我正在尝试将我的 DummyX509TrustManager 与 Springboot 一起使用。
为此,我编写了以下类:
@Configuration
public class DummyComponent {
@PostConstruct
public void sslContextConfiguration() {
try {
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, new TrustManager[] { new DummyTrustManager() }, null);
SSLContext.setDefault(sslContext);
} catch (Exception e) {
e.printStackTrace();
}
}
似乎这对我的代码没有任何影响,因为它使用了默认的 X509TrustManagerImpl。也许我必须以另一种方式覆盖它?
解决方案:
@Configuration
public class MyConfig {
@Bean
public TomcatServletWebServerFactory containerFactory() {
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory ();
tomcat.addAdditionalTomcatConnectors(createSslConnector());
return tomcat;
}
private Connector createSslConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
Http11NioProtocol protocol = (Http11NioProtocol) connector.getProtocolHandler();
try {
File keystore = new ClassPathResource(keystorepath).getFile();
File truststore = new ClassPathResource(truststorepath).getFile();
connector.setScheme("https");
connector.setSecure(true);
connector.setPort(port);
protocol.setKeystoreFile(keystore.getAbsolutePath());
protocol.setKeystorePass(keystorepassw);
protocol.setKeyAlias(keystorealias);
protocol.setSSLEnabled(true);
protocol.setTruststoreFile(truststore.getAbsolutePath());
protocol.setTruststorePass(truststorepassw);
protocol.setClientAuth(Boolean.TRUE.toString());
protocol.setTrustManagerClassName("pakage.DummyTrustManager");
return connector;
} catch (IOException ex) {
throw new IllegalStateException("can't access keystore: [" + "keystore"
+ "] or truststore: [" + "keystore" + "]", ex);
}
}
}