即使在 SpringMVC 中包含密钥库证书后也无法验证服务器

Posted

技术标签:

【中文标题】即使在 SpringMVC 中包含密钥库证书后也无法验证服务器【英文标题】:Unable to authenticate server even after including keystore certificate in SpringMVC 【发布时间】:2015-11-10 22:23:55 【问题描述】:

我正在尝试对 jira 服务器进行身份验证并从给定 id 的服务器获取问题详细信息,最初我是手动提供 id。我已经下载了服务器证书并使用 keytool 导入,密码是密钥库的“密码”。但我无法对其进行身份验证,下面是我的代码

我的java代码:

@Controller
public class Service


    @RequestMapping("/hello")


     public String Data(ModelMap model) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException, KeyManagementException, UnrecoverableKeyException

        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(new FileInputStream("/users/crohitk/Documents/workspace/frr/publicKey1.store"),
                "password".toCharArray());
        SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
                new SSLContextBuilder()
                        .loadTrustMaterial(null, new TrustSelfSignedStrategy())
                        .loadKeyMaterial(keyStore, "password".toCharArray()).build());
        HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build();
        ClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(
                httpClient);
        RestTemplate restTemplate = new RestTemplate(requestFactory);


        ResponseEntity<String> result = restTemplate.exchange("https://jira.example.com/",  HttpMethod.GET, new HttpEntity<String>(createHeaders("user", "password")), String.class);

        model.addAttribute("message", result);


        return "helloworld";

      


     HttpHeaders createHeaders( String username, String password )
        HttpHeaders header =  new HttpHeaders();
        String auth = username + ":" + password;
        byte[] encodedAuth = Base64.encodeBase64(auth.getBytes(Charset.forName("US-ASCII")) );
        String base64Creds = "Basic " + new String( encodedAuth );
        header.add("Authorization", "Basic " + base64Creds);
        return header;
       




调度程序-servlet.xml:

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd">

    <context:component-scan base-package="frr.frr" />

    <bean
        class="org.springframework.web.servlet.view.InternalResourceViewResolver">
        <property name="prefix">
            <value>/WEB-INF/views/</value>
        </property>
        <property name="suffix">
            <value>.jsp</value>
        </property>
    </bean>
</beans>

web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">


    <display-name>Archetype Created Web Application</display-name>

    <servlet>
        <servlet-name>dispatcher</servlet-name>
        <servlet-class>
            org.springframework.web.servlet.DispatcherServlet
        </servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>dispatcher</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>

    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/dispatcher-servlet.xml</param-value>
    </context-param>

    <listener>
        <listener-class>
            org.springframework.web.context.ContextLoaderListener
        </listener-class>
    </listener>
</web-app>

pom.xml:

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>frr</groupId>
  <artifactId>frr</artifactId>
  <packaging>war</packaging>
  <version>0.0.1-SNAPSHOT</version>
  <name>frr Maven Webapp</name>
  <url>http://maven.apache.org</url>
  <properties>
        <spring.version>4.2.0.RELEASE</spring.version>
    </properties>
  <dependencies>
    <dependency>
      <groupId>junit</groupId>
      <artifactId>junit</artifactId>
      <version>3.8.1</version>
      <scope>test</scope>
    </dependency>

    <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-core</artifactId>
            <version>$spring.version</version>
        </dependency>

        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-web</artifactId>
            <version>$spring.version</version>
        </dependency>

        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-webmvc</artifactId>
            <version>$spring.version</version>
        </dependency>


<dependency>
   <groupId>org.apache.httpcomponents</groupId>
   <artifactId>httpclient</artifactId>
   <version>4.3.5</version>
</dependency>


        <dependency>
   <groupId>commons-codec</groupId>
   <artifactId>commons-codec</artifactId>
   <version>1.9</version>
</dependency>




  </dependencies>
  <build>
    <finalName>frr</finalName>
  </build>
</project>

【问题讨论】:

我也在 facebook 上试过,但我无法登录它说电子邮件地址不正确 代码本身乍一看还不错,但是传递给 createHeader 函数的“用户/密码”凭据呢?那是 有效的 JIra 用户,还是从某个地方复制粘贴? Jira 显然不接受您的身份验证为有效身份,因此无效的登录信息必须是第一个嫌疑人。那么您确定您使用的是有效登录名吗? 是的,它们是有效的,因为我在这里使用它们来验证 jira 服务器我将我的凭据替换为用户和密码,它们不是实际的凭据 您在编码时明确选择了一个字符集(US-ASCII),但在将其转换为字符串时没有这样做(新字符串(encodedAuth))。您的机器上是否有任何特殊的默认字符集需要第一个字符集? 出于调试目的,我建议从您的程序中打印 header-info 并从 Rest 海报插件(Firefox/Chrome 有很多)中使用它,以查看您的 Jira 是否接受它。跨度> 【参考方案1】:

将上述代码的编码凭据更改为 java 文件中的以下代码 上述代码的编码有一些错误

HttpHeaders createHeaders()
    String plainCreds = "user:password";
    byte[] plainCredsBytes = plainCreds.getBytes();
    byte[] base64CredsBytes = Base64.encodeBase64(plainCredsBytes);
    String base64Creds = new String(base64CredsBytes);


    HttpHeaders headers = new HttpHeaders();
    headers.add("Authorization", "Basic " + base64Creds);
    return headers;

【讨论】:

以上是关于即使在 SpringMVC 中包含密钥库证书后也无法验证服务器的主要内容,如果未能解决你的问题,请参考以下文章

即使在出厂重置后也保持 USB 调试开启,同时绕过 RSA 密钥

使用签名中包含的密钥正确验证了签名,但该密钥不受信任

签名使用签名中包含的密钥正确验证,但该密钥不受信任

不重新启动 Firefox 不会刷新密钥库

HTTPS 协议

Spring Security SAML 请求在证书中包含 ^M 个字符