如何将 SSL 客户端证书与 Apache commons http 客户端一起使用

Question

My application is using Apache Commons HTTP Client to consume HTTP service URL. Now we have to move over HTTPS endpoint URL. To consume the same, we received SSL Client Certificate. How we can use .JKS with password while consuming HTTPS URL ? (Due to application limitations cant use other APIs)

KeyStore identityKeyStore = KeyStore.getInstance("JKS");
FileInputStream identityKeyStoreFile = new FileInputStream(new File(certificatePath));
identityKeyStore.load(identityKeyStoreFile, password.toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(identityKeyStore);
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
keyManagerFactory.init(identityKeyStore, password.toCharArray());
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(keyManagerFactory.getKeyManagers(), tmf.getTrustManagers(), null);
SSLContext.setDefault(sslContext);        
PostMethod post = new PostMethod("https://url");
    HttpClient httpClient = new HttpClient();
    String reqMessage = getSolaceRequestMessage(message,hostName,port,authentication);
    Part[] parts = {
        new StringPart("reqMessage", message),
    };
    post.setRequestEntity(
        new MultipartRequestEntity(parts, post.getParams())
    );
    httpClient.executeMethod(post);

Answer 1

The *.jks we use in the back service part.

I can give you a example of my project Java Spring boot, I change http --> https in my back service and I added my certificate in Nginx.

Example of https simple services

When you changed back service you can call https directly in your front application(ex.web angular).

Answer 2

I used below implementation which worked for me as had limitation not to upgrade the http client libraries.

System.setProperty(JAVAX_NET_SSL_TRUSTSTORE, "H://certificateFile.jks");
System.setProperty(JAVAX_NET_SSL_TRUSTSTORE_KEY, "abcd");