Modify your client program to authenticate with X.509
The following are examples of how to modify your client code to connect to IBM Spectrum LSF Application Center and authenticate with X.509. The following examples assume that you have made the necessary configurations on the IBM Spectrum LSF Application Center web server.
Python client code example
Python supports only certificates and keys in PEM format. You must convert your key and certificate files to PEM format. For more information, refer to Convert user keys and certificates to PEM format for Python clients
Use the httplib2 function and add_certificate to use the key and certificate files for authentication.
For example:
http = httplib2.Http()
http.add_certificate('C:/workplace/.key.pem','C:/workplace/.cert.pem', '')
response, content = http.request(‘https://www.example.com/’, 'GET',
body=body, headers=headers)Java client code example
Use the Java™ API to send https requests for X.509 authentication. Notice that the keystore must be PKCS12 and the URL must specify https.
Example for HttpClient version 4.x:
// read in the keystore from the filesystem, this should contain a single keypair
KeyStore clientKeyStore = KeyStore.getInstance("PKCS12");
clientKeyStore.load(new FileInputStream(KEYSTORE_LOCATION), KEYSTORE_PASS.toCharArray());
// set up the socketfactory, to use our keystore for client authentication.
SSLSocketFactory socketFactory = new SSLSocketFactory(
SSLSocketFactory.SSL,
clientKeyStore,
KEYSTORE_PASS,
null,
null,
null,
(X509HostnameVerifier) SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
// create and configure scheme registry
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("https", 8443, socketFactory));
// create a client connection manager to use in creating httpclient
ThreadSafeClientConnManager manager = new ThreadSafeClientConnManager(registry);
// create the client based on the manager, and use it to make the call
HttpClient httpClient = new DefaultHttpClient(manager);
// create the method to execute
HttpPost m = new HttpPost (“https://www.example.com/”);
// execute the method
HttpResponse response = httpClient.execute(m);Example for HttpClient version 3.x:
Example of using custom protocol socket factory for a specific host:
Protocol authhttps = new Protocol("https",
new AuthSSLProtocolSocketFactory(
new URL("file:my.keystore"), "mypassword",
new URL("file:my.truststore"), "mypassword"), 443);
HttpClient client = new HttpClient();
client.getHostConfiguration().setHost("localhost", 443, authhttps);
// use relative url only
GetMethod httpget = new GetMethod("/");
client.executeMethod(httpget);
Example of using custom protocol socket factory per default instead of the standard one:
Protocol authhttps = new Protocol("https",
new AuthSSLProtocolSocketFactory(
new URL("file:my.keystore"), "mypassword",
new URL("file:my.truststore"), "mypassword"), 443);
Protocol.registerProtocol("https", authhttps);
HttpClient client = new HttpClient();
GetMethod httpget = new GetMethod("https://localhost/");
client.executeMethod(httpget);
Perl client code example
Use the Perl API to send https requests for X.509 client authentication.
You need the Crypt::SSLeay package. You can download it from: http://search.cpan.org/dist/Crypt-SSLeay/. This package supports the HTTPS protocol under LWP and allows an LWP::UserAgent object to use GET, HEAD, and POST requests.
For example:
use LWP::UserAgent;
# Client certificate with PEM format
$ENV{HTTPS_CERT_FILE} = 'cert.pem';
$ENV{HTTPS_KEY_FILE} = 'keynopass.pem';
####################################
# Or Client certificate with PKCS12 format
$ENV{HTTPS_PKCS12_FILE} = 'pkcs12.p12';
$ENV{HTTPS_PKCS12_PASSWORD} = 'PKCS12_PASSWORD';
my $ua = LWP::UserAgent->new;
my $response = $ua->get('https://www.example.com/');