Last active
January 28, 2022 15:34
-
-
Save infamousjoeg/8bcfaf8a20e109fbcde6f56c74b3983a to your computer and use it in GitHub Desktop.
How to use CCP Client Certificate Authentication with Java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// This is “first-party” way to do it, using only plain Java libraries. | |
// Starting from the top, one needs to configure an HTTP client. The only requirement here is that we need something that can accept an instance of `javax.net.SSLContext`, which it can use to create connections. | |
// This `SSLContext` is the class that can be configured to facilitate the authentication, but it must be done with the `javax.net.ssl.KeyManager` class. | |
// To create the `KeyManagers`, one can use `KeyManagerFactory` as follows: | |
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); | |
KeyStore clientCertKeyStore = getKeyStoreWithKey(cyberArkCCP.getKey(), cyberArkCCP.getKeyPassword()); | |
keyManagerFactory.init(clientCertKeyStore, cyberArkCCP.getKeyPassword().toCharArray()); | |
KeyManager[] keyManagers = keyManagerFactory.getKeyManagers(); | |
// Where `getKeyStoreWithKey` returns a `KeyStore` with the client certificate (both public and private) key are loaded (`KeyStore.load`). | |
// Finally, we can get the `SSLContext` to use the `KeyManagers` as follows: | |
sslContext.init(keyManagers, trustManagerFactory.getTrustManagers(), null); | |
// Note that I used a `TrustManagerFactory` I prepared earlier – I believe the value `null` will cause the `SSLContext` to retrieve the default trust managers. | |
// Once this `SSLContext` is delivered to a client, then that should be it – the presence of the `KeyManagers` should let the HTTP client carry out the authentication. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment