This section describes how to use the SDK to configure CA Configuration Automation to support client authentication with X.509 certificates. Use the following SDK API method to use a client certificate to establish CA Configuration Automation Server connectivity.
import com.ca.acm.sdk.net.ACMSDKService;
if (ACMSDKService.locateService(http://<yourserver>:<port>/services/SDKService) )
{
if (ACMSDKService.beginSessionWithCertificate(certificateFileName, certificatePassphrase) )
{
// do some work
...
}
ACMSDKService.endsession();
}
Note: For more information about this method, see the SDK javadoc that is available in the CA Configuration Automation Server installation directory.
In the beginSessionWithCertificate() method, the code runs on the client to set the client certificate to SSL context before making a server call with an empty user name and password.
Use an SDK Web Service Call to Establish Connectivity
To use client certificate authentication to establish CA Configuration Automation Server connectivity, run the following code before making a call to the server:
//This is java code (write equivalent code in your language (C, C++, .NET etc...) before making call to server.
String certificateFileName = “C:\\certs\\client.p12”
String certificatePassphrase = “password”
//create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
} };
char[] passphraseChar = certificatePassphrase.toCharArray();
try {
KeyManagerFactory kmf = KeyManagerFactory.getInstance(“SunX509”);
KeyStore ks = KeyStore.getInstance(“PKCS12”);
ks.load(new FileInputStream(certificateFileName), passphraseChar);
kmf.init(ks, passphraseChar);
SSLContext sc = SSLContext.getInstance(“SSL”);
sc.init(kmf.getKeyManagers(), trustAllCerts, new java.security.SecureRandom());
SSLContext.setDefault(sc);
} catch (Exception e) {
//handle exceptions here.
}
Use the GetSessionCredential web service call with an empty user name and password as input to establish connectivity and to create a session with the CA Configuration Automation Server. The GetSessionCredential call returns the credential string to use in subsequent CA Configuration Automation web service calls.
|
Copyright © 2015 CA Technologies.
All rights reserved.
|
|