为了在RESTClient中使用mTLS,我的代码有点困难。所以我在想办法建立mTLS连接。下面是我的代码:
...
def mymTLSservice = "https://my-token-service.example.com"
// Load custom my TrustStore and KeyStore
def pathToKeyStore = "/path/to/keystore.jceks"
def pathToTrustStore = "/path/to/truststore"
def keyStorePW = "myKeyStorePW"
def trustStorePW = "myTrustStorePW"
final char[] pwdKeyStore = keyStorePW.toCharArray()
final char[] pwdTrustStore = trustStorePW.toCharArray()
String keyAlias = "my-mTls-cert-alias" // If you have more than one key
String storeType = "JCEKS"
FileInputStream keyStoreInputStream = new FileInputStream(pathToKeyStore)
FileInputStream trustStoreInputStream = new FileInputStream(pathToTrustStore)
KeyStore ks = KeyStore.getInstance(storeType)
ks.load(keyStoreInputStream, pwdKeyStore)
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType())
trustStore.load(trustStoreInputStream, pwdTrustStore)
Key mTlsPrivateKey = ks.getKey(keyAlias, pwdKeyStore)
Certificate[] mTlsChain = ks.getCertificateChain(keyAlias)
KeyStore mtlsKeyStore = KeyStore.getInstance("jks")
mtlsKeyStore.load(null, null)
mtlsKeyStore.setKeyEntry(keyAlias, mTlsPrivateKey, pwdKeyStore, mTlsChain)
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509")
keyManagerFactory.init(mtlsKeyStore, pwdKeyStore)
TrustManagerFactory trustManagerFactory =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
// Create SSLContext
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(
keyManagerFactory.getKeyManagers(),
trustManagerFactory,
new java.security.SecureRandom());
SSLConnectionSocketFactory sf = new SSLConnectionSocketFactory(sc)
def http = new RESTClient(mymTLSservice)
http.auth.basic 'user', 'password'
// HOW CAN I ADD THE SSLConnectionSocketFactory here
http.handler.failure = { resp -> println "Failure: ${resp.statusLine}" }
// Trying request"
def access_token = ''
try{
http.get(
path : "/v2/token"
)
{ resp, json ->
access_token = json
println "access_token"
}
println resp
} catch(HttpResponseException e) {
r = e.response
println("Success: $r.success")
println("Status: $r.status")
println("Reason: $r.statusLine.reasonPhrase")
println("Could not retrieve an access token from token provider!")
}
如何正确添加SSLConnectionSocketFactory到http?谢谢你!
我正在尝试通过mTLS与服务通信。
经过长时间的调查,我终于弄明白了。希望它能帮助到有同样情况的人。
在上面的代码片段中,我们创建了一个SSLContext "sc"我们需要将其传递给新定义的SSLSocketFactory "sf"。然后我们创建一个新的"scheme";定义,它将使用新创建的SSLSocketFactory "sf"对于每一个"http "请求。因此,上面的一行我们创建了一个SSLConnectionSocketFactory必须替换为SSLSocketFactory。SSLSocketFactory sf = new SSLSocketFactory(sc);
Scheme httpsScheme = new Scheme("https", 443, sf);
最后,我们用方案定义" httpscheme "覆盖RESTClient的ConnectionManager。
def http = new RESTClient(mymTLSservice)
http.auth.basic 'user', 'password'
http.client.connectionManager.schemeRegistry.register(httpsScheme) // this will add the custom keyStore to every https call
这将导致在SSL协商期间将提供客户端证书。