admin管理员组文章数量:1313187
With the help of this article: Securing Spring Boot Applications with SSL , I configured mTLS in my application.
I searched for a method to test this configuration and found BadSSL's mTLS testing endpoint . Since another team will eventually generate the keys and certificates for our application, and as far as I know, they intend to use the PEM format , we cannot test it yet with the actual resources that will be provided in production.
Here is the relevant code I implemented for testing. However, this configuration is not working as expected.
--- application.yml ---
spring:
ssl:
bundle:
pem:
bundlename:
keystore:
certificate: classpath:cert.crt # Extracted from badssl-client.pem
private-key: classpath:private-key-decrypted.pem # Decrypted from badssl
# Also, I've tried it with my own generated key and self-signed cert.
truststore:
certificate: classpath:badssl-client.pem # Downloaded from /
--- part of RestTemplateConfiguration ---
@Bean
public RestTemplate restTemplate(RestTemplateBuilder restTemplateBuilder, SslBundles sslBundles) {
RestTemplate restTemplate = restTemplateBuilder
.setSslBundle(sslBundles.getBundle("bundlename"))
.setConnectTimeout(java.time.Duration.ofMinutes(5))
.setReadTimeout(java.time.Duration.ofMinutes(5))
.build();
return restTemplate;
}
--- Test Controller ---
@RestController
@RequestMapping("/api/test")
@AllArgsConstructor
public class TestController {
private final RestTemplate restTemplate;
@GetMapping("/badssl")
public ResponseEntity<String> sendRequest() {
String url = "/";
ResponseEntity<String> response = restTemplate.getForEntity(url, String.class);
return response;
}
}
Here Is the Error Message:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target .springframework.web.client.ResourceAccessException: I/O error on GET request for "/": PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
My Question: Do you have any idea why this configuration isn't working? Are there any potential solutions to allow me to test this code without the proper server and configuration? These are the pem files, I downloaded from /
--- badssl-client.pem ---
Bag Attributes
localKeyID: 4B 9B 3D 44 80 C2 AA 48 5C 4E E6 AE 5B 92 99 2C EE 7C 64 F8
subject=/C=US/ST=California/L=San Francisco/O=BadSSL/CN=BadSSL Client Certificate
issuer=/C=US/ST=California/L=San Francisco/O=BadSSL/CN=BadSSL Client Root Certificate Authority
-----BEGIN CERTIFICATE-----
MIIEnTCCAoWgAwIBAgIJAMd+zJuF0eEuMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNp
c2NvMQ8wDQYDVQQKDAZCYWRTU0wxMTAvBgNVBAMMKEJhZFNTTCBDbGllbnQgUm9v
dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjUwMTI4MjEwMDE5WhcNMjcwMTI4
MjEwMDE5WjBvMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG
A1UEBwwNU2FuIEZyYW5jaXNjbzEPMA0GA1UECgwGQmFkU1NMMSIwIAYDVQQDDBlC
YWRTU0wgQ2xpZW50IENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAxzdfEeseTs/rukjly6MSLHM+Rh0enA3Ai4Mj2sdl31x3SbPoen08
utVhjPmlxIUdkiMG4+ffe7N+JtDLG75CaxZp9CxytX7kywooRBJsRnQhmQPca8MR
WAJBIz+w/L+3AFkTIqWBfyT+1VO8TVKPkEpGdLDovZOmzZAASi9/sj+j6gM7AaCi
DeZTf2ES66abA5pOp60Q6OEdwg/vCUJfarhKDpi9tj3P6qToy9Y4DiBUhOct4MG8
w5XwmKAC+Vfm8tb7tMiUoU0yvKKOcL6YXBXxB2kPcOYxYNobXavfVBEdwSrjQ7i/
s3o6hkGQlm9F7JPEuVgbl/Jdwa64OYIqjQIDAQABoy0wKzAJBgNVHRMEAjAAMBEG
CWCGSAGG+EIBAQQEAwIHgDALBgNVHQ8EBAMCBeAwDQYJKoZIhvcNAQELBQADggIB
AF9BG0pq7msacTbIMwjSbOPATOLvS6D096mEPNFLx25bCV0VBnMNWhRpayBja25g
oiK28OOSUh+WzvV4TBCunMxFF56CZHnVy95XRDc5CioIe2L54FxXNtB/xRpQcJwc
12/XLfH3gmBzvo7fVAELyIipZ6hilHJZGxiLow96S3oJGM6QF+xz5a3XubW3Enat
yWskzdJOe0AIcYxXesY0/KC/jt/cRjXAUKn4FbVSdtHdYK990D/fJBasRYI1Qo8i
HzRUfpHsnlvwwdOvkzkpjwFzY+9qCnt/8YcClfyBNjyLMXyfMQJJ74wtrNpSswkk
pbJR2dXfuqjYsAxIu1RaERS3kEFOL4hhLRG7YrSxP7imzAr66bzwnqnfFjPXEIIV
xIskblFaQGVnSx6rYCpx1a6T0GXsdMcfE81KNbyOMPTAMxJof5/oRsbbpvQdOv/s
7AqYFMucGXkJ2Q60XvltK6JySv/G0kX5B56mURjx0R6kJzjOJ5AqarhKmQ8COLsw
nun9mRFw3iBmmtydaI9NH+tmir4vCfbbp0+iZ8ou5DZBMUUO3OWkLI3pcaRECuoo
0d4MMGI5O0xjRRJS6hysXJ1W6jPFsYHwzhnH3rmZjBR5+4fwOEq0ALGuuYcziLmO
2EclOpmtau/kHMTug1S6ih9r5waip8xl53Gc/rRzR9In
-----END CERTIFICATE-----
Bag Attributes
localKeyID: 4B 9B 3D 44 80 C2 AA 48 5C 4E E6 AE 5B 92 99 2C EE 7C 64 F8
Key Attributes: <No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIcuVqny2ZBX4CAggA
MBQGCCqGSIb3DQMHBAhhZ93YsAURzgSCBMjhJkRfqgWcFLYav+YaJGPxDECJsQsR
5xga5FM+ektBIlr/rP43oFp35NKuK5y1w2TDE+2Oq+nOelciElu0XIdk1tG7gyl0
vkD66OzptyoPdpLXGfoeYgtQk5XQShyPvWVetITXWdN0zsK8RQIxkXl54yy0T8vM
z+96wBP7gXzVlcS9j5KHWIZRd6ozI2pDtf9di870VrTQR8kbkxHwG4wDVLEEN/gY
40j0jmQclkwIrKatOqoH6y8nA0CNEU1Bn1WU9ZNXscDWCfTCH6lBd/xyUye1fGYu
ESfq4qQvLuZm3TVIGIHlx/tjDMM0uBbKjKQ9jVje9pUEkRo7A23iNhtdktLL4rze
fvBVFhYmtRVXYovhqn8KN3apo+sronlIacs5BlZ/NyQ29TtiPDx8MY4Fnd31V9FV
T4B0k+XmFjiV2RID9uCLb7Oz/ajMALrR2RTLQ9A6PnceXDc02ZTgBCKl6f3LVrd7
N3u5eje/g1cHp1icKu07qLplJ/wNK8VcP7taV9Oi7BQTNNTGy+Btc57Az5SNVCBJ
7n4SolIlyjOdrW1fwR7Rl2KieFj01gyYQC57GJMfRcm1cL75Gu+6MJNW4ylnzhBN
cTcpIZqsap3JvfBwLEot+GEJEIl+b2kHR/+clAhDsKkhPAAE/rRjYbtb+yJNLH1a
7DAs4MPGLUG+cnEarelpEUcksPxae0zXFYjP8MMhMNkQjU2wFMRYAdNPUSqFiY0G
qxMteZYxf/UJePVipGZ3SOQt1CoFqCkVvgC+Iqi/5TZe0seuaqgN16/FKAzTOtOQ
L53iY28NkV/kjK7Pq9nxG7fXCwwT0xEeTtdRALUO7odQ/Y9zyHIjY5mwD5WYUZRB
UjiBWNyZjZTJEtHrHQKrC5hXZGqqAoLG5nh5LA3wTd9Pllde6q8AVSKqUUsEE0s2
qZ80+QDWFLmUzLDV1JF0eY7t2q+KKCBKP2hgmPx80wA4U7x2UJyNWeW75CkeGae/
Za/CDbCseltCzs2yN/yoLkn72mHZtYCDxvEzHNxNvjN2gqs5m/v6ju2FJzMuKupd
FHbX2q139M/+xGKsIcbDXptS9mEqlQ81OWtj6la++NSs56tVp552Xz16ml7Od+kh
4+AvvWTFvAWp3kNp3PpxUQTMiXnzam2Cv7Mj4OB9UPRpjeq12DcDj9rb6AFvJIlT
yvNkUgm0FbQ1Nk3ATQEdVMfUn1u9+ImtDAF14qX+uSYJsJhu+pT0QBb4edsBQ6Yu
c3VKrG0Bj1ItLdxDxTylhJmzrKZuPCy4tEdPsuvqhES9pGCR4qyElXfjdelNkkXE
ou7r2946MYgCBY5eATQ/ZxEblyR3qj/lszqlvqLagrLpu6636zIcAD4gDba/L0dV
4FLevsjqthNfpX0rD6CYLjxj2+yKd9zyuEBFvGxoUWeXEtXvaBGzrt5I0ig7KGkR
bW/5Iuv8AJgMal4K9jMDUdD+JSpRyAplzbPiOpSCMOuqjKJndhUy9znrZCSjHsXY
PqljYeqjMFSD9D7XwAjT4A2/yAmZeOVSX1SxDDMdjGd6MeI1bfcVjC3i84yOEPFn
FwA1ukY+C0eadyKXa2Q27GmaKX2wRlSiCZahgjBwIy7f5S1ELXThOyODX4UBOcpk
b5A=
-----END ENCRYPTED PRIVATE KEY-----
--- cert.crt ---
-----BEGIN CERTIFICATE-----
MIIEnTCCAoWgAwIBAgIJAMd+zJuF0eEuMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNp
c2NvMQ8wDQYDVQQKDAZCYWRTU0wxMTAvBgNVBAMMKEJhZFNTTCBDbGllbnQgUm9v
dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjUwMTI4MjEwMDE5WhcNMjcwMTI4
MjEwMDE5WjBvMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG
A1UEBwwNU2FuIEZyYW5jaXNjbzEPMA0GA1UECgwGQmFkU1NMMSIwIAYDVQQDDBlC
YWRTU0wgQ2xpZW50IENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAxzdfEeseTs/rukjly6MSLHM+Rh0enA3Ai4Mj2sdl31x3SbPoen08
utVhjPmlxIUdkiMG4+ffe7N+JtDLG75CaxZp9CxytX7kywooRBJsRnQhmQPca8MR
WAJBIz+w/L+3AFkTIqWBfyT+1VO8TVKPkEpGdLDovZOmzZAASi9/sj+j6gM7AaCi
DeZTf2ES66abA5pOp60Q6OEdwg/vCUJfarhKDpi9tj3P6qToy9Y4DiBUhOct4MG8
w5XwmKAC+Vfm8tb7tMiUoU0yvKKOcL6YXBXxB2kPcOYxYNobXavfVBEdwSrjQ7i/
s3o6hkGQlm9F7JPEuVgbl/Jdwa64OYIqjQIDAQABoy0wKzAJBgNVHRMEAjAAMBEG
CWCGSAGG+EIBAQQEAwIHgDALBgNVHQ8EBAMCBeAwDQYJKoZIhvcNAQELBQADggIB
AF9BG0pq7msacTbIMwjSbOPATOLvS6D096mEPNFLx25bCV0VBnMNWhRpayBja25g
oiK28OOSUh+WzvV4TBCunMxFF56CZHnVy95XRDc5CioIe2L54FxXNtB/xRpQcJwc
12/XLfH3gmBzvo7fVAELyIipZ6hilHJZGxiLow96S3oJGM6QF+xz5a3XubW3Enat
yWskzdJOe0AIcYxXesY0/KC/jt/cRjXAUKn4FbVSdtHdYK990D/fJBasRYI1Qo8i
HzRUfpHsnlvwwdOvkzkpjwFzY+9qCnt/8YcClfyBNjyLMXyfMQJJ74wtrNpSswkk
pbJR2dXfuqjYsAxIu1RaERS3kEFOL4hhLRG7YrSxP7imzAr66bzwnqnfFjPXEIIV
xIskblFaQGVnSx6rYCpx1a6T0GXsdMcfE81KNbyOMPTAMxJof5/oRsbbpvQdOv/s
7AqYFMucGXkJ2Q60XvltK6JySv/G0kX5B56mURjx0R6kJzjOJ5AqarhKmQ8COLsw
nun9mRFw3iBmmtydaI9NH+tmir4vCfbbp0+iZ8ou5DZBMUUO3OWkLI3pcaRECuoo
0d4MMGI5O0xjRRJS6hysXJ1W6jPFsYHwzhnH3rmZjBR5+4fwOEq0ALGuuYcziLmO
2EclOpmtau/kHMTug1S6ih9r5waip8xl53Gc/rRzR9In
-----END CERTIFICATE-----
--- private-key.pem ---
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDHN18R6x5Oz+u6
SOXLoxIscz5GHR6cDcCLgyPax2XfXHdJs+h6fTy61WGM+aXEhR2SIwbj5997s34m
0MsbvkJrFmn0LHK1fuTLCihEEmxGdCGZA9xrwxFYAkEjP7D8v7cAWRMipYF/JP7V
U7xNUo+QSkZ0sOi9k6bNkABKL3+yP6PqAzsBoKIN5lN/YRLrppsDmk6nrRDo4R3C
D+8JQl9quEoOmL22Pc/qpOjL1jgOIFSE5y3gwbzDlfCYoAL5V+by1vu0yJShTTK8
oo5wvphcFfEHaQ9w5jFg2htdq99UER3BKuNDuL+zejqGQZCWb0Xsk8S5WBuX8l3B
rrg5giqNAgMBAAECggEAVRB/t9b9igmeTlzyQpHPIMvUu3uTpm742JmWpcSe61FA
XmhDzInNdLnIfbnb3p44kj4Coy5PbzKlm01sbNxA4BkiBPE1yen1J/2eU/LJ6QuN
jRjo9drFfR75UWPQ3xu9uJhQY2rocLILXmvy69FlG+ebThh8SPbTMtNaTFMb47An
pk2FrW9+rzPswbklOxls/SDt78usRvfAjslm73IdBTOrbceF+GmYs3/SXz1gu05p
LxY2rhC8piBlqnD/QbXBahZbhjb9SkDFn2typMFZKkJIIKDJaOI2E9tIlZ97/0nZ
txqchMty8IuU9YYAfLXCmj2IEfnvLtL7thLfKLuWAQKBgQDyXBpEgKFzfy2a1AI0
+1qL/u5UN14l7S6/wmyDTgVMXwoxhwPRXWD5PutQ8D6tMfC/y4AYt3OXg1blCvLD
XysNj5SK+dpmQR0SyeWjd9zwxJAXvx0McJefCYd86YGcGhJsuX5bkHIeQlEc6df7
yoqr1480VQx/+Fk1i6Zr0EIUFQKBgQDSbalUOfXZh2EVRQEgf3VoPlxAiwGGQcVT
i+pbjMG3pOwmkVyJZusGtN5HN4Oi7n1oiyfMYGsszKQ5j4TDBGS70pNUzhTv3Vn8
0Vsfz0arJRqJxviiv4FfDmsYXwObNKwOjR+LEn1NUPkOYOLdz1lDuWOu11LE90Dy
Q6hg8WwCmQKBgQDTy5lI9AAjpqh7/XpQQrhGT2qHPjuQeU25Vnbt6GjI7OVDkvHL
LQdpyYprGQgs4s+5TGWNNARYC/cMAh1Ujv5Yw3jUWrR5V73IhZeg20bBQYWKuwDv
thVKblFw377cZAxl51R9QCX6O4oW8mRFLiMxORd0bD6YNrf/CyNMZJraYQKBgAE7
o0JbFJWxtV/qh5cpKAb0VpYKOngO6pkSuMzQhlINJVUUhPZJJBdl9+dy69KIkzOJ
nTIVXotkp5GuxZhe7jgrg7F7g6PkKCLTFzWYgVF/ZihoggxyEs/7xaTe6aZ/KILt
UMH/2bwaPVtYNfwWuu8qpurfWBzPVhIVU2c+AuQBAoGAXMbw10vyiznlhyMFw5kx
SzlBMqJBLJkzQBtpvXuT0lqqxTSNC3N4WxgVOLCHa6HqXiB0790YL8/RWunsXTk2
c7ugThP6iMPNVAycWkIF4vvHTwZ9RCSmEQabRaqGGLz/bhLL3fi3lPGCR+iW2Dxq
GTH3fhaM/pZZGdIC75x/69Y=
-----END PRIVATE KEY-----
本文标签: javaTesting mTLS configuraion in Spring Boot 335Stack Overflow
版权声明:本文标题:java - Testing mTLS configuraion in Spring Boot 3.3.5 - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741921716a2405041.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论