Java HttpsURLConnection call rest web service and apply certificate programmatically

Question

I been trying to bind rest service for payment purposes. They give me certificate in p12 format and gave me instruction to convert it in pem format using OpenSSL library. Now I have these two files.

key.pem(-----BEGIN ENCRYPTED PRIVATE KEY-----)
cert.pem(-----BEGIN CERTIFICATE-----)

My goal is to call this rest service using HttpsURLConnection. As far as I know, I need to do following:

KeyStore, SSLContext and then apply into httpsCon.setSSLSocketFactory(context.getSocketFactory());

I was looking for different solution but could not find working solution. Can someone provide working example?

Plain Java can handle PKCS#12 (.p12) files but not PEM files. How to load .p12 files in Java is e.g. shown here: https://stackoverflow.com/a/12621128/150978. P12 file as client cert in HTTPS here: https://stackoverflow.com/a/60845060/150978 — Robert, May 07 '20 at 12:13
Thanks for your response. The main reason was TrustManager. It was trying to check certificate validation locally. I overrode it and it start working — gogagubi, May 07 '20 at 17:13

score -1 · Accepted Answer · answered May 07 '20 at 17:10

Here is code worked for me. Hope it helps someone

public class Main {

    @Autowired
    ResourceLoader resourceLoader;

    private static void applyCertificateInformation(HttpsURLConnection con, String password) throws IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException, UnrecoverableKeyException, KeyManagementException {
        KeyStore clientStore = KeyStore.getInstance("PKCS12");
        clientStore.load(resourceLoader.getResource("my-cert.p12").getInputStream(), password.toCharArray());

        KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        kmf.init(clientStore, password.toCharArray());

        KeyManager[] kms = kmf.getKeyManagers();


        TrustManager[] tms = new TrustManager[]{
                new X509TrustManager() {

                    @Override
                    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                        return null;
                    }

                    @Override
                    public void checkClientTrusted(
                            java.security.cert.X509Certificate[] certs, String authType) {
                    }

                    @Override
                    public void checkServerTrusted(
                            java.security.cert.X509Certificate[] certs, String authType) {
                    }
                }
        };

        SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
        sslContext.init(kms, tms, new SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
        con.setSSLSocketFactory(sslContext.getSocketFactory());
    }

}

This code does not check the validation of the server certificate. It is therefore highly insecure and should never be used! — Robert, May 07 '20 at 17:36

Java HttpsURLConnection call rest web service and apply certificate programmatically

1 Answers1