My Java client application needs to do REST calls. I was instructed to use Play's WS implementation. Currently, I have this:
AsyncHttpClientConfig.Builder builder = new com.ning.http.client.AsyncHttpClientConfig.Builder();
NingWSClient wsc = new play.libs.ws.ning.NingWSClient(builder.build());
WSRequestHolder holder = wsc.url("http://www.simpleweb.org/");
This works. However, my application needs to access a secure web service that uses SSL. I have a PKCS12 cert for my client. How can I get WS to use this certificate to establish a secure connection?
To be clear, this isn't a Play application.
Its not possible directly with WS. Play docs says : "WS does not support client certificates (aka mutual TLS / MTLS / client authentication). You should set the SSLContext directly in an instance of AsyncHttpClientConfig and set up the appropriate KeyStore and TrustStore."
You could do something like this maybe:
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory
.getDefaultAlgorithm());
KeyStore keyStore = KeyStore.getInstance("pkcs12");
InputStream inputStream = new FileInputStream("YOUR.p12");
keyStore.load(inputStream, "Your password as char[]");
keyManagerFactory.init(keyStore, "Your password as char[]");
SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(keyManagerFactory.getKeyManagers(), null,new SecureRandom());
AsyncHttpClientConfig httpClientConfig = new AsyncHttpClientConfig.Builder().setSSLContext(sslContext).build();
AsyncHttpClient httpClient = new AsyncHttpClient(httpClientConfig);
You want to use the parser. See https://www.playframework.com/documentation/2.3.x/KeyStores for details about the configuration.
val config = play.api.Configuration(ConfigFactory.parseString("""
|trustManager = {
| stores = [
| { type: "pkcs12", path: "/path/to/pkcs12/file", password: "foo" }
| ]
|}
""".stripMargin))
val parser = new DefaultSSLConfigParser(config, app.classloader)
val sslConfig = parser.parse()
val clientConfig = new DefaultWSClientConfig(sslConfig = sslConfig)
val secureDefaults = new NingAsyncHttpClientConfigBuilder(clientConfig).build()
val builder = new AsyncHttpClientConfig.Builder(secureDefaults)
val wsc = new play.libs.ws.ning.NingWSClient(builder.build());
val holder = wsc.url("http://www.simpleweb.org/");
- Make sure you have added your Certificate to your trust-store like
this:
keytool -import -trustcacerts -keystore
{JAVA_HOME}/jre/lib/security/cacerts -noprompt -alias
-file {CORRECT_PATH}/what_ever.crt
- If still the problem exists, set the path directly by setting java parameters in your execution command line like this:
-Djavax.net.ssl.trustStore={JAVA_HOME}/jre/lib/security/cacerts