Home > Software design >  How to convert curl command with key and cert to java spring boot code
How to convert curl command with key and cert to java spring boot code

Time:09-14

I am executing this curl command and it works well.

 curl --tlsv1.2 -k -iv -X POST -H "Content-Type:text/xml" --key node-key.key --cert node.crt  --data-raw 'PAYLOAD' https://IP_ADDRESS:PORT/uri -u "test:test"

I made a p12 file from the key and cert :

openssl pkcs12 -export -in node.crt -inkey node-key.key -out node-store.p12

and fetch the self sign cert from the server by this command (then save output in node-self-sign.pem):

 openssl s_client -connect IP_ADDRESS:PORT 2>/dev/null </dev/null |  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'

and generate jks for the node-self-sign.pem using this command :

keytool -keystore node-KeyStore.jks -alias selfsigncert -import -file node-self-sign.pem

and use jks file and p12 file in the following spring boot code :

 @PostConstruct
public void initEcwConnection() {
    try {
        File cert = new File(ecwCertPath);
        SSLContext sslContext = SSLContextBuilder.create()
                .loadTrustMaterial(jks,pass.toCharArray())
                .loadKeyMaterial(p12, pass.toCharArray(),pass.toCharArray())
                .build();
        CloseableHttpClient client = HttpClients.custom().setSSLContext(sslContext).build();
        requestFactory = new HttpComponentsClientHttpRequestFactory();
        requestFactory.setHttpClient(client);
    } catch (Exception exp) {
        LOGGER.error(exp.getMessage(), exp);
    }
}

and use restTemplate as following

  HttpHeaders headers = new HttpHeaders();
    File file = new File("paybundle.xml");
    FileInputStream fis = new FileInputStream(file);
    String payload = new String(fis.readAllBytes());
    HttpEntity<String> entity = new HttpEntity<String>(payload, headers);
    ResponseEntity<String> response = ecwTemplate.exchange("https://IP_ADDRESS:8010/vsl/preapproval",HttpMethod.POST, entity,String.class);
    System.out.println(response.getBody());

OUTPUT:

Caused by: javax.net.ssl.SSLPeerUnverifiedException: Certificate for <IP_ADDRESS> doesn't match any of the subject alternative names: []
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:507) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:437) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56) ~[httpclient-4.5.13.jar:4.5.13]
    at org.springframework.http.client.HttpComponentsClientHttpRequest.executeInternal(HttpComponentsClientHttpRequest.java:87) ~[spring-web-5.3.19.jar:5.3.19]
    at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48) ~[spring-web-5.3.19.jar:5.3.19]
    at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66) ~[spring-web-5.3.19.jar:5.3.19]
    at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:776) ~[spring-web-5.3.19.jar:5.3.19]
enter code here

CodePudding user response:

your almost done just check the CN in your certificate file using

openssl x509 -noout -subject -in node-self-sign.pem

and use the CN to connect to the server

  • Related