Ironic programmer: Making SSL calls with Grails

Wednesday, October 7, 2009

Making SSL calls with Grails

All of a sudden I realised that I have to call a service I have behind a SSL connection.

Using grails, this is easy to set up. Just create a couple of Groovy-classes and use it from the controller. It may be nescessary though to add the certificat of the SSL site to your JVM.

Adding the certificate

download the certificate you need, name it to something usefull, for example theSite.cer.
use keytool to add it. (needs JAVA_HOME/bin in the path)

keytool -import -keystore /pathToJava/jre/lib/security/cacerts -file theSite.cer  

Class to make the call
this is the class to actually do the work, calling the SSL url you want to reach.

import javax.net.ssl.SSLSocketFactory
import javax.net.ssl.SSLSocket
import java.security.*;

/**
 * @author theironicprogrammer@gmail.com
 */
class SSLConnector {
    String theurl
    String user
    String password
    public SSLConnector(url, user, pwd){
        this.theurl = url
        this.user = user
        this.password = pwd
    }

public String responseString(){
        // Dynamic registration of JSSE provider
        java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());

// Need to be set
     System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");

// Install Authenticator
        Authenticator.setDefault (new SSLAuthenticator(this.user,this.password));

URL url = new URL(this.theurl);
        BufferedReader br = new BufferedReader(new InputStreamReader(url.openStream()));

String line;

StringBuffer buff = new StringBuffer()
        while ((line = br.readLine()) != null){
            buff.append(line)
        }

br.close();

return buff.toString()
    }

}

Class for password authentication
this class is needed to authenticate you at the remote site.

In the controller you can then use the class to get a responsestring from the remote server.

/Peter

4 comments:

Keith GangerDecember 22, 2009 at 6:49 PM
Or you could just use

new XMLSlurper().parse("https://somewhere.com")

or def text = new URL("https://somewhere.com").text

My point is if you have a trusted certificate path https works just like http.
ReplyDelete
Replies
PeterJanuary 8, 2010 at 4:36 PM
Well, that is a much shorter way. Does it work on a site that requires username login?
ReplyDelete
Replies
abdzaJuly 26, 2011 at 1:46 PM
Thank you for the post, helps me out a lot. But I'd like to understand more regarding the options. Because I get a "https hostname wrong" error due to using self signed cert. Reading from here (http://www.java-samples.com/showtutorial.php?tutorialid=211) shows how to force the program to trust all certificate, but I can't relate anything from the code with the examples you have given. Any hints would be great. Thank you.
ReplyDelete
Replies
PeterJuly 31, 2011 at 2:23 PM
My example does not come from that site (I do not remember where I got it actually). But a quick look at it, it seams to happen in a specific setting. That is the certificate seams to be registerd on "www.samplesecuresite.com" but you are trying to call it with another URL och you get redirected somehow(someon can have had the cert issued on a local server lige my.localtrust.com but exposing an apache server to the world for calls on www.mysite.com). This means that your call and the trusted certificat does not have maching domains and the trust does not occur. I would not make a program to trust every cert available, that does not seam very secure for me. What if someone get a hold on your code and then calls your secured services? Then it is not very secure is it.
ReplyDelete
Replies

Add comment