February 6, 2007

Server to Server Certificate Presentation

Filed under: ColdFusion, Java — Phillip Holmes @ 12:25 pm

Some application service providers and payment systems (such as Global Collect) require you to present a mutually agreed upon SSL certificate to them in order to authenticate and use their services. This is certainly a one-off scenario and that is what the I.T. posts on my blog are all about.

The code below is written in Java and called as a servlet via ColdFusion (which is another API for Java). Anyway, it presents the certificate via a direct call to the path. During my research on this challenge, I also saw that you can use the Java certificate store to present the certificate. However, I could never get ColdFusion to do this. I followed recommendations by Sun documentation and other blogs but after spending days trying to figure it out, I just settled for calling the direct path to the certificate.

There are a couple advantages to the 'direct path' method (aside from the fact that it works 100% of the time). First, you could actually just make the path an argument in the function and keep the key wherever on the box. Secondly, the 'direct path' call relieves the server admininistrator of having to import the SSL key to the java certificate store for every new client or update ones that are there. This would make a shared host scenario hard to manage. This way, users can just FTP their certs up and supply the path to the servlet.

Anyway, enough rambling... here it is.. Hope it helps you.

PLAIN TEXT

CODE:

  1. /*
  2. *
  3. * Created on April 05, 2006, 10:10 AM
  4. * Author: Phillip B. Holmes
  5. */
  6.  
  7.  
  8. import java.net.*;
  9. import java.io.*;
  10.  
  11. public class ReadHttpsURL {
  12.     public static String uri;
  13.     public static String XML;
  14.    
  15.     public static void main(String args[]){
  16.        ReadHttpsURL obj = new ReadHttpsURL();
  17.        obj.readit(uri,XML);
  18.     }
  19.    
  20.       public String readit(String uri, String XML) {
  21.         try{
  22.             System.setProperty("javax.net.ssl.keyStore", "d:\\cfusion\\runtime\\jre\\lib\\security\\ssmt.pfx");
  23.             System.setProperty("javax.net.ssl.keyStorePassword", "your_certs_password");
  24.             System.setProperty("javax.net.ssl.keyStoreType", "pkcs12");
  25.             System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
  26.             String message;
  27.             URL url = new URL(uri);
  28.            
  29.             URLConnection conn = url.openConnection();
  30.             conn.setDoOutput(true);
  31.             conn.setRequestProperty("Content-Type", "text/xml");
  32.             BufferedWriter out = new BufferedWriter(new OutputStreamWriter(conn.getOutputStream()));
  33.  
  34.             out.write(XML);
  35.             out.flush();
  36.  
  37.             // Get the response
  38.             BufferedReader in = new BufferedReader(new InputStreamReader(conn.getInputStream()));
  39.             String line;
  40.             StringBuffer sb = new StringBuffer();
  41.             while ((line = in.readLine()) != null) {
  42.                sb.append(line);
  43.             }
  44.             message = sb.toString();
  45.  
  46.             in.close();
  47.             out.close();
  48.            
  49.             return message;
  50.  
  51.         } catch (Exception e) {
  52.               String message = "exception: " + e.getMessage();
  53.               return message;
  54.         }
  55.    }
  56. }

The Holmes Blog