0

My application is using Apache Commons HTTP Client to consume HTTP service URL. Now we have to move over HTTPS endpoint URL. To consume the same, we received SSL Client Certificate. How we can use .JKS with password while consuming HTTPS URL ? (Due to application limitations cant use other APIs)

KeyStore identityKeyStore = KeyStore.getInstance("JKS");
FileInputStream identityKeyStoreFile = new FileInputStream(new File(certificatePath));
identityKeyStore.load(identityKeyStoreFile, password.toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(identityKeyStore);
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
keyManagerFactory.init(identityKeyStore, password.toCharArray());
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(keyManagerFactory.getKeyManagers(), tmf.getTrustManagers(), null);
SSLContext.setDefault(sslContext);        
PostMethod post = new PostMethod("https://url");
    HttpClient httpClient = new HttpClient();
    String reqMessage = getSolaceRequestMessage(message,hostName,port,authentication);
    Part[] parts = {
        new StringPart("reqMessage", message),
    };
    post.setRequestEntity(
        new MultipartRequestEntity(parts, post.getParams())
    );
    httpClient.executeMethod(post);
Sarvesh H
  • 33
  • 4
  • Same question to this one : https://stackoverflow.com/questions/21223084/how-do-i-use-an-ssl-client-certificate-with-apache-httpclient – Yiao SUN Jul 07 '21 at 15:32
  • @YiaoSUN Thanks for your reply. The below library is used in my application. The above link you shared is using http components client library. `commons-httpclient commons-httpclient 3.1` – Sarvesh H Jul 08 '21 at 03:57
  • @stdunbar no, my application uses `commons-httpclient` library. The link above shows with apache components. – Sarvesh H Jul 08 '21 at 04:32
  • You're right @SarveshH - you're using a library that hasn't been updated in 8 years and isn't supported anymore. I retracted my close vote. – stdunbar Jul 08 '21 at 15:05

2 Answers2

0

The *.jks we use in the back service part.

I can give you a example of my project Java Spring boot, I change http --> https in my back service and I added my certificate in Nginx.

Example of https simple services

When you changed back service you can call https directly in your front application(ex.web angular).

Yiao SUN
  • 908
  • 1
  • 8
  • 26
  • I have configured Spring boot service but the client application is using `commons-httpclient` library to call the service. I have updated the client code. – Sarvesh H Jul 08 '21 at 04:17
  • @SarveshH I think you should test your https API with postman first, just to make sure your API https works. You can follow this to make the call, it looks like something you want to do https://prasans.info/making-https-call-using-apache-httpclient/ I prefer this solution : https://mkyong.com/java/apache-httpclient-examples/ but he dont use jks – Yiao SUN Jul 08 '21 at 08:13
  • @SarveshH The Commons HttpClient project is now end of life, and is no longer being developed. It has been replaced by the Apache HttpComponents project in its HttpClient and HttpCore modules, which offer better performance and more flexibility. https://hc.apache.org/httpclient-legacy/ – Yiao SUN Jul 08 '21 at 08:22
0

I used below implementation which worked for me as had limitation not to upgrade the http client libraries.

System.setProperty(JAVAX_NET_SSL_TRUSTSTORE, "H://certificateFile.jks");
System.setProperty(JAVAX_NET_SSL_TRUSTSTORE_KEY, "abcd");
Sarvesh H
  • 33
  • 4