第二次尝试配置客户端双向认证

pom.xml

@@ -38,23 +38,6 @@
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>org.springframework.boot</groupId>
-                    <artifactId>spring-boot-starter-tomcat</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-undertow</artifactId>
-            <exclusions>
-                <!-- 排除 undertow-websockets-jsr 依赖 -->
-                <exclusion>
-                    <groupId>io.undertow</groupId>
-                    <artifactId>undertow-websockets-jsr</artifactId>
-                </exclusion>
-            </exclusions>
         </dependency>
 
 

src/main/java/com/om/config/AndroidSslConfiguration.java

@@ -16,12 +16,28 @@ public class AndroidSslConfiguration {
     @Value("${android.ssl.key-store-password}")
     private String keyStorePassword;
 
-    @Value("${android.ssl.key-store-type}")
+    @Value("${android.ssl.keyStoreType}")
     private String keyStoreType;
 
-    @Value("${android.ssl.key-alias}")
+    @Value("${android.ssl.keyAlias}")
     private String keyAlias;
 
+    @Value("${android.ssl.client-auth}")
+    private String clientAuth;
+
+
+    @Value("${android.ssl.trust-store}")
+    private String trustStore;
+
+    @Value("${android.ssl.trust-store-password}")
+    private String trustStorePassword;
+
+    @Value("${android.ssl.trust-store-type}")
+    private String trustStoreType;
+
+    @Value("${android.ssl.trust-store-provider}")
+    private String trustStoreProvider;
+
     @Value("${android.server.port}")
     private int androidPort;
 
@@ -38,18 +54,16 @@ public class AndroidSslConfiguration {
         try {
             connector.setScheme("https");
             connector.setPort(androidPort);
-            connector.setSecure(true);
-            protocol.setSSLEnabled(true);
             protocol.setKeystoreFile(keyStore);
             protocol.setKeystorePass(keyStorePassword);
             protocol.setKeystoreType(keyStoreType);
             protocol.setKeyAlias(keyAlias);
-            // 如果你没有 truststore.p12，可以忽略或配置成一样的
-            // protocol.setTruststoreFile(keyStore);
-            // protocol.setTruststorePass(keyStorePassword);
-            // protocol.setTruststoreType(keyStoreType);
-            protocol.setClientAuth("required");  // 确保正确配置为 "need" 而不是 "required"
-            protocol.setSslProtocol("TLS");
+
+             protocol.setTruststoreFile(trustStore);
+             protocol.setTruststorePass(trustStorePassword);
+             protocol.setTruststoreType(trustStoreType);
+             protocol.setTruststoreProvider(trustStoreProvider);
+           // protocol.setClientAuth(clientAuth);
         } catch (Exception ex) {
             throw new IllegalStateException("Failed to create SSL connector", ex);
         }

src/main/resources/application-dev.yml

@@ -11,10 +11,18 @@ android:
   server:
     port: 8444
   ssl:
-    key-store: classpath:server.p12
-    key-store-password: om1020
-    key-store-type: PKCS12
-    key-alias: server
+    #keyStore密钥库，存放了服务端证书的私钥、公钥和证书
+    key-store: classpath:serverCA.p12
+    key-store-password: 123456
+    keyStoreType: PKCS12
+    keyAlias: 1
+
+    # trustStore信任库，存放了服务端信任的客户端证书的公钥文件
+    client-auth: need
+    trust-store: classpath:rootCA.keystore
+    trust-store-password: 123456
+    trust-store-type: JKS
+    trust-store-provider: SUN
 
 
 mybatis-plus: