Closed fuzzmaker closed 3 years ago
Netty要支持ssl双向认证需要分别在初始化SslContext时增加相应的受信证书链
RpcServer.class
` private SslContext initSSLContext() {
InputStream in = null;
try {
KeyStore ks = KeyStore.getInstance(RpcConfigManager.server_ssl_keystore_type());
in = new FileInputStream(RpcConfigManager.server_ssl_keystore());
char[] passChs = RpcConfigManager.server_ssl_keystore_pass().toCharArray();
ks.load(in, passChs);
KeyManagerFactory kmf = KeyManagerFactory.getInstance(RpcConfigManager
.server_ssl_kmf_algorithm());
kmf.init(ks, passChs);
SslContextBuilder sslContextBuilder = SslContextBuilder.forServer(kmf);
if(RpcConfigManager.server_ssl_need_client_auth()){
KeyStore cks = KeyStore.getInstance(RpcConfigManager.client_ssl_keystore_type());
in = new FileInputStream(RpcConfigManager.client_ssl_keystore());
char[] cPassChs = RpcConfigManager.client_ssl_keystore_pass().toCharArray();
cks.load(in, cPassChs);
TrustManagerFactory tmf = TrustManagerFactory.getInstance(RpcConfigManager.client_ssl_tmf_algorithm());
tmf.init(cks);
sslContextBuilder.trustManager(tmf);
}
return sslContextBuilder.build();
} catch (Exception e) {
logger.error("Fail to init SSL context for server.", e);
throw new IllegalStateException("Fail to init SSL context", e);
} finally {
IoUtils.closeQuietly(in);
}
`
AbstractConnectionFactory.class
` private SslContext initSSLContext() {
InputStream in = null;
try {
KeyStore ks = KeyStore.getInstance(RpcConfigManager.client_ssl_keystore_type());
in = new FileInputStream(RpcConfigManager.client_ssl_keystore());
char[] passChs = RpcConfigManager.client_ssl_keystore_pass().toCharArray();
ks.load(in, passChs);
TrustManagerFactory tmf = TrustManagerFactory.getInstance(RpcConfigManager
.client_ssl_tmf_algorithm());
tmf.init(ks);
SslContextBuilder sslContextBuilder = SslContextBuilder.forClient().trustManager(tmf);
if(RpcConfigManager.server_ssl_need_client_auth()){
KeyStore sks = KeyStore.getInstance(RpcConfigManager.server_ssl_keystore_type());
in = new FileInputStream(RpcConfigManager.server_ssl_keystore());
char[] sPassChs = RpcConfigManager.server_ssl_keystore_pass().toCharArray();
sks.load(in, sPassChs);
KeyManagerFactory kmf = KeyManagerFactory.getInstance(RpcConfigManager.server_ssl_kmf_algorithm());
kmf.init(sks, sPassChs);
sslContextBuilder.keyManager(kmf);
}
return sslContextBuilder.build();
} catch (Exception e) {
logger.error("Fail to init SSL context for connection factory.", e);
throw new IllegalStateException("Fail to init SSL context", e);
} finally {
IoUtils.closeQuietly(in);
}
} `
Your question
describe your question clearly
Your scenes
describe your use scenes (why need this feature)
Your advice
describe the advice or solution you'd like
Environment
java -version
):uname -a
):