I am working with Google Assistant / Dialogflow. I want to check all incoming requests. I need to get and verify a certificate. I try to get a certificate from a header or param from HttpRequestServlet but nothing to get. How can I do this?
Advertisement
Answer
I’m assuming that you want to validate incoming Dialogflow requests in your Java webhook server.
Take a look at this. You should use Mutual TLS authentication:
To request mTLS:
- Prepare your webhook HTTPS server to request the client certificate during the TLS handshake.
- Your webhook server should verify the client certificate upon receiving it.
- Install a certificate chain for your webhook server, which can be mutually trusted by both client and server. You should use Google Trust Services CA 1O1 (GTS CA 1O1). GTS CA 1O1 uses the GlobalSign R2 root (GS Root R2), which is owned and controlled by Google Trust Services. You can download it from: https://pki.goog/repository/
The documentation also provides a demo about how to do this on NodeJS server. In Java, it depends on what you’re using but the process is the same. So take a look a these links about setting up mTLS on Java servers and you can use the NodeJS server demo as reference.
- https://docs.oracle.com/cd/E19879-01/819-3669/6n5sg7ccd/index.html
- https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html#Installing_a_Certificate_from_a_Certificate_Authority
- https://discuss.aerospike.com/t/how-to-use-mutual-authentication-tls-mtls-in-java/7314
- https://www.baeldung.com/x-509-authentication-in-spring-security#Mutual