blog

OneSpan Sign Developer: Enable HTTP Capture for Java Application

Developer
|  November 28, 2018 Duo Liang
OneSpan Sign Developer: Enable HTTP Capture for Java Application

When developing with OneSpan Sign in either SDK or REST method, especially when debugging issues, it’s recommended to use HTTP monitoring tools, such as Fiddler or Charles, to capture your outbound traffic. This will provide additional clarity as to whether your request was successfully sent to OneSpan Sign and what JSON payload your application is now sending. But we all know that if you are developing with Java, JVM won’t read your system’s HTTP proxy setting by default.

Using Fiddler as an example, we will demonstrate in this blog how to enable this HTTP Debug Tool for your Java Application. Then, we will try the approach for both Eclipse and IntelliJ IDEA and achieve HTTP capture using both the REST and SDK methods.

Note

  • IF you are already using a proxy, this method will not work for you because you'd be introducing a second proxy into the loop.
  • The proxy configuration is only set up for testing with Fiddler. Once you are satisfied with your testing, you may want to remove the proxy configuration.

Step 1 - Prerequisites

Before we begin, here are a few requirements you will need to follow this blog:

Step 2 – Configure Fiddler for JVM

There are already some related guides on how to configure Fiddler for JVM. We will briefly review the steps in this blog.

Since our SDK/REST requests sending to OneSpan Sign are behind HTTPS, we also need to setup an SSL certificate for Fiddler, which includes the steps below.

1. Export Fiddler’s Root Certificate

Click on “Tools” in menu bar and choose “Options…” to open the Fiddler Options dialog. Switch to the HTTPS tab, make sure you have checked the “Decrypt HTTPS traffic” option and click on “Actions” button and choose “Export Root Certificate to Desktop”.11-28-1

2. Create a JVM Keystore using this certificate

(1) Open the command line as administrator.

(2) Locate to the bin folder of your JAVA_HOME path by using below commands

echo %JAVA_HOME%
cd {JAVA_HOME}\bin

(3) Input below command:

keytool.exe -import -file [path the exported file] -keystore [name for keystre] -alias [alias name for certificate]

(4) Enter and confirm a password and then input “y” to trust this certificate.11-28-2

(5) FiddlerKeystore file will be generated under the bin folder.11-28-3

3. Configure proxy for your JVM

Configure Fiddler as your JVM proxy (localhost, 8888 port) and set the Keystore you just created as a Trust Store.

You can either use VM arguments to configure your Keystore as the Trust Store:

-DproxySet=true
-DproxyHost=127.0.0.1
-DproxyPort=8888
-Djavax.net.ssl.trustStore=””
-Djavax.net.ssl.trustStorePassword=”

Alternatively, you can directly use Java code to set system properties: 

System.setProperty("https.proxyHost", "127.0.0.1");
System.setProperty("https.proxyPort", "8888");
System.setProperty("javax.net.ssl.trustStore", "C:\\Program Files\\Java\\jdk1.8.0_161\\bin\\FiddlerKeystore");

System.setProperty("javax.net.ssl.trustStorePassword", "fiddler");

11-28-4

Step 3 – Test with code

We will use “Get Application Version” API to test our configuration:

HTTP Request
POST /api/sysinfo
HTTP Headers
Accept: application/json
Content-Type: application/json
Authorization: Basic api_key
Response Payload
{
    "schema": "16.11.3",
    "version": "16.11.4",
    "timestamp": "2017-11-01 15:00+0000"
}

This is the REST code used for test:

public void testWithREST() throws IOException {
		System.setProperty("https.proxyHost", "127.0.0.1");
		System.setProperty("https.proxyPort", "8888");
		System.setProperty("javax.net.ssl.trustStore", "C:\\Program Files\\Java\\jdk1.8.0_161\\bin\\FiddlerKeystore");
		System.setProperty("javax.net.ssl.trustStorePassword", "fiddler");

		URL client = new URL(API_URL + "/sysinfo");
		HttpURLConnection conn = (HttpURLConnection) client.openConnection();
		conn.setRequestProperty("Authorization", "Basic " + API_KEY);
		conn.setRequestProperty("Accept", "application/json");

		((HttpURLConnection) conn).getResponseCode();
		try {
			BufferedReader in = new BufferedReader(new InputStreamReader(conn.getInputStream()));
			String inputLine;
			StringBuffer response = new StringBuffer();

			while ((inputLine = in.readLine()) != null) {
				response.append(inputLine);
			}
			in.close();
			conn.disconnect();

			System.out.println(response.toString());
		} catch (Exception e) {
			e.printStackTrace();
		}
	}

This is the equivalent SDK code:

	public void testWithSDK() {
		System.setProperty("javax.net.ssl.trustStore", "C:\\Program Files\\Java\\jdk1.8.0_161\\bin\\FiddlerKeystore");
		System.setProperty("javax.net.ssl.trustStorePassword", "fiddler");

		ProxyConfiguration httpProxyConfiguration = ProxyConfigurationBuilder.newProxyConfiguration()
				.withHttpHost("127.0.0.1") // e.g. localhost
				.withHttpPort(8888) // e.g. 8001
				.build();
		EslClient eslClient = new EslClient(API_KEY, API_URL, httpProxyConfiguration);
		String applicationVersion = eslClient.getSystemService().getApplicationVersion();
		System.out.println(applicationVersion);
	}

To note, you need to additionally configure a ProxyConfiguration object with proxy host and port info. This configuration in SDK will internally help you call below two lines:

System.setProperty("https.proxyHost", "127.0.0.1");
System.setProperty("https.proxyPort", "8888");

Therefore, you don’t need to explicitly write these two lines in your VM arguments or System Properties.

Below screenshot is the expected results you can see from your IDE console and Fiddler.11-28-5

By now, we’ve successfully enabled Fiddler for your Java Application in both SDK and REST method under Windows and Linux environment, which is extremely useful when you try to diagnose JSON related issues and to debug Http requests.

If you have any questions regarding this blog or anything else concerning integrating OneSpan Sign into your application, visit the Developer Community Forums. Your feedback matters to us!