0
点赞
收藏
分享

微信扫一扫

Netty使用记录-自定义证书单向认证

爱奔跑的读书者 2022-03-11 阅读 58


1、通过openssl生成自签名证书,得到证书文件(x509格式)和私钥(pkcs8格式)(过程参考其他文章)

2、Netty服务器端加载证书与私钥。

File certChainFile=new File("/home/certs/nginx.crt");
File keyFile=new File("/home/certs/pkcs8_rsa_private_key.pem");
SslContext sslCtx = SslContextBuilder.forServer(certChainFile, keyFile).clientAuth(ClientAuth.NONE).build();
ch.pipeline().addLast("ssl", sslCtx.newHandler(ByteBufAllocator.DEFAULT));

3、Netty客户端加载证书,重写TrustManagerFactory

//加载服务器端证书,创建keystore
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate cfet = cf.generateCertificate(new FileInputStream("C:\\Users\\Administrator\\Desktop\\nginx.crt"));
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", cfet);


//初始化TrustManagerFactory
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);


//Netty客户端
SslContext sslCtx = SslContextBuilder.forClient().trustManager(tmf).build();
ch.pipeline().addLast("ssl", sslCtx.newHandler(ByteBufAllocator.DEFAULT));



举报

相关推荐

0 条评论