有没有一种方法可以使用WebFlux在Azure Kubernetes服务中配置SSL证书而不使用Java密钥库?
我在AKS平台中部署了一个微服务,该微服务必须连接使用SSL证书的外部API。我怀疑是否有一种方法可以在不使用java密钥库的情况下配置SSL证书,我的项目是使用带有WebFlux的Spring boot用java语言开发的。 我发现了一个例子,如何使用jks文件和Webflux,但不起作用 我使用下一个代码生成SslContext:有没有一种方法可以使用WebFlux在Azure Kubernetes服务中配置SSL证书而不使用Java密钥库?,java,ssl,jks,Java,Ssl,Jks,我在AKS平台中部署了一个微服务,该微服务必须连接使用SSL证书的外部API。我怀疑是否有一种方法可以在不使用java密钥库的情况下配置SSL证书,我的项目是使用带有WebFlux的Spring boot用java语言开发的。 我发现了一个例子,如何使用jks文件和Webflux,但不起作用 我使用下一个代码生成SslContext: public SslContext getSslContext(){ SslContext sslContext; try { KeyStor
public SslContext getSslContext(){
SslContext sslContext;
try {
KeyStore ks = KeyStore.getInstance("JKS");
try (InputStream is = getClass().getResourceAsStream("/my-
truststore.jks"))
{
ks.load(is, "truststore-password".toCharArray());
}
X509Certificate[] trusted =
Collections.list(ks.aliases()).stream().map(alias -> {
try {
return (X509Certificate) ks.getCertificate(alias);
} catch (KeyStoreException e) {
throw new RuntimeException(e);
}
}).toArray(X509Certificate[]::new);
sslContext = SslContextBuilder.forClient().trustManager(trusted).build();
} catch (GeneralSecurityException | IOException e) {
throw new RuntimeException(e);
}
}
public WebClient getSslWebClient (){
try {
sslContext = getSslContext();
} catch (Exception e) {
e.printStackTrace();
}
SslContext finalSslContext = sslContext;
TcpClient tcpClient = TcpClient.create().secure(sslContextSpec ->
sslContextSpec.sslContext(finalSslContext));
HttpClient httpClient = HttpClient.from(tcpClient);
ClientHttpConnector httpConnector = new
ReactorClientHttpConnector(httpClient);
return WebClient.builder().clientConnector(httpConnector).build();
}
问候。经过几天的研究,我找到了一种不用Java密钥库(JKS)就能使用证书的方法。为此,我需要PEM格式的证书,然后将此证书作为属性复制到参数文件中,然后直接调用它:
public class SslConfig {
@Value("${ocp.http-client.certificate}")
private String certificate;
private final static String certificateType = "X.509";
private final static String alias = "root";
private static SslContext sslContext;
public WebClient getSslWebClient (){
try {
sslContext = getSslContext();
} catch (Exception e) {
e.printStackTrace();
}
SslContext finalSslContext = sslContext;
TcpClient tcpClient = TcpClient.create().secure(sslContextSpec -> sslContextSpec.sslContext(finalSslContext));
HttpClient httpClient = HttpClient.from(tcpClient);
ClientHttpConnector httpConnector = new ReactorClientHttpConnector(httpClient);
return WebClient.builder().clientConnector(httpConnector).build();
}
//Se configura el contexto sobre el cual se trabajara la comunicacion SSL
public SslContext getSslContext(){
try {
ByteArrayInputStream is = new ByteArrayInputStream(certificate.getBytes());
final KeyStore keyStore = readKeyStore(is);
X509Certificate[] trusted = Collections.list(keyStore.aliases()).stream().map(alias -> {
try {
return (X509Certificate) keyStore.getCertificate(alias);
} catch (KeyStoreException e) {
System.out.println(e.getMessage());
throw new RuntimeException(e);
}
}).toArray(X509Certificate[]::new);
sslContext = SslContextBuilder.forClient().trustManager(trusted).build();
}catch (GeneralSecurityException | SSLException e ){
System.out.println(e.getMessage());
throw new RuntimeException(e);
} catch (IOException e) {
e.printStackTrace();
}
return sslContext;
}
private static KeyStore readKeyStore(InputStream is) throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException {
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null, null);
CertificateFactory cf = CertificateFactory.getInstance(certificateType);
Certificate cert = null;
while (is.available() > 0) {
cert = cf.generateCertificate(is);
}
ks.setCertificateEntry(alias, cert);
return ks;
}
}
在此之后,我可以发出请求并获得所需的响应。也许您可以秘密保存证书并在代码中使用该秘密。secret将存储证书,您可以使用secret作为环境变量。但是我有一个.cer文件,根据我所读的内容,我需要在microservice密钥库中注册该证书并生成一个密钥类型文件。