I've inherited a legacy application and have to change from UsernamePasswordCredentials(username,password) to using SSL Certificates. (It's using the Jakarta Commons HTTPClient, and I've included the legacy code at the bottom of this post.)
I've done a lot of reading, and researching. Even picked up some Oreilly books specifically on Java Network Programming, and Web Services. I haven't seen any one specific solution, and I'm missing how I actually pass the certificate when I do the Post, but I beleive I'm going to have to use a Key/Truststore.
I don't know if I have to place the files in the right directories on the server and simply add to the cource code:
Or am I going to have to rewrite the legacy code to include a TrustStore and KeyStore by adding something like:
I've dug a little further, and am hopeful that either someone else can chime in, or perhaps if I solve this on my own, someone in the future can use this thread to assist them.
I came across another example, http://stilius.net/java/java_ssl.php, but it appears that the way the TrustStore/Keystores certificates are linked/passed is by the invocation command. In their example "java -Djavax.net.ssl.keyStore=mySrvKeystore -Djavax.net.ssl.keyStorePassword=123456 EchoServer" and "java -Djavax.net.ssl.trustStore=mySrvKeystore -Djavax.net.ssl.trustStorePassword=123456 EchoClient"
JAVA + SSL Tutorial (server and client examples)
First we need to make certificate, this is done by using keytool that is part of J2SE SDK (program will ask for certificate owner information and password, enter 123456 as password, or you can enter your password, but notice that you have to change it in other commands listen in this tutorial):
After this command you will have certificate file in working directory of issuing keytool command.
Server source code (EchoServer.java)
Compile it by using simple command:
Client source code (EchoClient.java)
Compile it by using simple command:
Running server and client using SSL
First copy certificate file that you created before into working directory and run server with these parameters (notice that you have to change keyStore name and/or trustStrorePassword if you specified different options creating certificate:
And now again copy certificate file that you created before into working directory and run client with these parameters (notice that you have to change keyStore name and/or trustStrorePassword if you specified different options creating certificate:
If you want SSL debug information just add these parameters when running server and/or client:
Playing with server and client
Now just type any string on client console and press return. The same string has to appear on server console.
This document is copyrighted to Tomas Vilda. You can use it in all ways, but don't change this section and allways include it.
How WebLogic Server Locates Trust
WebLogic Server uses the following algorithm when it loads its trusted CA certificates:
1.If the keystore is specified by the -Dweblogic.security.SSL.trustedCAkeystore command-line argument, load the trusted CA certificates from that keystore.
2.Else if the keystore is specified in the configuration file (config.xml), load trusted CA certificates from the specified keystore. If the server is configured with DemoTrust, trusted CA certificates will be loaded from the WL_HOME\server\lib\DemoTrust.jks and the JDK cacerts keystores.
3.Else if the trusted CA file is specified in the configuration file (config.xml), load trusted CA certificates from that file (this is only for compatibility with 6.x SSL configurations).
4.Else load trusted CA certificates from WL_HOME\server\lib\cacerts keystore.
I'm hopeful once I import the certificates into my stores, then modify the WebLogic Configuration that either the old POST method will simply work, passing the certificates. If not I will have to look and see if I need code changes "System.setProperty" or "KeyStore" and "SSLSocketFactory"
Use Server Certs:
Sets whether the client should use the server certificates/key as the client identity when initiating a connection over https.
Changes take effect after you redeploy the module or restart the server.
I reckon I'm off to either find a WebLogic Forum to post my question(s) in, or off to the bookstore to try and find a WebLogic 10 book because there has to be someone that has already solved this issue.