I am a bit of a noob when it comes to java. So, I need all the help I can get. Is there way to get the below functionality working as is in Java ?
curl --cert public_cert.pem --key privateKeyNOPASS.key --cacert CAchain.pem https://abc.webapp.com
I would want to know if this can be done in Java using just the certs available at hand (the one mentioned in the command)
TIA
Yes, there will be a lot of different examples for how to achieve this, depending on whether you want to use the JDK only or are happy to use a library like OkHttp. Some assembly required.
Here is an OkHttp unit test that uses a custom CA cert and client auth
public OkHttpClient buildClient(HeldCertificate cert, HeldCertificate... chain) {
SslClient.Builder sslClientBuilder = new SslClient.Builder()
.addTrustedCertificate(serverRootCa.certificate);
if (cert != null) {
sslClientBuilder.certificateChain(cert, chain);
}
SslClient sslClient = sslClientBuilder.build();
return defaultClient().newBuilder()
.sslSocketFactory(sslClient.socketFactory, sslClient.trustManager)
.build();
}
I have a java+OkHttp client for OSX that supports exactly this functionality, so you can pick through the code there, or run that command line to test on a Mac. n.b. it assumes you have loaded the keys into a keystore using the JDK keytool.
$ brew install yschimke/tap/oksocial
$ oksocial --help
--cert <serverCerts>
Use given server cert (Root CA)
--clientauth
Use Client Authentication (from keystore)
--keystore <keystoreFile>
Keystore
Most of the code for loading certificates and building the OkHttpClient is here
https://github.com/yschimke/oksocial/blob/master/src/main/java/com/baulsupp/oksocial/security/CertificateUtils.java https://github.com/yschimke/oksocial/blob/master/src/main/java/com/baulsupp/oksocial/security/KeystoreUtils.java
