Using Secure Socket Layer, you can establish a secured connection between the client and server. It helps to safeguard sensitive information such as credit card numbers, usernames, passwords, pins, etc.

You can make connections more secure by creating your own SSL context using the HttpClient library.

Follow the steps given below to customize SSLContext using HttpClient library −

Step 1 - Create SSLContextBuilder object

SSLContextBuilder is the builder for the SSLContext objects. Create its object using the custom() method of the SSLContexts class.

  1. //Creating SSLContextBuilder object
  2. SSLContextBuilder SSLBuilder = SSLContexts.custom();

Step 2 - Load the Keystore

In the path Java_home_directory/jre/lib/security/, you can find a file named cacerts. Save this as your key store file (with extension .jks). Load the keystore file and, its password (which is changeit by default) using the loadTrustMaterial() method of the SSLContextBuilder class.

  1. //Loading the Keystore file
  2. File file = new File("mykeystore.jks");
  3. SSLBuilder = SSLBuilder.loadTrustMaterial(file, "changeit".toCharArray());

Step 3 - build an SSLContext object

An SSLContext object represents a secure socket protocol implementation. Build an SSLContext using the build() method.

  1. //Building the SSLContext
  2. SSLContext sslContext = SSLBuilder.build();

Step 4 - Creating SSLConnectionSocketFactory object

SSLConnectionSocketFactory is a layered socket factory for TSL and SSL connections. Using this, you can verify the Https server using a list of trusted certificates and authenticate the given Https server.

You can create this in many ways. Depending on the way you create an SSLConnectionSocketFactory object, you can allow all hosts, allow only self-signed certificates, allow only particular protocols, etc.

To allow only particular protocols, create SSLConnectionSocketFactory object by passing an SSLContext object, string array representing the protocols need to be supported, string array representing the cipher suits need to be supported and a HostnameVerifier object to its constructor.

  1. new SSLConnectionSocketFactory(sslcontext, new String[]{"TLSv1"}, null,
  2. SSLConnectionSocketFactory.getDefaultHostnameVerifier());

To allow all hosts, create SSLConnectionSocketFactory object by passing a SSLContext object and a NoopHostnameVerifier object.

  1. //Creating SSLConnectionSocketFactory SSLConnectionSocketFactory object
  2. SSLConnectionSocketFactory sslConSocFactory = new SSLConnectionSocketFactory(sslcontext, new NoopHostnameVerifier());

Step 5 - Create an HttpClientBuilder object

Create an HttpClientBuilder object using the custom() method of the HttpClients class.

  1. //Creating HttpClientBuilder
  2. HttpClientBuilder clientbuilder = HttpClients.custom();

Step 6 - Set the SSLConnectionSocketFactory object

Set the SSLConnectionSocketFactory object to the HttpClientBuilder using the setSSLSocketFactory() method.

  1. //Setting the SSLConnectionSocketFactory
  2. clientbuilder = clientbuilder.setSSLSocketFactory(sslConSocFactory);

Step 7 - Build the CloseableHttpClient object

Build the CloseableHttpClient object by calling the build() method.

  1. //Building the CloseableHttpClient
  2. CloseableHttpClient httpclient = clientbuilder.build();

Step 8 - Create an HttpGet object

The HttpGet class represents the HTTP GET request which retrieves the information of the given server using a URI.

Create a HTTP GET request by instantiating the HttpGet class by passing a string representing the URI.

  1. //Creating the HttpGet request
  2. HttpGet httpget = new HttpGet("https://example.com/");

Step 9 - Execute the request

Execute the request using the execute() method.

  1. //Executing the request
  2. HttpResponse httpresponse = httpclient.execute(httpget);

Example

Following example demonstrates the customization of the SSLContrext −

  1. import java.io.File;
  2. import javax.net.ssl.SSLContext;
  3. import org.apache.http.HttpEntity;
  4. import org.apache.http.HttpResponse;
  5. import org.apache.http.client.methods.HttpGet;
  6. import org.apache.http.conn.ssl.NoopHostnameVerifier;
  7. import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
  8. import org.apache.http.impl.client.CloseableHttpClient;
  9. import org.apache.http.impl.client.HttpClientBuilder;
  10. import org.apache.http.impl.client.HttpClients;
  11. import org.apache.http.ssl.SSLContextBuilder;
  12. import org.apache.http.ssl.SSLContexts;
  13. import org.apache.http.util.EntityUtils;
  14.  
  15. public class ClientCustomSSL {
  16.  
  17. public final static void main(String[] args) throws Exception {
  18.  
  19. //Creating SSLContextBuilder object
  20. SSLContextBuilder SSLBuilder = SSLContexts.custom();
  21.  
  22. //Loading the Keystore file
  23. File file = new File("mykeystore.jks");
  24. SSLBuilder = SSLBuilder.loadTrustMaterial(file,
  25. "changeit".toCharArray());
  26.  
  27. //Building the SSLContext usiong the build() method
  28. SSLContext sslcontext = SSLBuilder.build();
  29.  
  30. //Creating SSLConnectionSocketFactory object
  31. SSLConnectionSocketFactory sslConSocFactory = new SSLConnectionSocketFactory(sslcontext, new NoopHostnameVerifier());
  32.  
  33. //Creating HttpClientBuilder
  34. HttpClientBuilder clientbuilder = HttpClients.custom();
  35.  
  36. //Setting the SSLConnectionSocketFactory
  37. clientbuilder = clientbuilder.setSSLSocketFactory(sslConSocFactory);
  38.  
  39. //Building the CloseableHttpClient
  40. CloseableHttpClient httpclient = clientbuilder.build();
  41.  
  42. //Creating the HttpGet request
  43. HttpGet httpget = new HttpGet("https://example.com/");
  44.  
  45. //Executing the request
  46. HttpResponse httpresponse = httpclient.execute(httpget);
  47.  
  48. //printing the status line
  49. System.out.println(httpresponse.getStatusLine());
  50.  
  51. //Retrieving the HttpEntity and displaying the no.of bytes read
  52. HttpEntity entity = httpresponse.getEntity();
  53. if (entity != null) {
  54. System.out.println(EntityUtils.toByteArray(entity).length);
  55. }
  56. }
  57. }

Output

On executing, the above program generates the following output.

  1. HTTP/1.1 200 OK
  2. 1270