我基于spring boot 2.0.3在webApi上工作,并且已经通过application.properties启用了带有自签名证书的ssl,我添加了一个新功能来验证本地CRL和自定义的trustManager,但是spring boot没有选择代码。
你能帮忙找出问题所在吗?如果有人可以展示如何检查本地 CRL 文件,那也很有帮助。
像这样配置属性。
application.properties:
server.ssl.key-alias=server
server.ssl.key-password=123456
server.ssl.key-store=classpath:serverStore.keystore
server.ssl.key-store-type=jks
server.ssl.client-auth=NEED
server.ssl.trust-store= classpath:trustStore.keystore
server.ssl.trust-store-password=123456
server.ssl.trust-store-type=jks
像这样注入定制的信任管理器:
@Configuration
public class CRLChecker {
@PostConstruct
public void check() throws Exception{
TrustManagerFactory tmf = TrustManagerFactory.getInstance(
TrustManagerFactory.getDefaultAlgorithm());
// Initialise the TMF as you normally would, for example:
tmf.init((KeyStore)null);
TrustManager[] trustManagers = tmf.getTrustManagers();
final X509TrustManager origTrustmanager = (X509TrustManager)trustManagers[0];
TrustManager[] wrappedTrustManagers = new TrustManager[] {
new X509TrustManager() {
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return origTrustmanager.getAcceptedIssuers();
}
@Override
public void checkClientTrusted(X509Certificate[] certs, String authType) throws CertificateException {
origTrustmanager.checkClientTrusted(certs, authType);
}
@Override
public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException {
//add more my logical code to validate CRL
origTrustmanager.checkServerTrusted(certs, authType);
}
}
};
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, wrappedTrustManagers, null);
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
}
}