3
我用我的SSL證書來自第三方 - 我用下面的命令要使用SSL-Config還是SSLContext?在阿卡的Http SSL的Java
openssl pkcs12 -export -CAfile Geotrust_EV_Intermediate_Bundle.crt -in www_domainName_in.crt -inkey domainName.in.key -out wtkeystore1.p12 -name CompanyName -passout pass:SomePassWord
我已經提到阿卡HTTPS支持文檔和編碼創建的.p12密鑰庫以下
public HttpsConnectionContext useHttps(ActorSystem system) {
HttpsConnectionContext https = null;
try {
final char[] password = properties.keystorePassword().toCharArray();
final KeyStore ks = KeyStore.getInstance("PKCS12");
final InputStream keystore = WDService.class.getClassLoader().getResourceAsStream("wtkeystore.p12");
if (keystore == null) {
throw new RuntimeException("Keystore required!");
}
ks.load(keystore, password);
final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
keyManagerFactory.init(ks, password);
final TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
final SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagerFactory.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());
final AkkaSSLConfig sslConfig = AkkaSSLConfig.get(system);
https = ConnectionContext.https(sslContext);
} catch (NoSuchAlgorithmException | KeyManagementException e) {
system.log().error(e.getCause() + " while configuring HTTPS.", e);
} catch (CertificateException | KeyStoreException | UnrecoverableKeyException | IOException e) {
system.log().error(e.getCause() + " while ", e);
}
return https;
}
我的主文件的代碼如下
final Http http = Http.get(system);
log.info("Starting on " + properties.url() + ":" + properties.port());
final ConnectHttp host = ConnectHttp.toHost(properties.url(), properties.port());
Http.get(system).bindAndHandle(appRoute().flow(system, materializer), host, materializer);
log.info("Started on " + properties.url() + ":" + properties.port());
if (properties.useSSL()) {
HttpsConnectionContext https = useHttps(system);
http.setDefaultServerHttpContext(https);
Http.get(system).bindAndHandle(appRoute().flow(system, materializer),
ConnectHttp.toHost(properties.urlSSL(), properties.portSSL()), materializer);
log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}
現在我能夠綁定到Akka Http,並且根本沒有報告錯誤,但是我的https請求在服務器上被拒絕(並且它甚至沒有達到akka/http--所以沒有錯誤登錄akka系統)並且http://domainName.in是工作正常。
問題:
我缺少上述任何步驟??
我只使用SSLContext - 是的,或者我還會使用SSLConfig嗎?如果是的話 - 那麼我應該如何使用SSLConfig,因爲似乎沒有給出適當的文檔
- 通過keytool使用Java默認密鑰庫是否必要?因爲我相信使用openssl生成的wtkeystore.p12文件也是一個密鑰存儲並且足夠使用。
更新的代碼1: 的建議:
if (properties.useSSL()) {
HttpsConnectionContext https = useHttps(system);
ConnectHttp connect = ConnectHttp.toHostHttps(properties.urlSSL(), properties.portSSL())
.withCustomHttpsContext(https);
Http.get(system).bindAndHandle(appRoute().flow(system, materializer), connect, materializer);
log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}
,並還確保防火牆/網絡是開放的443端口,但 netstat的仍呈現爲「ESTABLISHED」和我做狀態telnet到它,這個端口連接然後關閉
當我調試我得到SSLConfig和其他對象爲None,除SSLContext對象。這是正常嗎? 
您需要使用'Connect.toHostHttps'來創建一個HTTPS服務器。 – jrudolph