java - 有没有办法在不使用 Java 密钥库的情况下使用 WebFlux 在 Azure Kubernetes 服务中配置 SSL 证书?
问题描述
我在 AKS 平台中部署了一个微服务,这个微服务必须连接一个使用 SSL 证书的外部 API。我怀疑是否有办法在不使用 java Keystore 的情况下配置 SSL 证书,我的项目是使用带有 WebFlux 的 Spring boot 以 Java 语言开发的。我找到了一个示例,说明如何使用 jks 文件和 Webflux 但无法正常工作。
我使用下面的代码来生成一个 SslContext:
public SslContext getSslContext(){
SslContext sslContext;
try {
KeyStore ks = KeyStore.getInstance("JKS");
try (InputStream is = getClass().getResourceAsStream("/my-
truststore.jks"))
{
ks.load(is, "truststore-password".toCharArray());
}
X509Certificate[] trusted =
Collections.list(ks.aliases()).stream().map(alias -> {
try {
return (X509Certificate) ks.getCertificate(alias);
} catch (KeyStoreException e) {
throw new RuntimeException(e);
}
}).toArray(X509Certificate[]::new);
sslContext = SslContextBuilder.forClient().trustManager(trusted).build();
} catch (GeneralSecurityException | IOException e) {
throw new RuntimeException(e);
}
}
我使用下一个生成WebClient:
public WebClient getSslWebClient (){
try {
sslContext = getSslContext();
} catch (Exception e) {
e.printStackTrace();
}
SslContext finalSslContext = sslContext;
TcpClient tcpClient = TcpClient.create().secure(sslContextSpec ->
sslContextSpec.sslContext(finalSslContext));
HttpClient httpClient = HttpClient.from(tcpClient);
ClientHttpConnector httpConnector = new
ReactorClientHttpConnector(httpClient);
return WebClient.builder().clientConnector(httpConnector).build();
}
我提前感谢您的支持。问候。
解决方案
好吧,经过几天的研究,我找到了一种无需使用 Java KeyStore (JKS) 即可使用证书的方法。为此,我需要 PEM 格式的证书,然后将此证书复制为参数文件中的属性,然后直接调用它:
public class SslConfig {
@Value("${ocp.http-client.certificate}")
private String certificate;
private final static String certificateType = "X.509";
private final static String alias = "root";
private static SslContext sslContext;
public WebClient getSslWebClient (){
try {
sslContext = getSslContext();
} catch (Exception e) {
e.printStackTrace();
}
SslContext finalSslContext = sslContext;
TcpClient tcpClient = TcpClient.create().secure(sslContextSpec -> sslContextSpec.sslContext(finalSslContext));
HttpClient httpClient = HttpClient.from(tcpClient);
ClientHttpConnector httpConnector = new ReactorClientHttpConnector(httpClient);
return WebClient.builder().clientConnector(httpConnector).build();
}
//Se configura el contexto sobre el cual se trabajara la comunicacion SSL
public SslContext getSslContext(){
try {
ByteArrayInputStream is = new ByteArrayInputStream(certificate.getBytes());
final KeyStore keyStore = readKeyStore(is);
X509Certificate[] trusted = Collections.list(keyStore.aliases()).stream().map(alias -> {
try {
return (X509Certificate) keyStore.getCertificate(alias);
} catch (KeyStoreException e) {
System.out.println(e.getMessage());
throw new RuntimeException(e);
}
}).toArray(X509Certificate[]::new);
sslContext = SslContextBuilder.forClient().trustManager(trusted).build();
}catch (GeneralSecurityException | SSLException e ){
System.out.println(e.getMessage());
throw new RuntimeException(e);
} catch (IOException e) {
e.printStackTrace();
}
return sslContext;
}
private static KeyStore readKeyStore(InputStream is) throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException {
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null, null);
CertificateFactory cf = CertificateFactory.getInstance(certificateType);
Certificate cert = null;
while (is.available() > 0) {
cert = cf.generateCertificate(is);
}
ks.setCertificateEntry(alias, cert);
return ks;
}
}
在此之后,我可以提出请求并获得所需的响应。
推荐阅读
- c++ - 如何在 Linux 上重现 Windows winusb 驱动程序的功能?我什至需要吗?
- amazon-web-services - AWS SAM 以及每次部署的资源 ARN 更改
- php - 无法从 laravel 中的主表中获取数据
- laminas - Laminas CollectionInputFilter - 验证最小/最大项目数
- java - 如何将控制台显示中的输出保存到 Java 中的文本文件中?
- java - Servlet 因 IOException 失败 weblogic.utils.NestedRuntimeException:无法解析请求的 POST 参数
- python - 动态地将参数传递给 objects.filter
- spring - 由于@JoinColumn(nullable = false),Spring/JPA 两次单向不起作用
- python - 如何比较两个光谱并匹配相似的吸收线?
- java - 带有 Runtime.getRuntime().exec() 的 Java 中的 Shell 命令;