search

Azure / azure-functions-java-library

Contains annotations for writing Azure Functions in Java
MIT License
43 stars 43 forks source link

How to access self signed certifcates in Java #105

Open natarajmb opened 4 years ago

natarajmb commented 4 years ago

This is not a bug: I couldn't find anywhere in the documents on Azure functions Java developer guide on how to access the self-signed certificates uploaded through function app settings. All examples quoted are from C#.

I have loaded the SSL CA root and Intermediate (self-signed) into SSL configurations on the azure functions. I have following app settings WEBSITE_LOAD_CERTIFICATES = * to export all the certificates into the Azure runtime.

Question:

  1. Docs says the certificates get loaded into a CurrentUser\My Store How would I access that location from Java?
  2. Any example would be really useful.
natarajmb commented 4 years ago

I got it sorted and anyone looking for this here is a sample on how to do it.

Windows-ROOT load's ROOT CA's and Windows-MY loads the certs loaded into user profile.

SSLConnectionSocketFactory sslConSocFactory = null;
        try {
            KeyStore ks = KeyStore.getInstance("Windows-MY");
            ks.load(null, null);
            TrustStrategy acceptingTrustStrategy = (cert, authType) -> true;
            SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(ks,acceptingTrustStrategy).build();
            sslConSocFactory = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
        } catch (KeyStoreException | CertificateException | NoSuchAlgorithmException | IOException | KeyManagementException e) {
            e.printStackTrace();
        }

CloseableHttpClient client = HttpClients.custom()
                .setSSLSocketFactory(sslConSocFactory)
                .build();
brisitw commented 1 year ago

Here is what worked for us: 

  void trustServerCertificate () {
        try {
            String certificateFilePath = "/var/ssl/certs/root-ca.der";
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            TrustStrategy acceptingTrustStrategy = (cert, authType) -> false;
            InputStream certificateStream = new FileInputStream(certificateFilePath);
            X509Certificate certificate =
                    (X509Certificate)
                            CertificateFactory.getInstance("X.509")
                                    .generateCertificate(
                                            new BufferedInputStream(certificateStream));

            keyStore.setCertificateEntry("alias-for-cert", certificate);

            SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(keyStore, acceptingTrustStrategy).build();

            HttpClient httpClient =
                    HttpClient.newBuilder()
                            .sslContext(sslContext)
                            .build();
        } catch (KeyStoreException | CertificateException | IOException | NoSuchAlgorithmException | KeyManagementException e) {
            e.printStackTrace();
        }

    }

Our modifications are:

austenjt commented 8 months ago

Neither of the above replys answer the question. The question is: in a function app, when WEBSITE_LOAD_CERTIFICATES=* is enabled, how do you load the certificate in Java from the function app memory space.

I know how to do this from my local computer already OR from the file system. But, in a Azure function app, where do we read the cert? from a file? from a url? Is it a Linux path or Windows path?