Our application should make use of javax.ws.rs.client.Client (whose implementation is provided by resteasy-jaxrs-3.0.19.Final.jar) to perform an HTTP POST request to an external service whose URL starts with https.
The developers of the external service provided us a .p12 file to be used as certificate. First of all we run the command
openssl pkcs12 -info -in file.p12 -out filecertificate.crt -nodes
to generate the .cert file and tried to connect to the HTTPS service by this command, according to the specifications received from the providers of the service:
curl --cert /home/ec2-user/filecertificate.crt --location 'https://veryverylongurl?client_id=effYyJAMjw49TdOg' --header 'X-Gravitee-Api-Key: x-y-z-k' --header 'Content-Type: application/json' --header 'Authorization: Basic Base64encodeddata' --data 'json object here'
This connections succeedes and now we must replicate the same thing inside our product in Java via the library indicated before. That’s our code:
public DtoDiscoveryServiceToken getTokenByCredential(String baseURI, String clientId, String apiKey, String certificatePassword, byte[] signature, String user, String password) {
final String credentials = user+":"+password;
final DtoDiscoveryServiceTokenInput dtoDiscoveryServiceTokenInput = new DtoDiscoveryServiceTokenInput(true);
Client newClient = null;
try {
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(new ByteArrayInputStream(signature), certificatePassword.toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, certificatePassword.toCharArray());
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(keyManagerFactory.getKeyManagers(), null, null);
newClient = ClientBuilder.newBuilder()
.sslContext(sslContext)
.build();
} catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException | CertificateException | IOException | UnrecoverableKeyException e) {
e.printStackTrace();
}
Response response = newClient
.target(baseURI)
.path("veryverylongurl?client_id={clientId}")
.resolveTemplate("clientId", clientId)
.request(MediaType.APPLICATION_JSON)
.header("X-Gravitee-Api-Key", apiKey)
.header(HttpHeaders.AUTHORIZATION, "Basic "+Base64.getEncoder().encodeToString(credentials.getBytes()))
.accept(MediaType.APPLICATION_JSON)
.post(Entity.json(dtoDiscoveryServiceTokenInput));
try {
if (response.getStatusInfo().getFamily() != Response.Status.Family.SUCCESSFUL) {
throw new WebApplicationException(response.getStatusInfo().getReasonPhrase(), response.getStatus());
}
boolean hasEntity = response.hasEntity();
if(hasEntity) {
return response.readEntity(DtoDiscoveryServiceToken.class);
}
else {
return null;
}
} finally {
response.close();
}
}
where:
userandpasswordare the credentials of the standard user which must authenticate to the servicecertificatePasswordis the password of the p12 file provided by the service developerssignatureis the p12 file loaded from database as array of bytesapiKeyis the headerX-Gravitee-Api-Key: x-y-z-kyou can see in the curl commandclientIdis the identifier to be injected in the URL (the one of previous curl command)baseURIis the HTTPS uri of the server hosting the service.DtoDiscoveryServiceTokenInputis an object to be serialized as JSON to pass as data (always see the curl command)
The code does not work and we get simply a 400 Bad Request without further details. So, how shall we implement the previous code? Shall we use the .p12 file or the .cert one? Shall we perform some transformations on the files before proceeding with the call to the URL?