How to integrate https with Springboot

1 Introduction

HTTP is unsafe, we need to put SSL on it to make it HTTPS. This article will use examples to introduce SpringbootintegrationHTTPS.

2 Basics of cryptography

If you want to talk about https, you must talk about Security, and naturally you have to talk about security; when you talk about security, it must involve passwords Learn some knowledge.

2.1 Cryptosystem

To establish a cryptographic system, it needs to be composed of five spaces, which are:

• Plain text M: before encryption or decryption The information after;

• Cipher text C: The information after plain text encryption;

• Key K: The encryption key and the decryption key Composition;

• Encryption E: Transformation from plaintext to ciphertext;

• Decryption D: Transformation from ciphertext to plaintext.

As shown in the figure:

2.2 Two encryption methods

2.2.1 Symmetric encryption

Symmetric encryption, or also called single-key encryption, refers to an encryption method in which the encryption key and the decryption key are the same (or it is easy to calculate one from the other).

The main advantages of symmetric encryption are: fast encryption and decryption operations and high efficiency;

Limitations: complex key distribution, difficult key management, poor openness of secure communication systems, digital signatures ;

represents the algorithm: DES algorithm, AES algorithm;

Give a small example:

明文为48，加密算法f(x)=8x+71，
则密文C=8*48+71=455
则解密算法为f(x)=(x-71)/8;
则解密后的明文M=(455-71)/8=48；

2.2.2 Asymmetric encryption

Asymmetric encryption refers to an encryption method that uses different keys for encryption and decryption, and the decryption key cannot be derived from the encryption key.

Main advantages: simple key distribution, easy management, good system openness, and digital signatures can be realized;

Limitations: encryption and decryption operation efficiency is low;

Representative algorithms: RSA algorithm, ECC algorithm;

Give a big example:

The steps are as follows:

##1Find two Prime numbersP, Q2Calculate the common modulusN =P*Q##3##4Calculate the public key E1 E must be an integer E and φ(N) must be a coprime number5Calculate the private key DE * D % φ(N) = 1EncryptionDecryption

Step	Description	Formula	Note
Calculate Euler function	φ(N) = (P- 1)(Q-1)
			##6
C = M^E mod N	C: ciphertext M: plaintext		7
M =C^ D mod N	C: ciphertext M: plaintext		其中，公钥＝(E , N) ，私钥＝(D, N)，对外，我们只暴露公钥。 1.找出两个质数 随便找两个质数，我们找P=5，Q=11。 2.计算公共模数 公共模数N=P*Q=5*11=55 3.计算欧拉函数 φ(N) = (P-1)(Q-1)=4*10=40 4.计算公钥E 1 <p>至此，整个非对称加密过程演示了一遍，希望大家能理解，特别是非对称加密，因为<strong>HTTPS</strong>使用的是非对称加密。实际的使用算法更复杂，密钥长度会更大。</p><h3 id="yisu3h-to139">2.3 证书</h3><p>要使用SSL，需要有证书，这个证书文件是包含公钥密钥，也就是非对称加密中要使用的。</p><p>获取证书有两种方式：</p> 从CA(Certificate Authority)机构获取，即客户端会认可的证书，具有公信力；有免费也有收费的，收费的比较稳定比较安全。 自签证书，自己制作证书，一般用于测试，浏览器不承认。 为方便起见，在本次实例中使用自签证书，两种证书整合过程并无差异。 3 Springboot整合HTTPS 3.1 先让Web跑起来 作为一个Web应用，我们先让它跑起来，然后再整合https。 （1）引入Web依赖： <dependency>   <groupid>org.springframework.boot</groupid>   <artifactid>spring-boot-starter-web</artifactid></dependency> （2）配置端口： server.port=80 （3）实现Contrlloer： @RestControllerpublic class HelloController {@GetMapping("/hello")public String hello() {return "Welcome to www.pkslow.com";     } } 完成上面工作后，启动应用即可。 访问http://localhost/hello 得到下面结果，说明整个Web应用起来了。 3.2 生成密钥文件jks 通过命令行生成密钥文件如下： keytool -genkey -alias localhost -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -keystore localhost.jks -dname CN=localhost,OU=Test,O=pkslow,L=Guangzhou,C=CN -validity 731 -storepass changeit -keypass changeit 命令行重要参数的意义： alias：密钥别名，可以随便起，不冲突就行； keyalg：加密算法； keysize：密钥长度，2048基本就不可能破解了； keystore：keystore的文件名； dname：这个很关键，特别是CN=后面要按正确的域名来写； validity：cert的有效期； 执行完以上命令后，就会生成localhost.jks文件，把该文件放到classpath下即可，当然也可以放到其它位置，配置文件指定正确即可。 3.3 重新配置并重启 按照实际情况重新配置application.properties文件： server.port=443server.ssl.enabled=trueserver.ssl.key-store-type=jksserver.ssl.key-store=classpath:localhost.jksserver.ssl.key-store-password=changeitserver.ssl.key-alias=localhost 重启后访问如下： 发现有红色警告，因为这是自签名的cert，并不被Chrome所认可，所以会校验失败。以前的Chrome版本只是警告，但还是可以访问的，现在新版本的已经不能访问了。 通过Postman来访问便可： 3.4 使用PKS12格式 如果想使用PKCS12替换JKS，命令和配置可以参考下面： 生成密钥： keytool -genkey -alias localhost -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -storetype PKCS12 -keystore localhost.p12 -dname CN=localhost,OU=Test,O=pkslow,L=Guangzhou,C=CN -validity 731 -storepass changeit -keypass changeit 配置文件如下： server.port=443server.ssl.enabled=trueserver.ssl.key-store-type=PKCS12server.ssl.key-store=classpath:localhost.p12server.ssl.key-store-password=changeitserver.ssl.key-alias=localhost

The above is the detailed content of How to integrate https with Springboot. For more information, please follow other related articles on the PHP Chinese website!