CODEWITHSUNDEEP
javaauthenticationhttpurlconnectionmutual-authentication
mikec
mikec

Reputation: 165

setting up mutual authentication client using HttpURLConnection

I have a simple http service with JSON payload I want to test with a Java test harness. Initially I set up a client using Basic Auth which works fine; server certificate is in the trustStore and I'm supplying username/password in the code. I send the request, I get the correct response.

public static void main(String[] args) {
    // TODO Auto-generated method stub

    String xxxURL = new String("https://www.xxx.yyy/zzz/AdminServlet?data=");
    String username = new String("username");
    String password = new String("password");
    String authString = new String (username+":"+password);

    String apiList = new String("{\"apiVersion\":\"1.4\",\"method\":\"api.list\",\"params\":{}}"); // Create JSON string. A bit ugly

    try
    {

        System.setProperty("javax.net.ssl.trustStore","C:\\workspace\\http_client_test\\security\\cacerts");



    String jsonStr = apiList;
        URL url = new URL(xxxURL + URLEncoder.encode(jsonStr, "UTF-8") );

        HttpURLConnection httpConn = (HttpURLConnection) url.openConnection(); // create connection object
        String encoded = Base64.encodeBase64String(authString.getBytes());
        httpConn.setRequestProperty("Authorization", "Basic "+encoded);

        httpConn.setRequestMethod("GET"); 
        httpConn.connect();          // open connection

        BufferedReader in = new BufferedReader(new InputStreamReader(httpConn.getInputStream()));
        String temp = null;
        StringBuilder sb = new StringBuilder();
        while((temp = in.readLine()) != null)
        {
            sb.append(temp).append(" ");
        }

        String result = sb.toString();
        System.out.println("result = " + result);

    }
    catch(Exception e)
    {
        e.printStackTrace();
    }


}

I want to do the same test using mutual authentication. I have set up the keystore and truststore on both server and client, and imported the necessary certificates on each.

My problem is I cannot find out how to tell the HttpURLConnection that I want mutual certificate authentication.

I tried : public class Test3 {

public static void main(String[] args) {
    // TODO Auto-generated method stub

    String xxxURL = new String("https://www.xxx.yyy/zzz/AdminServlet?data=");

    String apiList = new String("{\"apiVersion\":\"1.4\",\"method\":\"api.list\",\"params\":{}}"); // Create JSON string. A bit ugly

    try
    {

        System.setProperty("javax.net.ssl.trustStore","C:\\workspace\\http_client_test\\security\\cacerts");
        System.setProperty("javax.net.ssl.trustStorePassword","changeit");
        System.setProperty("javax.net.ssl.keyStore","C:\\workspace\\http_client_test\\security\\keystore.jks");
        System.setProperty("javax.net.ssl.keyStorePassword","password");




        String jsonStr = apiList;
        URL url = new URL(netThingsURL + URLEncoder.encode(jsonStr, "UTF-8") );

        HttpURLConnection httpConn = (HttpURLConnection) url.openConnection(); // create connection object
        String encoded = Base64.encodeBase64String(authString.getBytes());
        httpConn.setRequestProperty("Authorization", "?????????");      //     ????????

        httpConn.setRequestMethod("GET"); 
        httpConn.connect();          // open connection

        BufferedReader in = new BufferedReader(new InputStreamReader(httpConn.getInputStream()));
        String temp = null;
        StringBuilder sb = new StringBuilder();
        while((temp = in.readLine()) != null)
        {
            sb.append(temp).append(" ");
        }

        String result = sb.toString();
        System.out.println("result = " + result);

    }
    catch(Exception e)
    {
        e.printStackTrace();
    }


}

}

What should I have here : httpConn.setRequestProperty("Authorization", "?????????"); I realise I may need more than just this 1 line. I tried various resources to find appropriate values but drew a blank. I tried various intuitive arguments but get a '401' error or NoSuchAlgorithException.

Any help, code, links to resources is greatly appreciated.

Upvotes: 0

Views: 1337

Answers (1)

user207421
user207421

Reputation: 311018

My problem is I cannot find out how to tell the HttpURLConnection that I want mutual certificate authentication.

You can't. You have to configure the server to ask for the client certificate. All you can do at the client is specify where the client certificate is. You can't force it to be sent. Only the server can do that.

Upvotes: 1

Related Questions