Hello.
I want to develop a Login system similar to what government portals use (E-CAC, NFE and similar), where the E-CNPJ is used to login.
I've done the following:
1) I created and signed an RSA private key for the server:
keytool -genkey -alias tomcat -keyalg RSA
keytool -selfcert -alias tomcat
2) I configured tomcat:
<Connector port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="${user.home}/.keystore" keystorePass="password"
clientAuth="true" sslProtocol="TLS"/>
It worked perfectly and I was able to access link
3) I installed the ICP-Brasil chain
I followed exactly the steps described here: link
4) I implemented Servlet:
@WebServlet(name = "LerCertificado", urlPatterns = {"/lercertificado"})
public class LerCertificado extends HttpServlet {
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
try (PrintWriter out = response.getWriter()) {
out.println("<html>");
out.println("<head><title>ServletLerCertificado</title></head>");
out.println("<body>");
out.println("<p>Certificado digital:</p>");
String cipherSuite = (String) request.getAttribute("javax.servlet.request.cipher_suite");
if (cipherSuite != null) {
java.security.cert.X509Certificate certChain[] = (java.security.cert.X509Certificate[]) request
.getAttribute("javax.servlet.request.X509Certificate");
if (certChain != null) {
System.out.println("Array size: " + certChain.length);
for (int i = 0; i < certChain.length; i++) {
String certInfo = "Client Certificate [" + i + "] = "
+ certChain[i].toString();
out.println(certInfo);
}
} else {
out.println("Cliente sem Certificado Digital 1");
}
} else {
out.println("Cliente sem Certificado Digital 2");
}
out.println("</body></html>");
}
}
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}
}
BUT IT DOES NOT WORK. Always falls under "Client without Digital Certificate 1"
I tested on an AWS server (I just did not do step 3) with a valid SSL certificate and it did not work, either.
Any idea what might be wrong?