1
0
-1

i have to call a secure webservice/api using Fluent groovy service. I have following queries

  1. how to pass truststore and keystore details in Fluent groovy service
  2. how to pass instance of SSLSocketFactory in Fluent groovy service
  3. how can i bypass the certificate to call secure webservice/api in Fluent groovy service(to use in only test environment)

Thanks in advance for your help and suggestions

    CommentAdd your comment...

    1 answer

    1.  
      1
      0
      -1

       

      1. Create a Service Connection and add your client certificate in the Data File field, then select this Service Connection on the Details tab of your service in TM. This will then be accessible in your service code as:

        byte[] certificateData = svcDef.svcConn.fileData 


        If there is a password to open the certificate you can store that in the Password field of the Service Connection and access it at follows:

        String certificatePassword = svcDef.svcConn.password 
      2. Create your socket factory

        String certificatePassword = svcDef.svcConn.password 
        byte[] certificateData = svcConn.fileData
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType())
        keyStore.load(new ByteArrayInputStream(certificateData), certificatePassword.toCharArray())
        SSLContext sslContext = SSLContexts.custom()
                .loadKeyMaterial(keyStore, keyStorePass.toCharArray()).build()
        SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
                sslContext, protocols, null, SSLConnectionSocketFactory.getDefaultHostnameVerifier())


        Use it in your HttpRequest - e.g.:

        HttpRequest request = new PostRequest(endpointUrl).setSocketFactory(socketFactory)
      3. See Managing multiple service endpoints and credentials for external service calls 

       

      1. umakanta dalai

        Thanks Ben, This may help lot.

        I have few more queries

        1. in Data File field of service connection, what type of file I have to upload? is it a plain text file containing certificate? need some help on this.
        2.  what is keyStorePass here in below line of code? is it the password for keystore of certificate? loadKeyMaterial(keyStore, keyStorePass.toCharArray()).build()
        3. what is protocols here ?
        SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
                sslContext, protocols, null, SSLConnectionSocketFactory.getDefaultHostnameVerifier()
        4. how can I by pass certificate validation to calla secure service?
      2. umakanta dalai

        Hi Ben,

        we are putting keystore path, keystore password, truststore path, truststore password ..etc as service parameter. We are not uploading any cert in service definition.Also we are not using 'protocols'

        I am using svcDef.paramsMap.KeystorePath to access parameters

        for keystore we are using:

        def trustStore = KeyStore.getInstance("JKS")
        def instream = new FileInputStream(truststorePath)

        trustStore.load(instream, truststorePassword.toCharArray())

        def keyStore = KeyStore.getInstance("JKS")
        instream = new FileInputStream(keystorePath)

        keyStore.load(instream, keystorePassword.toCharArray())

        def kmf = KeyManagerFactory.getInstance("SunX509")
        kmf.init(keyStore, keystorePassword.toCharArray())

        def tmf = rustManagerFactory.getInstanceTrustManagerFactory.getDefaultAlgorithm())
        tmf.init(trustStore)
        def tms = tmf.trustManagers

        SSLContext sc = SSLContext.getInstance("SSL");
        sc.init(null, trustAllCerts, new java.security.SecureRandom());
        SSLSocketFactory sf= sc.socketFactory

        Can you please guide how can we reuse the code you provided at point#2 in this case?

         

         

      3. Ben Warner

        It would be best for you to create a support ticket for this to request further assistance.

      CommentAdd your comment...