How to use Play WS with SSL?

Question

My Java client application needs to do REST calls. I was instructed to use Play\'s WS implementation. Currently, I have this:

AsyncHttpClientConfig.Builder build         


        

Answer 1

1. Make sure you have added your Certificate to your trust-store like this:

keytool -import -trustcacerts -keystore {JAVA_HOME}/jre/lib/security/cacerts -noprompt -alias -file {CORRECT_PATH}/what_ever.crt

2. If still the problem exists, set the path directly by setting java parameters in your execution command line like this:

-Djavax.net.ssl.trustStore={JAVA_HOME}/jre/lib/security/cacerts

Answer 2

Its not possible directly with WS. Play docs says : "WS does not support client certificates (aka mutual TLS / MTLS / client authentication). You should set the SSLContext directly in an instance of AsyncHttpClientConfig and set up the appropriate KeyStore and TrustStore."

You could do something like this maybe:

KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory
        .getDefaultAlgorithm());
KeyStore keyStore = KeyStore.getInstance("pkcs12");
InputStream inputStream = new FileInputStream("YOUR.p12");

keyStore.load(inputStream, "Your password as char[]");
keyManagerFactory.init(keyStore, "Your password as char[]");

SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(keyManagerFactory.getKeyManagers(), null,new SecureRandom());
AsyncHttpClientConfig httpClientConfig = new AsyncHttpClientConfig.Builder().setSSLContext(sslContext).build();
AsyncHttpClient httpClient = new AsyncHttpClient(httpClientConfig);

Answer 3

You want to use the parser. See https://www.playframework.com/documentation/2.3.x/KeyStores for details about the configuration.

val config = play.api.Configuration(ConfigFactory.parseString("""
                              |trustManager = {
                              |  stores = [
                              |    { type: "pkcs12", path: "/path/to/pkcs12/file", password: "foo" }
                              |  ]
                              |}
                            """.stripMargin))
val parser = new DefaultSSLConfigParser(config, app.classloader)
val sslConfig = parser.parse()

val clientConfig = new DefaultWSClientConfig(sslConfig = sslConfig)
val secureDefaults = new NingAsyncHttpClientConfigBuilder(clientConfig).build()
val builder = new AsyncHttpClientConfig.Builder(secureDefaults)
val wsc = new play.libs.ws.ning.NingWSClient(builder.build());
val holder = wsc.url("http://www.simpleweb.org/");