cancel
Showing results for 
Search instead for 
Did you mean: 

CallbackHandler of type CERTIFICATE

Former Member
0 Kudos

Does anyone have any examples of using the CallbackHandler for type CERTIFICATE? I'm attempting to modify a LoginModule to examine the certificate sent by the client for some special processing, but I seem to always get a null pointer back. An example code snippet follows...


.
.
.
Callback[] callbacks new Callback[1];
callbacks[0] new HttpGetterCallback();

((HttpGetterCallback) callbacks[0]).setType(HttpCallback.CERTIFICATE);

try {
    callbackHandler.handle(callbacks);
    } catch (UnsupportedCallbackException e) {
	return false;
    } catch (IOException e) {
	throwUserLoginException(e, LoginExceptionDetails.IO_EXCEPTION);
    }
.
.
.

For some reason,

((HttpGetterCallback) callbacks[1]).getValue()

always returns null.

Accepted Solutions (0)

Answers (1)

Answers (1)

0 Kudos

There are some errors in your source code but they are not in the way the certificate is obtained. Here is the source fixed without these errors:

HttpGetterCallback cb = new HttpGetterCallback();
cb.setType(HttpCallback.CERTIFICATE);
Callback[] callbacks = new Callback[] {cb};

try {
  callbackHandler.handle(callbacks);
} catch (UnsupportedCallbackException e) {
  return false;
} catch (IOException e) {
  throwUserLoginException(e, LoginExceptionDetails.IO_EXCEPTION);
}

X509Certificate[] cert = (X509Certificate[]) cb.getValue();

If at the value in the callback is still null after it is handled successfully module means that there is no certificate in the request. This may happen if you have not configured the server to request client certificate. Information how to do this you can find in NetWeaver documentation on http://help.sap.com :

SAP NetWeaver -> Security -> Network and Transport Layer Security -> Transport Layer Security on the SAP J2EE Engine -> Configuring the Use of SSL on the SAP J2EE Engine

SAP NetWeaver -> Security -> Network and Transport Layer Security -> Transport Layer Security on the SAP J2EE Engine -> Additional Keystore and Cryptographic Functions -> Managing the Credentials and Trusted Certificates to Use SSL