Skip to content

Commit 68a1a0a

Browse files
author
amijkum
committed
BAEL-8591 added code for mTLS calls with Java Client
1 parent 7058345 commit 68a1a0a

File tree

3 files changed

+152
-0
lines changed

3 files changed

+152
-0
lines changed

core-java-modules/core-java-httpclient/src/main/java/com/baeldung/mtls/httpclient/HttpClientExample.java

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
package com.baeldung.mtls.httpclient;
2+
3+
import java.io.IOException;
4+
import java.net.URI;
5+
import java.net.http.HttpClient;
6+
import java.net.http.HttpRequest;
7+
import java.net.http.HttpResponse;
8+
import java.security.KeyManagementException;
9+
import java.security.KeyStoreException;
10+
import java.security.NoSuchAlgorithmException;
11+
import java.security.UnrecoverableKeyException;
12+
import java.security.cert.CertificateException;
13+
import java.security.spec.InvalidKeySpecException;
14+
15+
import javax.net.ssl.SSLContext;
16+
17+
public class HttpClientExample {
18+
19+
public static void main(String[] args)
20+
throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, InvalidKeySpecException,
21+
KeyManagementException {
22+
SSLContext sslContext = SslContextBuilder.buildSslContext();
23+
HttpClient client = HttpClient.newBuilder()
24+
.sslContext(sslContext)
25+
.build();
26+
27+
HttpRequest exactRequest = HttpRequest.newBuilder()
28+
.uri(URI.create("https://localhost/ping"))
29+
.GET()
30+
.build();
31+
32+
HttpResponse<String> response = client.sendAsync(exactRequest, HttpResponse.BodyHandlers.ofString())
33+
.join();
34+
35+
}
36+
37+
}

core-java-modules/core-java-httpclient/src/main/java/com/baeldung/mtls/httpclient/HttpURLConnectionExample.java

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
package com.baeldung.mtls.httpclient;
2+
3+
import java.io.IOException;
4+
import java.io.InputStream;
5+
import java.net.URL;
6+
import java.nio.charset.Charset;
7+
import java.security.KeyManagementException;
8+
import java.security.KeyStoreException;
9+
import java.security.NoSuchAlgorithmException;
10+
import java.security.UnrecoverableKeyException;
11+
import java.security.cert.CertificateException;
12+
import java.security.spec.InvalidKeySpecException;
13+
14+
import javax.net.ssl.HostnameVerifier;
15+
import javax.net.ssl.HttpsURLConnection;
16+
import javax.net.ssl.SSLContext;
17+
18+
public class HttpURLConnectionExample {
19+
20+
public static void main(String[] args)
21+
throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, InvalidKeySpecException,
22+
KeyManagementException {
23+
SSLContext sslContext = SslContextBuilder.buildSslContext();
24+
25+
HostnameVerifier allHostsValid = (hostname, session) -> true;
26+
HttpsURLConnection httpsURLConnection = (HttpsURLConnection) new URL("https://127.0.0.1/ping").openConnection();
27+
httpsURLConnection.setSSLSocketFactory(sslContext.getSocketFactory());
28+
httpsURLConnection.setHostnameVerifier(allHostsValid);
29+
30+
InputStream inputStream = httpsURLConnection.getInputStream();
31+
String response = new String(inputStream.readAllBytes(), Charset.defaultCharset());
32+
}
33+
34+
}

core-java-modules/core-java-httpclient/src/main/java/com/baeldung/mtls/httpclient/SslContextBuilder.java

Lines changed: 81 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,81 @@
1+
package com.baeldung.mtls.httpclient;
2+
3+
import java.io.ByteArrayInputStream;
4+
import java.io.IOException;
5+
import java.nio.charset.Charset;
6+
import java.nio.file.Files;
7+
import java.nio.file.Path;
8+
import java.security.Key;
9+
import java.security.KeyFactory;
10+
import java.security.KeyManagementException;
11+
import java.security.KeyStore;
12+
import java.security.KeyStoreException;
13+
import java.security.NoSuchAlgorithmException;
14+
import java.security.UnrecoverableKeyException;
15+
import java.security.cert.Certificate;
16+
import java.security.cert.CertificateException;
17+
import java.security.cert.CertificateFactory;
18+
import java.security.cert.X509Certificate;
19+
import java.security.spec.InvalidKeySpecException;
20+
import java.security.spec.PKCS8EncodedKeySpec;
21+
import java.util.Base64;
22+
import java.util.Collection;
23+
import java.util.Properties;
24+
25+
import javax.net.ssl.KeyManagerFactory;
26+
import javax.net.ssl.SSLContext;
27+
import javax.net.ssl.TrustManager;
28+
import javax.net.ssl.X509TrustManager;
29+
30+
public class SslContextBuilder {
31+
32+
public static SSLContext buildSslContext()
33+
throws IOException, CertificateException, InvalidKeySpecException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException,
34+
KeyManagementException {
35+
final Properties props = System.getProperties();
36+
props.setProperty("jdk.internal.httpclient.disableHostnameVerification", Boolean.TRUE.toString());
37+
38+
String privateKeyPath = "/etc/certs/client.key.pkcs8";
39+
String publicKeyPath = "/etc/certs/client.crt";
40+
41+
final byte[] publicData = Files.readAllBytes(Path.of(publicKeyPath));
42+
final byte[] privateData = Files.readAllBytes(Path.of(privateKeyPath));
43+
44+
String privateString = new String(privateData, Charset.defaultCharset()).replace("-----BEGIN PRIVATE KEY-----", "")
45+
.replaceAll(System.lineSeparator(), "")
46+
.replace("-----END PRIVATE KEY-----", "");
47+
48+
byte[] encoded = Base64.getDecoder()
49+
.decode(privateString);
50+
51+
final CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
52+
final Collection<? extends Certificate> chain = certificateFactory.generateCertificates(new ByteArrayInputStream(publicData));
53+
54+
Key key = KeyFactory.getInstance("RSA")
55+
.generatePrivate(new PKCS8EncodedKeySpec(encoded));
56+
57+
KeyStore clientKeyStore = KeyStore.getInstance("jks");
58+
final char[] pwdChars = "test".toCharArray();
59+
clientKeyStore.load(null, null);
60+
clientKeyStore.setKeyEntry("test", key, pwdChars, chain.toArray(new Certificate[0]));
61+
62+
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
63+
keyManagerFactory.init(clientKeyStore, pwdChars);
64+
65+
TrustManager[] acceptAllTrustManager = { new X509TrustManager() {
66+
public X509Certificate[] getAcceptedIssuers() {
67+
return new X509Certificate[0];
68+
}
69+
70+
public void checkClientTrusted(X509Certificate[] certs, String authType) {
71+
}
72+
73+
public void checkServerTrusted(X509Certificate[] certs, String authType) {
74+
}
75+
} };
76+
SSLContext sslContext = SSLContext.getInstance("TLS");
77+
sslContext.init(keyManagerFactory.getKeyManagers(), acceptAllTrustManager, new java.security.SecureRandom());
78+
return sslContext;
79+
}
80+
81+
}

0 commit comments

Comments
 (0)