I need to emulate in my Java application the POST request done from a form via HTTPS. The information being posted must be secure because it contains credit card information. Here is what I have so far:
// Open an HTTPS connection
URL url = new URL("https://myhost.com/secure/verify
URLConnection conn = url.openConnection();
conn.setDoOutput ( true );
conn.setDoInput ( true );
// Sending information through HTTPS
String postRequest = "credit_card=1234567890&ex
OutputStreamWriter osw = new OutputStreamWriter(connect
osw.write(postRequest, 0, postRequest.length()); // Do I need to encrypt the string postRequest?
String authMsg = getInputData(connection);
A web server uses this application to verify the credit card information submitted by on-line customers. The opened URL location is a credit card verification site. An appropriate message is then displayed to the customers depending on the result of the verification. Using a web browser to do this is not an option.
I have no problem establishing the HTTPS connection. My question is this:
Even if this is an HTTPS connection, is it necessary for me to encrypt the string that represents the post request before it is being sent (see postRequest above)? If so, what encryption mechanism and java method should I use?