>AAQAAMRtlWqk3m9VqV3ySu7qjJcGo08PSwH/NaPWjnhgmqYEpXMWX2STBHg=</samlp:Artifact></samlp:ArtifactResolve>>
  ####<12-sep-2009 17:30:24 uur CEST><open connection to send samlp:ArtifactResolve. partner id:jdev_wls, endpoint url:http://laptopedwin.wh.lan:7101/saml2/sp/ars/soap>
  ####<12-sep-2009 17:30:24 uur CEST><isClientPasswordSet:false>
  ####<12-sep-2009 17:30:24 uur CEST><connect to remote ARS.>
  ####<12-sep-2009 17:30:24 uur CEST><SoapSynchronousBindingClient.sendAndReceive: begin to send SAMLObject to server.>
  ####<12-sep-2009 17:30:24 uur CEST><SoapSynchronousBindingClient.sendAndReceive: sending completed, now waiting for server response.>
  ####<12-sep-2009 17:30:24 uur CEST><SoapSynchronousBindingClient.sendAndReceive: response code from server is: 200>
  ####<12-sep-2009 17:30:24 uur CEST><SoapSynchronousBindingClient.sendAndReceive: get a HTTP_OK response, now receive a SOAP envelope message.>
  ####<12-sep-2009 17:30:24 uur CEST><SoapSynchronousBindingClient.sendAndReceive: found XMLObject in envelope, return it.>
  ####<12-sep-2009 17:30:24 uur CEST><http url connection disconnect.>
  ####<12-sep-2009 17:30:24 uur CEST><<?xml version="1.0" encoding="UTF-8"?><samlp:ArtifactResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_0xf34d9596cf9f8d37715fdf3529266b40" InResponseTo="_0xe219b059e77568bc835736caa94d6855" IssueInstant="2009-09-12T15:30:24.812Z" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">jdev_wls</saml:Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/><samlp:StatusMessage>[Security:096565]Artifact requester authentication failed.</samlp:StatusMessage></samlp:Status></samlp:ArtifactResponse>>
  ####<12-sep-2009 17:30:24 uur CEST><get samlp:ArtifactResponse and verify it.>
  ####<12-sep-2009 17:30:24 uur CEST><saml version:2.0>
  ####<12-sep-2009 17:30:24 uur CEST><inResponseTo:_0xe219b059e77568bc835736caa94d6855>
  ####<12-sep-2009 17:30:24 uur CEST><status code: urn:oasis:names:tc:SAML:2.0:status:Success>
  ####<12-sep-2009 17:30:24 uur CEST><status message: [Security:096565]Artifact requester authentication failed.>
  ####<12-sep-2009 17:30:24 uur CEST><[Security:096577]Failed to receive AuthnRequest document from the requester.>
  ####<12-sep-2009 17:30:24 uur CEST><Caused by: [Security:096502]There is no saml message in returned samlp:ArtifactResponse.>
  ####<12-sep-2009 17:30:24 uur CEST><exception info
  com.bea.security.saml2.service.SAML2Exception: [Security:096577]Failed to receive AuthnRequest document from the requester.
       at com.bea.security.saml2.service.sso.SSOServiceProcessor.receive(SSOServiceProcessor.java:301)
       at com.bea.security.saml2.service.sso.SSOServiceProcessor.processAuthnRequest(SSOServiceProcessor.java:118)
       at com.bea.security.saml2.service.sso.SSOServiceProcessor.process(SSOServiceProcessor.java:100)
       at com.bea.security.saml2.service.sso.SingleSignOnServiceImpl.process(SingleSignOnServiceImpl.java:50)
       at com.bea.security.saml2.cssservice.SAML2ServiceImpl.process(SAML2ServiceImpl.java:161)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at com.bea.common.security.utils.ThreadClassLoaderContextInvocationHandler.invoke(ThreadClassLoaderContextInvocationHandler.java:27)
       at $Proxy26.process(Unknown Source)
       at com.bea.security.saml2.servlet.SAML2Servlet.service(SAML2Servlet.java:34)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
       at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3590)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  com.bea.security.saml2.binding.BindingHandlerException: [Security:096502]There is no saml message in returned samlp:ArtifactResponse.
       at com.bea.security.saml2.artifact.impl.AbstractArtifactResolver.getSamlMsg(AbstractArtifactResolver.java:459)
       at com.bea.security.saml2.artifact.impl.AbstractArtifactResolver.resolve(AbstractArtifactResolver.java:304)
       at com.bea.security.saml2.binding.impl.ArtifactBindingReceiver.resolve(ArtifactBindingReceiver.java:77)
       at com.bea.security.saml2.binding.impl.ArtifactBindingReceiver.receiveRequest(ArtifactBindingReceiver.java:40)
       at com.bea.security.saml2.service.sso.SSOServiceProcessor.receive(SSOServiceProcessor.java:295)
       at com.bea.security.saml2.service.sso.SSOServiceProcessor.processAuthnRequest(SSOServiceProcessor.java:118)
       at com.bea.security.saml2.service.sso.SSOServiceProcessor.process(SSOServiceProcessor.java:100)
       at com.bea.security.saml2.service.sso.SingleSignOnServiceImpl.process(SingleSignOnServiceImpl.java:50)
       at com.bea.security.saml2.cssservice.SAML2ServiceImpl.process(SAML2ServiceImpl.java:161)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at com.bea.common.security.utils.ThreadClassLoaderContextInvocationHandler.invoke(ThreadClassLoaderContextInvocationHandler.java:27)
       at $Proxy26.process(Unknown Source)
       at com.bea.security.saml2.servlet.SAML2Servlet.service(SAML2Servlet.java:34)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
       at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3590)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  >

  Tony,
  Refer SAP Note: 730870. Q16.
  Fyr from SAP Note:
  Q 16: While sending a message to the RfcAdapter the error "... functiontemplate from repository was <null>" is shown. Which reasons are possible?
                A: After receiving a message from the Adapter Engine, the RfcAdapter extracts the payload from the message. Normally this should be an XML document in the RFC-XML format. In this format the root element of the XML document represents the name of the function module and is enclosed in the fixed RFC namespace 'urn:sap-com:document:sap:rfc:functions'. But this only will be checked at a later point, when the conversion from XML to native RFC is done. As prerequisite of this conversion the structures and types of the function module parameters has to be known. This is also called metadata or function template. To get this function template the name of the function module is extracted from the root element of the XML document and is queried against the metadata repository of the communication channel. If the metadata repository doesn't have a function module with this name, the exception named above is thrown. Possible reasons are
  The XML document, which was send to the RfcAdapter, is not a RFC-XML document. So the root element name of this document is not the name of a function module and thus can't be found in the metadata repository.
  The metadata repository doesn't contain an entry for this function module name. Normally the metadata repository will be an R/3 system and it's function module repository can be searched with transaction code SE37.
  raj.