如何在Spring Feign Client中使用P12客户端证书 [英] How to use p12 client certificate with spring feign client

问题描述

我有一个调用远程服务的Spring Boot应用程序.

I have a Spring Boot application that calls a remote service.

此远程Web服务为我提供了一个p12文件，该文件应该对我的应用程序进行身份验证.

This remote web service provided me a p12 file that should authenticate my application.

如何配置伪装客户端以使用p12证书?

How do I configure my feign client to use the p12 certificate ?

我尝试设置以下属性:

-Djavax.net.ssl.keyStore=path_to_cert.p12 -Djavax.net.ssl.keyStorePassword=xxx -Djavax.net.ssl.keyStoreType=PKCS12

但是它并没有改变任何东西，我仍然会收到此错误:

But it doesn't change anything, I still get this error:

sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

推荐答案

我最终可以通过大量的反复试验来设法做到这一点.

I could finally manage to do it with a lot of blind trial and error.

问题是，默认情况下，伪装生成器会使用空SSLSocketFactory来构建伪装客户端:

The problem is, by default, the feign builder builds feign clients with null SSLSocketFactory:

org.springframework.cloud.openfeign.FeignClientsConfiguration#feignBuilder :

@Bean
@Scope("prototype")
@ConditionalOnMissingBean
public Feign.Builder feignBuilder(Retryer retryer) {
    return Feign.builder().retryer(retryer);
}

feign.Feign.Builder :

  public static class Builder {
    // ...
    private Client client = new Client.Default(null, null);

因此，我必须在@Configuration中定义此bean:

So, I had to define this bean in a @Configuration:

@Bean
@Profile({"prod", "docker"})
public Feign.Builder feignBuilder() {
    return Feign.builder()
        .retryer(Retryer.NEVER_RETRY)
        .client(new Client.Default(getSSLSocketFactory(), null));

使用此方法:(不记得源代码)

with this method: (can't remember source)

SSLSocketFactory getSSLSocketFactory() {
    char[] allPassword = keyStorePassword.toCharArray();
    SSLContext sslContext = null;
    try {
        sslContext = SSLContextBuilder
            .create()
            .setKeyStoreType(keyStoreType)
            .loadKeyMaterial(ResourceUtils.getFile(keyStore), allPassword, allPassword)
            .build();
    } catch (Exception e) { /* *** */ }
    return sslContext.getSocketFactory();
}

现在，它对我有用，我通过伪装客户端调用进行了调试，并且sslSocketFactory已正确传递到基础连接.

Now, it works for me, I debugged though the feign client calls and the sslSocketFactory is correctly passed to the underlying connection.

这篇关于如何在Spring Feign Client中使用P12客户端证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！