Defining SSL 443 access using provided cacert.pem

Hi

In Java, I wish to establish a 443 SSL connection with remote endpoint using provided CAcerts.pem file.

I wias able to do such in PHP, but I do not how to do the same in Java:

// root certificate authority (CA) certificate $caCertPath = dirname(dirname(dirname(__FILE__))) . "/ssl/cacert.pem"; if (!file_exists($caCertPath)) { throw new \TangoCard\Sdk\Common\TangoCardSdkException('The CAcerts file is required: ' . $caCertPath ); } if ( $this->mapRequest() ) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL , $this->_path); curl_setopt($ch, CURLOPT_PORT , 443); curl_setopt($ch, CURLOPT_VERBOSE , 0); curl_setopt($ch, CURLOPT_HEADER , 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER , 1); curl_setopt($ch, CURLOPT_POST , 1); curl_setopt($ch, CURLOPT_POSTFIELDS , $this->_request_json); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER , true); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST , 2); curl_setopt($ch, CURLOPT_CAINFO , $caCertPath); curl_setopt($ch, CURLOPT_HTTPHEADER , array('Content-Type: application/json; charset=utf-8')); // make the request and get the response $responseJsonEncoded = curl_exec($ch); if(curl_errno($ch)) { $message = curl_error($ch); curl_close($ch); throw new \TangoCard\Sdk\Common\TangoCardSdkException($message); } curl_close($ch); $isSuccess = true; }

I started to work out the same with Java, with code that I have googled, but I am not sure how to assure it is using PORT 443 and to use the available CAcert.pem file.

protected String postRequest() throws Exception { if ( null == this._path ) { throw new TangoCardSdkException( "Member variable '_path' is null."); } String responseJsonEncoded = null; URL url = null; HttpsURLConnection connection = null; // configure the SSLContext with a TrustManager SSLContext ctx = SSLContext.getInstance("TLS"); ctx.init(new KeyManager[0], new TrustManager[] {new DefaultTrustManager()}, new SecureRandom()); SSLContext.setDefault(ctx); try { url = new URL(this._path); } catch(MalformedURLException e) { throw new TangoCardSdkException( "MalformedURLException", e ); } if ( this.mapRequest() ) { try { // connect to the server over HTTPS and submit the payload connection = (HttpsURLConnection)url.openConnection(); connection.setDoInput(true); connection.setDoOutput(true); connection.setRequestMethod("POST"); connection.setRequestProperty("Content-length", String.valueOf(this._str_request_json.length())); connection.setRequestProperty("Content-Type", "application/json; charset=utf-8"); connection.setHostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String arg0, SSLSession arg1) { return true; } }); // open up the output stream of the connection DataOutputStream output = new DataOutputStream( connection.getOutputStream() ); output.write(this._str_request_json.getBytes()); } catch(Exception e) { throw new TangoCardSdkException( String.format("Problems executing request: %s: '%s'", e.getClass().toString(), e.getMessage()), e ); } try { // now read the input stream until it is closed, line by line adding to the response InputStream inputstream = connection.getInputStream(); InputStreamReader inputstreamreader = new InputStreamReader(inputstream); BufferedReader bufferedreader = new BufferedReader(inputstreamreader); StringBuffer response = new StringBuffer(); String line = null; while ((line = bufferedreader.readLine()) != null) { response.append(line); } responseJsonEncoded = response.toString(); this._responseStatus = connection.getResponseCode(); connection.disconnect(); } catch(Exception e) { throw new TangoCardSdkException( String.format("Problems reading response: %s: '%s'", e.getClass().toString(), e.getMessage()), e ); } } return responseJsonEncoded; } /** * Configure the SSLContext with a TrustManager that accepts any cert. */ private static class DefaultTrustManager implements X509TrustManager { @Override public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {} @Override public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {} @Override public X509Certificate[] getAcceptedIssuers() { return null; } }

Ideas?

Thanks

Jeff in Seattle