Month: December 2019

HTTPS client with valid SSL certificate

Here is the code snippet for connecting to services with HTTPS & HTTP with valid keystore and trust store


Imports:

import org.apache.http.client.HttpClient;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.ssl.SSLContextBuilder;
import org.springframework.core.io.ClassPathResource;

import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;

// Method to build the http client with SSL & non SSL

public HttpClient buildHttpClient(ApplicationProperties properties) throws UnrecoverableKeyException, CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException {
CloseableHttpClient httpclient =
HttpClients.custom()
.setConnectionManager(poolingHttpClientConnectionManager(properties))
.setDefaultRequestConfig(getRequestConfig(properties.getSocketTimeOut(),properties.getConnectionTimeout(),properties.getReadTimeOut()))
.build();
return httpclient;
}

private RequestConfig getRequestConfig(int socketTimeOut, int connectTimeOut, int connectRequestTimeOut) {
return RequestConfig.custom().setSocketTimeout(socketTimeOut)
.setConnectTimeout(connectTimeOut)
.setConnectionRequestTimeout(connectRequestTimeOut).build();
}

private PoolingHttpClientConnectionManager poolingHttpClientConnectionManager(ApplicationProperties properties) throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException {
PoolingHttpClientConnectionManager httpClientConnectionManager = null;
if(properties.isSslEnabled()) {
/**
* Load the keystore
*/
final KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(loadCertificate(properties.getSslKeyStoreLocation()), properties.getSslKeyStorePassword().toCharArray());
/**
* Load the trust store
*/
final KeyStore myTrustStore = KeyStore.getInstance(properties.getSslTrustStoreType());
myTrustStore.load(loadCertificate(properties.getSslTrustStoreLocation()), properties.getSslTrustStorePassword().toCharArray());
SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
sslContextBuilder.loadTrustMaterial(myTrustStore, null);
sslContextBuilder.loadKeyMaterial(keyStore, properties.getSslKeyStorePassword().toCharArray());
SSLConnectionSocketFactory sslConnectionSocketFactory = null;
try {
/**
* Build SSL context
*/
sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContextBuilder.build());
} catch (NoSuchAlgorithmException | KeyManagementException e) {
}

Registry sslSocketFactoryRegistry = RegistryBuilder.create()
.register(HTTPS, sslConnectionSocketFactory)
.build();
httpClientConnectionManager = new PoolingHttpClientConnectionManager(
sslSocketFactoryRegistry);
} else {
/**
* default to non SSL context
*/
httpClientConnectionManager = new PoolingHttpClientConnectionManager();
}
httpClientConnectionManager.setMaxTotal(properties.getMaxTotal());
httpClientConnectionManager.setDefaultMaxPerRoute(properties.getMaxPerRoute());
return httpClientConnectionManager;
}

/**
* Method to load the certificates from the classpath location
* @param certificateLocation
* @return
* @throws IOException
*/
private InputStream loadCertificate(String certificateLocation) throws IOException {
ClassPathResource resource = new ClassPathResource(certificateLocation);
return resource.getInputStream();
}

Agile Scrum process improvements

Story Definition of Done  – Definition

Add a sub task as 6D’s (Not always all D’s applies to all stories then task owner can tell in scrum and move the story to closed)

    1. D  Design – Design the architecture/flow before start coding
    2. D  Develop – Do the actual coding for the given story
    3. D  Document – confluence/ Java doc wherever needed
    4. D’o Review – 2 Peer review
    5. D Deploy – In test server/ test space
    6. D Demo – To team/ larger audience if needed

4D’s – Individuals should follow for better task management 

  1. Do – Do the given task
  2. Delegate – If you are occupied delegate the task if someone can take
  3. Defer – If something cannot be done, Don’t accept it
  4. Delete – If it’s out of scope remove it

 

Points to consider before start of project:

  • Any Firewall port needs to be opened
  • Any SSL certificate needed
  • Any external team involved if so prepare Q & A / Schedule meeting and get clarified
  • Do we foresee any integration issues,
    • Are we the 1’st team to do this integration? Then be more proactive
    • Any system already integrated?
    • What are the challenges they faced?
    • Decide one way / two way SSL
    • If 2 ways SSL our certificate has to be shared with the other team and make sure they installed in their firewall/gateway/proxy server.
    • Use telnet/curl/other commands to ensure connectivity
  • Do integration testing of system with minimal feature like hello world/hard coded response
  • If you working on legacy application then be more careful with maven dependency version, don’t bring new dependency with latest version which may break existing code.