将ssl证书与feign一起使用
我正在尝试访问由https保护的应用程序,我有一个p12证书(已经作为.cer导入到我的jdk的cacerts文件夹中)。
我已经尝试了这个教程,但没有成功:https://dzone.com/articles/ssl-based-feignclient-example-in-java-microcervice
我还使用了这个解决方案的一部分:How to use p12 client certificate with spring feign client
调试ssl连接时,我得到以下错误:javax.net.ssl|ERROR|25|http-nio-auto-1-exec-1|2021-01-26 16:56:34.789 BRT|TransportContext.java:317|Fatal (HANDSHAKE_FAILURE): Received fatal alert: handshake_failure
我当前的feign配置类
@Bean
@ConditionalOnMissingBean
public Feign.Builder feignBuilder(Retryer retryer) {
return Feign.builder().retryer(retryer);
}
@Bean
public Feign.Builder feignBuilder() {
return Feign.builder()
.retryer(Retryer.NEVER_RETRY)
.client(new Client.Default(getSSLSocketFactory(), null));
}
private SSLSocketFactory getSSLSocketFactory() {
String keyStorePassword = "myPassword";
char[] allPassword = keyStorePassword.toCharArray();
SSLContext sslContext = null;
try {
sslContext = SSLContextBuilder
.create()
.setKeyStoreType("PKCS12")
.loadKeyMaterial(ResourceUtils.getFile("keypath"), allPassword, allPassword)
.build();
} catch (Exception e) { }
return sslContext.getSocketFactory();
}在代码的debbuging部分,我可以看到我的证书在那里,但我的java仍然收到握手错误。我是ssl概念的新手,可能做了一些配置错误。
最后要注意的是,在feign config类中设置信任存储和系统密码
System.setProperty("javax.net.ssl.trustStorePassword", "pass");
System.setProperty("javax.net.ssl.trustStore", "pathtocerth.p12");错误更改为:
javax.net.ssl|ERROR|25|http-nio-auto-1-exec-1|2021-01-26 16:48:58.551 BRT|TransportContext.java:317|Fatal (CERTIFICATE_UNKNOWN): PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
回答 2
Stack Overflow用户
发布于 2021-01-28 22:06:30
自从我发现了这个问题,我就在回答我自己。如果有人面临同样的问题,解决方案很简单。
在应用程序属性中,您需要添加以下属性:
feign.httpclient.disableSslValidation=true
feign.httpclient.enabled=false
feign.okhttp.enabled=true从…
<dependency>
<groupId>io.github.openfeign</groupId>
<artifactId>feign-httpclient</artifactId>
<version>9.4.0</version>
</dependency>设置feign配置类
@Configuration
public class CustomFeignConfiguration {
@Bean
public void Config() {
System.setProperty("javax.net.ssl.keyStoreType", "PKCS12");
System.setProperty("javax.net.ssl.keyStore", "path to p12");
System.setProperty("javax.net.ssl.keyStorePassword", "key password");
}并在feign请求中使用feign配置。
@FeignClient(name = "foo", url = "https://foo/foo",
configuration = CustomFeignConfiguration.class)
public interface IFeingRequest {
request here
}使用此解决方案,我不需要转换证书并将其存储到java信任存储中。
Stack Overflow用户
发布于 2021-11-11 09:01:20
您可以通过Spring中的应用程序属性直接添加密钥(以及可选的附加信任存储)。
server:
ssl:
#trust-store: path_to_your_truststore
#trust-store-password: changeit
#trust-store-type: JKS
#trust-store-provider: SUN
key-store: path_to_your_keystore
key-store-password: changeit
key-alias: 1
key-store-type: PKCS12
key-store-provider: SUN
key-password: changeit
protocol: TLS要识别key-alias、key-store-type和key-store-provider,可以使用以下命令:
keytool -list -keystore path_to_keystore但是如果你只是想关闭主机名验证,那么你不需要上面的。您可以通过添加以下属性将其配置为feign httpclient:
feign.httpclient.disableSslValidation=true和这个maven依赖关系:
<dependency>
<groupId>io.github.openfeign</groupId>
<artifactId>feign-httpclient</artifactId>
</dependency>不需要okhttp。
https://stackoverflow.com/questions/65908364
复制相似问题
腾讯云开发者
