如何将客户端证书添加到Spring WebClient？

我花了一些时间才找到Thomas回答中缺失的部分。

在这里：

public static SslContext getTwoWaySslContext() {
        
    try(FileInputStream keyStoreFileInputStream = new FileInputStream(ResourceUtils.getFile(clientSslKeyStoreClassPath));
        FileInputStream trustStoreFileInputStream = new FileInputStream(ResourceUtils.getFile(clientSslTrustStoreClassPath));   
        ) {
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(keyStoreFileInputStream, clientSslKeyStorePassword.toCharArray());
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
        keyManagerFactory.init(keyStore, clientSslKeyStorePassword.toCharArray());
            
        KeyStore trustStore = KeyStore.getInstance("jks");
        trustStore.load(trustStoreFileInputStream, clientSslTrustStorePassword.toCharArray());
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
        trustManagerFactory.init(trustStore);
            
        return SslContextBuilder.forClient()
            .keyManager(keyManagerFactory)
            .trustManager(trustManagerFactory)
            .build();
            
    } catch (Exception e) {
        log.error("An error has occurred: ", e);
    }
        
    return null;
}


HttpClient httpClient = HttpClient.create().secure(sslSpec -> sslSpec.sslContext(SslUtil.getTwoWaySslContext()));
ClientHttpConnector clientHttpConnector = new ReactorClientHttpConnector(httpClient);
WebClient webClient = webClientBuilder
    .clientConnector(clientHttpConnector)
    .baseUrl(baseUrl)
    .build();

享受！

从文档中获取：Spring Webclient - Reactor Netty。
要访问SSL配置，您需要提供一个带有自定义sslContext的自定义netty HttpClient。

SslContext sslContext = SslContextBuilder
        .forClient()
        // build your ssl context here
        .build();

HttpClient httpClient = HttpClient.create().secure(sslSpec -> sslSpec.sslContext(sslContext));

WebClient webClient = WebClient.builder()
    .clientConnector(new ReactorClientHttpConnector(httpClient))
    .build();

1. 首先，您需要使用所需的密钥创建密钥库。
您可以使用Java的keytool或更用户友好的keystore-explorer。
2. 接下来，您只需要将其加载到HttpClient中。 Apache HttpComponents提供了更方便的创建SSLContext和配置mTLS的方式：
使用 - Apache HttpClient » 5.2.1。

@Configuration
public class WebClientConfigConfiguration {

 @Value("${keystore.uri}")
 private Resource keystore;

 @Value("${keystore.password:}")
 private String password;

 @Bean
 public WebClient webClient() throws GeneralSecurityException, IOException {
   SSLContext sslContext = new SSLContextBuilder()
       .loadKeyMaterial(keystore.getURL(), password.toCharArray(), password.toCharArray())
       .build();

   Registry<TlsStrategy> registry = RegistryBuilder.<TlsStrategy>create()
       .register(URIScheme.HTTPS.getId(), new BasicClientTlsStrategy(sslContext))
       .build();

   CloseableHttpAsyncClient httpClient = HttpAsyncClients.custom()
       .setConnectionManager(new PoolingAsyncClientConnectionManager(registry))
       .build();

   return WebClient.builder()
       .clientConnector(new HttpComponentsClientHttpConnector(httpClient))
       .build();
 }
}

你甚至可以更进一步，用Java提供的那个替换HttpClient：
使用 - Spring Web » 6.0.13

...
  @Bean
  public WebClient webClient() throws GeneralSecurityException, IOException {
    SSLContext sslContext = new SSLContextBuilder()
        .loadKeyMaterial(keystore.getURL(), password.toCharArray(), password.toCharArray())
        .build();

    HttpClient httpClient = HttpClient.newBuilder()
        .sslContext(sslContext)
        .build();

    return WebClient.builder()
        .clientConnector(new JdkClientHttpConnector(httpClient))
        .build();
  }
...

这个页面可能在比较这两个选项时会很有用： https://www.wiremock.io/post/java-http-client-comparison