我在我的应用程序中配置了 netflix-zuul 来调用其他服务,并且有必要在应用程序中包含一个证书。
我正在尝试做与 this question 中相同的事情(使用带有证书的 netflix-zuul)但我遇到了问题..
例如,在 this link 中它表示使用了 .keystore,但我拥有的文件是 .cer 和 .key,我不知道如何将证书应用于我拥有的文件。
您能帮我将我拥有的证书与我的应用程序的 netflix-zuul 代理连接起来吗?
非常感谢大家!
EDIT -> 我试过 this link 的解决方案,我的代码:
@Bean
public CloseableHttpClient httpClient() throws Throwable {
InputStream is = new FileInputStream(KEYSTOREPATH);
//KEYSTOREPATH = String KEYSTOREPATH = "E:/ARC/myapp/src/main/java/com/myapp/services/myapp/myapp.cer";
// You could get a resource as a stream instead.
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate caCert = (X509Certificate)cf.generateCertificate(is);
TrustManagerFactory tmf = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null); // You don't need the KeyStore instance to come from a file.
ks.setCertificateEntry("caCert", caCert);
tmf.init(ks);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(), null);
return HttpClients.custom().setSSLContext(sslContext).build();
}
并且在执行 netflix-zuul 中配置的路径时出现此错误:
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1460)
... 105 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 111 common frames omitted
最佳答案
您可以尝试构建 SSLContext 并信任来自 .cer 文件的证书,如此处所述/所述: Using SSLContext with just a CA certificate and no keystore
关于java - netflix-zuul 和带有证书的微服务之间的身份验证,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/59033948/