-1

Is it possible to use Tomcat java servlet to validate merchant?

If so how can I send the SSL certificate and SSL key pem file contents using httpclient?

Here's the code in PHP but we are using Tomcat server.

$data = '{"merchantIdentifier":"merchant.com.blah.shop", "domainName":"shop.blah.com", "displayName":"Blah Shop"}';  

curl_setopt($ch, CURLOPT_URL, $validation_url);  
curl_setopt($ch, CURLOPT_SSLCERT, PRODUCTION_CERTIFICATE_PATH);  
curl_setopt($ch, CURLOPT_SSLKEY, PRODUCTION_CERTIFICATE_KEY);  
curl_setopt($ch, CURLOPT_POST, 1);  
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
JJJ
  • 32,902
  • 20
  • 89
  • 102
Joe Smith
  • 83
  • 1
  • 9

1 Answers1

0

First of all, you should never send your private key file over network to anyone, even to apple. Your PHP example code didn't send it anywhere, but used it to sign the request.

From Tomcat point of view, you need a Java program to send HTTP request via Internet (with you SSL certificates and keys used to sign your request). You can use different libraries, like Apache HttpComponents to archive that. See detailed answer by @eis for details.

vlsergey
  • 254
  • 1
  • 10
  • Thank you. I will take a look ath HttpComponents. – Joe Smith Apr 18 '18 at 20:13
  • Still a little confused here. I looked the details by @eis and all it shows is hwo to import the key. What about the certificate itself? How do I include the certificate in the request that my app is sending? I think Apple Pay is expecting the key and certificate to be separate and not combine and send them as keystore?? – Joe Smith Apr 18 '18 at 20:17
  • @JoeSmith: Java architecture (JCA) stores the privatekey and certificate (or usually chain) together in a keystore, but it correctly implements standardized TLS protocol by _sending_ the cert/chain part and _using locally_ the privatekey part. (curl uses separate files but implements the same protocol.) – dave_thompson_085 Apr 19 '18 at 00:16