如何在Spring Feign Client中使用P12客户端证书 [英] How to use p12 client certificate with spring feign client
问题描述
我有一个调用远程服务的Spring Boot应用程序.
I have a Spring Boot application that calls a remote service.
此远程Web服务为我提供了一个p12文件,该文件应该对我的应用程序进行身份验证.
This remote web service provided me a p12 file that should authenticate my application.
如何配置伪装客户端以使用p12证书?
How do I configure my feign client to use the p12 certificate ?
我尝试设置以下属性:
-Djavax.net.ssl.keyStore=path_to_cert.p12 -Djavax.net.ssl.keyStorePassword=xxx -Djavax.net.ssl.keyStoreType=PKCS12
但是它并没有改变任何东西,我仍然会收到此错误:
But it doesn't change anything, I still get this error:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
推荐答案
我最终可以通过大量的反复试验来设法做到这一点.
I could finally manage to do it with a lot of blind trial and error.
问题是,默认情况下,伪装生成器会使用空SSLSocketFactory来构建伪装客户端:
The problem is, by default, the feign builder builds feign clients with null SSLSocketFactory:
org.springframework.cloud.openfeign.FeignClientsConfiguration#feignBuilder :
@Bean
@Scope("prototype")
@ConditionalOnMissingBean
public Feign.Builder feignBuilder(Retryer retryer) {
return Feign.builder().retryer(retryer);
}
feign.Feign.Builder :
public static class Builder {
// ...
private Client client = new Client.Default(null, null);
因此,我必须在@Configuration中定义此bean:
So, I had to define this bean in a @Configuration:
@Bean
@Profile({"prod", "docker"})
public Feign.Builder feignBuilder() {
return Feign.builder()
.retryer(Retryer.NEVER_RETRY)
.client(new Client.Default(getSSLSocketFactory(), null));
使用此方法:(不记得源代码)
with this method: (can't remember source)
SSLSocketFactory getSSLSocketFactory() {
char[] allPassword = keyStorePassword.toCharArray();
SSLContext sslContext = null;
try {
sslContext = SSLContextBuilder
.create()
.setKeyStoreType(keyStoreType)
.loadKeyMaterial(ResourceUtils.getFile(keyStore), allPassword, allPassword)
.build();
} catch (Exception e) { /* *** */ }
return sslContext.getSocketFactory();
}
现在,它对我有用,我通过伪装客户端调用进行了调试,并且sslSocketFactory已正确传递到基础连接.
Now, it works for me, I debugged though the feign client calls and the sslSocketFactory is correctly passed to the underlying connection.
这篇关于如何在Spring Feign Client中使用P12客户端证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!