CODEWITHSUNDEEP
javarestsslcurlssl-certificate
Agent Smith
Agent Smith

Reputation: 55

Java equivalent of a rest call using curl command line utility to a https url with certs

I am a bit of a noob when it comes to java. So, I need all the help I can get. Is there way to get the below functionality working as is in Java ?

curl --cert public_cert.pem --key privateKeyNOPASS.key --cacert CAchain.pem https://abc.webapp.com

I would want to know if this can be done in Java using just the certs available at hand (the one mentioned in the command)

TIA

Upvotes: 0

Views: 2063

Answers (1)

Yuri Schimke
Yuri Schimke

Reputation: 13498

Yes, there will be a lot of different examples for how to achieve this, depending on whether you want to use the JDK only or are happy to use a library like OkHttp. Some assembly required.

Here is an OkHttp unit test that uses a custom CA cert and client auth

https://github.com/square/okhttp/blob/cd872fd83824512c128dcd80c04d445c8a2fc8eb/okhttp-tests/src/test/java/okhttp3/internal/tls/ClientAuthTest.java#L194-L206

  public OkHttpClient buildClient(HeldCertificate cert, HeldCertificate... chain) {
    SslClient.Builder sslClientBuilder = new SslClient.Builder()
        .addTrustedCertificate(serverRootCa.certificate);

    if (cert != null) {
      sslClientBuilder.certificateChain(cert, chain);
    }

    SslClient sslClient = sslClientBuilder.build();
    return defaultClient().newBuilder()
        .sslSocketFactory(sslClient.socketFactory, sslClient.trustManager)
        .build();
  }

I have a java+OkHttp client for OSX that supports exactly this functionality, so you can pick through the code there, or run that command line to test on a Mac. n.b. it assumes you have loaded the keys into a keystore using the JDK keytool.

$ brew install yschimke/tap/oksocial
$ oksocial --help
        --cert <serverCerts>
            Use given server cert (Root CA) 
        --clientauth
            Use Client Authentication (from keystore)
        --keystore <keystoreFile>
            Keystore

Most of the code for loading certificates and building the OkHttpClient is here

https://github.com/yschimke/oksocial/blob/master/src/main/java/com/baulsupp/oksocial/security/CertificateUtils.java https://github.com/yschimke/oksocial/blob/master/src/main/java/com/baulsupp/oksocial/security/KeystoreUtils.java

Upvotes: 1

Related Questions