我正在尝试实现到一个端点的双向 TLS 连接,我们使用一个带有 apache httpclient 的 feign 客户端连接到该端点。
我尝试了这种配置,但它不起作用,它只是以一条handshake_failure消息终止,据我所知,它在请求期间根本不使用我的密钥库。我的分析是因为.setSSLSocketFactory(getSSLConnectionSocketFactory())和.setConnectionManager(connectionManager)不配合在这个配置中发挥得很好:
@Primary
public Client feignClient(
CachingSpringLoadBalancerFactory cachingFactory, SpringClientFactory clientFactory,
BeanFactory beanFactory,
@Qualifier("customApacheHttpClient") ApacheHttpClient apacheHttpClient) {
return new TraceLoadBalancerFeignClient(apacheHttpClient, cachingFactory, clientFactory, beanFactory);
}
/**
* @param connectionManager is autowired from HttpClientFeignLoadBalancedConfiguration.HttpClientFeignConfiguration
*/
@Bean(name = "customApacheHttpClient")
public ApacheHttpClient apacheHttpClient(
HttpClientConnectionManager connectionManager,
FeignHttpClientProperties httpClientProperties) {
RequestConfig defaultRequestConfig = RequestConfig.custom()
.setConnectTimeout(httpClientProperties.getConnectionTimeout())
.setRedirectsEnabled(httpClientProperties.isFollowRedirects())
.build();
return new ApacheHttpClient(
HttpClients.custom()
.setConnectionManager(connectionManager)
.setDefaultRequestConfig(defaultRequestConfig)
.setSSLSocketFactory(getSSLConnectionSocketFactory())
.build());
}
作为一种解决方案,我已删除setSSLSocketFactory并添加了一个 RegistryBuilder bean,但它似乎没有被拾取。我怎样才能得到这个豆子:
@Bean
public RegistryBuilder registryBuilder(SSLConnectionSocketFactory sslConnectionSocketFactory) {
return RegistryBuilder.create()
.register("http", PlainConnectionSocketFactory.INSTANCE)
.register("https2", sslConnectionSocketFactory)
.register("https", sslConnectionSocketFactory);
}
注入这里:
package org.springframework.cloud.openfeign.ribbon;
import ...
class HttpClientFeignLoadBalancedConfiguration {
...
protected static class HttpClientFeignConfiguration {
...
@Autowired(required = false)
private RegistryBuilder registryBuilder;
...
欢迎任何指点,或者任何使用客户端证书 feign 和 ApacheHttpClient 设置 TLSv1.2 的 GitHub 项目都会非常有帮助。