首先安装openSSL环境,linux或者windows都可以
转换为JKS文件
openssl pkcs12 -export -inkey testPrivateKey.key -in test.chain.pem -name test -out test.p12
keytool -importkeystore -srckeystore test.p12 -srcstoretype pkcs12 -destkeystore test.jks
以上过程中需要输入一个或者多个密码,都用同一个,密码随便定义,下面要用
放入项目路径下resource/keystore/test.jks
不存在keystore文件夹手动建一下
java restTemplate 类
package com.xxl.job.executor.insight.config;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import org.apache.http.client.HttpClient;
import org.apache.http.conn.ssl.TrustStrategy;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContextBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.ClassPathResource;
import org.springframework.http.client.ClientHttpRequestFactory;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.http.converter.StringHttpMessageConverter;
import org.springframework.web.client.RestTemplate;
/**
*
* @author Alfred Geng
* @create 2022/11/28
*/
@Configuration
public class MySSLRestTemplate {
private Logger log = LoggerFactory.getLogger(getClass());
//注入yml的密码,即上面生成文件时候输入的密码
@Value("${ssl.password}")
private String allPassword;
@Bean()
public RestTemplate restTemplate(ClientHttpRequestFactory httpComponentsClientHttpRequestFactory) {
RestTemplate restTemplate = new RestTemplate(httpComponentsClientHttpRequestFactory);
restTemplate.getMessageConverters().set(1, new StringHttpMessageConverter(StandardCharsets.UTF_8));
log.info("loading restTemplate");
return restTemplate;
}
@Bean("httpComponentsClientHttpRequestFactory")
public ClientHttpRequestFactory httpComponentsClientHttpRequestFactory() throws IOException, UnrecoverableKeyException, CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
TrustStrategy acceptingTrustStrategy = (X509Certificate[] chain, String authType) -> true;
SSLContext sslContext = SSLContextBuilder
.create()
.loadKeyMaterial(new ClassPathResource("keystore/test.jks").getURL(),//这里需要指定jks文件地址
allPassword.toCharArray(), allPassword.toCharArray())
// .loadTrustMaterial(new ClassPathResource("clientTruststore.jks").getURL(), allPassword.toCharArray())
.loadTrustMaterial(null, acceptingTrustStrategy)
.build();
HttpClient client = HttpClients.custom()
.setSSLContext(sslContext)
.build();
HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(client);
return requestFactory;
}
}