如何直接导入 pem 文件以与 FeignClient 一起使用?
[英]How to import a pem file directly to use with a FeignClient?
问题描述
I have a client certificate.pem file including private key and certificate.
我有一个包含私钥和证书的客户端 certificate.pem 文件。 I want to use Feign to call the restful api which requires client certificate.我想使用 Feign 调用需要客户端证书的宁静 api。
I googled a lot of examples but those examples teach that import keys from jks like below:我搜索了很多示例,但这些示例教导从 jks 导入密钥,如下所示:
public class App {
public static void main(String[] args) throws Exception {
SSLFactory sslFactory = SSLFactory.builder()
.withIdentityMaterial("identity.jks", "password".toCharArray())
.withTrustMaterial("truststore.jks", "password".toCharArray())
.build();
Feign.Builder client = Feign.builder()
.client(new Client.Default(sslFactory.getSslSocketFactory(), sslFactory.getHostnameVerifier()));
}
}
However, I want to import the cert from.pem file directly because I don't have.jks file and don't want convert it by manual because the.pem file is fetched programmatically periodically from other servers.但是,我想直接从 .pem 文件导入证书,因为我没有 .jks 文件并且不想手动转换它,因为 .pem 文件是定期从其他服务器以编程方式获取的。 How can I do that?我怎样才能做到这一点?
1 个解决方案
解决方案1
1 已采纳 2022-08-10 13:47:01
I am the library maintainer of the SSLFactory which you posted in your question.我是您在问题中发布的SSLFactory的库维护者。 It is pretty easy to use pem files without converting them to keystore files.使用 pem 文件非常容易,无需将它们转换为密钥库文件。 You need an extion library to enable that feature.您需要一个扩展库来启用该功能。 Can you add the following library:您可以添加以下库:
<dependency>
<groupId>io.github.hakky54</groupId>
<artifactId>sslcontext-kickstart-for-pem</artifactId>
<version>7.4.5</version>
</dependency>
After importing the library you can use the following snippet导入库后,您可以使用以下代码段
public class App {
public static void main(String[] args) throws Exception {
X509ExtendedKeyManager keyManager = PemUtils.loadIdentityMaterial(Paths.get("/path/to/your/certificate-chain.pem"), Paths.get("/path/to/your/private-key.pem"));
X509ExtendedTrustManager trustManager = PemUtils.loadTrustMaterial(Paths.get("/path/to/your/some-trusted-certificate.pem"));
SSLFactory sslFactory = SSLFactory.builder()
.withIdentityMaterial(keyManager)
.withTrustMaterial(trustManager)
.build();
Feign.Builder client = Feign.builder()
.client(new Client.Default(sslFactory.getSslSocketFactory(), sslFactory.getHostnameVerifier()));
}
}
Update更新
It seems like the OP wants to supply a pem file as identity which contains the certificate chain and private key as a single file. OP 似乎想要提供一个 pem 文件作为身份,其中包含证书链和私钥作为单个文件。 On my initial answer I posted an example where two separate files need to be provided, but a single file is also possible, see here for the example:在我最初的回答中,我发布了一个示例,其中需要提供两个单独的文件,但也可以提供一个文件,请参见此处的示例:
X509ExtendedKeyManager keyManager = PemUtils.loadIdentityMaterial(Paths.get("/path/to/your/identity.pem"));
If your private key is encrypted you can provide the password as second parameter as shown below:如果您的私钥已加密,您可以提供密码作为第二个参数,如下所示:
X509ExtendedKeyManager keyManager = PemUtils.loadIdentityMaterial(Paths.get("/path/to/your/identity.pem"), "password".toCharArray());
All possible usages can be found in the unit test of the PemUtils here: https://github.com/Hakky54/sslcontext-kickstart/blob/5bcc06a862d654e5e59daa4175c39abe230b8fb6/sslcontext-kickstart-for-pem/src/test/java/nl/altindag/ssl/util/PemUtilsShould.java#L65所有可能的用法都可以在此处的 PemUtils 单元测试中找到: https://github.com/Hakky54/sslcontext-kickstart/blob/5bcc06a862d654e5e59daa4175c39abe230b8fb6/sslcontext-kickstart-for/altind /ssl/util/PemUtilsShould.java#L65
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.