代码之家 › 专栏 › 技术社区 › Kris Swat

仅使用https的Spring引导

spring-security-rest spring-security ssl spring-boot

Kris Swat · 技术社区 · 3 年前

我有spring boot-angular应用程序

我的服务器端口是1234(示例)。

但现在我已经安装了ssl

步骤:

使用keytool创建了自签名证书,并将我的p12证书文件添加到资源文件夹中

更新的应用程序。属性

服务器ssl。密钥存储类型=PKCS12

服务器ssl。key store=classpath:myfile。p12

服务器ssl。密钥存储密码=somepasswordfromenv

服务器ssl。密钥别名=myalias

服务器ssl。启用=真

http。端口=8080

服务器端口=8443

启动应用程序并进行测试

@SpringBootTest(classes = AppWithoutBeansApplication.class, webEnvironment = WebEnvironment.DEFINED_PORT)
class AppControllerTest {

    @Value("${server.ssl.key-store}")
    private Resource trustStore;

    @Value("${server.ssl.key-store-password}")
    private String trustStorePassword;

@Test
public void givenAcceptingAllCertificatesUsing4_4_whenUsingRestTemplate_thenCorrect() 
throws ClientProtocolException, IOException {
    
    String urlOverHttps = "https://localhost:8443/";
    CloseableHttpClient httpClient
      = HttpClients.custom()
        .setSSLHostnameVerifier(new NoopHostnameVerifier())
        .build();
    HttpComponentsClientHttpRequestFactory requestFactory 
      = new HttpComponentsClientHttpRequestFactory();
    requestFactory.setHttpClient(httpClient);

    ResponseEntity<String> response 
      = new RestTemplate(requestFactory).exchange(
      urlOverHttps, HttpMethod.GET, null, String.class);
    assertThat(response.getStatusCode().value(), equalTo(200));
}

...

错误:

组织。springframework。网状物客户ResourceAccessException:获取“”请求时发生I/O错误https://localhost:8443/“:的证书与任何主题替代名称不匹配:[];嵌套的异常为javax.net.ssl.SSLPeerUnverifiedException:的证书与任何主题替代名称不匹配:[] 在org。springframework。网状物客户RestTemplate。doExecute(RestTemplate.java:746)

不明白我的集成测试是如何工作的

0 回复 | 直到 3 年前

Kris Swat 3 年前

所有答案看起来都很相似,但这一个有效

Ignore SSL certificate validation when using Spring RestTemplate

@Bean
public RestTemplate restTemplate() throws GeneralSecurityException {

    TrustStrategy acceptingTrustStrategy = (cert, authType) -> true;
    SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(null, acceptingTrustStrategy).build();
    SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);

    Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
            .register("https", sslsf).register("http", new PlainConnectionSocketFactory()).build();

    BasicHttpClientConnectionManager connectionManager = new BasicHttpClientConnectionManager(
            socketFactoryRegistry);
    CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslsf)
            .setConnectionManager(connectionManager).build();

    HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);

    RestTemplate restTemplate = new RestTemplate(requestFactory);

    return restTemplate;
}

看来这部分改变了

 *Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
                .register("https", sslsf).register("http", new PlainConnectionSocketFactory()).build();*

不要用这个

//  @Bean
//    public RestTemplate nonsslrestTemplate() throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException {
//         TrustStrategy acceptingTrustStrategy = (X509Certificate[] chain, String authType) -> true;
//         SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom().loadTrustMaterial(null, acceptingTrustStrategy).build();
//         SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext);
//         CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(csf).build();
//         HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
//         requestFactory.setHttpClient(httpClient);
//       return new RestTemplate(requestFactory);
//    }