0

I am a bit of a noob when it comes to java. So, I need all the help I can get. Is there way to get the below functionality working as is in Java ?

curl --cert public_cert.pem --key privateKeyNOPASS.key --cacert CAchain.pem https://abc.webapp.com

I would want to know if this can be done in Java using just the certs available at hand (the one mentioned in the command)

TIA

1 Answer 1

1

Yes, there will be a lot of different examples for how to achieve this, depending on whether you want to use the JDK only or are happy to use a library like OkHttp. Some assembly required.

Here is an OkHttp unit test that uses a custom CA cert and client auth

https://github.com/square/okhttp/blob/cd872fd83824512c128dcd80c04d445c8a2fc8eb/okhttp-tests/src/test/java/okhttp3/internal/tls/ClientAuthTest.java#L194-L206

  public OkHttpClient buildClient(HeldCertificate cert, HeldCertificate... chain) {
    SslClient.Builder sslClientBuilder = new SslClient.Builder()
        .addTrustedCertificate(serverRootCa.certificate);

    if (cert != null) {
      sslClientBuilder.certificateChain(cert, chain);
    }

    SslClient sslClient = sslClientBuilder.build();
    return defaultClient().newBuilder()
        .sslSocketFactory(sslClient.socketFactory, sslClient.trustManager)
        .build();
  }

I have a java+OkHttp client for OSX that supports exactly this functionality, so you can pick through the code there, or run that command line to test on a Mac. n.b. it assumes you have loaded the keys into a keystore using the JDK keytool.

$ brew install yschimke/tap/oksocial
$ oksocial --help
        --cert <serverCerts>
            Use given server cert (Root CA) 
        --clientauth
            Use Client Authentication (from keystore)
        --keystore <keystoreFile>
            Keystore

Most of the code for loading certificates and building the OkHttpClient is here

https://github.com/yschimke/oksocial/blob/master/src/main/java/com/baulsupp/oksocial/security/CertificateUtils.java https://github.com/yschimke/oksocial/blob/master/src/main/java/com/baulsupp/oksocial/security/KeystoreUtils.java

Sign up to request clarification or add additional context in comments.

3 Comments

I would be grateful if you can guide me to an implementation without using custom/opensource libs
I don't really have time to do that sorry. I suggest making an effort yourself and find examples and post them as a new question when you find a roadblock.
Sure. I will do that. Thanks for your response.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.