skm*_*eld 7 rest ssl spring ssl-certificate spring-boot
我是Spring Boot的新手.到目前为止,我很享受.我开发了一个演示SSL休息Web服务器,可以正确处理相互X.509证书身份验证.使用带有自签名客户端和服务器证书的IE浏览器,我测试了演示休息Web服务器是否正常工作 - 服务器和浏览器都成功地交换和验证彼此的证书.
我在查找SSL客户端示例时遇到问题,该示例显示了如何包含客户端证书并发布https.有人有一个简单的休息客户端示例,显示如何使用我的ssl服务器?
最诚挚的问候,Steve Mansfield
And*_*son 12
鉴于您正在使用Spring,这里有一个示例,说明如何使用配置了客户端证书的Spring RestTemplate和Apache HttpClient,并信任来自服务器的自签名证书:
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(new FileInputStream(new File("keystore.jks")),
"secret".toCharArray());
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
new SSLContextBuilder()
.loadTrustMaterial(null, new TrustSelfSignedStrategy())
.loadKeyMaterial(keyStore, "password".toCharArray()).build());
HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build();
ClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(
httpClient);
RestTemplate restTemplate = new RestTemplate(requestFactory);
ResponseEntity<String> response = restTemplate.getForEntity(
"https://localhost:8443", String.class);
user1707141的示例不适用于我,并且skmansfield似乎取决于特定的文件,而这些文件与Spring Boot / Maven并不相同。此外安迪·威尔金森的答案使用构造SSLConnectionSocketFactory,这是在Apache的HttpClient的4.4+弃用,也似乎相当复杂。
因此,我创建了一个示例项目,该项目应在此处显示100%的所有内容:https : //github.com/jonashackt/spring-boot-rest-clientcertificate
除了在Testclass中正常使用RestTemplate @Autowired之外,请确保按以下方式配置RestTemplate:
package de.jonashackt.restexamples;
import org.apache.http.client.HttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContextBuilder;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.util.ResourceUtils;
import org.springframework.web.client.RestTemplate;
import javax.net.ssl.SSLContext;
@Configuration
public class RestClientCertTestConfiguration {
private String allPassword = "allpassword";
@Bean
public RestTemplate restTemplate(RestTemplateBuilder builder) throws Exception {
SSLContext sslContext = SSLContextBuilder
.create()
.loadKeyMaterial(ResourceUtils.getFile("classpath:keystore.jks"), allPassword.toCharArray(), allPassword.toCharArray())
.loadTrustMaterial(ResourceUtils.getFile("classpath:truststore.jks"), allPassword.toCharArray())
.build();
HttpClient client = HttpClients.custom()
.setSSLContext(sslContext)
.build();
return builder
.requestFactory(new HttpComponentsClientHttpRequestFactory(client))
.build();
}
}
我无法让安迪提交的上述客户工作.我一直收到错误,说"localhost!= clientname".无论如何,我让这个工作正常.
import java.io.IOException;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpException;
import org.apache.commons.httpclient.URI;
import org.apache.commons.httpclient.methods.GetMethod;
public class SSLClient {
static
{
System.setProperty("javax.net.ssl.trustStore","c:/apachekeys/client1.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "password");
System.setProperty("javax.net.ssl.keyStore", "c:/apachekeys/client1.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "password");
}
public static void main(String[] args) throws HttpException, IOException {
HttpClient client = new HttpClient();
GetMethod method = new GetMethod();
method.setURI(new URI("https://localhost:8443/restserver", false));
client.executeMethod(method);
System.out.println(method.getResponseBodyAsString());
}
}
| 归档时间: |
|
| 查看次数: |
43046 次 |
| 最近记录: |