在Undertow中啓用HTTPS

Question

我們有一個可用的Apache mod_ssl配置。我想啓用對Undertow的HTTPS支持，以便它監聽http和https，從而避免了對Apache的需求。

我查看了Undertow的javadocs。該Undertow.Builder類有兩個addHttpsListener方法具有以下特徵：

public Builder addHttpsListener(int port, String host, 
     KeyManager[] keyManagers, TrustManager[] trustManagers); 
    public Builder addHttpsListener(int port, String host, 
     SSLContext sslContext) { 

如此看來自舉暗潮時使用生成器API，例如我可以使用這些

Undertow server = Undertow.builder() 
        .addHttpsListener(8443, "localhost", sslContext) 
        .build(); 

我不確定如何創建SSLContext變量，或者如何配置KeyManagers和TrustManagers。 擁有mod_ssl正在使用的證書文件，那麼如何繼續爲啓用Undertow啓用HTTPS？

UPDATE：

每hwellmann的回答，我已經重複使用SslContextFactory.createSslContext()方法。在此之前，我必須將公鑰/私鑰對轉換爲PKCS12格式並將其導入到Java密鑰庫中。

給SSL轉換轉換/導入命令（從here和here採取）以下，希望這將是有益的人：

# Convert to PKCS12  
$ openssl pkcs12 -export -out output_cert.pfx -inkey input_cert.key -in input_cert.crt -certfile intermediate.crt 

# Import into Java keystore 
$ keytool -v -importkeystore -srckeystore output_cert.pfx -srcstoretype PKCS12 -destkeystore output_store.jks -deststoretype JKS 

Answer 1

這不是真正的暗潮特有的，它只是一個建設的問題來自帶有證書的密鑰庫的SSL上下文。

用於與暗流使用的示例見SslContextFactory.java。

Answer 2

有關於如何創建的SSLContext在暗潮源代碼的例子： https://github.com/undertow-io/undertow/blob/e8473ec35c420b782e072723d1e6338548def842/examples/src/main/java/io/undertow/examples/http2/Http2Server.java#L76

SSLContext sslContext = createSSLContext(loadKeyStore("server.keystore"), loadKeyStore("server.truststore")); 

...

private static SSLContext createSSLContext(final KeyStore keyStore, final KeyStore trustStore) throws Exception { 
    KeyManager[] keyManagers; 
    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); 
    keyManagerFactory.init(keyStore, password("key")); 
    keyManagers = keyManagerFactory.getKeyManagers(); 

    TrustManager[] trustManagers; 
    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); 
    trustManagerFactory.init(trustStore); 
    trustManagers = trustManagerFactory.getTrustManagers(); 

    SSLContext sslContext; 
    sslContext = SSLContext.getInstance("TLS"); 
    sslContext.init(keyManagers, trustManagers, null); 

    return sslContext; 
} 

...

private static KeyStore loadKeyStore(String storeLoc, String storePw) throws Exception { 
    InputStream stream = Files.newInputStream(Paths.get(storeLoc)); 
    if(stream == null) { 
     throw new IllegalArgumentException("Could not load keystore"); 
    } 
    try(InputStream is = stream) { 
     KeyStore loadedKeystore = KeyStore.getInstance("JKS"); 
     loadedKeystore.load(is, storePw.toCharArray()); 
     return loadedKeystore; 
    } 
}