|
|
相关文章推荐
|
冷静的酱牛肉 · sql语句 如果为空值显示为0_sql ...· 4 月前 · |
|
|
温暖的机器人 · 如何在TypeScript中为对象动态分配属 ...· 5 月前 · |
|
|
聪明的牛肉面 · python ...· 1 年前 · |
|
|
拉风的勺子 · C#开发:不规则裁切图片-阿里云开发者社区· 1 年前 · |
我正在使用
springBootVersion 1.2.0.RELEASE
。我正在尝试通过
application.properties
配置我的密钥库和信任库。
当我添加以下设置时,我可以让密钥库工作,但不能让信任库工作。
server.ssl.key-store=classpath:foo.jks
server.ssl.key-store-password=password
server.ssl.key-password=password
server.ssl.trust-store=classpath:foo.jks
server.ssl.trust-store-password=password但是,如果我通过gradle添加信任库:
bootRun {
jvmArgs = [ "-Djavax.net.ssl.trustStore=c://foo.jks", "-Djavax.net.ssl.trustStorePassword=password"]
}它工作得很好。
有没有人将
application.properties
用于信任商店?
10 个回答
高票数
最新
Magnus Larsson
回答于2015-05-13 02:55
得票数
20
我也有同样的问题,我会试着更详细地解释一下。
我正在使用spring-boot 1.2.2-RELEASE,并在Tomcat和Undertow上试用,结果相同。
在application.yml中定义信任存储区,如:
server:
trust-store: path-to-truststore...
trust-store-password: my-secret-password...不工作,而:
$ java -Djavax.net.debug=ssl -Djavax.net.ssl.trustStore=path-to-truststore... -Djavax.net.ssl.trustStorePassword=my-secret-password... -jar build/libs/*.jar 工作得很好。
查看rutime差异的最简单方法是在客户端启用ssl-debug。在工作时(即使用-D标志),会将类似以下内容写入控制台(在处理第一个请求期间):
trustStore is: path-to-truststore...
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: C=..., ST=..., O=..., OU=..., CN=...
Issuer: C=..., ST=..., O=..., OU=..., CN=...
Algorithm: RSA; Serial number: 0x4d2
Valid from Wed Oct 16 17:58:35 CEST 2013 until Tue Oct 11 17:58:35 CEST 2033如果没有-D标志,我会得到:
trustStore is: /Library/Java/JavaVirtualMachines/jdk1.8.0_11.jdk/Contents/Home/jre/lib/security/cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert: ... (one for each CA-cert in the defult truststore)...and当执行一个请求时,我得到一个异常:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target希望它能帮助我们更好地理解这个问题!
KLHauser
修改于2016-08-05 14:50
得票数
-5
在微服务基础设施中(我知道这不符合问题),您不能使用:
server:
trust-store: path-to-truststore...
trust-store-password: my-secret-password...相反,可以配置ribbon负载均衡器:
ribbon:
TrustStore: keystore.jks
TrustStorePassword : example
ReadTimeout: 60000
IsSecure: true
MaxAutoRetries: 1在这里 https://github.com/rajaramkushwaha/https-zuul-proxy-spring-boot-app ,你可以找到一个工作的例子。github也对此进行了讨论,但我再也找不到它了。
Sasha Shpota
修改于2019-05-24 03:32
得票数
41
如果您需要进行REST调用,可以使用下一种方法。
这将适用于通过
RestTemplate
.的去电
像这样声明
RestTemplate
bean。
@Configuration
public class SslConfiguration {
@Value("${http.client.ssl.trust-store}")
private Resource keyStore;
@Value("${http.client.ssl.trust-store-password}")
private String keyStorePassword;
@Bean
RestTemplate restTemplate() throws Exception {
SSLContext sslContext = new SSLContextBuilder()
.loadTrustMaterial(
keyStore.getURL(),
keyStorePassword.toCharArray()
).build();
SSLConnectionSocketFactory socketFactory =
new SSLConnectionSocketFactory(sslContext);
HttpClient httpClient = HttpClients.custom()
.setSSLSocketFactory(socketFactory).build();
HttpComponentsClientHttpRequestFactory factory =
new HttpComponentsClientHttpRequestFactory(httpClient);
return new RestTemplate(factory);
}
其中
http.client.ssl.trust-store
和
http.client.ssl.trust-store-password
指向
JKS
格式的信任库和指定信任库的密码。
这将覆盖Spring Boot提供的
RestTemplate
bean,并使其使用您需要的信任存储。
crusy
修改于2017-06-02 18:43
得票数
2
这里是我的扩展版本的
Oleksandr Shpota's answer
,包括导入。可以在
org.apache.httpcomponents:httpclient
中找到
org.apache.http.*
包。我已经评论了这些变化:
import org.apache.http.client.HttpClient;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContexts;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.io.Resource;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.web.client.RestTemplate;
@Value("${http.client.ssl.key-store}")
private Resource keyStore;
@Value("${http.client.ssl.trust-store}")
private Resource trustStore;
// I use the same pw for both keystores:
@Value("${http.client.ssl.trust-store-password}")
private String keyStorePassword;
// wasn't able to provide this as a @Bean...:
private RestTemplate getRestTemplate() {
try {
SSLContext sslContext = SSLContexts.custom()
// keystore wasn't within the question's scope, yet it might be handy:
.loadKeyMaterial(
keyStore.getFile(),
keyStorePassword.toCharArray(),
keyStorePassword.toCharArray())
.loadTrustMaterial(
trustStore.getURL(),
keyStorePassword.toCharArray(),
// use this for self-signed certificates only:
new TrustSelfSignedStrategy())
.build();
HttpClient httpClient = HttpClients.custom()
// use NoopHostnameVerifier with caution, see https://stackoverflow.com/a/22901289/3890673
.setSSLSocketFactory(new SSLConnectionSocketFactory(sslContext, new NoopHostnameVerifier()))
.build();
return new RestTemplate(new HttpComponentsClientHttpRequestFactory(httpClient));
} catch (IOException | GeneralSecurityException e) {
throw new RuntimeException(e);
}
Konstantin Yovkov
修改于2018-03-28 19:38
得票数
23
我在Spring Boot、Spring Cloud (微服务)和自签名SSL证书上也遇到了同样的问题。密钥库在应用程序属性中开箱即用,而信任库则没有。
最后,我将密钥库和信任库配置都保存在application.properties中,并添加了一个单独的配置bean,用于在系统中配置信任库属性。
@Configuration
public class SSLConfig {
@Autowired
private Environment env;
@PostConstruct
private void configureSSL() {
//set to TLSv1.1 or TLSv1.2
System.setProperty("https.protocols", "TLSv1.1");
//load the 'javax.net.ssl.trustStore' and
//'javax.net.ssl.trustStorePassword' from application.properties
System.setProperty("javax.net.ssl.trustStore", env.getProperty("server.ssl.trust-store"));
System.setProperty("javax.net.ssl.trustStorePassword",env.getProperty("server.ssl.trust-store-password"));
}
F. Geraerts
修改于2021-02-01 21:28
得票数
14
java属性"javax.net.ssl.trustStore“和"javax.net.ssl.trustStorePassword”不对应于Spring boot "application.properties“("application.yml")中的”server.ssl.truts-store“和”server.ssl.truts-store-password“
所以您不能简单地通过在"application.properties“("application.yml")中设置”server.ssl.truts-store“和”server.ssl.Trust-store-javax.net.ssl.trustStorePassword“来设置"javax.net.ssl.trustStore”和"javax.net.ssl.trustStorePassword“
设置"javax.net.ssl.trustStore“和"javax.net.ssl.trustStorePassword”的另一种方法是通过Spring boot Externalized Configuration
下面是我的实现摘录:
Params类保存外部设置
@Component
@ConfigurationProperties("params")
public class Params{
//default values, can be override by external settings
public static String trustStorePath = "config/client-truststore.jks";
public static String trustStorePassword = "wso2carbon";
public static String keyStorePath = "config/wso2carbon.jks";
public static String keyStorePassword = "wso2carbon";
public static String defaultType = "JKS";
public void setTrustStorePath(String trustStorePath){
Params.trustStorePath = trustStorePath;
public void settrustStorePassword(String trustStorePassword){
Params.trustStorePassword=trustStorePassword;
public void setKeyStorePath(String keyStorePath){
Params.keyStorePath = keyStorePath;
public void setkeyStorePassword(String keyStorePassword){
Params.keyStorePassword = keyStorePassword;
public void setDefaultType(String defaultType){
Params.defaultType = defaultType;
}KeyStoreUtil类承担"javax.net.ssl.trustStore“和"javax.net.ssl.trustStorePassword”的设置
public class KeyStoreUtil {
public static void setTrustStoreParams() {
File filePath = new File( Params.trustStorePath);
String tsp = filePath.getAbsolutePath();
System.setProperty("javax.net.ssl.trustStore", tsp);
System.setProperty("javax.net.ssl.trustStorePassword", Params.trustStorePassword);
System.setProperty("javax.net.ssl.keyStoreType", Params.defaultType);
public static void setKeyStoreParams() {
File filePath = new File(Params.keyStorePath);
String ksp = filePath.getAbsolutePath();
System.setProperty("Security.KeyStore.Location", ksp);
System.setProperty("Security.KeyStore.Password", Params.keyStorePassword);
}您可以在启动函数中执行setter
@SpringBootApplication
@ComponentScan("com.myapp.profiles")
public class ProfilesApplication {
public static void main(String[] args) {
KeyStoreUtil.setKeyStoreParams();
KeyStoreUtil.setTrustStoreParams();
SpringApplication.run(ProfilesApplication.class, args);
}编辑于2018-10-03
您可能还希望采用注释"PostConstruct“作为执行设置器的替代方法
import javax.annotation.PostConstruct;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication(scanBasePackages={"com.xxx"})
public class GateApplication {
public static void main(String[] args) {
SpringApplication.run(GateApplication.class, args);
@PostConstruct
void postConstruct(){
setTrustStoreParams();
setKeyStoreParams();
private static void setTrustStoreParams() {
File filePath = new File( Params.trustStorePath);
String tsp = filePath.getAbsolutePath();
System.setProperty("javax.net.ssl.trustStore", tsp);
System.setProperty("javax.net.ssl.trustStorePassword", Params.trustStorePassword);
System.setProperty("javax.net.ssl.keyStoreType", Params.defaultType);
private static void setKeyStoreParams() {
File filePath = new File(Params.keyStorePath);
String ksp = filePath.getAbsolutePath();
System.setProperty("Security.KeyStore.Location", ksp);
System.setProperty("Security.KeyStore.Password", Params.keyStorePassword);
}the application.yml
---
params:
trustStorePath: config/client-truststore.jks
trustStorePassword: wso2carbon
keyStorePath: config/wso2carbon.jks
keyStorePassword: wso2carbon
defaultType: JKS
---最后,在运行环境(部署服务器)中,在存储jar存档的同一文件夹下创建一个名为"config“的文件夹。
在"config“文件夹中,您可以存储"application.yml”、"client-truststore.jks“和"wso2carbon.jks”。完成了!
2018年11月27日关于Spring boot 2.x.x的 更新
从spring boot 2.x.x开始,不再支持静态属性,请使用 see here 。我个人认为这不是一个好的举动,因为必须沿着参考链进行复杂的更改……
无论如何,实现摘录可能如下所示
“Params”类
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.stereotype.Component;
import lombok.Data;
* Params class represent all config parameters that can
* be external set by spring xml file
@Component
@ConfigurationProperties("params")
@Data
public class Params{
//default values, can be override by external settings
public String trustStorePath = "config/client-truststore.jks";
public String trustStorePassword = "wso2carbon";
public String keyStorePath = "config/wso2carbon.jks";
public String keyStorePassword = "wso2carbon";
public String defaultType = "JKS";
}“Springboot应用程序类”(带有“PostConstruct”)
import java.io.File;
import javax.annotation.PostConstruct;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication(scanBasePackages={"com.xx.xx"})
public class BillingApplication {
@Autowired
Params params;
public static void main(String[] args) {
SpringApplication.run(BillingApplication.class, args);
@PostConstruct
void postConstruct() {
// set TrustStoreParams
File trustStoreFilePath = new File(params.trustStorePath);
String tsp = trustStoreFilePath.getAbsolutePath();
System.setProperty("javax.net.ssl.trustStore", tsp);
System.setProperty("javax.net.ssl.trustStorePassword", params.trustStorePassword);
System.setProperty("javax.net.ssl.keyStoreType", params.defaultType);
// set KeyStoreParams
File keyStoreFilePath = new File(params.keyStorePath);
String ksp = keyStoreFilePath.getAbsolutePath();
System.setProperty("Security.KeyStore.Location", ksp);
System.setProperty("Security.KeyStore.Password", params.keyStorePassword);
}
SaWo
回答于2018-04-06 06:40
得票数
4
如果您将Spring Boot应用程序作为一个linux服务(例如init.d脚本或类似的)执行,那么您还有以下选择:创建一个名为yourApplication.conf的文件,并将其放在可执行的war/jar文件旁边。它的内容应该类似于:
JAVA_OPTS="
-Djavax.net.ssl.trustStore=path-to-your-trustStore-file
-Djavax.net.ssl.trustStorePassword=yourCrazyPassword
"
Serhii Bohutskyi
回答于2019-05-29 06:38
得票数
-3
如果您使用的是Spring,那么只需为其添加属性(使用所需的属性),它应该适用于所有JVM
javax:
key-store-password: ${KEYSTORE_SECRET}
key-store-type: PKCS12
trust-store-password: ${TRUSTSTORE_SECRET}
trust-store-type: PKCS12
Raman Sharma
回答于2019-09-13 04:28
得票数
3
尽管我评论晚了。但我已经使用了这种方法来完成这项工作。在这里,当我运行我的spring应用程序时,我通过
-Dspring.config.location=file:/location-to-file/config-server-vault-application.yml
提供了应用程序的yaml文件,它包含了我的所有属性
config-server-vault-application.yml
***********************************
server:
port: 8888
trust-store: /trust-store/config-server-trust-store.jks
trust-store-password: config-server
trust-store-type: pkcs12
************************************
Java Code
************************************
@SpringBootApplication
public class ConfigServerApplication {
public static void main(String[] args) throws IOException {
setUpTrustStoreForApplication();
SpringApplication.run(ConfigServerApplication.class, args);
private static void setUpTrustStoreForApplication() throws IOException {
YamlPropertySourceLoader loader = new YamlPropertySourceLoader();
List<PropertySource<?>> applicationYamlPropertySource = loader.load(
推荐文章
|
|
拉风的勺子 · C#开发:不规则裁切图片-阿里云开发者社区 1 年前 |