TLS in Java for JSON DB API

Use TLS in Java for JSON DB API

Abstract

Use TLS in Java for JSON DB API

This document shows how to configure TLS in the FairCom JSON DB API tutorial. The source code is in

<faircom>\drivers\java.json.db\tutorials\src\main\java\org\example\JsonActionExample.java

The tutorial can be run without modification, but will not be secure. This document describes how to load a certificate from the file system at runtime which will enable secure TLS communications.

Prerequisites:

Create a CA certificate.
Ensure you have a server certificate that is signed by the CA certificate.
Configure the FairCom server to use that server certificate.

Steps:

Copy the CA certificate to the machine running the tutorial, and note the directory it is saved to.
Locate the ServerConnection serverConnection = new ServerConnection() code block in the source code.
Change the endpoint to a secure endpoint:
endpoint: https://127.0.0.1:8443/api

Between .endpoint and .configure, designate the location of the CA certificate file you saved:

.caCertificatePath( "/path/to/my/ca.crt" )

The final code block looks like this:

ServerConnection serverConnection = new ServerConnection()
   .endpoint( "https://127.0.0.1:8443/api" )
   .caCertificatePath( "/path/to/my/ca.crt" )
   .configure();

Run the tutorial.

Note

The CA certificate must sign the server certificate. A self-signed certificate will not work.
The Java client library for the FairCom JSON Action APIs provides additional methods to configure a secure connection, such as using a Java keystore or trustManagers.

Enable HTTP on port 8080

This FairCom tutorial uses HTTP to communicate with the server on port 8080. Because HTTP is insecure, this port is typically disabled.

Do the following to enable the HTTP protocol on port 8080:

Shut down the FairCom server.
Edit the services.json file located in the <faircom>/config folder.
Find the listener service named "http8080".
Change "enabled":false to "enabled":true.
Restart the FairCom server.

The modified listener configuration object in services.json should look something like this:

{
  "serviceName": "http8080",
  "description": "Port 8080 using insecure HTTP protocol...",
  "port": 8080,
  "protocol": "http",
  "enabled": true
}