如何使用.pfx证书&调用安全的REST APISpring Boot Rest模板中输入密码? [英] How to call secured rest api using .pfx certificate & password in spring boot rest template?

问题描述

我需要从我的Spring Boot应用程序调用一个外部安全的REST API(已启用ssl).邮递员可以使用.pfx证书&来访问外部api.密码.现在，我想使用rest模板通过在每个请求上附加.pfx文件和密码来调用外部api.

I need to invoke an external secured rest api(ssl enabled) from my spring boot application. The external api is accessible from postman using .pfx certificate & password. Now I would like to make a call to the external api using rest template by attaching .pfx file and password on each request.

我不知道如何使用pfx证书通过ssl进行rest模板调用.任何帮助将不胜感激.

I don’t know how to make rest template call over ssl using pfx certificate. Any help will be appreciated.

推荐答案

您需要做的是配置其余模板的基础apache http客户端.下面是一个示例配置:

What you need to do is to configure the underlying apache http client of the rest template. Below is an example configuration:

SSLContext sslContext = ...;

HttpClient httpClient = HttpClients.custom()
    .setSSLContext(sslContext)
    .build();

HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
requestFactory.setHttpClient(httpClient);

RestTemplate restTemplate = new RestTemplate(requestFactory);

有两个库提供了易于使用的Utility/factory/builder类，以帮助您创建SSLContext.

There are couple of libraries which provides easy to use utility/factory/builder classes to help you to create a SSLContext.

• Apache SSLContextBuilder
• JettySslContextFactory
• SSLContext-Kickstart

可能还有许多其他提供类似功能的库，但是我只知道这三个.顺便说一下，sslcontext-kickstart是一个由我维护的库.

There could be a bunch other libraries which provide similar functionality, but I am only aware of these three. By the way the sslcontext-kickstart is a library which is maintained by me.

下面是加载密钥库和创建​​SSLContext的四种方法的概述.Vanilla Java并使用这三个库.

Below is an overview of four ways to load the keystores and create an SSLContext. Vanilla Java and by using the three libraries.

import io.netty.handler.ssl.SslContextBuilder;
import nl.altindag.ssl.SSLFactory;
import org.apache.http.ssl.SSLContextBuilder;
import org.eclipse.jetty.util.ssl.SslContextFactory;

import javax.net.ssl.*;
import java.io.File;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.Objects;

class SslExample {

    public static void main(String[] args) throws Exception {

        //creating sslContext with sslcontext-kickstart
        SSLFactory sslFactory = SSLFactory.builder()
                .withIdentityMaterial("keystore.pfx", "secret".toCharArray())
                .withTrustMaterial("truststore.pfx", "secret".toCharArray())
                .build();

        SSLContext sslContext = sslFactory.getSslContext();

        //Traditional flow of creating sslContext
        String keyStorePath = "keystore.pfx";
        String trustStorePath = "truststore.pfx";

        char[] keyStorePassword = "secret".toCharArray();
        char[] trustStorePassword = "secret".toCharArray();

        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        KeyStore trustStore = KeyStore.getInstance("PKCS12");

        try(InputStream keyStoreInputStream = SslExample.class.getClassLoader().getResourceAsStream(keyStorePath);
            InputStream trustStoreInputStream = SslExample.class.getClassLoader().getResourceAsStream(trustStorePath)) {

            Objects.requireNonNull(keyStoreInputStream);
            Objects.requireNonNull(trustStoreInputStream);

            keyStore.load(keyStoreInputStream, keyStorePassword);
            trustStore.load(trustStoreInputStream, trustStorePassword);
        }

        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, keyStorePassword);
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();

        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(trustStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();

        SSLContext sslContext1 = SSLContext.getInstance("TLSv1.2");
        sslContext.init(keyManagers, trustManagers, new SecureRandom());

        //creating sslContext with Apache SSLContextBuilder
        SSLContext sslContext2 = SSLContextBuilder.create()
                .loadKeyMaterial(new File("keystore.pfx"), "secret".toCharArray(), "secret".toCharArray())
                .loadTrustMaterial(new File("truststore.pfx"), "secret".toCharArray())
                .build();

        //creating sslContext with Jetty SslContextFactory
        SslContextFactory.Client sslContextFactory = new SslContextFactory.Client();
        sslContextFactory.setKeyStorePath("keystore.pfx");
        sslContextFactory.setKeyStorePassword("secret");
        sslContextFactory.setTrustStorePath("truststore.pfx");
        sslContextFactory.setTrustStorePassword("secret");
        sslContextFactory.start();

        SSLContext sslContext3 = sslContextFactory.getSslContext();
    }

}

这篇关于如何使用.pfx证书&调用安全的REST APISpring Boot Rest模板中输入密码?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！