spring boot ssl客户端证书失败,PKIX路径生成失败错误
我正在spring boot中编写一个rest客户机,它通过ssl调用安全服务器API 这是我的密码:spring boot ssl客户端证书失败,PKIX路径生成失败错误,spring,tomcat,ssl,spring-boot,client-certificates,Spring,Tomcat,Ssl,Spring Boot,Client Certificates,我正在spring boot中编写一个rest客户机,它通过ssl调用安全服务器API 这是我的密码: @Value("${secret: not configured}") private String secret; @Value("${ssl.truststore: not configured}") private String sslTrustStore; @Value("${url: not configured}") private St
@Value("${secret: not configured}")
private String secret;
@Value("${ssl.truststore: not configured}")
private String sslTrustStore;
@Value("${url: not configured}")
private String baseUrl;
private static final String JAVA_KEYSTORE = "jks";
public String getUserProfile(String userId) throws Exception {
KeyStore clientTrustStore = getStore(secret);
SSLContext sslContext =
new SSLContextBuilder().loadTrustMaterial(
clientTrustStore, new TrustSelfSignedStrategy()).build();
httpClient = HttpClients.custom().setSSLContext(sslContext).build();
ClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(
httpClient);
RestTemplate restTemplate = new RestTemplate(requestFactory);
HttpEntity<String> entity = new HttpEntity<>(getHeaders());
ResponseEntity<String> response =
restTemplate.exchange(baseUrl,
HttpMethod.GET, entity, String.class);
return response.getBody();
}
protected KeyStore getStore(String secret) throws
KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
ClassPathResource resource = new ClassPathResource(sslTrustStore);
final KeyStore store = KeyStore.getInstance(JAVA_KEYSTORE);
InputStream inputStream = resource.getInputStream();
try {
store.load(inputStream, secret.toCharArray());
} finally {
inputStream.close();
}
return store;
}
如果您在服务器的密钥库上安装证书,tomcat服务器将负责与目标机器握手ssl证书,您不必每次调用服务时都将其加载到代码中
<Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="server" keystoreFile="/home/user_name/your_site_name.jks" keystorePass="your_keystore_password" />
请参见此处的教程:
更新:Spring boot tomcat需要如下提供的参数:为什么要加载信任存储?从代码中加载存储有什么特殊要求?因为它将根据环境而变化。dev,qa和Prod有不同的版本在这种情况下服务器的更改是否正确?请参阅下面我的答案。服务器是否发生更改是什么意思?Dev是否有不同的服务器?同样适用于qa、prod等,我使用的是spring中的嵌入式tomcatboot@brainstorm您会实时使用嵌入式tomcat吗?如果您的答案是“否”,那么您应该通过在real server上部署来测试它。@brainstorm更新了我的答案,请参阅底部的链接。这是服务器的链接。我正在使用客户端。这是不同的@头脑风暴你检查了信任库了吗?它有安装的证书吗?
<Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="server" keystoreFile="/home/user_name/your_site_name.jks" keystorePass="your_keystore_password" />