scalaj-http icon indicating copy to clipboard operation
scalaj-http copied to clipboard

Published 20 hours ago verified publisher icon scalaj

http option with ssl

Open kashifali94 opened this issue 7 years ago • 7 comments

hi, i want to connect the api which is secure by client certs and key data but i'm unable to find any information regrading how to create sslSocketFactory can you guys help ?

kashifali94 avatar Aug 18 '18 17:08 kashifali94

Hello, I've not tried this myself, but I found example for you here: http://vafer.org/blog/20061010073725/

Once you've created the SSLSocketFactory pass it into the request like this: Http(url).option(HttpOptions.sslSocketFactory(factory)).asString

hoffrocket avatar Aug 18 '18 18:08 hoffrocket

@hoffrocket , hi i have tried that but in the given example the information is not completed like i have a client.certs and client.key right so they are using for SSL but in the given example they are adding .pem to keystore which i don't have and i'm kind of stuck here

kashifali94 avatar Aug 19 '18 11:08 kashifali94

Google for openssl cert key to pem

On Sun, Aug 19, 2018 at 07:50 Kashif Ali [email protected] wrote:

@hoffrocket https://github.com/hoffrocket , hi i have tried that but in the given example the information is not completed like i have a client.certs and client.key right so they are using for SSL but in the given example they are adding .pem to keystore which i don't have and i'm kind of stuck here

— You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub https://github.com/scalaj/scalaj-http/issues/176#issuecomment-414122572, or mute the thread https://github.com/notifications/unsubscribe-auth/AABfWDt-QXXzjwcactzXlB_Hdwpg7TBOks5uSVD7gaJpZM4WCqE8 .

hoffrocket avatar Aug 19 '18 12:08 hoffrocket

@hoffrocket thanks for the help yes i'm doing from last three days.

kashifali94 avatar Aug 19 '18 14:08 kashifali94

Sorry, I don't have expertise here. Assuming you've seen this, but maybe what you're looking for? https://stackoverflow.com/questions/991758/how-to-get-pem-file-from-key-and-crt-files

On Sun, Aug 19, 2018 at 10:03 AM Kashif Ali [email protected] wrote:

@hoffrocket https://github.com/hoffrocket thanks for the help yes i'm doing from last three days.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/scalaj/scalaj-http/issues/176#issuecomment-414129948, or mute the thread https://github.com/notifications/unsubscribe-auth/AABfWCDJfOWewjTkj4ltMODLQ5DpsmySks5uSXAkgaJpZM4WCqE8 .

hoffrocket avatar Aug 19 '18 18:08 hoffrocket

@hoffrocket thanks for the time sir, actually i want to connect the kuberenetes apis which are secured by client-cert and client-key in the scalaj-http we can hit the api thorugh certs with the given option .options(http.options(sslSocketFactory)) now i don't find any related work so how can i use the given certs and create sslSocketFactory object

kashifali94 avatar Aug 20 '18 15:08 kashifali94

Hi @kashifali94

I am probably two years late and maybe you have already found the solution. It caught my attention that this issue is still open, so I wanted to provide the answer which could help you, potentially also others with similar kind of challenges.

Basically what you are looking is how to configure and SSLSocketFactory with mutual tls, also known as mutual authentication. What you actually need to do is to configure an SSLContext with your a keymaterial and a trustmaterial. Keymaterial contains your client (as you are a consumer of kubernetes api) certificate (your private and public key). Trustmaterial should contain the certificate of the kubernetes api. In this way you can validate the server and the server can validate your identity. If we translate this description into code, it would look like this:

String url = ...;
KeyStore keyStore = ...;
TrustStore trustStore = ...;

KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, keyStorePassword);

TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);

SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);

HttpResponse<String> response = Http.apply(url)
    .method("GET")
    .option(HttpOptions.sslSocketFactory(sslContext.getSocketFactory()))
    .asString();

There are three libraries which I know that can help you to easily create a sslContext for mutual authentication:

I place here github/mutual-tls-ssl a working example of ScalaJ with mutual authentication. See here for an example request

Hakky54 avatar Mar 15 '20 00:03 Hakky54