1 Using Digital Certificates for Identification & Authorization Robert C. Seacord & Scott A. Hissam February 26, 1998 Software Engineering Institute Carnegie

1

Using Digital Certificates for Identification & AuthorizationRobert C. Seacord & Scott A. Hissam

February 26, 1998

Software Engineering InstituteCarnegie Mellon UniversityPittsburgh, PA 15213-3890

Sponsored by the U.S. Department of Defense© 1998 by Carnegie Mellon University

Carnegie Mellon University

Software Engineering Institute

2



Agenda

Background

Server Configuration• Certificate Management Server (CMS)• Enterprise Server (ES)• Directory Server (DS)

Server-Side JavaScript Solution

Java Solution

Summary

3



Issues

Confidentiality (encryption)• SSL connection

Client authentication• requires obtaining the identity of clients

through client certificatesEase of deployment• code is downloaded through the browser or

accessible through the CLASSPATHJava applications vs.. applets• may want to deploy as Java applications that

do not make use of a browser

4



SEI Work

1. Use of certificates for Identification and Authorization (I&A).2. Use of Visigenics' SSL implementation with Netscape Certificates.3. Verification that additional CAs can be specified in Microsoft IE 4.0.4. Interoperability between Orbix and Visigenics.5. VisiBroker and Orbix to communicate using any SSL implementation.6. Evaluate GateKeeper and Wonderwall.7. Investigate passing Gigabyte size files overIIOP.

5



I&A Model Problem

Pearl Harbor, HawaiiJEDMICS SiteInstallation #1

Huntsville, AlabamaJEDMICS SiteInstallation #2

JEDMICS Program Office

JEDMICS User #1(can get images from Pearl and Huntsville)

JEDMICS User #2(can get images

ONLY form Huntsville)

6



Security Policies

Do users need to have an account (e.g., certificate) from each JEDMICS installation they would like to access?

Can all the users at a given site (e.g., Pearl Harbor) be provided some level of access to another site (e.g., Huntsville) based on the site certificate?• can these permissions be extended for some

user and not others?

Issues: Risk profile, policy scope, flexibility, scalability, operational overhead...

7



Model Policy: Certificate Authority

JEDMICS Program OfficeRoot Certificate Authority

o=JEDMICSc=US

Pearl Harbor, HawaiiJEDMICS #1 Subordinate Certificate Authority

ou=Pearlo=JEDMICS

c=US

Huntsville, AlabamaJEDMICS #2 Subordinate Certificate Authority

ou=Huntsvilleo=JEDMICS

c=US

JEDMICS Program Office authorize (and revoke) certificates for JEDMICS sites

Sites authorize (and revoke) certificates for individual users

8



COTS Servers Installed

3 Netscape Certificate Management Servers (CMS)• one for each Certificate Authority (CA) in the

hierarchy• JEDMICS authority, Pearl and Huntsville

subordinates

2 Netscape Enterprise Servers (ES)• one for each site (e.g., Pearl, Huntsville)

2 Netscape Directory Servers (DS)• one for each site (e.g., Pearl, Huntsville)

9



Directory Server v.1.03

Acts as a global repository for a wide range of application data, including • user and group information• application preferences• Common Object Request Broker Architecture

(CORBA) object locations• public-key certificates

Supports the open Internet standard Lightweight Directory Access Protocol (LDAP v. 2, RFC 1777)

Directory Server can communicate using LDAP over Secure Sockets Layer (SSL)

10



Hierarchical Naming

Supports X.500 hierarchical naming model.

Supports all classes and objects defined in X.520 (1988) and X.521 (1988).

Updates the X.521 organizational Person Protocol to include attributes such as Internet email address, public-key certificates, mobile phone number, pager number, and others. Allows administrators to extend the schema (data model) to keep track of new information.

11



Sample DS Entries

ou=Huntsville, o=JEDMICS, c=US

dn: [email protected], CN=Hugh Downs, UID=hd, OU=Huntsville, O=JEDMICS, C=US

dn: [email protected], CN=Barbara Walters, UID=bw, OU=Huntsville, O=JEDMICS, C=US

Search Base,DN Comp,Suffix

Distinguished Names,Filter Comps (shares suffix)

12



JEDMICS Server Configuration

Admin ServerEnterprise Server 3.0

Admin ServerDirectory Server 1.03

jd.sei.cmu.edu

Admin ServerEnterprise Server 3.0

Admin ServerDirectory Server 1.03

Admin ServerCMS Server 1.01

huntsvilleCA

gc.sei.cmu.edu

Port 8080

Admin ServerCMS Server 1.01

pearlCA

Port 1443

Port 1389/636

Port 8080

Port 1443

Port 1389/636

Visigenic 3.0 ORB Visigenic 3.0 ORBPort 14000 Port 14000

Pearl Harbor Huntsville

CMS Server 1.01jedmicsCA

Port 14430

BRIsec SMsec JedSec BRIsec SMsec JedSec

13



CMS SetupJEDMICS Root CAcn=JEDMICS Root CA, o=JEDMICS, c=US

Subordinate CAscn=Pearl Sub CA, ou=Pearl, o=JEDMICS, c=UScn=Huntsville Sub CA, ou=Huntsville,

o=JEDMICS, c=US

Root CAs are chained to each subordinate CA using CMS menus

Root CA installed as trusted CA in each CMS

X.509 Distinguished Names

14



Initial ES Setup

For each site’s ES• enable SSL using CA certificate from corresponding site• enable Server-Side JavaScript• install corresponding CA as trusted CA

The specific CA installed makes a difference• root CA certificate can decode both Pearl & Huntsville

client certificates• sub CA certificate can only decode certificates issued

from that Sub CA

Note: Sub CA certificate installed must come from Root CA’s CMS because of chaining

15



Initial DS Setup

For each site’s Directory Server (DS)• enable admin user for corresponding ES• define search base for the siteou={site_name}, o=JEDMICS, c=US

• build directory entries for users, servers, and CAs using- manual (batch) approach- command line approach- programmatic approach- GUI (interactive) approach

• add DS to corresponding ES and CMS

16



DS Update Approaches

Manual• backup database as LDAP Interchange Format

(.ldif) file• add entries for CMS certificates to .ldif file• create DS database from new .ldif file

Command line•LDAPadd, LDAPmod, LDAPdelete

Programmatic• Java classes (import netscape.LDAP.*;)

GUI• Directory Server Gateway Interface (DSWG)• HTML pages, CGI-BINs accessed from ES

17



Final DS & ES Setup

Directory Server• update with User, Server and CA Certificates

- privileged operation from CMS interface• correct any errors in LDAP database for those

certificates that could not be updated

Enterprise Server• create certificate mapping from CA certificate

to LDAP search criteria (certmap.conf)• create Access Control List (ACL) for URIsuri=/jedsec

18



Administration Operation

User submits certificate request to CA(e.g. Huntsville CA)

Issuing Agent receives CSR via CMS

Issuing agent creates an new person entry in LDAP directory server

Issuing agent reviews CSR and issues certificate

CMS will update LDAP directory server with issued certificate

User receives issued certificate

User can now use system

19



Certificates Issued

JEDMICS Root CA

Pearl Sub CA

Soft W. Developer

Huntsville Sub CA

Barbara Walters2

Peter Jennings1

Hugh Downs1

Huntsville Sub CA Issuing Agent

Pearl Sub CA Issuing AgentDave Kyle1

JEDMICS Root CA Issuing Agent1 Authorized to logon to local site2 Certificate is now revoked

John Stossel1

20



Model Policy: Identification & Authorization

To Logon• certificate must be issued from site• X.509 DN fields must be found in LDAP server, in

this case:cn=, uid=, email=, ou=, o= and c=

• certificate must match that found in LDAP server• certificate cannot be expired• certificate cannot be revoked• other criteria possible

21



SSJS Solution

Certificate manipulation managed between Browser and HTTP server

HTTP server manages client authentication• interrogates browser for client certificate• validates client certificate• looks up client certificate in LDAP server

22



SSJS Solution: Install/Setup

Enterprise Server configuration• authorized users issued certificates from site• holders of certificates permitted access• certificates not issued from site cannot be

decrypted

23



SSJS Solution Overview

JedSec:: UserFactory.createUser User.authorized User.logImageRetrieval

BRIsec:: getImageList

SMsec:: getImage

Netscape Navigator 4.04

JedmicsApplet

https://gc:8080/jedsec

jedsec (javascript/livewire) jedsec/start.html jedsec/index.html

secure comms

clear comms

3

• 3 create user object

4

• 4 construct web page with applet

5

• 5 reconstitute stringified object

6

• 6 request image search

• 7 request actual image

7

8

• 8 audit user retrieval

LDAP://gc:1389

TCB

1

• 1 first contact

2

• 2 directory lookup

24



1. First Contact

User information extracted from certificate• user id• email address• full name• organizational unit• public key

25



2. Directory lookup



secure comms

clear comms

LDAP://gc:1389

TCB

1

2

26



2. Directory Lookup

Enterprise server uses certificate information to find entry in associated directory server•certmap.conf defines mapping of certificate

information to LDAP search fields (and order)- mapping based on certificate authority

• certificate pulled from LDAP server is compared with presented certificate

• successful search and match authorizes access

certmap pearlCA CN=Pearl Sub CA, OU=Pearl, O=JEDMICS, C=USpearlCA:DNComps ou,o,cpearlCA:FilterComps mail, uid, cn, oupearlCA:verifycert on

27



3. Create User Object





secure comms

clear comms

3LDAP://gc:1389

TCB

1

2

28



3. Create User Object

JavaScript and Livewire used to obtain information gathered by ES for our application• used to create a user object from the JedSec::UserFactory

Start.html:::

<server>// initialize the orbproject.orb = Packages.org.omg.CORBA.ORB.init();

// establish connection to the "UserFactory" serviceproject.jedSecUserFactory = Packages.JedSec.UserFactoryHelper.bind(project.orb, "UserFactory");</server>

:

Start.html:::

<server>// initialize the orbproject.orb = Packages.org.omg.CORBA.ORB.init();

// establish connection to the "UserFactory" serviceproject.jedSecUserFactory = Packages.JedSec.UserFactoryHelper.bind(project.orb, "UserFactory");</server>

:

Launched at Server Startup

index.html:::

<server>cert = ssjs_getCGIVariable("CLIENT_CERT");__userObj = project.jedSecUserFactory.createUser(request.auth_user, cert, request.ip);

</server>:

index.html:::

<server>cert = ssjs_getCGIVariable("CLIENT_CERT");__userObj = project.jedSecUserFactory.createUser(request.auth_user, cert, request.ip);

</server>:

Launched upon each client session

29



Note On Using JavaScript

User object must be assigned to either a local attribute or an attribute of the project object• cannot invoke a method on a object proxy

assigned to a client attribute

Possible explanation: the runtime engine constructs and destroys the client object for each request

30



4. Construct Web Page with Applet



JedmicsApplet



secure comms

clear comms

3

4

LDAP://gc:1389

TCB

1

2

31



4. Construct Web Page with AppletConstruction of page can be made conditional• example uses second tier of authorization

Index.html:::

__strUserObj = project.orb.object_to_string(__userObj);__authorizedUser = __userObj.authorized();if (__authorizedUser) { write(”<applet\n code=JedmicsApplet.class codebase=\"jedmicsAppletDemo5\"\n"); write("archive=\"jedsec.zip\" width=600 height=200>\n"); write("<param name=USE_ORB_LOCATOR value=>\n"); write("<param name=org.omg.CORBA.ORBClass value=com.visigenic.vbroker.orb.ORB>\n"); write(”>\n<param name=strUserObject value="); write(__strUserObj); write(">\n</applet>\n");}else { write("unauthorized client access\n");}__userObj.logEvent(request.auth_user, “Accessed /jedsec”);

:

Index.html:::

__strUserObj = project.orb.object_to_string(__userObj);__authorizedUser = __userObj.authorized();if (__authorizedUser) { write(”<applet\n code=JedmicsApplet.class codebase=\"jedmicsAppletDemo5\"\n"); write("archive=\"jedsec.zip\" width=600 height=200>\n"); write("<param name=USE_ORB_LOCATOR value=>\n"); write("<param name=org.omg.CORBA.ORBClass value=com.visigenic.vbroker.orb.ORB>\n"); write(”>\n<param name=strUserObject value="); write(__strUserObj); write(">\n</applet>\n");}else { write("unauthorized client access\n");}__userObj.logEvent(request.auth_user, “Accessed /jedsec”);

:

userObject passed to applet in stringified form

32



5. Reconstitute the User Object



JedmicsApplet



secure comms

clear comms

3

4

5

LDAP://gc:1389

TCB

1

2

33



5. Reconstitute the User ObjectStringified user object is converted back into a user object reference• passed as a parameter to application services

(e.g., BRIsec)

JedmicsApplet.java::public class JedmicsApplet extends Applet { public static JedSec.User userRef = null;

: public void init () { String stringifiedUserObject = getParameter("strUserObject");

: // Locate the User Object authorizing this client org.omg.CORBA.Object object = orb.string_to_object(stringifiedUserObject); userRef = JedSec.UserHelper.narrow(object);

:}

JedmicsApplet.java::public class JedmicsApplet extends Applet { public static JedSec.User userRef = null;

: public void init () { String stringifiedUserObject = getParameter("strUserObject");

: // Locate the User Object authorizing this client org.omg.CORBA.Object object = orb.string_to_object(stringifiedUserObject); userRef = JedSec.UserHelper.narrow(object);

:}

34



6. Request Image Search




JedmicsApplet



secure comms

clear comms

3

45

6

LDAP://gc:1389

TCB

1

2

35



6. Request Image Search

BRIsec is used to locate images matching search criteria• unchanged from previous model problems

JedmicsEvents.java::

// call getImageList operation try { images = JedmicsApplet.briRef.getImageList(partNo); } catch (BRIsecPackage.NotFound e) { displayMsg ("Matching part not found.\nTry a less restrictive pattern."); return; }

: for (i=0; i < images.length; i++) { // Build list (allowing one selection at a time) imageList.addItem(images[i]); System.out.println("adding " + images[i]); }

JedmicsEvents.java::

// call getImageList operation try { images = JedmicsApplet.briRef.getImageList(partNo); } catch (BRIsecPackage.NotFound e) { displayMsg ("Matching part not found.\nTry a less restrictive pattern."); return; }

: for (i=0; i < images.length; i++) { // Build list (allowing one selection at a time) imageList.addItem(images[i]); System.out.println("adding " + images[i]); }

36



7. Request Actual Image



SMsec:: getImage


JedmicsApplet



secure comms

clear comms

3

45

6

7LDAP://gc:1389

TCB

1

2

37



7. Request Actual Image Image is retrieved directly from SM• user object reference is passed as additional parameter

JedmicsEvents.java::public void getSMImage(String imageName) {

: byte[] imageData; : // check that proxy exists if (JedmicsApplet.smRef == null) { displayMsg ("Get image failed - not connected to SM server."); return; }

: // call getImage operation imageData = JedmicsApplet.smRef.getImage(JedmicsApplet.userRef, imageName);

:}

JedmicsEvents.java::public void getSMImage(String imageName) {

: byte[] imageData; : // check that proxy exists if (JedmicsApplet.smRef == null) { displayMsg ("Get image failed - not connected to SM server."); return; }

: // call getImage operation imageData = JedmicsApplet.smRef.getImage(JedmicsApplet.userRef, imageName);

:}

38



8. Audit User Retrieval



SMsec:: getImage


JedmicsApplet



secure comms

clear comms

3

45

6

7

8

LDAP://gc:1389

TCB

1

2

39



8. Audit User Retrieval

User object used to log image retrieval• generates C2 audit trail

SMsec_srvr.C::SMsec::image* SMsecImpl:: getImage (JedSec::User_ptr userRef, const char * imageName) { if (!(stat(imageName, &buf))) { perror("serverSMsec: fstat failed"); } imageData = new image; imageData->length(buf.st_size); if ((fp = open (imageName, O_RDONLY)) < 0) { perror("serverSMsec: open"); } int bc = read(fp, &imageData[0], buf.st_size); close (fp); userRef -> logImageRetrieval(tempname); return (imageData);}

SMsec_srvr.C::SMsec::image* SMsecImpl:: getImage (JedSec::User_ptr userRef, const char * imageName) { if (!(stat(imageName, &buf))) { perror("serverSMsec: fstat failed"); } imageData = new image; imageData->length(buf.st_size); if ((fp = open (imageName, O_RDONLY)) < 0) { perror("serverSMsec: open"); } int bc = read(fp, &imageData[0], buf.st_size); close (fp); userRef -> logImageRetrieval(tempname); return (imageData);}

40



Deployment RecommendationsPre-install Visigenic Orb Classes • placing vbj30.jar in Navigator’s CLASSPATH

saves downloading of 2.4Mb jar file

Zigbert/Zip the specific application only• archive attribute of the <APPLET> tag• digitally sign the archive

Makefile::jedsec.zip: $(CLASSES) @echo Building $@ -rm -rf jarDir -mkdir jarDir tar cf - `find . -name "*.class" -print` | (cd jarDir; tar xvf -) zigbert -d.. -k"Soft W. Developer's JEDMICS ID" -p”password" jarDir (cd jarDir; zip -r ../$@ *) rm -rf jarDir

Makefile::jedsec.zip: $(CLASSES) @echo Building $@ -rm -rf jarDir -mkdir jarDir tar cf - `find . -name "*.class" -print` | (cd jarDir; tar xvf -) zigbert -d.. -k"Soft W. Developer's JEDMICS ID" -p”password" jarDir (cd jarDir; zip -r ../$@ *) rm -rf jarDir

41



Advantages - SSJS Solution

No additional client configuration necessary• SSL libraries still need to be installed• the vbj30.jar file may be installed to improve

performance

Certificate manipulation for client authentication managed between Browser and HTTP server• no coding required

42



Disadvantages - SSJS Solution

Can only be used for applets and not Java applications

Difficult to export user credentials from HTTP server to JEDMICS system• connection between HTTP Server and applet

goes through kludge Server-Side JavaScript interface

43



“100% Pure” Java Solution

Can be used for Java application or Java applet• does not require use of web browser, HTTP

server or SSJS• still uses CMS & DS

Code for certificate manipulation and authentication must be developed• Java 1.2 supplies Certificate API for certificate

management • Netscape LDAP Java SDK used for searching

the LDAP directory • encryption/decryption performed using

patented algorithms from RSA (JSAFE)

44



COTS Servers Installed/Setup

3 Netscape Certificate Management Servers (CMS)• one for each Certificate Authority (CA) in the

hierarchy• JEDMICS authority, Pearl and Huntsville

subordinates

2 Netscape Directory Servers (DS)• one for each site (e.g., Pearl, Huntsville)

Setup the same except for Enterprise Server steps

45



“100% Java” Model Policy: I&A

1. Client encrypts uid using private key2. Client presents encrypted uid with certificate3. Server looks up certificate in LDAP4. Server confirms that • certificate has been issued from site• X.509 DN fields must be found in LDAP servercn=, uid=, email=, ou=, o= and c=

• certificate presented matches certificate found in LDAP server

• certificate has not expired or been revoked5. Server uses public key to decrypt uid6. Server confirms that decrypted uid is the same as the uid in the LDAP directory entry

46



Client Installation

1. Export certificate from Netscape in PKCS-12 format

2. Convert from PKCS-12 to PEM format pfx -print_certs -in hd.p12

3. Cut and paste first certificate into hd.pem

4. Convert from PEM format into DER format ssleay x509 -in hd.pem -inform PEM

-out hd.der -outform DER

47



100% Pure Java Solution Overview

JedSec::


SMsec:: getImage

JEDMICS Client (Java 1.2)

3

• 3 LDAP lookup

4

• 4 Request image search

5

• 5 Request actual image

6

• 6 Audit user retrieval

TCB

1

• 1 Create user object

2

• 2 Authorize user

LDAP://gc:1389

UserFactory.createUser

User.authorized

User.logImageRetrieval

48



1. Create User Object (Client)

FileInputStream f = null;byte[] myCert = null;String UserID = "hd";

factoryRef = JedSec.UserFactoryHelper.bind(orb, "UserFactory");f = new FileInputStream (UserID + ".der");myCert = new byte[f.available()];f.read (myCert); userRef = factoryRef.createDERUser( UserID, myCert, java.net.InetAddress.getLocalHost().getHostAddress()); if (userRef.authorized()) { System.out.println (”Welcome");} else { System.out.println (”Unauthorized Access!"); System.exit(0);}

FileInputStream f = null;byte[] myCert = null;String UserID = "hd";

factoryRef = JedSec.UserFactoryHelper.bind(orb, "UserFactory");f = new FileInputStream (UserID + ".der");myCert = new byte[f.available()];f.read (myCert); userRef = factoryRef.createDERUser( UserID, myCert, java.net.InetAddress.getLocalHost().getHostAddress()); if (userRef.authorized()) { System.out.println (”Welcome");} else { System.out.println (”Unauthorized Access!"); System.exit(0);}

49



1. Create User Object (Server)

// ctorpublic UserImpl(String uid, byte[] cert, String ip) { _uid = uid; _cert = null; _DERcert = cert; _ip = ip; _myLDAPHost = "gc.sei.cmu.edu"; _myLDAPPort = 1389; _myLDAPBase = "ou=Huntsville,o=JEDMICS,c=US";

_myX509cert = X509Certificate.getInstance(_DERcert);}

// ctorpublic UserImpl(String uid, byte[] cert, String ip) { _uid = uid; _cert = null; _DERcert = cert; _ip = ip; _myLDAPHost = "gc.sei.cmu.edu"; _myLDAPPort = 1389; _myLDAPBase = "ou=Huntsville,o=JEDMICS,c=US";

_myX509cert = X509Certificate.getInstance(_DERcert);}

UID and other information should be extracted from certificate

50



2. User Authorization

JedSec::


TCB

1

2


User.authorized

51



2. User Authorization

// if we did not find a certificate, don't let them in if (theCert == null) { returnCode = false; } else { Date startDate = theCert.getNotBefore(); Date endDate = theCert.getNotAfter(); Date rightNow = new Date(); if (rightNow.before(startDate)) { returnCode = false; } if (rightNow.after(endDate)) { returnCode = false; } }

// if we did not find a certificate, don't let them in if (theCert == null) { returnCode = false; } else { Date startDate = theCert.getNotBefore(); Date endDate = theCert.getNotAfter(); Date rightNow = new Date(); if (rightNow.before(startDate)) { returnCode = false; } if (rightNow.after(endDate)) { returnCode = false; } }

Enforce authorization policy• below, authorized operation verifies the

certificate has not expired (or is post-dated)

52



3. LDAP Lookup

JedSec::


3

TCB

1

2

LDAP://gc:1389


User.authorized


53



3. LDAP Lookup

if (attrName.indexOf(”usercertificate;binary") >= 0) { Enumeration enumVals = anAttr.getByteValues(); while ( enumVals.hasMoreElements() ) { byte[] aVal = ( byte[] ) enumVals.nextElement(); // Get certificate attribute and compare with // certificate presented by user X509Certificate theCert = null; theCert = X509Certificate.getInstance(aVal); if (_myX509cert != null) { if (! _myX509cert.equals(theCert) ) { returnCode = false; } // end if certificate does not match } // end if certificate retrieved from LDAP } // end while} // end if user certificate

if (attrName.indexOf(”usercertificate;binary") >= 0) { Enumeration enumVals = anAttr.getByteValues(); while ( enumVals.hasMoreElements() ) { byte[] aVal = ( byte[] ) enumVals.nextElement(); // Get certificate attribute and compare with // certificate presented by user X509Certificate theCert = null; theCert = X509Certificate.getInstance(aVal); if (_myX509cert != null) { if (! _myX509cert.equals(theCert) ) { returnCode = false; } // end if certificate does not match } // end if certificate retrieved from LDAP } // end while} // end if user certificate

Authorization function looks up certificate in LDAP directory for comparison with presented certificate

54



Remaining Steps

JedSec::


SMsec:: getImage


3

4

• 4 Request image search

5

• 5 Request actual image

6

• 6 Audit user retrieval

TCB

1

2

LDAP://gc:1389


User.authorized


55



Advantages - Java Solution

Can be used with Java applets and applications.

Authentication policy can be specified.

56



Disadvantages - Java Solution

It is not possible to obtain the client identity (certificate) through the browser, since a standard API does not exist. • certificates are either hard coded or read from

the file system

Authentication policy must be developed.

57



Summary

Identification and authorization using client certificates is feasible

Server-Side JavaScript solution fully implemented

“100% Pure” Java solution largely implemented• requires encryption using JSAFE libraries

58



Future Work

Complete “100% Pure” Java solution.Incorporate JSAFE for image encryption and authentication.Use of Visigenics' SSL implementation with Netscape Certificates.Interoperability between Orbix and Visigenics.VisiBroker and Orbix to communicate using any SSL implementation.Evaluate GateKeeper and Wonderwall.Investigate passing Gigabyte size files overIIOP.

59



SSL Disadvantages

Requires native library to be installed on each client machine. • must be ported to all client platforms • requires a separate installer.

It is not possible to obtain the client identity (certificate) through the browser, since a standard API does not exist. Thus, certificates are either hard code in the implementation, or they are read dynamically from the file system. Navigating through a client-side firewall is not possible since connections are not routed through a client-side proxy as they are in a browser.

60



Java 1.2 Certificate API

The Certificate API java.security.cert includes the following: • the Certificate class is an abstract class for

managing a variety of certificates• the X509Certificate class provides a

standard way to access all the attributes of an X.509 certificate

• the X509Extension interface is an interface for an X.509

• the X509CRL class is an abstract class for an X.509 Certificate Revocation List (CRL

• the RevokedCertificate class is an abstract class for a revoked certificate in a CRL

Documents

1 Using Digital Certificates for Identification & Authorization Robert C. Seacord & Scott A. Hissam February 26, 1998 Software Engineering Institute Carnegie