6

I am using java to create a desktop application, and this application uses an API. To secure the communication with the API, I was informed by their support to use HTTPS. Please guide me on how to setup a https connection from a java client.

The API has this function which states that it can choose a secure connection:

private String getUrlAddress(XmlRequest request) {
    // determine if this is a secure connection
    String url = this.ssl ? "https://" : "http://";

    // determine service endpoint based on type of class/request passed in
    if( request.getClass() == MessageRequest.class) {
        url += ClockWorkSmsService.SMS_URL;
    }
    else {
        url += ClockWorkSmsService.CREDIT_URL;
    }

    return url;
}

this code gives me the idea that "request" will be my current url or server, so it will be me on my side that will setup the https connection.

Clockworksms API Wrapper:

import com.clockworksms.*;

public class DemoSms
{
   public static void main(String[] args)
   {
      try
      {
         ClockWorkSmsService clockWorkSmsService = new ClockWorkSmsService("apikey");
         SMS sms = new SMS("441234567890", "Hello World");         
         ClockworkSmsResult result = clockWorkSmsService.send(sms);

         if(result.isSuccess())
         {
            System.out.println("Sent with ID: " + result.getId());
         }
         else
         {
            System.out.println("Error: " + result.getErrorMessage());
         }
      }
      catch (ClockworkException e)
      {
         e.printStackTrace();
      }
   }
}
Improve this question
6
  • You may get some idea from here [stackoverflow.com/questions/4722644/… also have look at [javaworld.com/article/2077600/learn-java/… Commented Oct 5, 2015 at 12:11
  • You need to make a request to a secure https API. right? Commented Oct 5, 2015 at 12:14
  • @John yes i want there to be a secure connection between the two, and i was told that https is the way to make that happen Commented Oct 5, 2015 at 12:24
  • So in that case you need not host a https server, your java client will make a https connection request. Commented Oct 5, 2015 at 12:25
  • @Vishal thank you for that, i'll take a look into it :) Commented Oct 5, 2015 at 12:25

2 Answers 2

Reset to default
2

If it's a secure REST API. Have a look here

If it's just a HTTP resource that you need to access then have a look at Apache HTTPClient library and it's tutorials.

There are hundreds of resources out there, please try and then post specific questions.

Improve this answer
Sign up to request clarification or add additional context in comments.

9 Comments

thank you for this, i'll read this now, will it be okay if I ask you some questions when i feel stuck?
i read link, and truthfully didnt fully understood it, though from what i can get is that, it is establishing it self as an https connection, then on that part how does it connect to my API or how do i connect it to my API, and will the API automatically know that the connection is already secure? thanks
is the API REST based?
The API uses RESTful, SOAP and SMPP protocol.
I suggest that you pick up a REST client library and explore what can be done with it. This one uses Grizzly for both client and server: stackoverflow.com/questions/1757295/…
|
0

Actually we need to override existing default behavior and add allow all the as trusted servers, Below code snippet will help you:

    /* START of the fix*/
    TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
        public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; }
        public void checkClientTrusted(X509Certificate[] certs, String authType) { }
        public void checkServerTrusted(X509Certificate[] certs, String authType) { }

    } };

    SSLContext sc = SSLContext.getInstance("SSL");
    sc.init(null, trustAllCerts, new java.security.SecureRandom());
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

    // Create all-trusting host name verifier
    HostnameVerifier allHostsValid = new HostnameVerifier() {
        public boolean verify(String hostname, SSLSession session) { return true; }
    };
    // Install the all-trusting host verifier
    HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
    /* End of the fix*/
Improve this answer

1 Comment

Security-wise, this is not a fix, but a backdoor. Still, if you are officially required to do this... thank you for the code snippet anyhow.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.