Amazon web services 使用Java TrustStore配置AWS API网关客户端证书以验证传入请求_Amazon Web Services_Ssl_Aws Api Gateway_Akka Http_Truststore

Amazon web services 使用Java TrustStore配置AWS API网关客户端证书以验证传入请求

amazon-web-services ssl

Amazon web services 使用Java TrustStore配置AWS API网关客户端证书以验证传入请求,amazon-web-services,ssl,aws-api-gateway,akka-http,truststore,Amazon Web Services,Ssl,Aws Api Gateway,Akka Http,Truststore,我正在使用Akka 2.4.x，并试图用Akka Http配置信任库，以便验证服务器的传入请求我的堆栈是： 1.AWS API网关-发送客户端证书 2.AKKA HTTP使用java信任库进行验证 final Http http = Http.get(system); if (properties.useSSL()) { log.info("Starting on " + properties.url() + ":" + properties.port()); HttpsConne

我正在使用Akka 2.4.x，并试图用Akka Http配置信任库，以便验证服务器的传入请求

我的堆栈是： 1.AWS API网关-发送客户端证书 2.AKKA HTTP使用java信任库进行验证

final Http http = Http.get(system);

if (properties.useSSL()) {

  log.info("Starting on " + properties.url() + ":" + properties.port());
  HttpsConnectionContext https = useHttps(system);
  ConnectHttp connect = ConnectHttp.toHostHttps(properties.urlSSL(), properties.portSSL())
      .withCustomHttpsContext(https);

  http.bindAndHandle(appRoute().flow(system, materializer), connect, materializer);
  log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
} else {
  log.info("Starting on " + properties.url() + ":" + properties.port());
  final ConnectHttp host = ConnectHttp.toHost(properties.url(), properties.port());

  http.bindAndHandle(appRoute().flow(system, materializer), host, materializer);
  log.info("Started on " + properties.url() + ":" + properties.port());
}

  public HttpsConnectionContext useHttps(ActorSystem system) {
    HttpsConnectionContext https = null;
    try {
      final char[] password = properties.keystorePassword().toCharArray();

      final KeyStore keyStore = KeyStore.getInstance("PKCS12");
      final InputStream keyStoreStream = WDService.class.getClassLoader()
          .getResourceAsStream(properties.keystoreFileName());
      if (keyStoreStream == null) {
        throw new RuntimeException("Keystore required!");
      }
      keyStore.load(keyStoreStream, password);

      final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
      keyManagerFactory.init(keyStore, password);

      final TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
      tmf.init(keyStore);

      final SSLContext sslContext = SSLContext.getInstance("TLS");
      sslContext.init(keyManagerFactory.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());

      https = ConnectionContext.https(sslContext);
    } catch (NoSuchAlgorithmException | KeyManagementException e) {
      log.debug(" while configuring HTTPS." + e.getCause(), e);
    } catch (CertificateException | KeyStoreException | UnrecoverableKeyException | IOException e) {
      log.debug(e.getCause() + " while ", e);
    } catch (Exception e) {
      log.debug(e.getCause() + " Exception", e);
    }

    return https;
  }

我的问题是：我的信任库设置不受尊重，尽管我没有收到任何错误，但此设置不起作用。当我不发送客户端证书时，我的系统会接受邮递员的请求

我使用的算法有问题吗？或者我可以在哪里查找错误/问题-以便我可以进一步移动