Invoking Secure RESTful Web Service over HTTPS When client is in bluemix

Question

My application is running in BlueMix and it has to make restful call to another application over SSL. I am wondering where and how to add these information

> trustStoreType, trustStore and trustStorePassword

So that application running in bluemix can use that ? When I am testing from my local I modified server class-path, can I do some thing similar in bluemix liberty server, where the client app is running ? Or is there any easier better way ?

Answer 1

Though all those I believe are valid option, but I ended up doing little differently. This is what finally worked for me

public static HttpClient getCustomClient() throws GeneralSecurityException, IOException {

    KeyStore trustStore = KeyStore.getInstance("jks");
    // Load the truststore from the classpath using the password
    ClassLoader classLoader = Thread.currentThread().getContextClassLoader();
    InputStream resourceAsStream = classLoader.getResourceAsStream("/clienttruststore");
    trustStore.load(resourceAsStream, "password".toCharArray());
    SSLContext sslcontext = SSLContexts.custom().loadTrustMaterial(trustStore).build();
    SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslcontext);
    CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
    resourceAsStream.close();
    return httpclient;
}

 //get custom httpclient 
Unirest.setHttpClient(getCustomClient());
//send request... 
HttpResponse<String> response =
Unirest.get("https://xyz.abc.com/").asString();

Basically packaged custom trust store with war and let application use that. I will be trying other option too, but with the previous option my custom server was crashing not sure if that was because of resources.

Answer 2

You should be able to edit the server.xml in eclipse and setup something like

<server description="new server">


    <!-- Enable features -->
    <featureManager>
        <feature>websocket-1.0</feature>    
        <feature>localConnector-1.0</feature>
      <feature>jndi-1.0</feature>
        <feature>jsp-2.2</feature>
        <feature>jdbc-4.0</feature>
        <feature>ejbLite-3.1</feature>
        <feature>ssl-1.0</feature>
        <feature>jaxb-2.2</feature>
    </featureManager>

    <ssl clientAuthenticationSupported="true" id="defaultSSLConfig" keyStoreRef="defaultKeyStore" trustStoreRef="defaultTrustStore"/>

  <keyStore id="defaultKeyStore"location="${server.config.dir}/resources/security/keystore.jks" password="passw0rd" type="JKS"/>
  <keyStore id="defaultTrustStore" location="${server.config.dir}/resources/security/trustStore.jks" password="passw0rd" type="JKS"/>

  <ssl clientAuthenticationSupported="true" id="defaultSSLConfig" keyStoreRef="serverKeyStore" trustStoreRef="serverTrustStore"/> 
  <keyStore id="serverKeyStore" location="${server.config.dir}/resources/security/serverKey.jks" password="passw0rd" type="JKS"/> 
  <keyStore id="serverTrustStore" location="${server.config.dir}/resources/security/serverTrust.jks"> password="passw0rd" type="JKS"/> 

  <!-- customize SSL configuration -->

  <ssl id="customizeSSLConfig" keyStoreRef="clientKeyStore" trustStoreRef="clientTrustStore"/> 

  <keyStore id="clientKeyStore" location="${server.config.dir}/resources/security/clientKey.jks" password="passw0rd" type="JKS"/> 
  <keyStore id="clientTrustStore" location="${server.config.dir}/resources/security/clientTrust.jks" password="passw0rd" type="JKS"/>

    <!-- To access this server from a remote client add a host attribute to the following element, e.g. host="*" -->
    <httpEndpoint httpPort="8080" httpsPort="9443" id="defaultHttpEndpoint"/>

    <applicationMonitor updateTrigger="mbean"/>
</server>

Easiest way is with the Bluemix plugin for eclipse and using Websphere Libery Profile Server

Answer 3

Where is your webservice running ? If it is on-premise, then you have to use cloud-integration agent available in Bluemix to make a secure tunneling and to get a proxy IP to your onpremise web service. Details of the same is available in the following link: https://www.ibm.com/developerworks/community/blogs/96960515-2ea1-4391-8170-b0515d08e4da/entry/cloud_to_on_premise_web_services_bluemix_cloud_integrators?lang=en

Answer 4

If you are depending on the Liberty server, you can customize it offline and push it to Bluemix. . https://www.ibm.com/developerworks/community/blogs/msardana/entry/developing_with_bluemix_customizing_the_liberty_build_pack_to_add_your_configurations?lang=en