SpringBoot利用证书实现https双向绑定并解析客户端证书

1、生成客户端证书、密钥文件

该流程请参考该博主

基于springboot实现的https单向认证和双向认证（java生成证书）_白帽菌的博客-CSDN博客_springboot单向认证

 2、springboot实现

项目结构

 代码实现

MyInterceptor.java

package com.test.verfiy.config;
 
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
 
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.lang.reflect.Method;
import java.security.cert.X509Certificate;
 
/**
 * @author Liwei
 * @date 2022/8/3 17:34
 * @description
 */
public class MyInterceptor implements HandlerInterceptor {
    private static final Logger logger = LoggerFactory.getLogger(MyInterceptor.class);
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        HandlerMethod handlerMethod = (HandlerMethod) handler;
        Method method = handlerMethod.getMethod();
        String methodName = method.getName();
        logger.info("====拦截到了方法：{}，在该方法执行之前执行====", methodName);
        // 返回true才会继续执行，返回false则取消当前请求
        X509Certificate[] x509Certificates = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
        X509Certificate cer = (X509Certificate)x509Certificates[0];
        logger.info("版本号：" + cer.getVersion());
        logger.info("序列号：" + cer.getSerialNumber().toString());
        logger.info("颁发者：" + cer.getSubjectDN());     //  logger.info("颁发者唯一标识符: " + cer.getSubjectUniqueID().toString());
        logger.info("使用者：" + cer.getIssuerDN());
        //   logger.info("使用者唯一标识符: " + cer.getIssuerUniqueID().toString());
        logger.info("有效期：from：" + cer.getNotBefore() + "  to: " + cer.getNotAfter());
        logger.info("签发算法" + cer.getSigAlgName());
        logger.info("签发算法ID：" + cer.getSigAlgOID());
        logger.info("证书签名:" + cer.getSignature().toString());
        return true;
    }
    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
        logger.info("执行完方法之后进执行(Controller方法调用之后)，但是此时还没进行视图渲染");
    }
    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
        logger.info("整个请求都处理完咯，DispatcherServlet也渲染了对应的视图咯，此时我可以做一些清理的工作了");
    }
}

MyInterceptorConfig.java

package com.test.verfiy.config;
 
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;
 
/**
 * @author Liwei
 * @date 2022/8/3 17:35
 * @description
 */
@Configuration
public class MyInterceptorConfig extends WebMvcConfigurationSupport {
    @Override
    protected void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(new MyInterceptor()).addPathPatterns("/**");
        super.addInterceptors(registry);
    }
}

VerfiyController.java

package com.test.verfiy.controller;
 
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
/**
 * @author Liwei
 * @date 2022/7/29 16:19
 * @description
 */
@RestController
@RequestMapping("/api")
public class VerfiyController {
    @GetMapping("/test")
    public String test() {
        return "Hello World!";
    }
}

配置

server.port=443

server.ssl.enabled=true
server.ssl.key-store-type=JKS
server.ssl.key-store=classpath:localhost.jks
server.ssl.key-store-password=changeit
server.ssl.key-alias=localhost
#server.ssl.protocol=TLS
server.ssl.trust-store=classpath:localhost.jks
server.ssl.trust-store-password=changeit
server.ssl.trust-store-provider=SUN
server.ssl.trust-store-type=JKS
server.ssl.client-auth=need