如何使用.pfx证书&调用安全的REST APISpring Boot Rest模板中输入密码? [英] How to call secured rest api using .pfx certificate & password in spring boot rest template?
问题描述
我需要从我的Spring Boot应用程序调用一个外部安全的REST API(已启用ssl).邮递员可以使用.pfx证书&来访问外部api.密码.现在,我想使用rest模板通过在每个请求上附加.pfx文件和密码来调用外部api.
I need to invoke an external secured rest api(ssl enabled) from my spring boot application. The external api is accessible from postman using .pfx certificate & password. Now I would like to make a call to the external api using rest template by attaching .pfx file and password on each request.
我不知道如何使用pfx证书通过ssl进行rest模板调用.任何帮助将不胜感激.
I don’t know how to make rest template call over ssl using pfx certificate. Any help will be appreciated.
推荐答案
您需要做的是配置其余模板的基础apache http客户端.下面是一个示例配置:
What you need to do is to configure the underlying apache http client of the rest template. Below is an example configuration:
SSLContext sslContext = ...;
HttpClient httpClient = HttpClients.custom()
.setSSLContext(sslContext)
.build();
HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
requestFactory.setHttpClient(httpClient);
RestTemplate restTemplate = new RestTemplate(requestFactory);
有两个库提供了易于使用的Utility/factory/builder类,以帮助您创建SSLContext.
There are couple of libraries which provides easy to use utility/factory/builder classes to help you to create a SSLContext.
可能还有许多其他提供类似功能的库,但是我只知道这三个.顺便说一下,sslcontext-kickstart是一个由我维护的库.
There could be a bunch other libraries which provide similar functionality, but I am only aware of these three. By the way the sslcontext-kickstart is a library which is maintained by me.
下面是加载密钥库和创建SSLContext的四种方法的概述.Vanilla Java并使用这三个库.
Below is an overview of four ways to load the keystores and create an SSLContext. Vanilla Java and by using the three libraries.
import io.netty.handler.ssl.SslContextBuilder;
import nl.altindag.ssl.SSLFactory;
import org.apache.http.ssl.SSLContextBuilder;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import javax.net.ssl.*;
import java.io.File;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.Objects;
class SslExample {
public static void main(String[] args) throws Exception {
//creating sslContext with sslcontext-kickstart
SSLFactory sslFactory = SSLFactory.builder()
.withIdentityMaterial("keystore.pfx", "secret".toCharArray())
.withTrustMaterial("truststore.pfx", "secret".toCharArray())
.build();
SSLContext sslContext = sslFactory.getSslContext();
//Traditional flow of creating sslContext
String keyStorePath = "keystore.pfx";
String trustStorePath = "truststore.pfx";
char[] keyStorePassword = "secret".toCharArray();
char[] trustStorePassword = "secret".toCharArray();
KeyStore keyStore = KeyStore.getInstance("PKCS12");
KeyStore trustStore = KeyStore.getInstance("PKCS12");
try(InputStream keyStoreInputStream = SslExample.class.getClassLoader().getResourceAsStream(keyStorePath);
InputStream trustStoreInputStream = SslExample.class.getClassLoader().getResourceAsStream(trustStorePath)) {
Objects.requireNonNull(keyStoreInputStream);
Objects.requireNonNull(trustStoreInputStream);
keyStore.load(keyStoreInputStream, keyStorePassword);
trustStore.load(trustStoreInputStream, trustStorePassword);
}
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, keyStorePassword);
KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
SSLContext sslContext1 = SSLContext.getInstance("TLSv1.2");
sslContext.init(keyManagers, trustManagers, new SecureRandom());
//creating sslContext with Apache SSLContextBuilder
SSLContext sslContext2 = SSLContextBuilder.create()
.loadKeyMaterial(new File("keystore.pfx"), "secret".toCharArray(), "secret".toCharArray())
.loadTrustMaterial(new File("truststore.pfx"), "secret".toCharArray())
.build();
//creating sslContext with Jetty SslContextFactory
SslContextFactory.Client sslContextFactory = new SslContextFactory.Client();
sslContextFactory.setKeyStorePath("keystore.pfx");
sslContextFactory.setKeyStorePassword("secret");
sslContextFactory.setTrustStorePath("truststore.pfx");
sslContextFactory.setTrustStorePassword("secret");
sslContextFactory.start();
SSLContext sslContext3 = sslContextFactory.getSslContext();
}
}
这篇关于如何使用.pfx证书&调用安全的REST APISpring Boot Rest模板中输入密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!