Skip to main content

PFX Certificate key based secured REST API Invocation in OSB with JAVA

Hello,

Today we are going to see how we can invoke a REST API which is secured with private key & certificate which requires two way SSL for successful invocation.

Before starting development what we need:

  1. Certificate.pfx file
  2. This PFX file contain a CERTIFICATE AND KEY, which will be used for two way SSL
  3. REST API URL like "https://SERVERURL/URL/connect/token"
JAVA implementation:
We need to use below external JAR's for making HTTP Call.

Below is sample JAVA code for same:


package com.api.client;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.URL;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.logging.Logger;

import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;

public class APIClient {

private static final Logger LOG = Logger.getLogger(APIClient.class
.getName());
private static final String CLIENT_KEYSTORE_TYPE = "PKCS12";
private static final String CLIENT_KEYSTORE_PATH = "ABS PATH\\Certificate.pfx";
private static final String CLIENT_KEYSTORE_PASS = "Password";

/*REQUEST PARAMS*/
        private static final String SCOPE = "SCOPE";
private static final String client_secret = "client_secret ";
private static final String grant_type = "grant_type";
private static final String client_id = "client_id ";
       /*REQUEST PARAMS*/
private static final String SERVICEURL = "https://SERVERURL/URL/connect/token";
private static final String proxyServerURL = "PROXY SERVER NAME";
private static final String proxyServerPort = "80";


public static void main(String[] args) throws Exception {
System.out.println("API RESPONSE"
+ (requestTimestamp(SCOPE, client_secret, grant_type,
client_id, SERVICEURL, CLIENT_KEYSTORE_PATH,
CLIENT_KEYSTORE_PASS, proxyServerURL, proxyServerPort,
"0")));
}

       /* THIS METHOD WILL BE CALLED FROM OSB JAVA CALLOUT, OSB JAVA CALLOUT WILL SEND ALL PARAMETERS*/
public static String requestTimestamp(String Scope, String client_secret,
String grant_type, String client_id, String SERVICEURL,
String PFX_location, String PFX_Password, String proxyServerURL,
String proxyServerPort, String withProxy) throws Exception {
String JsonResponse = "";

                /*IN CASE YOU ARE GOING TO INVOKE API WITH PROXY SERVER, IN CASE YOU DON'T NEED ANY PROXY SERVER REMOVE THIS LINE CODE & IT'S MAPPING*/
Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(
proxyServerURL, Integer.parseInt(proxyServerPort)));

URL url = new URL(null, SERVICEURL, new sun.net.www.protocol.https.Handler()); 

String requestParams = "scope=" + SCOPE + "&grant_type=" + grant_type + "&client_id=" + client_id + "&client_secret=" + java.net.URLEncoder.encode(client_secret); 
 HttpsURLConnection con = (HttpsURLConnection) url.openConnection(proxy); setConnectionProps(con); 
 SSLContext context = getSSLSocketFactory(PFX_location, PFX_Password); 
 SSLSocketFactory sockFact = context.getSocketFactory(); 
 con.setSSLSocketFactory(sockFact); 
 // Send the request 
 OutputStream outputStream = con.getOutputStream(); outputStream.write(requestParams.getBytes("UTF-8")); 
 outputStream.close(); 
 // Check for errors 
 int responseCode = con.getResponseCode();
 InputStream inputStream; 
 if (responseCode == HttpURLConnection.HTTP_OK) 
{ inputStream = con.getInputStream(); } 
else { inputStream = con.getErrorStream(); } 
 // Process the response 
 BufferedReader reader; reader = new BufferedReader(new InputStreamReader(inputStream)); 
 while ((JsonResponse = reader.readLine()) != null) 
{ return JsonResponse; } 
 inputStream.close(); 
 return null;
}

private static void setConnectionProps(HttpsURLConnection con)
throws Exception {
con.setRequestProperty("Connection", "close");
con.setDoInput(true);
con.setDoOutput(true);
con.setUseCaches(false);
con.setConnectTimeout(30000);
con.setReadTimeout(30000);
con.setRequestMethod("POST");
con.setRequestProperty("Content-Type",
"application/x-www-form-urlencoded");
con.setRequestProperty("Accept", "application/json");
}

private static SSLContext getSSLSocketFactory(String PFX_location,
String PFX_Password) throws Exception {
SSLContext context = null;
File pKeyFile = new File(PFX_location);
KeyManagerFactory keyManagerFactory = KeyManagerFactory
.getInstance("SunX509");
KeyStore keyStore = KeyStore.getInstance(CLIENT_KEYSTORE_TYPE);
InputStream keyInput = new FileInputStream(pKeyFile);
keyStore.load(keyInput, PFX_Password.toCharArray());
keyInput.close();
keyManagerFactory.init(keyStore, PFX_Password.toCharArray());
context = SSLContext.getInstance("TLS");
context.init(keyManagerFactory.getKeyManagers(), null,
new SecureRandom());
return context;
}
}


THIS PIECE OF CODE WILL RETURN YOU API RESPONSE WITH 2-WAY SSL. 
In this piece of code method "getSSLSocketFactory" will associate key & certificate with the request.

  • Export this JAVA project into one JAR file, This JAR is going to be used inside OSB JAVA CALLOUT.
  • Before OSB development, we have to configure CLASSPATH with these JAR files that we used in JAVA project so when OSB make a JAVA CALLOUT over our newly created JAR, it don't throw CLASS NOT FOUND EXCEPPTION.
OSB SERVER CONFIGURATION:

1.Copy jars at any location on SOA Server, in DEV server cases, it is on "/https_Rest_jar_files"
2.Also copy "Certificate.pfx" at same location.
3.Change values in DVM
4. Open the file %DOMAIN_HOME/BIN% “setDomainEnv” in edit mode.
5.POST_CLASSPATH="/https_Rest_jar_files/commons-codec-1.9.jar${CLASSPATHSEP}/https_Rest_jar_files/commons-logging-1.2.jar${CLASSPATHSEP}/https_Rest_jar_files/httpclient-4.5.2.jar${CLASSPATHSEP}/https_Rest_jar_files/httpcore-4.4.4.jar${CLASSPATHSEP}${POST_CLASSPATH}"
export POST_CLASSPATH
6.restart server.


OSB SIDE DEVELOPMENT:

Now we need to design one OSB project with OSB proxy & pipe line which will invoke this REST API CLIENT JAR.


Enjoy reading!!!

Have any question, post me!!!

Labels:

Comments

  1. AnonymousJune 5, 2020 at 6:08 AM

    We recommend the use of RSA based authentication for Bot applications. Perform this authentication process using client certificates or a JSON Web Token. REST API callers must authenticate to the Pod and the Key Manager separately. Compile And Run Java Programs

    ReplyDelete
  2. UnknownAugust 15, 2020 at 2:57 AM

    Hi, I've followed the same as mentioned above; but it throws error saying "java.io.IOException: keystore password was incorrect".
    The pfx certificate and password are valid and works fine when invoke the api from postman.

    any help?

    ReplyDelete
  3. UnknownJuly 18, 2021 at 9:58 AM

    Thank you

    ReplyDelete
  4. safeeqApril 13, 2022 at 10:55 PM

    Hi Sandeep, Do you have a few min for a quick call on this PFX Certificate key. We have an issue and looking for a solution. It would be great if you can connect. Thanks
    Safeeq

    ReplyDelete
    Replies
    1. Sandeep PachauriApril 14, 2022 at 12:21 AM

      Hi,

      You can post your question here, will try to answer... Not possible to join any call...sorry

      Delete
  5. AnonymousAugust 18, 2023 at 1:01 AM

    outdated code, sun.net.www.protocol.jar.Handler is obsolete and there is no replacement

    ReplyDelete

Post a Comment

Popular posts from this blog

Oracle SOA 12C rest adapter with Custom HTTP headers

Most existing web applications are connected through web services, which are commonly known as SOAP services. More and more users are relying on mobile devices for communication, and they’re looking for lighter ways to access enterprise information on the go. REST services are the answer for the mobile device platform, because they get rapid responses and fast access to data. Oracle SOA Suite 12 c  provides a complete set of service infrastructure components for designing, deploying, and managing composite applications. Oracle SOA Suite 12 c  enables services to be created, managed, and orchestrated into composite applications and business processes. Some time we have need to send HTTP headers in REST service, In OSB we use header component and add what ever is needed but in oracle SOA 12C it's little bit different. Let see how we can do it. Create one SOA Application. Create one SOA Sample project inside SOA Application. Go to composite and drag drop REST adapt
22 comments
Read more

Dynamic Routing in OSB 12C

Dynamic Routing in OSB cab be used when the BusinessService endpoint required to be determine at runtime in message flow. Consider a scenario where OSB has to route the incoming requests to 2 different services based on the CustomerType element value sent in the payload. So create a XQuery resource with the following contents. Observe that we are using the absolute path of business service in configuration as required by dynamic routing. Following is the XML schema that we use:>>  Customer.xsd <?xml version="1.0" encoding="windows-1252" ?> <xsd:schema targetNamespace="http://xmlns.oracle.com/schema/Customer" xmlns:xsd="http://www.w3.org/2001/XMLSchema"             xmlns:ns1="http://xmlns.oracle.com/schema/Customer">   <xsd:complexType name="Customer">     <xsd:sequence>       <xsd:element name="CustomerId" type="xsd:string"/>       <xsd:elemen
14 comments
Read more

Swagger API document from Any WADL & Schema in Oracle SOA

Hi everyone, Hope everyone is doing well these days, Recently i started a project work over how to generate swagger API document for your any REST API, In case if you don't know what is swagger please go and check " https://swagger.io/tools/swagger-editor/ ". It's a great and easy to use tool which will help to create user friendly, human readable form API documentation with extension for generating API client in different languages with capability of testing your API from same. What is swagger editor, Design, describe, and document your API on the first open source editor fully dedicated to OpenAPI-based APIs. The Swagger Editor is great for quickly getting started with the OpenAPI (formerly known as the Swagger Specification) specification, with support for Swagger 2.0 and OpenAPI 3.0.  What benefits you will get by using swagger, Runs Anywhere, The Editor works in any development environment, be it locally or in the web. Smart Feedback, Validate you
8 comments
Read more