TaxCore - request token using a smart card certificate

Question

The app I am trying to make needs to request a token from the TaxCore server by providing it with a personal certificate acquired from a smart card. I've exported the certificate from the smart card, and named it buisness.cer. I also have 2 more certificates that I need in order to establish the https connection ( Sandbox SUF Issuing CA 1.cer and Sandbox SUF RCA.cer ).

The official documentation states the following steps:

1. Create HTTPS GET request object
2. Add HTTP headers "Accept: application/json" and "Content-Type: application/json"
3. Read certificate from the PKI Applet
4. Use the certificate from the PKI Applet to establish SSL/TLS connection
5. Send a request to "/api/v3/sdc/token" operation on TaxCore.API web service.
6. Read the response as JSON structure defined below

I've lost days trying to make this work, and tested all of the examples I could find around the internet, but despite my efforts I always end up with a 401 respponse. {"Message":"Authorization has been denied for this request."}

Currently I have this (non-working):

private static X509Certificate getCert(String f) {
    InputStream is0;
    try {
        CertificateFactory cf0 = CertificateFactory.getInstance("X.509");
        is0 = new FileInputStream(f);
        var cer = (X509Certificate) cf0.generateCertificate(is0);
        is0.close();
        return cer;
    } catch (FileNotFoundException e) {
        e.printStackTrace();
    } catch (CertificateException e) {
        e.printStackTrace();
    } catch (IOException e) {
        e.printStackTrace();
    }
    return null;
}
public final static void main(String[] args) throws Exception {
        var buisnessCert = getCert("someplace/buisness.cer");
        var issuingCaCert = getCert("someplace/issuingCa.cer");
        var rcaCert = getCert("someplace/rca.cer");
        var tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
        ks.load(null);
        ks.setCertificateEntry("issuingCaCert", issuingCaCert);
        ks.setCertificateEntry("rcaCert", rcaCert);
        ks.setCertificateEntry("buisnessCert", buisnessCert);
        tmf.init(ks);
        SSLContext sslContext = SSLContext.getInstance("TLS");
        sslContext.init(null, tmf.getTrustManagers(), null);
        SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, null, null,
            SSLConnectionSocketFactory.getDefaultHostnameVerifier());
        CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
        try {
            HttpGet httpget = new HttpGet("https://taxcoreservergoeshere/api/v3/sdc/token");
            httpget.setHeader("Accept", "application/json");
            httpget.setHeader("Content-Type", "application/json");
            CloseableHttpResponse response = httpclient.execute(httpget);
            try {
                HttpEntity entity = response.getEntity();
                System.out.println(EntityUtils.toString(entity));
                EntityUtils.consume(entity);
            } finally {
                response.close();
            }
        } finally {
            httpclient.close();
        }
    }

Any help is highly appreciated.

Answer 1

The certificate is not supposed to leave the smart card. You need to use a PKCS#11 provider to instantiate your keystore. This answer could be a good starting point: Java Access Token PKCS11 Not found Provider