如何将客户端证书添加到 Spring WebClient？

Question

我正在构建一个 Spring WebClient，它在内部调用托管在不同服务器中的 REST API。为此，我需要向每个握手请求发送公钥 (.cert) 和私钥 (.key)。我不确定如何使用 Spring WebClient 做到这一点。

我尝试设置 WebClient，但对添加这种代码的和平感到震惊

网络客户端生成器

this.webCLient = WebClient.builder()
                .baseUrl("https://some-rest-api.com")
                .defaultHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON.toString())
                .build();

实际通话

this.webClient.get()
                .uri("/getData")
                .exchange()
                .flatMap(clientResponse -> {
                    System.out.println(clientResponse);
                    return clientResponse.bodyToMono(MyClass.class);
                });

由于没有向请求添加证书，我在日志中收到握手错误

javax.net.ssl.SSLException: Received fatal alert: handshake_failure

如何将这些证书添加到 WebClient 请求中，所以我没有收到此错误？我有证书，但不知道如何添加它。

Answer 1

我花了一些时间才找到托马斯答案中缺失的部分。

这里是：

public static SslContext getTwoWaySslContext() {
        
    try(FileInputStream keyStoreFileInputStream = new FileInputStream(ResourceUtils.getFile(clientSslKeyStoreClassPath));
        FileInputStream trustStoreFileInputStream = new FileInputStream(ResourceUtils.getFile(clientSslTrustStoreClassPath));   
        ) {
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(keyStoreFileInputStream, clientSslKeyStorePassword.toCharArray());
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
        keyManagerFactory.init(keyStore, clientSslKeyStorePassword.toCharArray());
            
        KeyStore trustStore = KeyStore.getInstance("jks");
        trustStore.load(trustStoreFileInputStream, clientSslTrustStorePassword.toCharArray());
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
        trustManagerFactory.init(trustStore);
            
        return SslContextBuilder.forClient()
            .keyManager(keyManagerFactory)
            .trustManager(trustManagerFactory)
            .build();
            
    } catch (Exception e) {
        log.error("An error has occurred: ", e);
    }
        
    return null;
}


HttpClient httpClient = HttpClient.create().secure(sslSpec -> sslSpec.sslContext(SslUtil.getTwoWaySslContext()));
ClientHttpConnector clientHttpConnector = new ReactorClientHttpConnector(httpClient);
WebClient webClient = webClientBuilder
    .clientConnector(clientHttpConnector)
    .baseUrl(baseUrl)
    .build();

享受！

Answer 2

取自文档Spring Webclient - Reactor Netty

要访问 ssl 配置，您需要提供带有自定义 sslContext 的自定义 netty HttpClient。

SslContext sslContext = SslContextBuilder
        .forClient()
        // build your ssl context here
        .build();

HttpClient httpClient = HttpClient.create().secure(sslSpec -> sslSpec.sslContext(sslContext));

WebClient webClient = WebClient.builder()
    .clientConnector(new ReactorClientHttpConnector(httpClient))
    .build();