无法找到请求目标的有效证书路径 - Keycloak - Springboot - 自签名证书 - 测试
unable to find valid certification path to requested target - Keycloak - Springboot - self-signed certificate - Tests
我在我的 spring 引导应用程序中进行了集成测试,一些测试需要从 Keycloak 获取令牌。每次通信都是通过带有自签名证书的 SSL。
启动这些测试时出现异常:
SunCertPathBuilderException: unable to find valid certification path to requested target
问题似乎与 Accept server's self-signed ssl certificate in Java client 类似,但此解决方案对我不起作用。
这是我获得令牌的地方:
private AccessTokenResponse getToken() throws GeneralSecurityException {
Keycloak keycloak = Keycloak.getInstance(keycloakAuthServerUrl, keycloakRealm,
login, password, keycloakResource, keycloakCredentialsSecret);
return keycloak.tokenManager().getAccessToken();
}
按照 Accept server's self-signed ssl certificate in Java client 中的建议,创建自定义信任管理器:
import javax.net.ssl.X509TrustManager;
public class TestTrustManager implements X509TrustManager {
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[0];
}
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
}
然后将其添加到keycloak "constructor" :
private AccessTokenResponse getToken() throws GeneralSecurityException {
// Install the all-trusting trust manager
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, new TrustManager[] { new TestTrustManager() }, new java.security.SecureRandom());
Keycloak keycloak = Keycloak.getInstance(keycloakAuthServerUrl, keycloakRealm,
login, password, keycloakResource, keycloakCredentialsSecret, sslContext); // <--- !!! ADD IT HERE !!!
return keycloak.tokenManager().getAccessToken();
}
我在我的 spring 引导应用程序中进行了集成测试,一些测试需要从 Keycloak 获取令牌。每次通信都是通过带有自签名证书的 SSL。
启动这些测试时出现异常:
SunCertPathBuilderException: unable to find valid certification path to requested target
问题似乎与 Accept server's self-signed ssl certificate in Java client 类似,但此解决方案对我不起作用。
这是我获得令牌的地方:
private AccessTokenResponse getToken() throws GeneralSecurityException {
Keycloak keycloak = Keycloak.getInstance(keycloakAuthServerUrl, keycloakRealm,
login, password, keycloakResource, keycloakCredentialsSecret);
return keycloak.tokenManager().getAccessToken();
}
按照 Accept server's self-signed ssl certificate in Java client 中的建议,创建自定义信任管理器:
import javax.net.ssl.X509TrustManager;
public class TestTrustManager implements X509TrustManager {
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[0];
}
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
}
然后将其添加到keycloak "constructor" :
private AccessTokenResponse getToken() throws GeneralSecurityException {
// Install the all-trusting trust manager
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, new TrustManager[] { new TestTrustManager() }, new java.security.SecureRandom());
Keycloak keycloak = Keycloak.getInstance(keycloakAuthServerUrl, keycloakRealm,
login, password, keycloakResource, keycloakCredentialsSecret, sslContext); // <--- !!! ADD IT HERE !!!
return keycloak.tokenManager().getAccessToken();
}