如何解决Springboot不检查证书是否由可信证书签名
我正在尝试为Spring Boot应用设置2way TLS身份验证。这是我的application.yaml
public async Task<IAudioClient> ConnectAudio(SocketCommandContext context)
{
SocketGuildUser user = context.User as SocketGuildUser; // Get the user who executed the command
IVoiceChannel channel = user.VoiceChannel;
bool shouldConnect = false;
if (channel == null) // Check if the user is in a channel
{
await context.Message.Channel.SendMessageAsync("Please join a voice channel first.");
} else
{
var clientUser = await context.Channel.GetUserAsync(context.Client.CurrentUser.Id); // Find the client's current user (I.e. this bot) in the channel the command was executed in
if (clientUser != null)
{
if (clientUser is IGuildUser bot) // Cast the client user so we can access the VoiceChannel property
{
if (bot.VoiceChannel == null)
{
Console.WriteLine("Bot is not in any channels");
shouldConnect = true;
}
else if (bot.VoiceChannel.Id == channel.Id)
{
Console.WriteLine($"Bot is already in requested channel: {bot.VoiceChannel.Name}");
}
else
{
Console.WriteLine($"Bot is in channel: {bot.VoiceChannel.Name}");
shouldConnect = true;
}
}
}
else
{
Console.WriteLine($"Unable to find bot in server: {context.Guild.Name}");
}
}
return (shouldConnect ? await channel.ConnectAsync() : null); // Return the IAudioClient or null if there was no need to connect
}
这是我的安全配置:
server:
ssl:
key-store-type: PKCS12
key-store: classpath:server-dev-keystore.p12
key-store-password: changeit
key-alias: ads-manager-dev
trust-store: classpath:root_CA_truststore.jks
trust-store-password: changeit
trust-store-type: JKS
client-auth: need
这是我的考试:
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/private/api/v1/security/test")
.authenticated()
.and()
.x509()
.subjectPrincipalRegex("CN=(.*?)(?:,|$)")
.userDetailsService(userDetailsService())
.and()
.authorizeRequests()
.antMatchers("/**").permitAll()
.and()
.csrf()
.disable();
}
@Bean
public UserDetailsService userDetailsService() {
return username -> {
return new User(username,"",AuthorityUtils
.commaSeparatedStringToAuthorityList("CLIENT"));
};
}
}
testForbiddenIfKeyIsNotSignedWithRootCA返回200,而不是403。
@Test
public void testForbiddenWithoutKey() throws Exception {
mockmvc.perform(mockmvcRequestBuilders
.post("/private/api/v1/security/test",port)
.contentType(MediaType.APPLICATION_JSON)
.content(objectMapper.writeValueAsstring(whatever)))
.andExpect(status().isForbidden());
}
@Test
public void testOkIfKeyIsProvided() throws Exception {
mockmvc.perform(mockmvcRequestBuilders
.post("/private/api/v1/security/test",port)
.with(x509(readFromP12("/security/client-01.p12")))
.contentType(MediaType.APPLICATION_JSON)
.content(objectMapper.writeValueAsstring(whatever)))
.andExpect(status().isOk());
}
@Test
public void testForbiddenIfKeyIsNotSignedWithRootCA() throws Exception {
mockmvc.perform(mockmvcRequestBuilders
.post("/private/api/v1/security/test",port)
.with(x509(readFromP12("/security/client-01-fake.p12")))
.contentType(MediaType.APPLICATION_JSON)
.content(objectMapper.writeValueAsstring(whatever)))
.andExpect(status().isForbidden());
}
已与另一个根CA签署。我期望springboot拒绝这样的请求。
我该怎么办?
UPD:
又添加了两个测试
client-01-fake.p12假设正确,一个密钥由truststore中提供的CA签名。另一个被其他人签名。为什么springboot不帮我做?
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
