【问题标题】:Simple way of using netty with ssl certificate?使用带有ssl证书的netty的简单方法?
【发布时间】:2015-11-24 16:39:11
【问题描述】:

我正在尝试使用 netty 写入使用 SSL 的 syslog 服务器,我想我已经了解了 netty 部分,我似乎只需要添加这一行:channel.pipeline().addLast("ssl", sslCtx.newHandler(channel.alloc(), host, 5000))

完整代码:

bootstrap.channel(NioSocketChannel.class)
    .option(ChannelOption.SO_KEEPALIVE, true)
    .handler(new TcpSyslogEventEncoder());

try {
  ChannelFuture future = bootstrap.connect(new InetSocketAddress(host, 5000));
  channel = future.syncUninterruptibly().channel();
  channel.pipeline().addLast("ssl", sslCtx.newHandler(channel.alloc(), host, 5000));
}
catch (Exception e) {
  System.out.println("Unable to connect to host.  Cause is " + e.toString());
}

我的问题是设置 SslContext (sslCtx) 对象。我已经有了要使用的证书(它是一个 .crt 文件,其中包含如下文本:

-----BEGIN CERTIFICATE-----
MIIDBjCCAe4CCQCmD....gM8vZVmYXULV8A==
-----END CERTIFICATE-----

我看到必须跳过 Java 中的大量障碍才能做到这一点。肯定有一种更简单的方法可以将 netty 与 SSL 一起使用吗?我设置 sslCtx 的代码是:

EventLoopGroup group = null;
Bootstrap bootstrap = null;
Channel channel = null;
boolean initialized = false;
boolean connected = false;
java.io.FileInputStream fis = null;


// find out if keystore already exists
KeyStore ks = null;
try {
  ks = KeyStore.getInstance(KeyStore.getDefaultType());
} catch (KeyStoreException e) {
  e.printStackTrace();
}
// get user password and file input stream
char[] password = {'p','a','s','s','w','o','r','d'};


try {
  fis = new java.io.FileInputStream("newKeyStoreNamep12");
  ks.load(fis, password);
} catch (CertificateException e) {
  e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
  e.printStackTrace();
} finally {
  if (fis != null) {
    fis.close();
  }
}


FileInputStream certFile = new FileInputStream("server.crt");
BufferedInputStream bis = new BufferedInputStream(certFile);

CertificateFactory cf = null;
try {
  cf = CertificateFactory.getInstance("X.509");
} catch (CertificateException e) {
  e.printStackTrace();
}

Certificate cert = null;


while (bis.available() > 0) {
  try {
    cert = cf.generateCertificate(bis);
  } catch (CertificateException e) {
    e.printStackTrace();
  }
  System.out.println("cert is: " + cert.toString());
}

ks.setCertificateEntry("myalias", cert);


KeyManagerFactory kmf;
kmf = KeyManagerFactory.getInstance("IbmX509");
kmf.init(ks, password);



group = new NioEventLoopGroup();
bootstrap = new Bootstrap();
bootstrap.group(group);
initialized = true;
connected = false;


SslContextBuilder ctxBuilder =     SslContextBuilder.forClient().keyManager(kmf);
SslContext sslCtx = ctxBuilder.build();

【问题讨论】:

    标签: java ssl netty syslog


    【解决方案1】:

    不知道你使用的是什么版本,但在 4.0.30 中你可以像这样设置 ssl 上下文:

    SslContext sslCtx = SslContextBuilder.forServer(new File(certPath), new File(keyPath), null).build();
    

    然后添加到管道:

    pipeline.addLast(sslCtx.newHandler(channel .alloc()));
    

    【讨论】:

    • 非常感谢,我已经缩小了这个范围,并得到了一个特定的例外 - 将发布一个新问题。
    猜你喜欢
    • 1970-01-01
    • 2019-10-17
    • 2013-10-28
    • 1970-01-01
    • 2010-12-03
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多