要使用SSL配置还是SSLContext？在Akka Http SSL Java中

我正在使用来自第三方的SSL证书-我使用以下命令创建了一个.p12密钥库

openssl pkcs12 -export -CAfile Geotrust_EV_Intermediate_Bundle.crt -in www_domainName_in.crt -inkey domainName.in.key -out wtkeystore1.p12 -name CompanyName -passout pass:SomePassWord

我参考了Akka HTTPS支持文档，并编写了以下代码

public HttpsConnectionContext useHttps(ActorSystem system) {
HttpsConnectionContext https = null;
try {
  final char[] password = properties.keystorePassword().toCharArray();

  final KeyStore ks = KeyStore.getInstance("PKCS12");
  final InputStream keystore = WDService.class.getClassLoader().getResourceAsStream("wtkeystore.p12");
  if (keystore == null) {
    throw new RuntimeException("Keystore required!");
  }
  ks.load(keystore, password);
  final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
  keyManagerFactory.init(ks, password);

  final TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
  tmf.init(ks);

  final SSLContext sslContext = SSLContext.getInstance("TLS");
  sslContext.init(keyManagerFactory.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());
  final AkkaSSLConfig sslConfig = AkkaSSLConfig.get(system);
  https = ConnectionContext.https(sslContext);
} catch (NoSuchAlgorithmException | KeyManagementException e) {
  system.log().error(e.getCause() + " while configuring HTTPS.", e);
} catch (CertificateException | KeyStoreException | UnrecoverableKeyException | IOException e) {
  system.log().error(e.getCause() + " while ", e);
}

return https;

}

我的主要文件代码如下

final Http http = Http.get(system);

log.info("Starting on " + properties.url() + ":" + properties.port());
final ConnectHttp host = ConnectHttp.toHost(properties.url(), properties.port());

Http.get(system).bindAndHandle(appRoute().flow(system, materializer), host, materializer);
log.info("Started on " + properties.url() + ":" + properties.port());

if (properties.useSSL()) {

  HttpsConnectionContext https = useHttps(system);
  http.setDefaultServerHttpContext(https);

  Http.get(system).bindAndHandle(appRoute().flow(system, materializer),
      ConnectHttp.toHost(properties.urlSSL(), properties.portSSL()), materializer);
  log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}

final Http http = Http.get(system); // Created Once Only

log.info("Starting on " + properties.url() + ":" + properties.port());
final ConnectHttp host = ConnectHttp.toHost(properties.url(), properties.port());

http.bindAndHandle(appRoute().flow(system, materializer), host, materializer);
log.info("Started on " + properties.url() + ":" + properties.port());

if (properties.useSSL()) {

  HttpsConnectionContext https = useHttps(system);
  ConnectHttp connect = ConnectHttp.toHostHttps(properties.urlSSL(), properties.portSSL())
      .withCustomHttpsContext(https);

  http.bindAndHandle(appRoute().flow(system, materializer), connect, materializer);
  log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}

现在我可以绑定到Akka Http，并且根本不报告错误，但我的https请求在服务器上被拒绝（它甚至没有到达Akka/Http，所以Akka系统中没有错误日志），并且工作正常

问题:

我是否错过了上面的任何一步

我只使用SSLContext-这样可以吗，还是我也应该使用SSLConfig？如果是-那么我应该如何使用SSLConfig，因为似乎没有给出适当的文档

是否需要通过keytool使用Java默认密钥库？因为我相信使用openssl生成的wtkeystore.p12文件也是一个密钥库，可以使用

更新代码1： 根据建议：

if (properties.useSSL()) {

  HttpsConnectionContext https = useHttps(system);
  ConnectHttp connect = ConnectHttp.toHostHttps(properties.urlSSL(), properties.portSSL())
      .withCustomHttpsContext(https);

  Http.get(system).bindAndHandle(appRoute().flow(system, materializer), connect, materializer);
  log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}

并确保防火墙/网络为端口443打开，但 netstat仍显示“已建立”状态，我对其进行telnet，然后关闭此端口连接

调试时，我将SSLConfig和其他对象设置为None，SSLContext对象除外。这正常吗？？

---

试试这样的方法：

if (properties.useSSL()) {
  ConnectHttp connect =
    ConnectHttp.toHostHttps(properties.urlSSL(), properties.portSSL())
      .withCustomHttpsContext(useHttps(system));

  Http.get(system).bindAndHandle(appRoute().flow(system, materializer),
      connect, materializer);
  log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}

---

终于！问题解决了

我制作了两个新的Http.get（系统）对象，而不是一个对象 所以我的更新代码如下

final Http http = Http.get(system);

log.info("Starting on " + properties.url() + ":" + properties.port());
final ConnectHttp host = ConnectHttp.toHost(properties.url(), properties.port());

Http.get(system).bindAndHandle(appRoute().flow(system, materializer), host, materializer);
log.info("Started on " + properties.url() + ":" + properties.port());

if (properties.useSSL()) {

  HttpsConnectionContext https = useHttps(system);
  http.setDefaultServerHttpContext(https);

  Http.get(system).bindAndHandle(appRoute().flow(system, materializer),
      ConnectHttp.toHost(properties.urlSSL(), properties.portSSL()), materializer);
  log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}

final Http http = Http.get(system); // Created Once Only

log.info("Starting on " + properties.url() + ":" + properties.port());
final ConnectHttp host = ConnectHttp.toHost(properties.url(), properties.port());

http.bindAndHandle(appRoute().flow(system, materializer), host, materializer);
log.info("Started on " + properties.url() + ":" + properties.port());

if (properties.useSSL()) {

  HttpsConnectionContext https = useHttps(system);
  ConnectHttp connect = ConnectHttp.toHostHttps(properties.urlSSL(), properties.portSSL())
      .withCustomHttpsContext(https);

  http.bindAndHandle(appRoute().flow(system, materializer), connect, materializer);
  log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}

同时感谢jrudolph对代码的帮助。。。我还必须打开防火墙端口443，使域指向服务器的IP地址

---

按照Akka Http文档使用SSLContext是可以的。。。如果您按照文档所示使用SSLContext，则无需使用SSLConfig-我目前使用的是Akka v2.4.7。

您需要使用

Connect.toHostHttps

来创建HTTPS服务器。Thanx jrudolph。。。现在，当我调试它时，它显示了用于ConnectHttp中https的端口和主机名-但是SSL在我的终端不工作。。。