How to use Play WS with SSL?

2020-06-04 09:41发布

问题:

My Java client application needs to do REST calls. I was instructed to use Play's WS implementation. Currently, I have this:

AsyncHttpClientConfig.Builder builder = new com.ning.http.client.AsyncHttpClientConfig.Builder();
NingWSClient wsc = new play.libs.ws.ning.NingWSClient(builder.build());
WSRequestHolder holder = wsc.url("http://www.simpleweb.org/");

This works. However, my application needs to access a secure web service that uses SSL. I have a PKCS12 cert for my client. How can I get WS to use this certificate to establish a secure connection?

To be clear, this isn't a Play application.

回答1:

Its not possible directly with WS. Play docs says : "WS does not support client certificates (aka mutual TLS / MTLS / client authentication). You should set the SSLContext directly in an instance of AsyncHttpClientConfig and set up the appropriate KeyStore and TrustStore."

You could do something like this maybe:

KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory
        .getDefaultAlgorithm());
KeyStore keyStore = KeyStore.getInstance("pkcs12");
InputStream inputStream = new FileInputStream("YOUR.p12");

keyStore.load(inputStream, "Your password as char[]");
keyManagerFactory.init(keyStore, "Your password as char[]");

SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(keyManagerFactory.getKeyManagers(), null,new SecureRandom());
AsyncHttpClientConfig httpClientConfig = new AsyncHttpClientConfig.Builder().setSSLContext(sslContext).build();
AsyncHttpClient httpClient = new AsyncHttpClient(httpClientConfig);


回答2:

You want to use the parser. See https://www.playframework.com/documentation/2.3.x/KeyStores for details about the configuration.

val config = play.api.Configuration(ConfigFactory.parseString("""
                              |trustManager = {
                              |  stores = [
                              |    { type: "pkcs12", path: "/path/to/pkcs12/file", password: "foo" }
                              |  ]
                              |}
                            """.stripMargin))
val parser = new DefaultSSLConfigParser(config, app.classloader)
val sslConfig = parser.parse()

val clientConfig = new DefaultWSClientConfig(sslConfig = sslConfig)
val secureDefaults = new NingAsyncHttpClientConfigBuilder(clientConfig).build()
val builder = new AsyncHttpClientConfig.Builder(secureDefaults)
val wsc = new play.libs.ws.ning.NingWSClient(builder.build());
val holder = wsc.url("http://www.simpleweb.org/");


回答3:

  1. Make sure you have added your Certificate to your trust-store like this:

keytool -import -trustcacerts -keystore {JAVA_HOME}/jre/lib/security/cacerts -noprompt -alias -file {CORRECT_PATH}/what_ever.crt

  1. If still the problem exists, set the path directly by setting java parameters in your execution command line like this:

-Djavax.net.ssl.trustStore={JAVA_HOME}/jre/lib/security/cacerts