我在AKS平台上部署了微服务,并且该微服务必须连接使用SSL证书的外部API。我怀疑是否有一种无需使用Java Keystore即可配置SSL证书的方法,我的项目是使用WebFlux的Spring boot以Java语言开发的。我找到了一个示例,该示例如何使用jks文件和Webflux但不起作用。
我使用下一个代码生成SslContext:
public SslContext getSslContext(){
SslContext sslContext;
try {
KeyStore ks = KeyStore.getInstance("JKS");
try (InputStream is = getClass().getResourceAsStream("/my-
truststore.jks"))
{
ks.load(is, "truststore-password".toCharArray());
}
X509Certificate[] trusted =
Collections.list(ks.aliases()).stream().map(alias -> {
try {
return (X509Certificate) ks.getCertificate(alias);
} catch (KeyStoreException e) {
throw new RuntimeException(e);
}
}).toArray(X509Certificate[]::new);
sslContext = SslContextBuilder.forClient().trustManager(trusted).build();
} catch (GeneralSecurityException | IOException e) {
throw new RuntimeException(e);
}
}
并且我使用下一个生成WebClient:
public WebClient getSslWebClient (){
try {
sslContext = getSslContext();
} catch (Exception e) {
e.printStackTrace();
}
SslContext finalSslContext = sslContext;
TcpClient tcpClient = TcpClient.create().secure(sslContextSpec ->
sslContextSpec.sslContext(finalSslContext));
HttpClient httpClient = HttpClient.from(tcpClient);
ClientHttpConnector httpConnector = new
ReactorClientHttpConnector(httpClient);
return WebClient.builder().clientConnector(httpConnector).build();
}
感谢您的支持。问候。
嗯,经过几天的研究,我找到了一种无需使用Java KeyStore(JKS)即可使用证书的方法。为此,我需要PEM格式的证书,然后将此证书作为属性复制到参数文件中,然后直接调用它:
public class SslConfig {
@Value("${ocp.http-client.certificate}")
private String certificate;
private final static String certificateType = "X.509";
private final static String alias = "root";
private static SslContext sslContext;
public WebClient getSslWebClient (){
try {
sslContext = getSslContext();
} catch (Exception e) {
e.printStackTrace();
}
SslContext finalSslContext = sslContext;
TcpClient tcpClient = TcpClient.create().secure(sslContextSpec -> sslContextSpec.sslContext(finalSslContext));
HttpClient httpClient = HttpClient.from(tcpClient);
ClientHttpConnector httpConnector = new ReactorClientHttpConnector(httpClient);
return WebClient.builder().clientConnector(httpConnector).build();
}
//Se configura el contexto sobre el cual se trabajara la comunicacion SSL
public SslContext getSslContext(){
try {
ByteArrayInputStream is = new ByteArrayInputStream(certificate.getBytes());
final KeyStore keyStore = readKeyStore(is);
X509Certificate[] trusted = Collections.list(keyStore.aliases()).stream().map(alias -> {
try {
return (X509Certificate) keyStore.getCertificate(alias);
} catch (KeyStoreException e) {
System.out.println(e.getMessage());
throw new RuntimeException(e);
}
}).toArray(X509Certificate[]::new);
sslContext = SslContextBuilder.forClient().trustManager(trusted).build();
}catch (GeneralSecurityException | SSLException e ){
System.out.println(e.getMessage());
throw new RuntimeException(e);
} catch (IOException e) {
e.printStackTrace();
}
return sslContext;
}
private static KeyStore readKeyStore(InputStream is) throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException {
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null, null);
CertificateFactory cf = CertificateFactory.getInstance(certificateType);
Certificate cert = null;
while (is.available() > 0) {
cert = cf.generateCertificate(is);
}
ks.setCertificateEntry(alias, cert);
return ks;
}
}
此后,我可以发出请求并获得所需的响应。