Category: SSL certificate

HTTPS client with valid SSL certificate

Here is the code snippet for connecting to services with HTTPS & HTTP with valid keystore and trust store


Imports:

import org.apache.http.client.HttpClient;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.ssl.SSLContextBuilder;
import org.springframework.core.io.ClassPathResource;

import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;

// Method to build the http client with SSL & non SSL

public HttpClient buildHttpClient(ApplicationProperties properties) throws UnrecoverableKeyException, CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException {
CloseableHttpClient httpclient =
HttpClients.custom()
.setConnectionManager(poolingHttpClientConnectionManager(properties))
.setDefaultRequestConfig(getRequestConfig(properties.getSocketTimeOut(),properties.getConnectionTimeout(),properties.getReadTimeOut()))
.build();
return httpclient;
}

private RequestConfig getRequestConfig(int socketTimeOut, int connectTimeOut, int connectRequestTimeOut) {
return RequestConfig.custom().setSocketTimeout(socketTimeOut)
.setConnectTimeout(connectTimeOut)
.setConnectionRequestTimeout(connectRequestTimeOut).build();
}

private PoolingHttpClientConnectionManager poolingHttpClientConnectionManager(ApplicationProperties properties) throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException {
PoolingHttpClientConnectionManager httpClientConnectionManager = null;
if(properties.isSslEnabled()) {
/**
* Load the keystore
*/
final KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(loadCertificate(properties.getSslKeyStoreLocation()), properties.getSslKeyStorePassword().toCharArray());
/**
* Load the trust store
*/
final KeyStore myTrustStore = KeyStore.getInstance(properties.getSslTrustStoreType());
myTrustStore.load(loadCertificate(properties.getSslTrustStoreLocation()), properties.getSslTrustStorePassword().toCharArray());
SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
sslContextBuilder.loadTrustMaterial(myTrustStore, null);
sslContextBuilder.loadKeyMaterial(keyStore, properties.getSslKeyStorePassword().toCharArray());
SSLConnectionSocketFactory sslConnectionSocketFactory = null;
try {
/**
* Build SSL context
*/
sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContextBuilder.build());
} catch (NoSuchAlgorithmException | KeyManagementException e) {
}

Registry sslSocketFactoryRegistry = RegistryBuilder.create()
.register(HTTPS, sslConnectionSocketFactory)
.build();
httpClientConnectionManager = new PoolingHttpClientConnectionManager(
sslSocketFactoryRegistry);
} else {
/**
* default to non SSL context
*/
httpClientConnectionManager = new PoolingHttpClientConnectionManager();
}
httpClientConnectionManager.setMaxTotal(properties.getMaxTotal());
httpClientConnectionManager.setDefaultMaxPerRoute(properties.getMaxPerRoute());
return httpClientConnectionManager;
}

/**
* Method to load the certificates from the classpath location
* @param certificateLocation
* @return
* @throws IOException
*/
private InputStream loadCertificate(String certificateLocation) throws IOException {
ClassPathResource resource = new ClassPathResource(certificateLocation);
return resource.getInputStream();
}