Java netflix zuul与microservice之间的证书认证
我已在我的应用程序netflix zuul中配置了调用其他服务,并且有必要在应用程序中包含一个证书 我正在尝试做与中相同的事情(使用带有证书的netflix zuul),但我遇到了问题 例如,在中表示使用了.keystore,但我拥有的文件是.cer和.key,我不知道如何将证书应用于我拥有的文件 你能帮我把我的证书和我的应用程序的netflix zuul代理连接起来吗 非常感谢大家 编辑->我已经尝试了解决方案,我的代码:Java netflix zuul与microservice之间的证书认证,java,spring-boot,ssl,ssl-certificate,netflix-zuul,Java,Spring Boot,Ssl,Ssl Certificate,Netflix Zuul,我已在我的应用程序netflix zuul中配置了调用其他服务,并且有必要在应用程序中包含一个证书 我正在尝试做与中相同的事情(使用带有证书的netflix zuul),但我遇到了问题 例如,在中表示使用了.keystore,但我拥有的文件是.cer和.key,我不知道如何将证书应用于我拥有的文件 你能帮我把我的证书和我的应用程序的netflix zuul代理连接起来吗 非常感谢大家 编辑->我已经尝试了解决方案,我的代码: @Bean public CloseableHttpClien
@Bean
public CloseableHttpClient httpClient() throws Throwable {
InputStream is = new FileInputStream(KEYSTOREPATH);
//KEYSTOREPATH = String KEYSTOREPATH = "E:/ARC/myapp/src/main/java/com/myapp/services/myapp/myapp.cer";
// You could get a resource as a stream instead.
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate caCert = (X509Certificate)cf.generateCertificate(is);
TrustManagerFactory tmf = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null); // You don't need the KeyStore instance to come from a file.
ks.setCertificateEntry("caCert", caCert);
tmf.init(ks);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(), null);
return HttpClients.custom().setSSLContext(sslContext).build();
}
当执行netflix zuul中配置的路径时,我得到以下错误:
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1460)
... 105 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 111 common frames omitted
您可以尝试构建SSLContext并信任.cer文件中的证书,如下所述:
贾维尔,我能够构建SSLContext,如下所示。你还有这个问题吗
@Test
public void sslContext() {
Class demoClass = Demo.class;
InputStream is = demoClass.getResourceAsStream("/test.cert");
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate caCert = (X509Certificate) cf.generateCertificate(is);
TrustManagerFactory tmf = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null); // You don't need the KeyStore instance to come from a file.
ks.setCertificateEntry("caCert", caCert);
tmf.init(ks);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(), null);
} catch (CertificateException | NoSuchAlgorithmException | KeyStoreException | IOException | KeyManagementException e) {
e.printStackTrace();
}
}
非常感谢Mohit的回答,我已经尝试了他们在您告诉我的链接中添加的内容,当您启动应用程序并调用netflix zuul服务时,我收到一个错误,您无法找到证书:原因:sun.security.provider.certpath.SunCertPathBuilderException:无法找到请求目标的有效证书路径