客户端服务不响应SSL CertificateRequest

qybjjes1  于 2023-01-05  发布在  其他
关注(0)|答案(1)|浏览(156)

我正在处理一个应该通过SSL连接的客户端服务,我已经将签名的客户端证书添加到我的密钥库中-但客户端服务仍然不响应证书请求:

javax.net.ssl|DEBUG|36|reactor-http-epoll-4|2021-03-26 01:07:41.641 CET|CertificateRequest.java:672|Consuming CertificateRequest handshake message (
"CertificateRequest": {
  "certificate types": [rsa_sign, dss_sign, ecdsa_sign]
  "supported signature algorithms": [rsa_pkcs1_sha512, dsa_sha512, ecdsa_secp521r1_sha512, rsa_pkcs1_sha384, dsa_sha384, ecdsa_secp384r1_sha384, rsa_pkcs1_sha256, dsa_sha256, ecdsa_secp256r1_sha256, rsa_sha224, dsa_sha224, ecdsa_sha224, rsa_pkcs1_sha1, dsa_sha1, ecdsa_sha1]
  "certificate authorities": [EMAILADDRESS=sentgeo@itl.waw.pl, CN=SENT GEO ITL ZSL Test Level 1 CA, OU=Zakład Zaawansowanych Technik Informacyjnych (Z-6), O=Instytut Łączności - Państwowy Instytut Badawczy, ST=mazowieckie, C=PL]
}
)
javax.net.ssl|ALL|36|reactor-http-epoll-4|2021-03-26 01:07:41.641 CET|X509Authentication.java:244|No X.509 cert selected for RSA
javax.net.ssl|WARNING|36|reactor-http-epoll-4|2021-03-26 01:07:41.641 CET|CertificateRequest.java:765|Unavailable authentication scheme: rsa_pkcs1_sha512
javax.net.ssl|ALL|36|reactor-http-epoll-4|2021-03-26 01:07:41.641 CET|X509Authentication.java:244|No X.509 cert selected for EC
javax.net.ssl|WARNING|36|reactor-http-epoll-4|2021-03-26 01:07:41.641 CET|CertificateRequest.java:765|Unavailable authentication scheme: ecdsa_secp521r1_sha512
javax.net.ssl|ALL|36|reactor-http-epoll-4|2021-03-26 01:07:41.641 CET|X509Authentication.java:244|No X.509 cert selected for RSA
javax.net.ssl|WARNING|36|reactor-http-epoll-4|2021-03-26 01:07:41.641 CET|CertificateRequest.java:765|Unavailable authentication scheme: rsa_pkcs1_sha384
javax.net.ssl|ALL|36|reactor-http-epoll-4|2021-03-26 01:07:41.641 CET|X509Authentication.java:244|No X.509 cert selected for EC
javax.net.ssl|WARNING|36|reactor-http-epoll-4|2021-03-26 01:07:41.641 CET|CertificateRequest.java:765|Unavailable authentication scheme: ecdsa_secp384r1_sha384
javax.net.ssl|ALL|36|reactor-http-epoll-4|2021-03-26 01:07:41.641 CET|X509Authentication.java:244|No X.509 cert selected for RSA
javax.net.ssl|WARNING|36|reactor-http-epoll-4|2021-03-26 01:07:41.642 CET|CertificateRequest.java:765|Unavailable authentication scheme: rsa_pkcs1_sha256
javax.net.ssl|ALL|36|reactor-http-epoll-4|2021-03-26 01:07:41.642 CET|X509Authentication.java:244|No X.509 cert selected for DSA
javax.net.ssl|WARNING|36|reactor-http-epoll-4|2021-03-26 01:07:41.642 CET|CertificateRequest.java:765|Unavailable authentication scheme: dsa_sha256
javax.net.ssl|ALL|36|reactor-http-epoll-4|2021-03-26 01:07:41.642 CET|X509Authentication.java:244|No X.509 cert selected for EC
javax.net.ssl|WARNING|36|reactor-http-epoll-4|2021-03-26 01:07:41.642 CET|CertificateRequest.java:765|Unavailable authentication scheme: ecdsa_secp256r1_sha256
javax.net.ssl|ALL|36|reactor-http-epoll-4|2021-03-26 01:07:41.642 CET|X509Authentication.java:244|No X.509 cert selected for RSA
javax.net.ssl|WARNING|36|reactor-http-epoll-4|2021-03-26 01:07:41.642 CET|CertificateRequest.java:765|Unavailable authentication scheme: rsa_sha224
javax.net.ssl|ALL|36|reactor-http-epoll-4|2021-03-26 01:07:41.642 CET|X509Authentication.java:244|No X.509 cert selected for DSA
javax.net.ssl|WARNING|36|reactor-http-epoll-4|2021-03-26 01:07:41.642 CET|CertificateRequest.java:765|Unavailable authentication scheme: dsa_sha224
javax.net.ssl|ALL|36|reactor-http-epoll-4|2021-03-26 01:07:41.642 CET|X509Authentication.java:244|No X.509 cert selected for EC
javax.net.ssl|WARNING|36|reactor-http-epoll-4|2021-03-26 01:07:41.642 CET|CertificateRequest.java:765|Unavailable authentication scheme: ecdsa_sha224
javax.net.ssl|ALL|36|reactor-http-epoll-4|2021-03-26 01:07:41.642 CET|X509Authentication.java:244|No X.509 cert selected for RSA
javax.net.ssl|WARNING|36|reactor-http-epoll-4|2021-03-26 01:07:41.642 CET|CertificateRequest.java:765|Unavailable authentication scheme: rsa_pkcs1_sha1
javax.net.ssl|ALL|36|reactor-http-epoll-4|2021-03-26 01:07:41.642 CET|X509Authentication.java:244|No X.509 cert selected for DSA
javax.net.ssl|WARNING|36|reactor-http-epoll-4|2021-03-26 01:07:41.643 CET|CertificateRequest.java:765|Unavailable authentication scheme: dsa_sha1
javax.net.ssl|ALL|36|reactor-http-epoll-4|2021-03-26 01:07:41.643 CET|X509Authentication.java:244|No X.509 cert selected for EC
javax.net.ssl|WARNING|36|reactor-http-epoll-4|2021-03-26 01:07:41.643 CET|CertificateRequest.java:765|Unavailable authentication scheme: ecdsa_sha1
javax.net.ssl|WARNING|36|reactor-http-epoll-4|2021-03-26 01:07:41.643 CET|CertificateRequest.java:775|No available authentication scheme
javax.net.ssl|DEBUG|36|reactor-http-epoll-4|2021-03-26 01:07:41.643 CET|ServerHelloDone.java:151|Consuming ServerHelloDone handshake message (
<empty>
)
javax.net.ssl|DEBUG|36|reactor-http-epoll-4|2021-03-26 01:07:41.643 CET|CertificateMessage.java:299|No X.509 certificate for client authentication, use empty Certificate message instead
javax.net.ssl|DEBUG|36|reactor-http-epoll-4|2021-03-26 01:07:41.643 CET|CertificateMessage.java:330|Produced client Certificate handshake message (
"Certificates": <empty list>
)

我在密钥库中有此证书:

2021-03-26 01:14:20.874  INFO 27499 --- [  restartedMain] o.e.jetty.util.ssl.SslContextFactory     : x509=X509@65f5014e(1,h=[],w=[]) for Server@4a177306[provider=null,keyStore=file:///home/pkopania/IdeaProjects/kasgateway/target/classes/petrovision-keystore.jks,trustStore=null]
javax.net.ssl|DEBUG|11|restartedMain|2021-03-26 01:14:20.986 CET|SunX509KeyManagerImpl.java:164|found key for : 1 (
  "certificate" : {
    "version"            : "v3",
    "serial number"      : "00 DC",
    "signature algorithm": "SHA256withRSA",
    "issuer"             : "EMAILADDRESS=sentgeo@itl.waw.pl, CN=SENT GEO ITL ZSL Test Level 1 CA, OU=Zakład Zaawansowanych Technik Informacyjnych (Z-6), O=Instytut Łączności - Państwowy Instytut Badawczy, ST=mazowieckie, C=PL",
    "not before"         : "2021-03-25 22:48:40.000 CET",
    "not  after"         : "2022-03-25 22:48:40.000 CET",
    "subject"            : "EMAILADDRESS=biuro@petrovision.pl, CN=petrovision, OU=IT, O=Petrovision, L=Warsaw, ST=mazovian, C=PL",
    "subject public key" : "RSA",
    "extensions"         : [
      {

我猜这可能是由于签名算法不匹配-但我感谢任何帮助解决这个问题。

ssl

1条答案

按热度按时间
s4n0splo

s4n0splo1#

@Slf4j
@Configuration
public class WebClientConfiguration {

    @Value("${server.ssl.key-store}")
    String keystorePath;

    @Value("${server.ssl.key-store-password}")
    String keystorePass;

    @Value("${server.ssl.trust-store}")
    String truststorePath;

    @Value("${server.ssl.trust-store-password}")
    String truststorePass;

    public SslContext getTwoWaySslContext() {

        log.debug("WebClient Key-Store path/pass: {}/{}", keystorePath, keystorePass);
        log.debug("WebClient Trust-Store path/pass: {}/{}", truststorePath, truststorePass);

        try (
                FileInputStream keyStoreFileInputStream = new FileInputStream(ResourceUtils.getFile(keystorePath));
                FileInputStream trustStoreFileInputStream = new FileInputStream(ResourceUtils.getFile(truststorePath));
        ) {
            KeyStore keyStore = KeyStore.getInstance("jks");
            keyStore.load(keyStoreFileInputStream, keystorePass.toCharArray());
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
            keyManagerFactory.init(keyStore, keystorePass.toCharArray());

            KeyStore trustStore = KeyStore.getInstance("jks");
            trustStore.load(trustStoreFileInputStream, truststorePass.toCharArray());
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
            trustManagerFactory.init(trustStore);

            return SslContextBuilder.forClient()
                    .keyManager(keyManagerFactory)
                    .trustManager(trustManagerFactory)
                    .build();

        } catch (Exception e) {
            log.error("An error has occurred: ", e);
        }

        return null;
    }

    @Bean
    WebClient getWebClient() {

        HttpClient httpClient = HttpClient.create().secure(sslSpec -> sslSpec.sslContext(getTwoWaySslContext()));
        ClientHttpConnector clientHttpConnector = new ReactorClientHttpConnector(httpClient);

        return WebClient.builder()
                .clientConnector(clientHttpConnector)
                .build();
    }
}
赞(0)分享  回复(0)举报  2023-01-05
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com