java restAssured equivalent to cURL certificate options

Question

In my environment, in order to issue successful cURL commands, I must include the following options pointing to files that have been downloaded:

--key /path/to/client-private.key
--cert /path/to/client-cert.pem
--cacert /path/to/caroot.pem

I am having trouble finding information on how to make an equivalent REST call through restAssured java library which utilizes these files. I believe I need to call RestAssured.config().sslConfig(someConfig); but not sure how to build out that someConfig.

I also have access to the rootca.keystore and rootca.truststore if that helps.

Any help would be great! Thanks!

Answer 1

In REST-assured there is no way to put key and certificate files straightforward as an argument. REST assured at the moment can accept key- and trust-stores. So you have to create those first and put key/certificate inside, as follows.

Generate keystore

openssl pkcs12 -export -inkey client-private.key -in client-cert.pem -out keystore.p12

Generate trustore

keytool -import -alias ca -file caroot.pem -keystore truststore.jks

Your request should look like this:

RestAssured.given()
    .spec(new RequestSpecBuilder()
            .setBaseUri(HOSTNAME_URI)
            .setAuth(RestAssured
                    .certificate(
                            "truststore.jks",
                            truststorePassword,
                            "keystore.p12",
                            keystorePassword,
                            CertificateAuthSettings
                                    .certAuthSettings()
                                    .keyStoreType("pkcs12")
                                    .trustStoreType("pkcs12")
                                    .allowAllHostnames())).build())
            .when()
            .log().all()
            .header("Content-Type","application/json") //assumming you want to send Json via POST request
            .body(JsonUtils.toJsonString(yourJsonString))
            .contentType(ContentType.JSON)
            .port(443)
            .post(RELATIVE_PATH_TO_YOUR_ENDPOINT);

Even if allowAllHostnames() is set, its worth importing a host certficate into truststore (otherwise you can get InvalidCertificationPathException).

You can do it with:

openssl s_client -showcerts -connect YOUR_HOST:443  </dev/null > host_certificate.crt

Then extract the lines between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- with those lines into a new file, lets call it host_cert.crt. Afterwords import this certificate into existing truststore.

keytool -importcert -file host_cert.crt -keystore trustStore.jks -alias "hostCertificate"