要使用的是SSLContext还是SSLContext?在Akka,Http,SSL,Java
要使用的是SSLContext还是SSLContext?在Akka,Http,SSL,Java
提问于 2017-04-18 09:46:38
我正在使用来自第三方的SSL证书-我使用以下命令创建了一个.p12密钥存储库
openssl pkcs12 -export -CAfile Geotrust_EV_Intermediate_Bundle.crt -in www_domainName_in.crt -inkey domainName.in.key -out wtkeystore1.p12 -name CompanyName -passout pass:SomePassWord我参考了Akka HTTPS支持文档,并编写了以下代码
public HttpsConnectionContext useHttps(ActorSystem system) {
HttpsConnectionContext https = null;
try {
final char[] password = properties.keystorePassword().toCharArray();
final KeyStore ks = KeyStore.getInstance("PKCS12");
final InputStream keystore = WDService.class.getClassLoader().getResourceAsStream("wtkeystore.p12");
if (keystore == null) {
throw new RuntimeException("Keystore required!");
}
ks.load(keystore, password);
final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
keyManagerFactory.init(ks, password);
final TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
final SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagerFactory.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());
final AkkaSSLConfig sslConfig = AkkaSSLConfig.get(system);
https = ConnectionContext.https(sslContext);
} catch (NoSuchAlgorithmException | KeyManagementException e) {
system.log().error(e.getCause() + " while configuring HTTPS.", e);
} catch (CertificateException | KeyStoreException | UnrecoverableKeyException | IOException e) {
system.log().error(e.getCause() + " while ", e);
}
return https;}
我的主要文件代码如下
final Http http = Http.get(system);
log.info("Starting on " + properties.url() + ":" + properties.port());
final ConnectHttp host = ConnectHttp.toHost(properties.url(), properties.port());
Http.get(system).bindAndHandle(appRoute().flow(system, materializer), host, materializer);
log.info("Started on " + properties.url() + ":" + properties.port());
if (properties.useSSL()) {
HttpsConnectionContext https = useHttps(system);
http.setDefaultServerHttpContext(https);
Http.get(system).bindAndHandle(appRoute().flow(system, materializer),
ConnectHttp.toHost(properties.urlSSL(), properties.portSSL()), materializer);
log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}现在我可以绑定到Akka Http,并且错误是完全没有报告的,但是我的https请求在服务器上被拒绝(它甚至不能到达akka/http,所以在akka系统中没有错误日志),http://domainName.in运行良好。
问题:
- 我还没走上一步吗?
- 我只使用SSLContext -好吗,还是我也使用SSLConfig?如果是,那么我应该如何使用SSLConfig,因为似乎没有提供适当的文档。
- 是否有必要通过keytool使用Java默认Keystore?因为我相信使用openssl生成的wtkeystore.p12文件也是一个密钥存储库,并且足够好使用。
经修订的守则1:如建议所示:
if (properties.useSSL()) {
HttpsConnectionContext https = useHttps(system);
ConnectHttp connect = ConnectHttp.toHostHttps(properties.urlSSL(), properties.portSSL())
.withCustomHttpsContext(https);
Http.get(system).bindAndHandle(appRoute().flow(system, materializer), connect, materializer);
log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}并确保防火墙/网络为端口443开放,但netstat仍显示为“已建立”状态,我对其进行telnet操作,然后关闭此端口连接
调试时,除SSLConfig对象外,SSLContext和其他对象均为None。这正常吗?
回答 2
Stack Overflow用户
回答已采纳
发布于 2017-04-18 15:13:15
试着做这样的事:
if (properties.useSSL()) {
ConnectHttp connect =
ConnectHttp.toHostHttps(properties.urlSSL(), properties.portSSL())
.withCustomHttpsContext(useHttps(system));
Http.get(system).bindAndHandle(appRoute().flow(system, materializer),
connect, materializer);
log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}Stack Overflow用户
发布于 2017-04-26 14:06:47
终于来了!它解决了..。
我创建了两个新的Http.get(system)对象,而不是一个单独的对象,所以我更新的代码如下所示
final Http http = Http.get(system); // Created Once Only
log.info("Starting on " + properties.url() + ":" + properties.port());
final ConnectHttp host = ConnectHttp.toHost(properties.url(), properties.port());
http.bindAndHandle(appRoute().flow(system, materializer), host, materializer);
log.info("Started on " + properties.url() + ":" + properties.port());
if (properties.useSSL()) {
HttpsConnectionContext https = useHttps(system);
ConnectHttp connect = ConnectHttp.toHostHttps(properties.urlSSL(), properties.portSSL())
.withCustomHttpsContext(https);
http.bindAndHandle(appRoute().flow(system, materializer), connect, materializer);
log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}谢谢你帮我写代码..。我还必须打开防火墙端口443,并使域指向服务器的IP地址
按照Akka Http文档使用SSLContext是可以的.如果您使用的是文档显示的SSLConfig,则不需要使用SSLContext --我目前使用的是Akka v2.4.7。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/43468803
复制相关文章
相似问题
腾讯云开发者
