1. 首頁
  2. 問答
  3. Undertow中的HTTPS

Undertow中的HTTPS

2015-08-19 75 views
0

我有一個在Tomcat上運行的Web服務,並決定嘗試使用Undertow。一般來說,這很好,但我需要HTTPS支持,並且無法啓用它。下面是一些代碼的HelloWorld:Undertow中的HTTPS

DeploymentInfo servletBuilder = deployment() 
      .setClassLoader(ServletServer.class.getClassLoader()) 
      .setContextPath("/") 
      .setDeploymentName("AuthenticationService.war") 
      .addServlet(servlet("WSServlet", WSServlet.class)) 
      .addListener(listener(WSServletContextListener.class)) 
      .setResourceManager(new FileResourceManager(new File("src/main/webapp"), 100)); 

    DeploymentManager manager = defaultContainer().addDeployment(servletBuilder); 
    manager.deploy(); 

    HttpHandler servletHandler = manager.start(); 

    SSLContext context = createSSLContext(loadKeyStore("server-keystore.jsk"), loadKeyStore("server-truststore.jks")); 
    PathHandler path = Handlers.path(servletHandler); 

    Undertow server = Undertow.builder() 
      .addHttpsListener(8443, "localhost", context) 
      .setHandler(path) 
      .build(); 
    server.start();

而且createSSLContext方法:

private static SSLContext createSSLContext(final KeyStore keyStore, final KeyStore trustStore) throws Exception { 
    KeyManager[] keyManagers; 
    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); 
    keyManagerFactory.init(keyStore, /* password */); 
    keyManagers = keyManagerFactory.getKeyManagers(); 

    TrustManager[] trustManagers; 
    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); 
    trustManagerFactory.init(trustStore); 
    trustManagers = trustManagerFactory.getTrustManagers(); 

    SSLContext sslContext; 
    sslContext = SSLContext.getInstance("TLS"); 
    sslContext.init(keyManagers, trustManagers, null); 

    return sslContext; 
}

而且loadKeyStore方法:

private static KeyStore loadKeyStore(String name) throws Exception { 
    final InputStream stream = new FileInputStream(name); 

    try(InputStream is = stream) { 
     KeyStore loadedKeystore = KeyStore.getInstance("JKS"); 
     loadedKeystore.load(is, /* password */); 
     return loadedKeystore; 
    } 
}

服務器開始,而是試圖將請求發送到https://localhost:8443/ ..沒有影響,沒有日誌或例外或一些反應。當使用http://localhost:8443它拋出異常

javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

我是新來的所有的網絡技術,使所有可能很奇怪。那麼這裏有什麼問題?

來源

2015-08-19 goldaniga

+0

這是否與HTTP偵聽器相同的部署工作? –

+0

你知道了嗎? – pomo

回答

0

我不知道,但自簽名和/或不信任的證書會造成問題,但你應該得到一些例外asbout這個

我不知道知道什麼是undertow,但您可以從文檔檢查SSL配置。

您還需要檢查服務器和客戶端是否支持公用密碼和協議
例如,JRE的默認包不支持AES_256

來源

2015-08-22 22:13:43 user5243992

0

我讓它工作。首先生成你的鑰匙,如果你不這樣做的話:

#!/usr/bin/env bash 

KEYSTORE=my-keystore.jks 
TRUSTSTORE=my-truststore.ts 
CERT=my-client.cer 

rm $KEYSTORE 
rm $CERT 
rm $TRUSTSTORE 

# these passwords must be copied to the private config file(s) 
KEYSTORE_STOREPASS=password1 
KEYSTORE_KEYPASS=password2 
TRUSTSTORE_STOREPASS=password3 

keytool -genkey -alias pomochatserver \ 
    -keyalg RSA -keystore $KEYSTORE \ 
    -dname "cn=localhost, ou=IT, o=Continuent, c=US" \ 
    -storepass $KEYSTORE_STOREPASS -keypass $KEYSTORE_KEYPASS 

# enter the *KEYSTORE_STOREPASS* when prompted 
keytool -export -alias pomochatserver -file $CERT -keystore $KEYSTORE 

keytool -import -trustcacerts -alias pomochatserver -file $CERT \ 
    -keystore $TRUSTSTORE -storepass $TRUSTSTORE_STOREPASS -noprompt

...然後在Java代碼:

public static SSLContext serverSslContext(String password1, String password2, String password3) { 
    try { 
     KeyStore keyStore = loadKeyStore("my-keystore.jks", password1); 
     KeyStore trustStore = loadKeyStore("my-truststore.ts", password3); 
     return createSSLContext(keyStore, trustStore, password2); 
    } catch (IOException e) { 
     throw new RuntimeException(e); 
    } 
} 

private static SSLContext createSSLContext(final KeyStore keyStore, final KeyStore trustStore, String keyStorePassword) throws IOException { 
    try { 
     KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); 
     keyManagerFactory.init(keyStore, keyStorePassword.toCharArray()); 

     TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); 
     trustManagerFactory.init(trustStore); 

     SSLContext sslContext = SSLContext.getInstance("TLS"); 
     sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); 
     return sslContext; 
    } catch (Exception e) { 
     throw new IOException("Unable to create and initialise the SSLContext", e); 
    } 
} 

private static KeyStore loadKeyStore(final String name, String password) throws IOException { 
    try(InputStream stream = new FileInputStream(name)) { 
     KeyStore loadedKeystore = KeyStore.getInstance("JKS"); 
     loadedKeystore.load(stream, password.toCharArray()); 
     return loadedKeystore; 
    } catch (Exception e) { 
     throw new IOException(String.format("Unable to load KeyStore %s", name), e); 
    } 
}

終於到創建服務器

 Undertow webAppServer = Undertow.builder() 
       .addHttpsListener(
         port, 
         hostname, 
         serverSslContext(password1, password2, password3) 
       ) 
       .setHandler(handlers, manager.start())) 
       .build();

來源

2016-09-07 11:11:35 pomo

相關問題

 相關問題