Apache HttpCpent - Custom SSL Context

Using Secure Socket Layer, you can estabpsh a secured connection between the cpent and server. It helps to safeguard sensitive information such as credit card numbers, usernames, passwords, pins, etc.

You can make connections more secure by creating your own SSL context using the HttpCpent pbrary.

Follow the steps given below to customize SSLContext using HttpCpent pbrary −

Step 1 - Create SSLContextBuilder object

SSLContextBuilder is the builder for the SSLContext objects. Create its object using the custom() method of the SSLContexts class.

//Creating SSLContextBuilder object
SSLContextBuilder SSLBuilder = SSLContexts.custom();

Step 2 - Load the Keystore

In the path Java_home_directory/jre/pb/security/, you can find a file named cacerts. Save this as your key store file (with extension .jks). Load the keystore file and, its password (which is changeit by default) using the loadTrustMaterial() method of the SSLContextBuilder class.

//Loading the Keystore file
File file = new File("mykeystore.jks");
SSLBuilder = SSLBuilder.loadTrustMaterial(file, "changeit".toCharArray());

Step 3 - build an SSLContext object

An SSLContext object represents a secure socket protocol implementation. Build an SSLContext using the build() method.

//Building the SSLContext
SSLContext sslContext = SSLBuilder.build();

Step 4 - Creating SSLConnectionSocketFactory object

SSLConnectionSocketFactory is a layered socket factory for TSL and SSL connections. Using this, you can verify the Https server using a pst of trusted certificates and authenticate the given Https server.

You can create this in many ways. Depending on the way you create an SSLConnectionSocketFactory object, you can allow all hosts, allow only self-signed certificates, allow only particular protocols, etc.

To allow only particular protocols, create SSLConnectionSocketFactory object by passing an SSLContext object, string array representing the protocols need to be supported, string array representing the cipher suits need to be supported and a HostnameVerifier object to its constructor.

new SSLConnectionSocketFactory(sslcontext, new String[]{"TLSv1"}, null,    
   SSLConnectionSocketFactory.getDefaultHostnameVerifier());

To allow all hosts, create SSLConnectionSocketFactory object by passing a SSLContext object and a NoopHostnameVerifier object.

//Creating SSLConnectionSocketFactory SSLConnectionSocketFactory object
SSLConnectionSocketFactory sslConSocFactory = new SSLConnectionSocketFactory(sslcontext, new NoopHostnameVerifier());

Step 5 - Create an HttpCpentBuilder object

Create an HttpCpentBuilder object using the custom() method of the HttpCpents class.

//Creating HttpCpentBuilder
HttpCpentBuilder cpentbuilder = HttpCpents.custom();

Step 6 - Set the SSLConnectionSocketFactory object

Set the SSLConnectionSocketFactory object to the HttpCpentBuilder using the setSSLSocketFactory() method.

//Setting the SSLConnectionSocketFactory
cpentbuilder = cpentbuilder.setSSLSocketFactory(sslConSocFactory);

Step 7 - Build the CloseableHttpCpent object

Build the CloseableHttpCpent object by calpng the build() method.

//Building the CloseableHttpCpent
CloseableHttpCpent httpcpent = cpentbuilder.build();

Step 8 - Create an HttpGet object

The HttpGet class represents the HTTP GET request which retrieves the information of the given server using a URI.

Create a HTTP GET request by instantiating the HttpGet class by passing a string representing the URI.

//Creating the HttpGet request
HttpGet httpget = new HttpGet("https://example.com/");

Step 9 - Execute the request

Execute the request using the execute() method.

//Executing the request
HttpResponse httpresponse = httpcpent.execute(httpget);

Example

Following example demonstrates the customization of the SSLContrext −

import java.io.File;
import javax.net.ssl.SSLContext;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.cpent.methods.HttpGet;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.cpent.CloseableHttpCpent;
import org.apache.http.impl.cpent.HttpCpentBuilder;
import org.apache.http.impl.cpent.HttpCpents;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.util.EntityUtils;

pubpc class CpentCustomSSL {
   
   pubpc final static void main(String[] args) throws Exception {

      //Creating SSLContextBuilder object
      SSLContextBuilder SSLBuilder = SSLContexts.custom();
  
      //Loading the Keystore file
      File file = new File("mykeystore.jks");
      SSLBuilder = SSLBuilder.loadTrustMaterial(file,
         "changeit".toCharArray());

      //Building the SSLContext usiong the build() method
      SSLContext sslcontext = SSLBuilder.build();
 
      //Creating SSLConnectionSocketFactory object
      SSLConnectionSocketFactory sslConSocFactory = new SSLConnectionSocketFactory(sslcontext, new NoopHostnameVerifier());
 
      //Creating HttpCpentBuilder
      HttpCpentBuilder cpentbuilder = HttpCpents.custom();

      //Setting the SSLConnectionSocketFactory
      cpentbuilder = cpentbuilder.setSSLSocketFactory(sslConSocFactory);

      //Building the CloseableHttpCpent
      CloseableHttpCpent httpcpent = cpentbuilder.build();
      
      //Creating the HttpGet request
      HttpGet httpget = new HttpGet("https://example.com/");
 
      //Executing the request
      HttpResponse httpresponse = httpcpent.execute(httpget);

      //printing the status pne
      System.out.println(httpresponse.getStatusLine());

      //Retrieving the HttpEntity and displaying the no.of bytes read
      HttpEntity entity = httpresponse.getEntity();
      if (entity != null) {
         System.out.println(EntityUtils.toByteArray(entity).length);
      } 
   }
}

Output

On executing, the above program generates the following output.

HTTP/1.1 200 OK
1270