gpt4 book ai didi

java - 仅使用 .key 和 .crt 构建 io.netty.handler.ssl.SslContext

转载 作者:行者123 更新时间:2023-12-04 22:37:09 25 4
gpt4 key购买 nike

我有一个关于如何仅使用 .key(点键)文件和 .crt(点 crt)文件构建 Netty io.netty.handler.ssl.SslContext 的问题。
需要强调的是,我正在寻求帮助来构建 io.netty.handler.ssl.SslContext,而不是 org.apache.http.ssl.SSLContexts。
另外,我正在寻求帮助构建 io.netty.handler.ssl.SslContext,没有现成的 keystore 和信任库。
(将无法直接执行此操作)

public SslContext getSslContext() {
try {
final Path keystorePath = Paths.get(keyStorePath);
final KeyStore keyStore = KeyStore.getInstance(keyStoreType);
try (InputStream keyStoreFile = Files.newInputStream(keystorePath)) {
keyStore.load(keyStoreFile, keyStorePassPhrase.toCharArray());
}
final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, keyPassPhrase.toCharArray());

final Path truststorePath = Paths.get(trustStorePath);
final KeyStore trustStore = KeyStore.getInstance(trustStoreType);
try (InputStream trustStoreFile = Files.newInputStream(truststorePath)) {
trustStore.load(trustStoreFile, trustStorePassPhrase.toCharArray());
}
final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);

return SslContextBuilder.forClient().keyManager(keyManagerFactory).trustManager(trustManagerFactory).build();
} catch (KeyStoreException | IOException | UnrecoverableKeyException | NoSuchAlgorithmException | CertificateException e) {

return null;
}
}
请问最简单的方法是什么?
谢谢

最佳答案

Netty 能够加载 pem 格式的私钥和证书作为 key Material 。它内置在 SslContextBuilder 中,示例如下:

SslContext sslContext = SslContextBuilder.forClient()
.keyManager(new File("/path/to/certificate.crt"), new File("/path/to/private.key"), "secret")
.build();
有关该方法的 javadoc,请参见下文
   /**
* Identifying certificate for this host. {@code keyCertChainFile} and {@code keyFile} may
* be {@code null} for client contexts, which disables mutual authentication.
*
* @param keyCertChainFile an X.509 certificate chain file in PEM format
* @param keyFile a PKCS#8 private key file in PEM format
* @param keyPassword the password of the {@code keyFile}, or {@code null} if it's not
* password-protected
*/
public SslContextBuilder keyManager(File keyCertChainFile, File keyFile, String keyPassword) {
...
}
关于在不使用 keystore 的情况下生成 netty ssl 上下文的第二个问题,我建议使用 Bouncy caSTLe 库创建私钥对作为 key Material ,您可以将其提供给 netty sslcontext builder。
有关使用充气城堡创建私钥对的引用,请参见此处: Generating keyPair using Bouncy Castle
可用于提供由 bouncy caSTLe 生成的私钥和证书的方法见下文
    /**
* Identifying certificate for this host. {@code keyCertChain} and {@code key} may
* be {@code null} for client contexts, which disables mutual authentication.
*
* @param key a PKCS#8 private key
* @param keyCertChain an X.509 certificate chain
*/
public SslContextBuilder keyManager(PrivateKey key, Iterable<? extends X509Certificate> keyCertChain) {
return keyManager(key, toArray(keyCertChain, EMPTY_X509_CERTIFICATES));
}

关于java - 仅使用 .key 和 .crt 构建 io.netty.handler.ssl.SslContext,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/64052669/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com