spring 引导中的自签名证书和 SSL
[英]Self signed certificate and SSL in spring boot
问题描述
For a schoolproject I have a client and a rest-api.
对于一个学校项目,我有一个客户端和一个 rest-api。 Users log into the client using a login form.用户使用登录表单登录客户端。 When they perform a certain action that makes a call from the client to the API server, the client first sends the username and password through a URL for authentication.当他们执行某个动作,从客户端调用 API 服务器时,客户端首先通过 URL 发送用户名和密码进行身份验证。 The rest-api then sends a JWT token back for the client to use on subsequent calls.然后,rest-api 发送一个 JWT 令牌,供客户端在后续调用中使用。
I'm now trying to implement HTTPS to send the username and password for the authentication.我现在正在尝试实现 HTTPS 以发送用户名和密码以进行身份验证。 I've followed this guide我已遵循本指南
However the guide uses resttemplate instead of webclient (which I'm using on the client side to call the rest-api endpoints).但是,该指南使用 resttemplate 而不是 webclient(我在客户端使用它来调用 rest-api 端点)。
So I've generated a pk12 file per the guide and added it to the rest server along with the following properties:因此,我根据指南生成了一个 pk12 文件,并将其与以下属性一起添加到 rest 服务器:
#https config
server.ssl.key-store-type=PKCS12
# The path to the keystore containing the certificate
server.ssl.key-store=classpath:keystore/rideService.p12
# The password used to generate the certificate
server.ssl.key-store-password=geheim
# The alias mapped to the certificate
server.ssl.key-alias=rideService
security.require-ssl=true
This works according to postman.这根据 postman 工作。
Now I'm trying to configure the client side but I can't get it to work.现在我正在尝试配置客户端,但我无法让它工作。 I've added the same pk12 file to resources and added the following code to the webclient:我已将相同的 pk12 文件添加到资源中,并将以下代码添加到 webclient:
@Bean
public WebClient createSSLWebClient() throws InvalidAlgorithmParameterException, KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException {
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(new FileInputStream(ResourceUtils.getFile(trustStorePath)), trustStorePass.toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
keyManagerFactory.init(keyStore, trustStorePass.toCharArray());
SslContext sslContext = SslContextBuilder
.forClient()
.keyManager(keyManagerFactory)
.build();
HttpClient httpClient = HttpClient.create().secure(t -> t.sslContext(sslContext));
return WebClient.builder()
.clientConnector(new ReactorClientHttpConnector(httpClient))
.filter(logResponse()) // filterfunctie toevoegen aan de WebClient
.baseUrl(API_BASE_URL)
.build();
}
I always get "BAD request".我总是收到“错误的请求”。 I'm still starting to get my around it all, so I've also tried setting it as a trustmanager, but with the same result...Can anyone enlighten me what I'm doing wrong?我仍然开始了解这一切,所以我也尝试将其设置为信任管理器,但结果相同......谁能告诉我我做错了什么?
thanks谢谢
1 个解决方案
解决方案1
0 2020-06-05 08:18:49
Have you actually created an SSL certificate for your host?您是否真的为您的主机创建了 SSL 证书? Maybe that's the part you are missing.也许这就是你缺少的部分。 By a quick look I didnt see the tutorial setting up SSL in the keystore at all.通过快速浏览,我根本没有看到在密钥库中设置 SSL 的教程。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.