Skip to content

Instantly share code, notes, and snippets.

@infamousjoeg
Last active January 28, 2022 15:34
Show Gist options
  • Save infamousjoeg/8bcfaf8a20e109fbcde6f56c74b3983a to your computer and use it in GitHub Desktop.
Save infamousjoeg/8bcfaf8a20e109fbcde6f56c74b3983a to your computer and use it in GitHub Desktop.
How to use CCP Client Certificate Authentication with Java
// This is “first-party” way to do it, using only plain Java libraries.
// Starting from the top, one needs to configure an HTTP client. The only requirement here is that we need something that can accept an instance of `javax.net.SSLContext`, which it can use to create connections.
// This `SSLContext` is the class that can be configured to facilitate the authentication, but it must be done with the `javax.net.ssl.KeyManager` class.
// To create the `KeyManagers`, one can use `KeyManagerFactory` as follows:
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore clientCertKeyStore = getKeyStoreWithKey(cyberArkCCP.getKey(), cyberArkCCP.getKeyPassword());
keyManagerFactory.init(clientCertKeyStore, cyberArkCCP.getKeyPassword().toCharArray());
KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
// Where `getKeyStoreWithKey` returns a `KeyStore` with the client certificate (both public and private) key are loaded (`KeyStore.load`).
// Finally, we can get the `SSLContext` to use the `KeyManagers` as follows:
sslContext.init(keyManagers, trustManagerFactory.getTrustManagers(), null);
// Note that I used a `TrustManagerFactory` I prepared earlier – I believe the value `null` will cause the `SSLContext` to retrieve the default trust managers.
// Once this `SSLContext` is delivered to a client, then that should be it – the presence of the `KeyManagers` should let the HTTP client carry out the authentication.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment