This question already has answers here:
Java HTTPS client certificate authentication
(9 answers)
Closed 1 year ago.
I'm trying to consume an API. I understand that standard classes like HttpUrlConnection from the java.net package can be used. However, the API I'm trying to consume requires me to present a signed certificate provided by them. I currently have obtained the signed certificate but I have no idea how to import it into my API call.
Using POSTMAN, post addition of client certificate, I'm able to consume the API.
POSTMAN Certificate configuration
Can someone help me on how to add this client certificate and Private key to my HTTP Request? If it's not possible using standard lib, please suggest an alternative way.
What you're trying to achieve is called Client Certificate Authentication. In Java, the one of the most popular library used for making HTTP requests is OkHttp.
You can check their instruction about Client Authentication here or see how they implement it in their unit test.
Related
I have to access client APIs from my Java code and they support only OAuth authorization_code flow. When used with Postman, I have seen that the authorization code is returned as a redirection(header location). But when tried using HttpClient in Java, I am not able to get hold of it.
My question here is, is authorization_code flow meant to use only with browser based clients?
If it can be used for server-to-server communication, can you provide some sample code to generate auth code?
Tried from Postman and found its working, but not from Java code.
I've generated classes from wsdl with wsimport, wsdl location: https://somehost/wsdl. There was no problem with generation.
But when I tried to send soap request, I've received exception:
com.sun.xml.internal.ws.client.ClientTransportException: The server sent HTTP status code 403: Client certificate required
I find out, surfing the internet, that I have to add certificate in my keystore. I've done it, but this doesn't help.
And I have no idea what to do or even what to google.
Can anybody help me?(
It sounds like a mutual authentication problem.
The server is requiring that your client use a known digital certificate to sign your messages and send that information within the request. It is like a user/password mechanism, but you and the server agree to use a known key-pair for identification.
This situation usually means that the web service server administrator will generate a key-pair and send the private part of the certificate to you.
But you can send the public certificate for him as well if you created it yourself. The server must have access to the public certificate, and it maybe you will have to publish it to a Certification Authority. In some cases it has to be a commercial certificate (you will have to buy it).
You will then use the private key to digitally sign your messages.
I've found some links that may help:
Authentication Mechanisms
Java client for the X.509 secured web-service
Java HTTPS client certificate authentication
If you already did those steps, then something is wrong with your implementation or the certificate/keys provided are invalid.
I recommend you to use a mock server to make sure you are implementing the client authentication properly before you try to connect to the real service. Making it to work locally will set the knowledge you need to call the real functions. You can also ask the web service administrator to send you debug information.
I have been googling a lot for this problem. There are many relevant answers, but I simply didn't find one that gave a complete view IMHO. So, here I am.
The statement of problem is as follows. Given the API information of an HTTPS service, including URL and any required HTTP headers and body format, how do you use a Jersey client to access the service? Note that the statement doesn't assume the client side has any other information from the target service beforehand.
As we know, when a web browser tries to access an HTTPS site, behind the scene, the browser will first get a certificate and a public key from the site. Then, if the browser trusts the certificate, it will use the public key to encrypt the actual request and send it. I have found many examples that explain how to use Jersey client for HTTPS given a truststore that incorporates the certificate and the public key. However, what if the truststore is not available yet? Can we use Jersey client, programmatically, to get the site certificate and public key, and use them to send the actual request, as a web browser does?
Thank you very much.
This question already has an answer here:
HTTP basic authentication over SSL for REST API
(1 answer)
Closed 8 years ago.
I have created a restful service using jersey in java.The API tested with HTTP client as well. its working fine.I need to secure my API with username and password. anyone can help me out to do this.. Thanks in advance.
No need to send username and password every time. On just first login api send username and password to server and then server returns on key which is stored as your session key in database at server side.
You need to send this key on every api call in header, so server side they authenticate user first on each api call and then go ahead only.
That means you need to send one key (may be auto generated alphanumeric string ) which is given by server in response of login api.
I'm interested if Google App Engine provides a way to use a X.509 Certificate to create a HTTPS connection (the server where I have to connect provides the public certificate - to encrypt data that I send and the private key to decrypt the data received from that server).
According to this post https://groups.google.com/forum/?fromgroups#!topic/google-appengine-python/C9RSDGeIraE it's not possible but 3 years passed since this answer was posted.
SSL client certificates are not currently supported. The feature request is here.
AppEngine has the ability to work with SSL certificate on your custom domain, that means the you can assign a certificate to a domain that is running on the AppEngine.
You cannot AFAIK make a request and provide a custom certificate per request.
Documentation on AppEngine SSL.