Month: December 2019

HTTPS client with valid SSL certificate

Here is the code snippet for connecting to services with HTTPS & HTTP with valid keystore and trust store


import org.apache.http.client.HttpClient;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.ssl.SSLContextBuilder;


// Method to build the http client with SSL & non SSL

public HttpClient buildHttpClient(ApplicationProperties properties) throws UnrecoverableKeyException, CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException {
CloseableHttpClient httpclient =
return httpclient;

private RequestConfig getRequestConfig(int socketTimeOut, int connectTimeOut, int connectRequestTimeOut) {
return RequestConfig.custom().setSocketTimeout(socketTimeOut)

private PoolingHttpClientConnectionManager poolingHttpClientConnectionManager(ApplicationProperties properties) throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException {
PoolingHttpClientConnectionManager httpClientConnectionManager = null;
if(properties.isSslEnabled()) {
* Load the keystore
final KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(loadCertificate(properties.getSslKeyStoreLocation()), properties.getSslKeyStorePassword().toCharArray());
* Load the trust store
final KeyStore myTrustStore = KeyStore.getInstance(properties.getSslTrustStoreType());
myTrustStore.load(loadCertificate(properties.getSslTrustStoreLocation()), properties.getSslTrustStorePassword().toCharArray());
SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
sslContextBuilder.loadTrustMaterial(myTrustStore, null);
sslContextBuilder.loadKeyMaterial(keyStore, properties.getSslKeyStorePassword().toCharArray());
SSLConnectionSocketFactory sslConnectionSocketFactory = null;
try {
* Build SSL context
sslConnectionSocketFactory = new SSLConnectionSocketFactory(;
} catch (NoSuchAlgorithmException | KeyManagementException e) {

Registry sslSocketFactoryRegistry = RegistryBuilder.create()
.register(HTTPS, sslConnectionSocketFactory)
httpClientConnectionManager = new PoolingHttpClientConnectionManager(
} else {
* default to non SSL context
httpClientConnectionManager = new PoolingHttpClientConnectionManager();
return httpClientConnectionManager;

* Method to load the certificates from the classpath location
* @param certificateLocation
* @return
* @throws IOException
private InputStream loadCertificate(String certificateLocation) throws IOException {
ClassPathResource resource = new ClassPathResource(certificateLocation);
return resource.getInputStream();

Agile Scrum process improvements

Story Definition of Done  – Definition

Add a sub task as 6D’s (Not always all D’s applies to all stories then task owner can tell in scrum and move the story to closed)

    1. D  Design – Design the architecture/flow before start coding
    2. D  Develop – Do the actual coding for the given story
    3. D  Document – confluence/ Java doc wherever needed
    4. D’o Review – 2 Peer review
    5. D Deploy – In test server/ test space
    6. D Demo – To team/ larger audience if needed

4D’s – Individuals should follow for better task management 

  1. Do – Do the given task
  2. Delegate – If you are occupied delegate the task if someone can take
  3. Defer – If something cannot be done, Don’t accept it
  4. Delete – If it’s out of scope remove it


Points to consider before start of project:

  • Any Firewall port needs to be opened
  • Any SSL certificate needed
  • Any external team involved if so prepare Q & A / Schedule meeting and get clarified
  • Do we foresee any integration issues,
    • Are we the 1’st team to do this integration? Then be more proactive
    • Any system already integrated?
    • What are the challenges they faced?
    • Decide one way / two way SSL
    • If 2 ways SSL our certificate has to be shared with the other team and make sure they installed in their firewall/gateway/proxy server.
    • Use telnet/curl/other commands to ensure connectivity
  • Do integration testing of system with minimal feature like hello world/hard coded response
  • If you working on legacy application then be more careful with maven dependency version, don’t bring new dependency with latest version which may break existing code.