by dave fauth on January 17, 2012
Last week, my son (@dsfauthii) and I went to Copper Mountain (@CopperMtn) for 3 days of skiing. 
As I was skiing, a few thoughts came to mind related to business and life in general.
1. Have fun. I’m not the best skiier but had a great time skiing most of the mountain. Colorado skiing is such a difference from East Coast skiing. The mountains were much higher, the trails longer and more challenging. Still, we had a great time all three days.
2. Take on new challenges. I had never skiied anything like Copper Mountain. The trails were more challenging and faster than I was used to. It took about half of the first day before I was ready to tackle the blue trails. After some success, I was more confident and knew I could tackle these courses. By the last day, I even took on a couple of black diamonds. Sure I fell a couple of times, but I was confident when I was done with those trails. The end result was worth the risk and challenges.
3. Focus. As I’m not the best skiier, I had to tell myself to focus all of the time. I needed to know who was behind me, who was gaining on me, what was ahead, who I was overtaking and where the trail was going. If I wasn’t focusing, it wasn’t long before I was struggling to stay up.
4. Enjoy the experience. This was a great trip for me and my son because we had a shared experience. I’d rather enjoy the experience with someone than by myself.
by dave fauth on January 17, 2012
This post is meant to remind me on how to implement SSL certificates within Java. It was definitely a learning experience digging into trust stores and keystores.
Installation of client certificates in a Java client environment
This section describes the steps required to install the provided certificates in a Java client environment. In general you will create a new Java keystore and truststore using the files and password we have provided. Here are the steps to follow:
1. Make sure you have access to a Java 6 installation. You only need this for the keytool utility. The files you create with Java 6 are fully compatible with Java 5 but the keytool utility in Java 5 does not support importing PKCS #12 files.
2. Import the PKCS #12 file provided into a new keystore by issuing the following command: (Use the CLEAR Administrator provided password for all password prompts)
keytool -importkeystore -v -srckeystore clientcert.p12 -srcstoretype PKCS12 –keystore newstore.ks
3. Next create a truststore that includes the CA certificate: (You can select you own password)
keytool -import -v -keystore newtrust.ks -file cacertfile.pem
4. Finally use the Java system properties when running your client to ensure that the proper certificate is selected during SSL negotiation. The properties are:
-Djavax.net.ssl.keyStore=newstore.ks \
-Djavax.net.ssl.keyStorePassword= \
-Djavax.net.ssl.trustStore=newtrust.ks \
-Djavax.net.ssl.trustStorePassword=
For keytool commands, I referred to this site: http://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html
A good site for troubleshooting is: http://confluence.atlassian.com/display/JIRA/Connecting+to+SSL+services
I ended up using the SSLPoke.java file on the atlassian site to help troubleshoot the SSL connection. This really helped understand connection issues.
Sample code within Palantir
Within Palantir, I was able to use the following code to successfully connect to the SSL endpoint.
String string = "";
StringBuffer sb = new StringBuffer();
sb.append("");
String strGetURL = strURL;
try {
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
InputStream keyInput = this.getClass().getResourceAsStream("/newstore.ks");
keyStore.load(keyInput, "certificatepwd".toCharArray());
keyInput.close();
keyManagerFactory.init(keyStore, "certificatepwd".toCharArray());
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
InputStream trustInput = this.getClass().getResourceAsStream("/newtrust.ks");
trustStore.load(trustInput, "certificatepwd".toCharArray());
trustInput.close();
trustManagerFactory.init(trustStore);
SSLContext sct = SSLContext.getInstance("SSL");
sct.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());
SSLContext.setDefault(sct);
SSLSocketFactory sslsocketfactory = sct.getSocketFactory();
// SSLSocket socket = (SSLSocket)factory.createSocket(host, port);
// SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
String username="username:password";
String encoding = new sun.misc.BASE64Encoder().encode (username.getBytes());
URL url = new URL(strGetURL);
HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
conn.setRequestProperty ("Authorization", "Basic " + encoding);
conn.setRequestProperty ( "Content-Type", "application/xml" );
conn.setRequestMethod("GET");
conn.setDoOutput(true);
conn.setSSLSocketFactory(sslsocketfactory);
InputStream inputstream = conn.getInputStream();
InputStreamReader inputstreamreader = new InputStreamReader(inputstream);
BufferedReader bufferedreader = new BufferedReader(inputstreamreader);
string = null;
while ((string = bufferedreader.readLine()) != null) {
// System.out.println("Received " + string);
sb.append(string);
}
} catch (Exception exception) {
exception.printStackTrace();
}
return sb.toString();
}
As I mentioned earlier, this is mostly for my usage for future deployments. If someone else finds it useful, I’m glad that you were helped.
As I was skiing, a few thoughts came to mind related to business and life in general.