在 spring boot application.properties 中指定信任存储信息 [英] Specifying trust store information in spring boot application.properties

问题描述

我正在使用 springBootVersion 1.2.0.RELEASE.我正在尝试通过 application.properties 配置我的密钥库和信任库.

I am using springBootVersion 1.2.0.RELEASE. I'm trying to have my keystore and truststore configured through application.properties.

当我添加以下设置时，我可以让密钥库工作，但不能让信任库工作.

When I add the following settings, I can get the keystore to work, but not the truststore.

server.ssl.key-store=classpath:foo.jks
server.ssl.key-store-password=password
server.ssl.key-password=password
server.ssl.trust-store=classpath:foo.jks
server.ssl.trust-store-password=password

但是，如果我通过 gradle 添加信任库:

However, if I add the truststore through gradle:

bootRun {
    jvmArgs = [ "-Djavax.net.ssl.trustStore=c://foo.jks", "-Djavax.net.ssl.trustStorePassword=password"]
}

效果很好.

是否有人使用 application.properties 进行信任存储?

Has anyone used the application.properties for trust stores?

推荐答案

如果您需要进行 REST 调用，您可以使用下一种方法.

In case if you need to make a REST call you can use the next way.

这适用于通过 RestTemplate 拨出的电话.

This will work for outgoing calls through RestTemplate.

像这样声明 RestTemplate bean.

Declare the RestTemplate bean like this.

@Configuration
public class SslConfiguration {
    @Value("${http.client.ssl.trust-store}")
    private Resource keyStore;
    @Value("${http.client.ssl.trust-store-password}")
    private String keyStorePassword;

    @Bean
    RestTemplate restTemplate() throws Exception {
        SSLContext sslContext = new SSLContextBuilder()
                .loadTrustMaterial(
                        keyStore.getURL(),
                        keyStorePassword.toCharArray()
                ).build();
        SSLConnectionSocketFactory socketFactory = 
                new SSLConnectionSocketFactory(sslContext);
        HttpClient httpClient = HttpClients.custom()
                .setSSLSocketFactory(socketFactory).build();
        HttpComponentsClientHttpRequestFactory factory = 
                new HttpComponentsClientHttpRequestFactory(httpClient);
        return new RestTemplate(factory);
    }
}

其中http.client.ssl.trust-store 和http.client.ssl.trust-store-password 指向JKS 指定信任库的格式和密码.

Where http.client.ssl.trust-store and http.client.ssl.trust-store-password points to truststore in JKS format and the password for the specified truststore.

这将覆盖 Spring Boot 提供的 RestTemplate bean 并使其使用您需要的信任存储.

This will override the RestTemplate bean provided with Spring Boot and make it use the trust store you need.

这篇关于在 spring boot application.properties 中指定信任存储信息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！