stackoom
  简体   繁体   中英

Two-way mutual SSL authentication

 原文  2021-12-06 09:07:04       java/ spring/ ssl/ client-certificates

Question

I've been tasked with implementing functionality in a Spring Boot REST API to contact another API (XML webservice). The outside API uses two-way SSL authentication. I've been given the correct certificate to implement on our side, and I've implemented the Java code. But whenever I run the code I get "Received fatal alert: handshake_failure". I've loaded the jks keystore into the SSLContext like this:

FileInputStream truststoreFile = new FileInputStream("/Users/myUser/Desktop/myProject/myProjectName/src/main/resources/keystore-name.jks");
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        KeyStore truststore = KeyStore.getInstance(KeyStore.getDefaultType());
        char[] trustorePassword = "keyStorePassword".toCharArray();
        truststore.load(truststoreFile, trustorePassword);
        trustManagerFactory.init(truststore);
        SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
        KeyManager[] keyManagers = {};//if you have key managers;
        sslContext.init(keyManagers, trustManagerFactory.getTrustManagers(), new SecureRandom());

Would I actually have to configure anything else to enable mutual two-way SSL from our API, acting like I client in this scenario? I thought I could just like the cert keystore and go. But maybe I need to do something else to enable this?

1 answers

solution1
 0  2021-12-07 21:38:47

You are using the file shared with you in the wrong context. That file is a Keystore containing the client certificate and corresponding key.

TrustStore - Tells which CAs should be trusted by the client (you).

Keystore - Tells the server about the client (you).

In order for the mutual TLS handshake to pass through, you need to load the Keystore and set it in KeyManager like below.

// Load the Keystore
KeyStore keyStore = KeyStore.getInstance("JKS");
InputStream keystoreStream = new FileInputStream(pathToJKSFile);
keyStore.load(keystoreStream, keystorePassword.toCharArray());

// Add Keystore to KeyManager
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, keystorePassword.toCharArray());

// Create SSLContext with KeyManager and TrustManager
SSLContext context = SSLContext.getInstance("TLS");
context.init(keyManagerFactory.getKeyManagers(), null, new SecureRandom());
SSLSocketFactory sslSocketFactory = context.getSocketFactory();

// Now, use this SSLSocketFactory while making the HTTPS request

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Two way mutual SSL authentication Two-way (mutual) SSL authentication with the Apache CXF client plugin for grails Mutual Authentication(Two-Way TLS/SSL) with cloud residing KeyStores and TrustStores(Secret Manager) -Spring boot Two-way (mutual) SSL with Glassfish3/4 or Tomcat 8 and self-signed certificates Apache Thrift 2-way SSL mutual authentication Mutual Authentication (2-way SSL) in AWS Lambda SSL Handshake_failure in Java test client while connecting to server with two-way authentication Java applet under Two-way SSL Two-way SSL communication with Tomcat Enable SSL “Mutual Authentication” for WebServices and “One Way Authentication” for the GUI?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM