我们有5个客户,5个CRT文件和一个spring boot应用程序来管理与第三方API的SSL通信。
将一个CRT配置为密钥存储库,我们可以与第三方API进行完美的通信。
现在,问题是,我们可以使用Bouncy Castle来动态存储和使用这5个CRT文件吗?此外,它们可以以编程方式存储。
如果不行,还有其他方法吗?我们将RestTemplate用于连接。
请检查Java Keystore API。这里有关于如何以编程方式管理密钥库的详细解释:Java Keystore API使用示例
您可以试试这段代码。请注意,RestTemplate
的创建非常耗时,因此您应该为您的5个连接创建5个RestTemplate
bean,然后使用它们。它们在任何情况下都是线程安全的。
import org.apache.http.client.HttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.ssl.SSLContextBuilder;
import org.springframework.http.client.ClientHttpRequestFactory;
import org.springframework.web.client.RestTemplate;
----------------------------------------------------------------------
SSLContext sslContext = SSLContextBuilder.create()
.loadKeyMaterial( file_jks, password) // path to your .jks file with its password
// (it can be also .p12),
// note that this method is important if
// SERVER expects your CLIENT certificate for connection.
// It is also called 2-way-ssl
.loadTrustMaterial( file_jks , password) // path yo your .jks file with its password.
// (again, it can be .p12)
// you will use this method if SERVER has i.e. self-signed certificate
// or any other certificate that is not trusted by CA
.setProtocol("TLS1.2")
.build();
HttpClient httpClient = HttpClientBuilder.create()
.setSSLContext(sslContext)
.build();
ClientHttpRequestFactory requestFactory =
new HttpComponentsClientHttpRequestFactory(httpClient);
RestTemplate restTemplate = new RestTemplate();
restTemplate.setRequestFactory(requestFactory);
除了spring-boot-starter-web
依赖,你还应该导入
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>${change-version}</version>
</dependency>