java - netflix-zuul 和带有证书的微服务之间的身份验证

标签 java spring-boot ssl ssl-certificate netflix-zuul

我在我的应用程序中配置了 netflix-zuul 来调用其他服务,并且有必要在应用程序中包含一个证书。

我正在尝试做与 this question 中相同的事情(使用带有证书的 netflix-zuul)但我遇到了问题..

例如,在 this link 中它表示使用了 .keystore,但我拥有的文件是 .cer 和 .key,我不知道如何将证书应用于我拥有的文件。

您能帮我将我拥有的证书与我的应用程序的 netflix-zuul 代理连接起来吗?

非常感谢大家!

EDIT -> 我试过 this link 的解决方案,我的代码:

@Bean
    public CloseableHttpClient httpClient() throws Throwable {

    InputStream is = new FileInputStream(KEYSTOREPATH);
    //KEYSTOREPATH =    String KEYSTOREPATH = "E:/ARC/myapp/src/main/java/com/myapp/services/myapp/myapp.cer";

    // You could get a resource as a stream instead.

    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    X509Certificate caCert = (X509Certificate)cf.generateCertificate(is);

    TrustManagerFactory tmf = TrustManagerFactory
        .getInstance(TrustManagerFactory.getDefaultAlgorithm());
    KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
    ks.load(null); // You don't need the KeyStore instance to come from a file.
    ks.setCertificateEntry("caCert", caCert);

    tmf.init(ks);

    SSLContext sslContext = SSLContext.getInstance("TLS");
    sslContext.init(null, tmf.getTrustManagers(), null);

  return HttpClients.custom().setSSLContext(sslContext).build();

}

并且在执行 netflix-zuul 中配置的路径时出现此错误:

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
    at sun.security.validator.Validator.validate(Validator.java:260)
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1460)
    ... 105 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145)
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
    ... 111 common frames omitted

最佳答案

您可以尝试构建 SSLContext 并信任来自 .cer 文件的证书,如此处所述/所述: Using SSLContext with just a CA certificate and no keystore

关于java - netflix-zuul 和带有证书的微服务之间的身份验证,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/59033948/

上一篇:MySQL - 需要 SSL 但服务器不支持它

下一篇:android - 自签名证书 - java.security.NoSuchAlgorithmException : Error constructing implementation

相关文章:

java - 创建一个扩展类的类,并在 clojure 中覆盖

javascript - 下载 VueJS - Spring Boot 时为空白 PDF

java - Spring Boot REST 读取 JSON 数组有效负载

vb.net - 尝试获取 IPv4 地址时无法在 vb 中创建 SSL/TLS 连接

java - 定义 Retrofit2 接口(interface) - 没有响应主体的方法

java - 为什么我的 Spring Security Voter 仅在登录时调用,而不是在每个页面访问时调用?

java - 'opentracing: spring: web: ignoreAutoConfiguredSkipPatterns: true' 是做什么的?

apache - 配置 apache 虚拟主机以使用 SSL 但没有证书运行 webmin

amazon-web-services - 保护 AWS API Gateway 后面的现有 API

java - 数独求解器调试

©2024 IT工具网  联系我们