要使用SSL配置还是SSLContext?在Akka Http SSL Java中
我正在使用来自第三方的SSL证书-我使用以下命令创建了一个.p12密钥库要使用SSL配置还是SSLContext?在Akka Http SSL Java中,java,ssl,akka-http,Java,Ssl,Akka Http,我正在使用来自第三方的SSL证书-我使用以下命令创建了一个.p12密钥库 openssl pkcs12 -export -CAfile Geotrust_EV_Intermediate_Bundle.crt -in www_domainName_in.crt -inkey domainName.in.key -out wtkeystore1.p12 -name CompanyName -passout pass:SomePassWord 我参考了Akka HTTPS支持文档,并编写了以下代码
openssl pkcs12 -export -CAfile Geotrust_EV_Intermediate_Bundle.crt -in www_domainName_in.crt -inkey domainName.in.key -out wtkeystore1.p12 -name CompanyName -passout pass:SomePassWord
我参考了Akka HTTPS支持文档,并编写了以下代码
public HttpsConnectionContext useHttps(ActorSystem system) {
HttpsConnectionContext https = null;
try {
final char[] password = properties.keystorePassword().toCharArray();
final KeyStore ks = KeyStore.getInstance("PKCS12");
final InputStream keystore = WDService.class.getClassLoader().getResourceAsStream("wtkeystore.p12");
if (keystore == null) {
throw new RuntimeException("Keystore required!");
}
ks.load(keystore, password);
final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
keyManagerFactory.init(ks, password);
final TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
final SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagerFactory.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());
final AkkaSSLConfig sslConfig = AkkaSSLConfig.get(system);
https = ConnectionContext.https(sslContext);
} catch (NoSuchAlgorithmException | KeyManagementException e) {
system.log().error(e.getCause() + " while configuring HTTPS.", e);
} catch (CertificateException | KeyStoreException | UnrecoverableKeyException | IOException e) {
system.log().error(e.getCause() + " while ", e);
}
return https;
}
我的主要文件代码如下
final Http http = Http.get(system);
log.info("Starting on " + properties.url() + ":" + properties.port());
final ConnectHttp host = ConnectHttp.toHost(properties.url(), properties.port());
Http.get(system).bindAndHandle(appRoute().flow(system, materializer), host, materializer);
log.info("Started on " + properties.url() + ":" + properties.port());
if (properties.useSSL()) {
HttpsConnectionContext https = useHttps(system);
http.setDefaultServerHttpContext(https);
Http.get(system).bindAndHandle(appRoute().flow(system, materializer),
ConnectHttp.toHost(properties.urlSSL(), properties.portSSL()), materializer);
log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}
final Http http = Http.get(system); // Created Once Only
log.info("Starting on " + properties.url() + ":" + properties.port());
final ConnectHttp host = ConnectHttp.toHost(properties.url(), properties.port());
http.bindAndHandle(appRoute().flow(system, materializer), host, materializer);
log.info("Started on " + properties.url() + ":" + properties.port());
if (properties.useSSL()) {
HttpsConnectionContext https = useHttps(system);
ConnectHttp connect = ConnectHttp.toHostHttps(properties.urlSSL(), properties.portSSL())
.withCustomHttpsContext(https);
http.bindAndHandle(appRoute().flow(system, materializer), connect, materializer);
log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}
现在我可以绑定到Akka Http,并且根本不报告错误,但我的https请求在服务器上被拒绝(它甚至没有到达Akka/Http,所以Akka系统中没有错误日志),并且工作正常
问题:
if (properties.useSSL()) {
HttpsConnectionContext https = useHttps(system);
ConnectHttp connect = ConnectHttp.toHostHttps(properties.urlSSL(), properties.portSSL())
.withCustomHttpsContext(https);
Http.get(system).bindAndHandle(appRoute().flow(system, materializer), connect, materializer);
log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}
并确保防火墙/网络为端口443打开,但
netstat仍显示“已建立”状态,我对其进行telnet,然后关闭此端口连接
调试时,我将SSLConfig和其他对象设置为None,SSLContext对象除外。这正常吗??
试试这样的方法:
if (properties.useSSL()) {
ConnectHttp connect =
ConnectHttp.toHostHttps(properties.urlSSL(), properties.portSSL())
.withCustomHttpsContext(useHttps(system));
Http.get(system).bindAndHandle(appRoute().flow(system, materializer),
connect, materializer);
log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}
终于!问题解决了 我制作了两个新的Http.get(系统)对象,而不是一个对象 所以我的更新代码如下
final Http http = Http.get(system);
log.info("Starting on " + properties.url() + ":" + properties.port());
final ConnectHttp host = ConnectHttp.toHost(properties.url(), properties.port());
Http.get(system).bindAndHandle(appRoute().flow(system, materializer), host, materializer);
log.info("Started on " + properties.url() + ":" + properties.port());
if (properties.useSSL()) {
HttpsConnectionContext https = useHttps(system);
http.setDefaultServerHttpContext(https);
Http.get(system).bindAndHandle(appRoute().flow(system, materializer),
ConnectHttp.toHost(properties.urlSSL(), properties.portSSL()), materializer);
log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}
final Http http = Http.get(system); // Created Once Only
log.info("Starting on " + properties.url() + ":" + properties.port());
final ConnectHttp host = ConnectHttp.toHost(properties.url(), properties.port());
http.bindAndHandle(appRoute().flow(system, materializer), host, materializer);
log.info("Started on " + properties.url() + ":" + properties.port());
if (properties.useSSL()) {
HttpsConnectionContext https = useHttps(system);
ConnectHttp connect = ConnectHttp.toHostHttps(properties.urlSSL(), properties.portSSL())
.withCustomHttpsContext(https);
http.bindAndHandle(appRoute().flow(system, materializer), connect, materializer);
log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}
同时感谢jrudolph对代码的帮助。。。我还必须打开防火墙端口443,使域指向服务器的IP地址
按照Akka Http文档使用SSLContext是可以的。。。如果您按照文档所示使用SSLContext,则无需使用SSLConfig-我目前使用的是Akka v2.4.7。您需要使用
Connect.toHostHttps
来创建HTTPS服务器。Thanx jrudolph。。。现在,当我调试它时,它显示了用于ConnectHttp中https的端口和主机名-但是SSL在我的终端不工作。。。