4 Aug 2015

How to send HL7 messages over TLS using hapi ?

Submitted by Eric Poiseau

I have received this request a couple of time and thus I have decided to post a blog in order to explain how to do it. 

Hapi provides a test panel app that allows a user to easily use the library in order to send or receive HL7 messages. That GUI provides a check box for using TLS.

The IHE ATNA profile requires mutual authentication, this means that the client AND the server need to provide a certificate in order to reach successful TLS negociation. Checking the TLS box does not tell hapi which certificate to use. 

What most people are forgetting is that they need to configure Java to tell what certificate to use when initiating the TLS communication and what certificate to trust. In order words, the user who would like to use TLS, needs to provide java with the pointer to the truststore (list of certificate to trust) and the pointer to the keystore (certificate to use to initiate TLS).

The easiest way to do it without breaking the entire java installation is to provide some arguments to the call to java. 



java -Djavax.net.ssl.trustStore=643.jks \
-Djavax.net.ssl.trustStorePassword=password \
-Djavax.net.ssl.keyStore=1203.jks \
-Djavax.net.ssl.keyStorePassword=password \
-classpath bcmail-jdk16-1.46.jar:bcprov-jdk16-1.46.jar:commons-lang-2.4.jar:hapi-base-2.1-alpha1.jar:hapi-hl7overhttp-2.1-alpha1.jar:hapi-structures-v21-2.0.jar:hapi-structures-v22-2.0.jar:hapi-structures-v23-2.0.jar:hapi-structures-v231-2.0.jar:hapi-structures-v24-2.0.jar:hapi-structures-v25-2.0.jar:hapi-structures-v251-2.0.jar:hapi-structures-v26-2.0.jar:hapi-testpanel-2.0.1.jar:jsyntaxpane-0.9.6-hapi2.jar:log4j-1.2.16.jar:org-netbeans-swing-outline-RELEASE701.jar:org-openide-awt-RELEASE701.jar:org-openide-filesystems-RELEASE701.jar:org-openide-util-RELEASE701.jar:org-openide-util-lookup-RELEASE701.jar:slf4j-api-1.6.6.jar:slf4j-log4j12-1.6.6.jar \