Refactored Ticket API example for code reuse

Author: StevenJDH

src/main/java/TicketAPI/TicketRequest.java

@@ -1,6 +1,6 @@
 /**
  * This file is part of Qlik Sense Java Examples <https://github.com/StevenJDH/Qlik-Sense-Java-Examples>.
- * Copyright (C) 2019 Steven Jenkins De Haro.
+ * Copyright (C) 2019-2020 Steven Jenkins De Haro.
  *
  * Qlik Sense Java Examples is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -18,9 +18,8 @@
 
 package TicketAPI;
 
+import Shared.Interfaces.AuthCertificate;
 import java.io.BufferedReader;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStreamReader;
 import java.io.OutputStreamWriter;
@@ -32,124 +31,46 @@
 import java.net.http.HttpRequest;
 import java.net.http.HttpResponse;
 import java.security.KeyManagementException;
-import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
 import java.security.UnrecoverableKeyException;
 import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
 import java.time.Duration;
 import java.util.Optional;
 import java.util.Properties;
 import java.util.concurrent.CompletableFuture;
 import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSession;
-import javax.net.ssl.TrustManagerFactory;
 
 /**
  * TicketRequest.java (UTF-8)
  * An example of a class that can request a Ticket from the Qlik Sense Proxy Service using
  * standard certificates exported from Qlik Sense without needing to convert them to
  * Java KeyStore (*.jks) certificates.
  * 
- * @version 1.1
+ * @version 1.2
  * @author Steven Jenkins De Haro
  */
 public class TicketRequest {
 
     private static final String XRFKEY = "1234567890123456"; // Xrfkey to prevent CSRF attacks.
-    private static final String PROTOCOL = "TLS";
     private final String _apiUrl;
-    private final String _clientCertPath; // Client certificate with private key. 
-    private final char[] _clientCertPassword;
-    private final String _rootCertPath; // Required in this example because Qlik Sense certs are used. 
+    private final AuthCertificate _qlikCert;
 
     /**
      * Constructions a new {@see TicketRequest} instance to make Ticket requests.
      * @param hostname Hostname of the Qlik Sense server used for requests.
      * @param virtualProxyPrefix Optional prefix of virtual proxy if one is used.
-     * @param clientCertPath Path to a PKCS#12 client certificate.
-     * @param clientCertPassword Password for the PKCS#12 certificate.
-     * @param rootCertPath Path to the X.509 root certificate of the client certificate.
+     * @param qlikCert Qlik certificate used for authentication.
      */
     public  TicketRequest(String hostname, Optional<String> virtualProxyPrefix, 
-                String clientCertPath, char[] clientCertPassword, 
-                String rootCertPath) {
+                AuthCertificate qlikCert) {
 
         _apiUrl = String.format("https://%1$s:4243/qps%2$s/ticket?xrfkey=%3$s", 
                 hostname, virtualProxyPrefix.isPresent() ? "/" + virtualProxyPrefix.get() : "", XRFKEY);
-        _clientCertPath = clientCertPath;
-        _clientCertPassword = clientCertPassword;
-        _rootCertPath = rootCertPath;
+        _qlikCert = qlikCert;
     }
 
-    /**
-     * Configures the needed certificates to validate the identity of the HTTPS 
-     * server against a list of trusted certificates and to authenticate to the 
-     * HTTPS server using a private key. 
-     * @return An initialized secure socket context for TLS/SSL connections.
-     * @throws KeyStoreException
-     * @throws IOException
-     * @throws CertificateException
-     * @throws NoSuchAlgorithmException
-     * @throws UnrecoverableKeyException
-     * @throws KeyManagementException 
-     */
-    private SSLContext getSSLContext() 
-            throws KeyStoreException, IOException, CertificateException, 
-                NoSuchAlgorithmException, UnrecoverableKeyException, 
-                KeyManagementException {
-        
-        var kmf = KeyManagerFactory.getInstance("SunX509");
-        var tmf = TrustManagerFactory.getInstance("SunX509");
-        var keyStore = getKeyStore(_clientCertPath, _clientCertPassword, false);
-        var trustStore = getKeyStore(_rootCertPath, null, true); 
-        var context = SSLContext.getInstance(PROTOCOL);
-        
-        kmf.init(keyStore, _clientCertPassword);
-        tmf.init(trustStore);
-        context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());
-
-        return context;
-    }
-    
-    /**
-     * Gets a new instance of a {@see KeyStore} in PKCS#12 Format configured with 
-     * standard certificates that are loaded from a file.
-     * @param certPath Path to a PKCS#12 certificate or to a X.509 public key only certificate.
-     * @param certPassword Password for the PKCS#12 certificate.
-     * @param isClientCheck Set true if KeyStore is used for client check, and false if not.
-     * @return A new KeyStore instance configured with standard certificates.
-     * @throws KeyStoreException
-     * @throws FileNotFoundException
-     * @throws IOException
-     * @throws NoSuchAlgorithmException
-     * @throws CertificateException 
-     */
-    private KeyStore getKeyStore(String certPath, char[] certPassword, boolean isClientCheck) 
-            throws KeyStoreException, FileNotFoundException, IOException, 
-                NoSuchAlgorithmException, CertificateException {  
-        
-        var ks = KeyStore.getInstance("PKCS12");
-        
-        try (var inputStream = new FileInputStream(certPath)) {
-            if (true == isClientCheck) {
-                var certificateFactoryX509 = CertificateFactory.getInstance("X.509");
-                var caCertificate = (X509Certificate) certificateFactoryX509.generateCertificate(inputStream);
-                ks.load(null, null);
-                ks.setCertificateEntry("ca-certificate", caCertificate);
-            } else {
-                ks.load(inputStream, certPassword);
-            }
-        }
-        
-        return ks;
-    } 
-    
     /**
      * Requests a ticket from the Qlik Sense Proxy Service that is valid for one minute.
      * @param userDirectory Directory associated with user.
@@ -181,7 +102,7 @@ public String getTicket(String userDirectory, String userId)
          */
         HttpsURLConnection.setDefaultHostnameVerifier((String hostname, SSLSession session) -> true);
 
-        connection.setSSLSocketFactory(getSSLContext().getSocketFactory());
+        connection.setSSLSocketFactory(_qlikCert.getSSLContext().getSocketFactory());
         connection.setDoOutput(true);
         connection.setDoInput(true);
         connection.setConnectTimeout(30000);
@@ -242,7 +163,7 @@ public CompletableFuture<String> getTicketAsync(String userDirectory, String use
         var client = HttpClient.newBuilder()
             .connectTimeout(Duration.ofSeconds(30))
             .followRedirects(Redirect.NORMAL)
-            .sslContext(getSSLContext())
+            .sslContext(_qlikCert.getSSLContext())
             .build();
 
         var request = HttpRequest.newBuilder()

src/main/java/TicketAPI/TicketRequestDemo.form

@@ -2,7 +2,7 @@
 
 <Form version="1.3" maxVersion="1.9" type="org.netbeans.modules.form.forminfo.JFrameFormInfo">
   <Properties>
-    <Property name="defaultCloseOperation" type="int" value="3"/>
+    <Property name="defaultCloseOperation" type="int" value="2"/>
     <Property name="title" type="java.lang.String" value="Ticket Request Demo"/>
     <Property name="resizable" type="boolean" value="false"/>
   </Properties>

src/main/java/TicketAPI/TicketRequestDemo.java

@@ -1,6 +1,6 @@
 /**
  * This file is part of Qlik Sense Java Examples <https://github.com/StevenJDH/Qlik-Sense-Java-Examples>.
- * Copyright (C) 2019 Steven Jenkins De Haro.
+ * Copyright (C) 2019-2020 Steven Jenkins De Haro.
  *
  * Qlik Sense Java Examples is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -18,6 +18,7 @@
 
 package TicketAPI;
 
+import Shared.QlikAuthCertificate;
 import java.io.File;
 import java.io.IOException;
 import java.nio.file.Paths;
@@ -40,7 +41,7 @@
  * TicketRequestDemo.java (UTF-8)
  * A GUI demo that can request tickets using certificates exported from Qlik Sense.
  * 
- * @version 1.1
+ * @version 1.2
  * @author Steven Jenkins De Haro
  */
 public class TicketRequestDemo extends javax.swing.JFrame {
@@ -89,7 +90,7 @@ private void initComponents() {
         jLabel4 = new javax.swing.JLabel();
         jSeparator1 = new javax.swing.JSeparator();
 
-        setDefaultCloseOperation(javax.swing.WindowConstants.EXIT_ON_CLOSE);
+        setDefaultCloseOperation(javax.swing.WindowConstants.DISPOSE_ON_CLOSE);
         setTitle("Ticket Request Demo");
         setResizable(false);
         addWindowListener(new java.awt.event.WindowAdapter() {
@@ -272,12 +273,13 @@ private void btnClientBrowseActionPerformed(java.awt.event.ActionEvent evt) {//G
 
     private void btnRequestActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_btnRequestActionPerformed
         char[] clientPass = txtClientPassword.getPassword();
+        var cert = new QlikAuthCertificate(txtClientCertPath.getText(), clientPass,
+                txtRootCertPath.getText());
         var request = new TicketRequest(txtHostname.getText(),
             txtVirtualProxy.getText().trim().equals("") ?
                     Optional.empty() :
                     Optional.of(txtVirtualProxy.getText().trim()),
-            txtClientCertPath.getText(), clientPass,
-            txtRootCertPath.getText());
+            cert);
 
         // Avoids requesting a new ticket while there is one that is not expired.
         if (null != executorService && !executorService.isTerminated()) {