Testen der TLS -Konfiguration im Spring Boot 3.3.5Java

Java-Forum
Guest
 Testen der TLS -Konfiguration im Spring Boot 3.3.5

Post by Guest »

Mit Hilfe dieses Artikels: Sicherung von Spring -Boot -Anwendungen mit SSL habe ich MTLs in meiner Anwendung konfiguriert. Endpunkt testen. Da ein anderes Team schließlich die Schlüssel und Zertifikate für unsere Anwendung generiert und soweit ich weiß, beabsichtigen sie, das PEM -Format zu verwenden, können wir es noch mit den tatsächlichen Ressourcen testen, die in der Produktion bereitgestellt werden. < BR /> Hier ist der relevante Code, den ich zum Testen implementiert habe. Diese Konfiguration funktioniert jedoch nicht wie erwartet. < /P>

Code: Select all

    --- application.yml ---
spring:
ssl:
bundle:
pem:
bundlename:
keystore:
certificate: classpath:cert.crt # Extracted from badssl.com-client.pem
private-key: classpath:private-key-decrypted.pem # Decrypted from badssl.com
# Also, I've tried it with my own generated key and self-signed cert.
truststore:
certificate: classpath:badssl.com-client.pem # Downloaded from https://badssl.com/download/

--- part of RestTemplateConfiguration ---

@Bean
public RestTemplate restTemplate(RestTemplateBuilder restTemplateBuilder, SslBundles sslBundles) {
RestTemplate restTemplate = restTemplateBuilder
.setSslBundle(sslBundles.getBundle("bundlename"))
.setConnectTimeout(java.time.Duration.ofMinutes(5))
.setReadTimeout(java.time.Duration.ofMinutes(5))
.build();
return restTemplate;
}

--- Test Controller ---

@RestController
@RequestMapping("/api/test")
@AllArgsConstructor
public class TestController {
private final RestTemplate restTemplate;

@GetMapping("/badssl")
public ResponseEntity sendRequest() {
String url = "https://client.badssl.com/";
ResponseEntity response = restTemplate.getForEntity(url, String.class);
return response;
}
}
< /code>
Hier ist die Fehlermeldung: < /p>

PKIX -Pfadgebäude fehlgeschlagen:
Sun.security.Provider. certpath.suncertpathbuilderexception:
gültiger Zertifizierungspfad zum angeforderten Ziel
org.springframework.web.client.resourceAccessexception: E /A -Fehler auf
Anfrage nach "https: // client.  Badssl.com/ ": PKIX Pfadaufbau
fehlgeschlagen: sun.security.provider.certpath.suncertpathbuilderexception:
kann gültigen Zertifizierungspfad zum angeforderten Ziel < /p>
< /blockquote> nicht finden
Meine Frage:
Haben Sie eine Idee, warum diese Konfiguration nicht funktioniert? Gibt es potenzielle Lösungen, mit denen ich diesen Code ohne den richtigen Server und die richtige Konfiguration testen kann?    --- badssl.com-client.pem ---
Bag Attributes
localKeyID: 4B 9B 3D 44 80 C2 AA 48 5C 4E E6 AE 5B 92 99 2C EE 7C 64 F8
subject=/C=US/ST=California/L=San Francisco/O=BadSSL/CN=BadSSL Client Certificate
issuer=/C=US/ST=California/L=San Francisco/O=BadSSL/CN=BadSSL Client Root Certificate Authority
-----BEGIN CERTIFICATE-----
MIIEnTCCAoWgAwIBAgIJAMd+zJuF0eEuMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNp
c2NvMQ8wDQYDVQQKDAZCYWRTU0wxMTAvBgNVBAMMKEJhZFNTTCBDbGllbnQgUm9v
dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjUwMTI4MjEwMDE5WhcNMjcwMTI4
MjEwMDE5WjBvMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG
A1UEBwwNU2FuIEZyYW5jaXNjbzEPMA0GA1UECgwGQmFkU1NMMSIwIAYDVQQDDBlC
YWRTU0wgQ2xpZW50IENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAxzdfEeseTs/rukjly6MSLHM+Rh0enA3Ai4Mj2sdl31x3SbPoen08
utVhjPmlxIUdkiMG4+ffe7N+JtDLG75CaxZp9CxytX7kywooRBJsRnQhmQPca8MR
WAJBIz+w/L+3AFkTIqWBfyT+1VO8TVKPkEpGdLDovZOmzZAASi9/sj+j6gM7AaCi
DeZTf2ES66abA5pOp60Q6OEdwg/vCUJfarhKDpi9tj3P6qToy9Y4DiBUhOct4MG8
w5XwmKAC+Vfm8tb7tMiUoU0yvKKOcL6YXBXxB2kPcOYxYNobXavfVBEdwSrjQ7i/
s3o6hkGQlm9F7JPEuVgbl/Jdwa64OYIqjQIDAQABoy0wKzAJBgNVHRMEAjAAMBEG
CWCGSAGG+EIBAQQEAwIHgDALBgNVHQ8EBAMCBeAwDQYJKoZIhvcNAQELBQADggIB
AF9BG0pq7msacTbIMwjSbOPATOLvS6D096mEPNFLx25bCV0VBnMNWhRpayBja25g
oiK28OOSUh+WzvV4TBCunMxFF56CZHnVy95XRDc5CioIe2L54FxXNtB/xRpQcJwc
12/XLfH3gmBzvo7fVAELyIipZ6hilHJZGxiLow96S3oJGM6QF+xz5a3XubW3Enat
yWskzdJOe0AIcYxXesY0/KC/jt/cRjXAUKn4FbVSdtHdYK990D/fJBasRYI1Qo8i
HzRUfpHsnlvwwdOvkzkpjwFzY+9qCnt/8YcClfyBNjyLMXyfMQJJ74wtrNpSswkk
pbJR2dXfuqjYsAxIu1RaERS3kEFOL4hhLRG7YrSxP7imzAr66bzwnqnfFjPXEIIV
xIskblFaQGVnSx6rYCpx1a6T0GXsdMcfE81KNbyOMPTAMxJof5/oRsbbpvQdOv/s
7AqYFMucGXkJ2Q60XvltK6JySv/G0kX5B56mURjx0R6kJzjOJ5AqarhKmQ8COLsw
nun9mRFw3iBmmtydaI9NH+tmir4vCfbbp0+iZ8ou5DZBMUUO3OWkLI3pcaRECuoo
0d4MMGI5O0xjRRJS6hysXJ1W6jPFsYHwzhnH3rmZjBR5+4fwOEq0ALGuuYcziLmO
2EclOpmtau/kHMTug1S6ih9r5waip8xl53Gc/rRzR9In
-----END CERTIFICATE-----
Bag Attributes
localKeyID: 4B 9B 3D 44 80 C2 AA 48 5C 4E E6 AE 5B 92 99 2C EE 7C 64 F8
Key Attributes:  
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIcuVqny2ZBX4CAggA
MBQGCCqGSIb3DQMHBAhhZ93YsAURzgSCBMjhJkRfqgWcFLYav+YaJGPxDECJsQsR
5xga5FM+ektBIlr/rP43oFp35NKuK5y1w2TDE+2Oq+nOelciElu0XIdk1tG7gyl0
vkD66OzptyoPdpLXGfoeYgtQk5XQShyPvWVetITXWdN0zsK8RQIxkXl54yy0T8vM
z+96wBP7gXzVlcS9j5KHWIZRd6ozI2pDtf9di870VrTQR8kbkxHwG4wDVLEEN/gY
40j0jmQclkwIrKatOqoH6y8nA0CNEU1Bn1WU9ZNXscDWCfTCH6lBd/xyUye1fGYu
ESfq4qQvLuZm3TVIGIHlx/tjDMM0uBbKjKQ9jVje9pUEkRo7A23iNhtdktLL4rze
fvBVFhYmtRVXYovhqn8KN3apo+sronlIacs5BlZ/NyQ29TtiPDx8MY4Fnd31V9FV
T4B0k+XmFjiV2RID9uCLb7Oz/ajMALrR2RTLQ9A6PnceXDc02ZTgBCKl6f3LVrd7
N3u5eje/g1cHp1icKu07qLplJ/wNK8VcP7taV9Oi7BQTNNTGy+Btc57Az5SNVCBJ
7n4SolIlyjOdrW1fwR7Rl2KieFj01gyYQC57GJMfRcm1cL75Gu+6MJNW4ylnzhBN
cTcpIZqsap3JvfBwLEot+GEJEIl+b2kHR/+clAhDsKkhPAAE/rRjYbtb+yJNLH1a
7DAs4MPGLUG+cnEarelpEUcksPxae0zXFYjP8MMhMNkQjU2wFMRYAdNPUSqFiY0G
qxMteZYxf/UJePVipGZ3SOQt1CoFqCkVvgC+Iqi/5TZe0seuaqgN16/FKAzTOtOQ
L53iY28NkV/kjK7Pq9nxG7fXCwwT0xEeTtdRALUO7odQ/Y9zyHIjY5mwD5WYUZRB
UjiBWNyZjZTJEtHrHQKrC5hXZGqqAoLG5nh5LA3wTd9Pllde6q8AVSKqUUsEE0s2
qZ80+QDWFLmUzLDV1JF0eY7t2q+KKCBKP2hgmPx80wA4U7x2UJyNWeW75CkeGae/
Za/CDbCseltCzs2yN/yoLkn72mHZtYCDxvEzHNxNvjN2gqs5m/v6ju2FJzMuKupd
FHbX2q139M/+xGKsIcbDXptS9mEqlQ81OWtj6la++NSs56tVp552Xz16ml7Od+kh
4+AvvWTFvAWp3kNp3PpxUQTMiXnzam2Cv7Mj4OB9UPRpjeq12DcDj9rb6AFvJIlT
yvNkUgm0FbQ1Nk3ATQEdVMfUn1u9+ImtDAF14qX+uSYJsJhu+pT0QBb4edsBQ6Yu
c3VKrG0Bj1ItLdxDxTylhJmzrKZuPCy4tEdPsuvqhES9pGCR4qyElXfjdelNkkXE
ou7r2946MYgCBY5eATQ/ZxEblyR3qj/lszqlvqLagrLpu6636zIcAD4gDba/L0dV
4FLevsjqthNfpX0rD6CYLjxj2+yKd9zyuEBFvGxoUWeXEtXvaBGzrt5I0ig7KGkR
bW/5Iuv8AJgMal4K9jMDUdD+JSpRyAplzbPiOpSCMOuqjKJndhUy9znrZCSjHsXY
PqljYeqjMFSD9D7XwAjT4A2/yAmZeOVSX1SxDDMdjGd6MeI1bfcVjC3i84yOEPFn
FwA1ukY+C0eadyKXa2Q27GmaKX2wRlSiCZahgjBwIy7f5S1ELXThOyODX4UBOcpk
b5A=
-----END ENCRYPTED PRIVATE KEY-----

--- cert.crt ---
-----BEGIN CERTIFICATE-----
MIIEnTCCAoWgAwIBAgIJAMd+zJuF0eEuMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNp
c2NvMQ8wDQYDVQQKDAZCYWRTU0wxMTAvBgNVBAMMKEJhZFNTTCBDbGllbnQgUm9v
dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjUwMTI4MjEwMDE5WhcNMjcwMTI4
MjEwMDE5WjBvMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG
A1UEBwwNU2FuIEZyYW5jaXNjbzEPMA0GA1UECgwGQmFkU1NMMSIwIAYDVQQDDBlC
YWRTU0wgQ2xpZW50IENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAxzdfEeseTs/rukjly6MSLHM+Rh0enA3Ai4Mj2sdl31x3SbPoen08
utVhjPmlxIUdkiMG4+ffe7N+JtDLG75CaxZp9CxytX7kywooRBJsRnQhmQPca8MR
WAJBIz+w/L+3AFkTIqWBfyT+1VO8TVKPkEpGdLDovZOmzZAASi9/sj+j6gM7AaCi
DeZTf2ES66abA5pOp60Q6OEdwg/vCUJfarhKDpi9tj3P6qToy9Y4DiBUhOct4MG8
w5XwmKAC+Vfm8tb7tMiUoU0yvKKOcL6YXBXxB2kPcOYxYNobXavfVBEdwSrjQ7i/
s3o6hkGQlm9F7JPEuVgbl/Jdwa64OYIqjQIDAQABoy0wKzAJBgNVHRMEAjAAMBEG
CWCGSAGG+EIBAQQEAwIHgDALBgNVHQ8EBAMCBeAwDQYJKoZIhvcNAQELBQADggIB
AF9BG0pq7msacTbIMwjSbOPATOLvS6D096mEPNFLx25bCV0VBnMNWhRpayBja25g
oiK28OOSUh+WzvV4TBCunMxFF56CZHnVy95XRDc5CioIe2L54FxXNtB/xRpQcJwc
12/XLfH3gmBzvo7fVAELyIipZ6hilHJZGxiLow96S3oJGM6QF+xz5a3XubW3Enat
yWskzdJOe0AIcYxXesY0/KC/jt/cRjXAUKn4FbVSdtHdYK990D/fJBasRYI1Qo8i
HzRUfpHsnlvwwdOvkzkpjwFzY+9qCnt/8YcClfyBNjyLMXyfMQJJ74wtrNpSswkk
pbJR2dXfuqjYsAxIu1RaERS3kEFOL4hhLRG7YrSxP7imzAr66bzwnqnfFjPXEIIV
xIskblFaQGVnSx6rYCpx1a6T0GXsdMcfE81KNbyOMPTAMxJof5/oRsbbpvQdOv/s
7AqYFMucGXkJ2Q60XvltK6JySv/G0kX5B56mURjx0R6kJzjOJ5AqarhKmQ8COLsw
nun9mRFw3iBmmtydaI9NH+tmir4vCfbbp0+iZ8ou5DZBMUUO3OWkLI3pcaRECuoo
0d4MMGI5O0xjRRJS6hysXJ1W6jPFsYHwzhnH3rmZjBR5+4fwOEq0ALGuuYcziLmO
2EclOpmtau/kHMTug1S6ih9r5waip8xl53Gc/rRzR9In
-----END CERTIFICATE-----

---  private-key.pem ---
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDHN18R6x5Oz+u6
SOXLoxIscz5GHR6cDcCLgyPax2XfXHdJs+h6fTy61WGM+aXEhR2SIwbj5997s34m
0MsbvkJrFmn0LHK1fuTLCihEEmxGdCGZA9xrwxFYAkEjP7D8v7cAWRMipYF/JP7V
U7xNUo+QSkZ0sOi9k6bNkABKL3+yP6PqAzsBoKIN5lN/YRLrppsDmk6nrRDo4R3C
D+8JQl9quEoOmL22Pc/qpOjL1jgOIFSE5y3gwbzDlfCYoAL5V+by1vu0yJShTTK8
oo5wvphcFfEHaQ9w5jFg2htdq99UER3BKuNDuL+zejqGQZCWb0Xsk8S5WBuX8l3B
rrg5giqNAgMBAAECggEAVRB/t9b9igmeTlzyQpHPIMvUu3uTpm742JmWpcSe61FA
XmhDzInNdLnIfbnb3p44kj4Coy5PbzKlm01sbNxA4BkiBPE1yen1J/2eU/LJ6QuN
jRjo9drFfR75UWPQ3xu9uJhQY2rocLILXmvy69FlG+ebThh8SPbTMtNaTFMb47An
pk2FrW9+rzPswbklOxls/SDt78usRvfAjslm73IdBTOrbceF+GmYs3/SXz1gu05p
LxY2rhC8piBlqnD/QbXBahZbhjb9SkDFn2typMFZKkJIIKDJaOI2E9tIlZ97/0nZ
txqchMty8IuU9YYAfLXCmj2IEfnvLtL7thLfKLuWAQKBgQDyXBpEgKFzfy2a1AI0
+1qL/u5UN14l7S6/wmyDTgVMXwoxhwPRXWD5PutQ8D6tMfC/y4AYt3OXg1blCvLD
XysNj5SK+dpmQR0SyeWjd9zwxJAXvx0McJefCYd86YGcGhJsuX5bkHIeQlEc6df7
yoqr1480VQx/+Fk1i6Zr0EIUFQKBgQDSbalUOfXZh2EVRQEgf3VoPlxAiwGGQcVT
i+pbjMG3pOwmkVyJZusGtN5HN4Oi7n1oiyfMYGsszKQ5j4TDBGS70pNUzhTv3Vn8
0Vsfz0arJRqJxviiv4FfDmsYXwObNKwOjR+LEn1NUPkOYOLdz1lDuWOu11LE90Dy
Q6hg8WwCmQKBgQDTy5lI9AAjpqh7/XpQQrhGT2qHPjuQeU25Vnbt6GjI7OVDkvHL
LQdpyYprGQgs4s+5TGWNNARYC/cMAh1Ujv5Yw3jUWrR5V73IhZeg20bBQYWKuwDv
thVKblFw377cZAxl51R9QCX6O4oW8mRFLiMxORd0bD6YNrf/CyNMZJraYQKBgAE7
o0JbFJWxtV/qh5cpKAb0VpYKOngO6pkSuMzQhlINJVUUhPZJJBdl9+dy69KIkzOJ
nTIVXotkp5GuxZhe7jgrg7F7g6PkKCLTFzWYgVF/ZihoggxyEs/7xaTe6aZ/KILt
UMH/2bwaPVtYNfwWuu8qpurfWBzPVhIVU2c+AuQBAoGAXMbw10vyiznlhyMFw5kx
SzlBMqJBLJkzQBtpvXuT0lqqxTSNC3N4WxgVOLCHa6HqXiB0790YL8/RWunsXTk2
c7ugThP6iMPNVAycWkIF4vvHTwZ9RCSmEQabRaqGGLz/bhLL3fi3lPGCR+iW2Dxq
GTH3fhaM/pZZGdIC75x/69Y=
-----END PRIVATE KEY-----

Quick Reply

Change Text Case: 
   
  • Similar Topics
    Replies
    Views
    Last post