To configure Spring RestTemplate to use a client certification in a HTTPS connection, you can follow these steps:
- Defines and loads a KeyStore to store a client certificate. In this example, the certificate stored in a PKCS12 archive.
12KeyStore clientStore = KeyStore.getInstance("PKCS12");clientStore.load(new FileInputStream("/path/to/certfile"), "certpassword".toCharArray()); - Defines a SSLContextBuilder to custom and build the SSL context to be used with the RestTemplate. In this example, we need to connect to the host with self-signed certificate, so we have to load TrustSelfSignedStrategy() in the loadTrustMaterial() method.
1234SSLContextBuilder sslContextBuilder = new SSLContextBuilder();sslContextBuilder.useProtocol("TLS");sslContextBuilder.loadKeyMaterial(clientStore, "certpassword".toCharArray());sslContextBuilder.loadTrustMaterial(new TrustSelfSignedStrategy()); - Defines a SSLConnectionSocketFactory with the SSLContextBuilder from step 2.
1SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContextBuilder.build()); - Defines a ClosableHttpClient using HttpClients builder class and set SSLSocketFactory using SSLConnectionSocketFactory from step 3.
123CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslConnectionSocketFactory).build(); - Defines a HttpComponentsClientHttpRequestFactory using ClosableHttpClient from step 4, and configure timeout values.
123HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);requestFactory.setConnectTimeout(10000); // 10 secondsrequestFactory.setReadTimeout(10000); // 10 seconds - Finally, create a RestTemplate using HttpComponentsClientHttpRequestFactory from step 5.
1new RestTemplate(requestFactory); - To summarize.
12345678910111213141516171819@Beanpublic RestTemplate restTemplate() {KeyStore clientStore = KeyStore.getInstance("PKCS12");clientStore.load(new FileInputStream("/path/to/certfile"), "certpassword".toCharArray());SSLContextBuilder sslContextBuilder = new SSLContextBuilder();sslContextBuilder.useProtocol("TLS");sslContextBuilder.loadKeyMaterial(clientStore, "certpassword".toCharArray());sslContextBuilder.loadTrustMaterial(new TrustSelfSignedStrategy());SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContextBuilder.build());CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslConnectionSocketFactory).build();HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);requestFactory.setConnectTimeout(10000); // 10 secondsrequestFactory.setReadTimeout(10000); // 10 secondsreturn new RestTemplate(requestFactory);}
