4

I was hoping if I could get some help regarding an issue I have been facing today:

I am trying to authenticate my client with server of one of our clients, I am able to do so by issuing the following command:

curl -v -k -H "Content-Type:application/json" --key privkey.pem --cert pub.cer --data @search.json https://....

As you can tell from the command above I have the following:

  1. public certificate
  2. private key

  3. keystore

    Now, I am trying to do the same thing in java, but I have no clue how to get it done. All the guides that I have read tell me that I should use the keystore I have. But I hit roadblocks when following those guides.

    I anybody could help or point me to a certain direction, I would greatly appreciate it.

    Thanks in advance, Peter

user3513075
  • 75
  • 1
  • 9
  • Define 'roadblocks'. The only guide you need is the JSSE Reference Guide. – user207421 Apr 08 '14 at 23:40
  • @EJP, I cannot use SSL Sockets, I am only allowed to used HTTPS URL Connection which kinda make things difficult. Thank you for the reference, but I do not see much help there (I went through it briefly thought) – user3513075 Apr 09 '14 at 00:37
  • All the KeyStore and truststore steps and settings described there apply to both SSLSockets and HttpsURLConnection. – user207421 Apr 09 '14 at 17:53

1 Answers1

2

It sounds like you need to use an HTTPS URL connection to connect with a server which requires client authentication. You'll need to do two things to get there from where you are.

First, you'll need to create a Java style keystore from your private key and public certificate. Detailed instructions can be found in the answers to this question:

importing an existing x509 certificate and private key in Java keystore to use in ssl

You'll also need to import the server's certificate into the keystore.

Second, you'll need to write your Java code to use your newly created keystore. Do this by creating an SSLContext using your keystore, and setting your HTTPS URL connection to use a socket factory from this context - something along the lines of this:

SSLContext sslContext 
    = SSLConnections.getSSLContext(keyStoreFile, keyStoreFilePassword);
httpsURLConnection.setSSLSocketFactory(sslContext.getSocketFactory());

This should be done after the HttpsURLConnection is created, but before it is connected - that is, before you read from or write to it, or call connect() on it.

Community
  • 1
  • 1
Warren Dew
  • 8,790
  • 3
  • 30
  • 44
  • Warren, Thank you very much for the response. I followed the instructions provided by you. I created a java keystore and applied the context in my code. At the moment I am getting : Received fatal alert: handshake_failure. Could it be because I have not imported the servers certificate with my keystore ? – user3513075 Apr 09 '14 at 15:34
  • The last thing on my trace before the error is : main, RECV TLSv1 ALERT: fatal, handshake_failure, thanks again – user3513075 Apr 09 '14 at 16:05
  • Yes, you also need to import the server's certificate in your keystore. Edited my answer. If you still have an issue, a complete stack trace would be good. – Warren Dew Apr 09 '14 at 17:07
  • Thanks for the quick response warren, I have requested the client to send me their public certificate. I will import it once I get it and respond. Thanks ! – user3513075 Apr 09 '14 at 18:09
  • Thanks for your help so far warren, I imported the servers certificate into the keystore I just created, but I am still getting the follow error:main, RECV TLSv1 ALERT: fatal, handshake_failure – user3513075 Apr 11 '14 at 18:10
  • Can you post your java code making the connection, and a complete stack trace? You can either edit this question or create a new question. – Warren Dew Apr 11 '14 at 19:02
  • I posted the trace as a new post, since it didnt fit in the comment section. – user3513075 Apr 13 '14 at 16:21