具有客户端证书的嵌入式Jetty[英] Embedded Jetty with client certificates

问题描述

我想创建嵌入式的HTTPS服务器,该服务器需要客户出现证书,我正在使用此证书: http://www.smartjava.org/content/content/content/content/embedded-jetded-jetded-jetded-client-certificates-certificates

现在,我的问题是,考虑到我的码头已被发行,我该如何为我的代码提供密钥库和信托店文件. 我的意思是代码中的这些行:

// the keystore (with one key) we'll use to make the connection with the
    // broker
    private final static String KEYSTORE_LOCATION = "src/main/resources/client_keystore.jks";
    private final static String KEYSTORE_PASS = "secret";

    // the truststore we use for our server. This keystore should contain all the keys
    // that are allowed to make a connection to the server
    private final static String TRUSTSTORE_LOCATION = "src/main/resources/truststore.jks";
    private final static String TRUSTSTORE_PASS = "secret";

谢谢

推荐答案

github.com/eclipse/jetty.project

示例: superjettyxml.java - jetty 8,没有使用XML,设置SSL连接器.

>

    SslSelectChannelConnector ssl_connector = new SslSelectChannelConnector();
    ssl_connector.setPort(8443);
    SslContextFactory cf = ssl_connector.getSslContextFactory();
    cf.setKeyStorePath(jetty_home + "/etc/keystore");
    cf.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
    cf.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
    cf.setTrustStore(jetty_home + "/etc/keystore");
    cf.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
    cf.setExcludeCipherSuites(
            new String[] {
                "SSL_RSA_WITH_DES_CBC_SHA",
                "SSL_DHE_RSA_WITH_DES_CBC_SHA",
                "SSL_DHE_DSS_WITH_DES_CBC_SHA",
                "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
                "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
                "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
                "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"
            });
    ssl_connector.setStatsOn(false);
    server.addConnector(ssl_connector);
    ssl_connector.open();

    SslSocketConnector ssl2_connector = new SslSocketConnector(cf);
    ssl2_connector.setPort(8444);
    ssl2_connector.setStatsOn(false);
    server.addConnector(ssl2_connector);
    ssl2_connector.open();

本文地址:https://www.itbaoku.cn/post/978600.html