我想创建需要客户端出示证书的嵌入式https服务器,并且我正在使用此服务器:
http://www.smartjava.org/content/embedded-jetty-client-certificates
现在,我的问题是,考虑到码头的存在,我如何为代码提供密钥库和信任库文件.
我的意思是代码中的这些行:
// the keystore (with one key) we'll use to make the connection with the
// broker
private final static String KEYSTORE_LOCATION = "src/main/resources/client_keystore.jks";
private final static String KEYSTORE_PASS = "secret";
// the truststore we use for our server. This keystore should contain all the keys
// that are allowed to make a connection to the server
private final static String TRUSTSTORE_LOCATION = "src/main/resources/truststore.jks";
private final static String TRUSTSTORE_PASS = "secret";
谢谢
解决方法:
在github.com/eclipse/jetty.project上有许多Jetty嵌入式用法的示例
示例:LikeJettyXml.java-Jetty 8,不使用XML,设置了SSL连接器.
SslSelectChannelConnector ssl_connector = new SslSelectChannelConnector();
ssl_connector.setPort(8443);
SslContextFactory cf = ssl_connector.getSslContextFactory();
cf.setKeyStorePath(jetty_home + "/etc/keystore");
cf.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
cf.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
cf.setTrustStore(jetty_home + "/etc/keystore");
cf.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
cf.setExcludeCipherSuites(
new String[] {
"SSL_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_DSS_WITH_DES_CBC_SHA",
"SSL_RSA_EXPORT_WITH_RC4_40_MD5",
"SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"
});
ssl_connector.setStatsOn(false);
server.addConnector(ssl_connector);
ssl_connector.open();
SslSocketConnector ssl2_connector = new SslSocketConnector(cf);
ssl2_connector.setPort(8444);
ssl2_connector.setStatsOn(false);
server.addConnector(ssl2_connector);
ssl2_connector.open();