Home > OS >  Can we use Bouncy Castle to store and use this 5 CRT files dynamically
Can we use Bouncy Castle to store and use this 5 CRT files dynamically

Time:09-17

We have 5 customers with 5 CRT files and a single spring boot app to manage SSL communications with a third party API.

Configuring one CRT into the keystore we can communicate flawlessly with the third party API.

Now, the question is, can we use Bouncy Castle to store and use this 5 CRT files dynamically? Also, they can be stored programatically?

If not, there is any other way? We are using RestTemplate for our connections.

CodePudding user response:

Please check the Java Keystore API. You have a detailed explanation on how to manage keystores programatically here: Java Keystore API usage example

CodePudding user response:

You can try this code. Please note that creation of RestTemplate is time consuming, so you should create 5 RestTemplate beans for your 5 connections and later just consume them. They are in any case thread-safe.


import org.apache.http.client.HttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.ssl.SSLContextBuilder;
import org.springframework.http.client.ClientHttpRequestFactory;
import org.springframework.web.client.RestTemplate;

----------------------------------------------------------------------

        SSLContext sslContext = SSLContextBuilder.create()
                .loadKeyMaterial( file_jks, password)      // path to your .jks file with its password
                                                           // (it can be also .p12), 
                                                           // note that this method is important if 
                                                           // SERVER expects your CLIENT certificate for connection. 
                                                           // It is also called 2-way-ssl
                .loadTrustMaterial( file_jks , password)   // path yo your .jks file with its password. 
                                                           // (again, it can be .p12)
                                                           // you will use this method if SERVER has i.e. self-signed certificate
                                                           // or any other certificate that is not trusted by CA
                .setProtocol("TLS1.2")                
                .build();
        
        HttpClient httpClient = HttpClientBuilder.create()
                .setSSLContext(sslContext)
                .build();


        ClientHttpRequestFactory requestFactory = 
                new HttpComponentsClientHttpRequestFactory(httpClient);

        RestTemplate restTemplate = new RestTemplate();
        restTemplate.setRequestFactory(requestFactory);

Besides spring-boot-starter-web dependency, you should also import

        <dependency>
            <groupId>org.apache.httpcomponents</groupId>
            <artifactId>httpclient</artifactId>
            <version>${change-version}</version>
        </dependency>
  • Related