zoukankan      html  css  js  c++  java

  • netty ssl

    netty提供的例子中有secury的实现,不过是一个伪证书。修改了一下其中的SecureChatSslContextFactory类,使用证书的方式实现ssl。修改后代码如下:

    public final class SecureChatSslContextFactory {

    private static final String PROTOCOL = "SSL";
    //private static final String PROTOCOL = "TLS";
    private static final SSLContext SERVER_CONTEXT;
    private static final SSLContext CLIENT_CONTEXT;

    static {
    String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm");
    if (algorithm == null) {
    algorithm = "SunX509";
    }

    SSLContext serverContext;
    SSLContext clientContext;
    try {
    KeyStore ks = KeyStore.getInstance("JKS");
    ks.load(new ClassPathResource("keystore").getInputStream(),"123456".toCharArray());

    // Set up key manager factory to use our key store
    KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
    kmf.init(ks, "123456".toCharArray());

    // Initialize the SSLContext to work with our key managers.
    serverContext = SSLContext.getInstance(PROTOCOL);
    serverContext.init(kmf.getKeyManagers(), null, null);
    } catch (Exception e) {
    throw new Error(
    "Failed to initialize the server-side SSLContext", e);
    }

    try {

    KeyStore trustStore = KeyStore.getInstance("JKS");
    trustStore.load(new ClassPathResource("truststore").getInputStream(),"123456".toCharArray());
    TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
    tmf.init(trustStore);

    clientContext = SSLContext.getInstance(PROTOCOL);
    clientContext.init(null, tmf.getTrustManagers(), null);
    } catch (Exception e) {
    throw new Error(
    "Failed to initialize the client-side SSLContext", e);
    }

    SERVER_CONTEXT = serverContext;
    CLIENT_CONTEXT = clientContext;
    }

    public static SSLContext getServerContext() {
    return SERVER_CONTEXT;
    }

    public static SSLContext getClientContext() {
    return CLIENT_CONTEXT;
    }

    private SecureChatSslContextFactory() {
    // Unused
    }
    }

    证书生成过程如下:
    1. 生成keystore和自签名的certificate, 并生成相应公钥和私钥
    keytool -genkeypair -alias rock -keyalg RSA -validity 7 -keystore keystore
    2. 查看keystore
    keytool -list -v -keystore keystore
    3. 导出证书
    keytool -export -alias rock -keystore keystore -rfc -file rock.cer
    cat duke.cer
    4. 将第三步导出的证书导入到一个truststore
    keytool -import -alias rockcert -file rock.cer -keystore truststore
    5. 检查 truststore
    keytool -list -v -keystore truststore

  • 相关阅读:
    MapReduce程序遇见java.net.UnknownHostException
    吐槽下《Hadoop权威指南(第二版)》的翻译
    HFileOutputFormat与TotalOrderPartitioner
    关于hive multi group by的疑惑
    Hive解决 java.io.IOException:SerDeException:LazySimpleSerDe
    一个字符编码引发的血案
    CSS颜色代码大全
    C#中ParameterizedThreadStart和ThreadStart区别
    Sql Server REPLACE函数的使用
    QueryString的用法
  • 原文地址:https://www.cnblogs.com/hujihon/p/4992636.html
Copyright © 2011-2022 走看看