Specifying trust store information in spring boot

2019-01-13 12:28发布

站内问答 / SpringBoot
2512 9 4

I am using springBootVersion 1.2.0.RELEASE. I'm trying to have my keystore and truststore configured through application.properties.

When I add the following settings, I can get the keystore to work, but not the truststore.

server.ssl.key-store=classpath:foo.jks
server.ssl.key-store-password=password
server.ssl.key-password=password
server.ssl.trust-store=classpath:foo.jks
server.ssl.trust-store-password=password

However, if I add the truststore through gradle:

bootRun {
    jvmArgs = [ "-Djavax.net.ssl.trustStore=c://foo.jks", "-Djavax.net.ssl.trustStorePassword=password"]
}

it works just fine.

Has anyone used the application.properties for trust stores?

9条回答
唯我独甜
2楼-- · 2019-01-13 13:20

In case if you need to make a REST call you can use the next way.

This will work for outgoing calls through RestTemplate.

Declare RestTemplate bean like this.

@Configuration
public class SslConfiguration {
    @Value("${http.client.ssl.trust-store}")
    private Resource keyStore;
    @Value("${http.client.ssl.trust-store-password}")
    private String keyStorePassword;

    @Bean
    RestTemplate restTemplate() throws Exception {
        SSLContext sslContext = new SSLContextBuilder()
                .loadTrustMaterial(
                        keyStore.getURL(),
                        keyStorePassword.toCharArray()
                ).build();
        SSLConnectionSocketFactory socketFactory = 
                new SSLConnectionSocketFactory(sslContext);
        HttpClient httpClient = HttpClients.custom()
                .setSSLSocketFactory(socketFactory).build();
        HttpComponentsClientHttpRequestFactory factory = 
                new HttpComponentsClientHttpRequestFactory(httpClient);
        return new RestTemplate(factory);
    }
}

Where http.client.ssl.trust-store and http.client.ssl.trust-store-password points to truststore in JKS format and the password for the specified truststore.

This will override the RestTemplate bean provided with Spring Boot and make it use the trust store you need.

查看更多
0人赞 添加讨论(0) 举报
等我变得足够好
3楼-- · 2019-01-13 13:22

I had the same problem with Spring Boot, Spring Cloud (microservices) and a self-signed SSL certificate. Keystore worked out of the box from application properties, and Truststore didn't.

I ended up keeping both keystore and trustore configuration in application.properties, and adding a separate configuration bean for configuring truststore properties with the System.

@Configuration
public class SSLConfig {
    @Autowired
    private Environment env;

    @PostConstruct
    private void configureSSL() {
      //set to TLSv1.1 or TLSv1.2
      System.setProperty("https.protocols", "TLSv1.1");

      //load the 'javax.net.ssl.trustStore' and
      //'javax.net.ssl.trustStorePassword' from application.properties
      System.setProperty("javax.net.ssl.trustStore", env.getProperty("server.ssl.trust-store")); 
      System.setProperty("javax.net.ssl.trustStorePassword",env.getProperty("server.ssl.trust-store-password"));
    }
}
查看更多
0人赞 添加讨论(0) 举报
4楼-- · 2019-01-13 13:24

I know this is pretty old but if anyone encounters this what I did was add another property to my properties file.

server.ssl.trust-store=classpath:truststore.jks
server.ssl.trust-store-password=${KEY_STORE_PASS}
server.ssl.client-auth=need

So first you create the trust store and set the properties in the properties file. Then, according to this, you add server.ssl.client-auth=need in order to force Spring only to accept requests carrying a certificate accepted by those in your trust store.

This method solved my issue.

查看更多
0人赞 添加讨论(0) 举报
上一页 1 2
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)