Java 如何在Jetty Websocket中访问TLS证书
我有一个TLS安全连接,在这个连接上通过web套接字进行通信。我要做的是检查用于TLS连接的证书中包含的属性 Jetty用于HTTP通信,该协议将作为karaf组件运行 我试着尽可能深入地挖掘。我希望在WebsocketComponentServlet中找到一些东西。至少存在ServletUpgrade请求:Java 如何在Jetty Websocket中访问TLS证书,java,ssl,jetty,Java,Ssl,Jetty,我有一个TLS安全连接,在这个连接上通过web套接字进行通信。我要做的是检查用于TLS连接的证书中包含的属性 Jetty用于HTTP通信,该协议将作为karaf组件运行 我试着尽可能深入地挖掘。我希望在WebsocketComponentServlet中找到一些东西。至少存在ServletUpgrade请求: public class WebsocketComponentServlet extends WebSocketServlet { @Override public voi
public class WebsocketComponentServlet extends WebSocketServlet {
@Override
public void configure(WebSocketServletFactory factory) {
factory.setCreator(new WebSocketCreator() {
@Override
public Object createWebSocket(ServletUpgradeRequest req, ServletUpgradeResponse resp)
...
我试图深入研究HTTPSession或ServletUpgradeRequest,但在那里找不到证书信息。如果再往下看,就会看到WebsocketComponent,它至少包含SSLContextParameters。但除了正确设置的密钥存储密码外,大多数字段都是空的。
我是朝着正确的方向前进,还是完全没有抓住要点
编辑:我想我需要更具体一些。下面的答案(谢谢)指向了部署和配置jetty的常用方法。我尝试从测试内部访问认证数据。我包括了源代码:
public class WssProducerConsumerTest extends CamelTestSupport {
protected static final String TEST_MESSAGE = "Hello World!";
protected static final int PORT = AvailablePortFinder.getNextAvailable();
protected Server server;
private Process tpm2dclient = null;
private Process tpm2dserver = null;
private Process ttp = null;
private File socketServer;
private File socketClient;
protected List<Object> messages;
private static String PWD = "password";
public void startTestServer() throws Exception {
// start a simple websocket echo service
server = new Server(PORT);
Connector connector = new ServerConnector(server);
server.addConnector(connector);
ServletContextHandler ctx = new ServletContextHandler();
ctx.setContextPath("/");
ctx.addServlet(TestServletFactory.class.getName(), "/*");
server.setHandler(ctx);
server.start();
assertTrue(server.isStarted());
}
public void stopTestServer() throws Exception {
server.stop();
server.destroy();
}
@Override
public void setUp() throws Exception {
ClassLoader classLoader = getClass().getClassLoader();
URL trustStoreURL = classLoader.getResource("jsse/client-truststore.jks");
System.setProperty("javax.net.ssl.trustStore", trustStoreURL.getFile());
System.setProperty("javax.net.ssl.trustStorePassword", "password");
startTestServer();
super.setUp();
}
@Override
public void tearDown() throws Exception {
super.tearDown();
stopTestServer();
}
@Test
public void testTwoRoutes() throws Exception {
MockEndpoint mock = getMockEndpoint("mock:result");
mock.expectedBodiesReceived(TEST_MESSAGE);
template.sendBody("direct:input", TEST_MESSAGE);
mock.assertIsSatisfied();
}
private static SSLContextParameters defineClientSSLContextClientParameters() {
KeyStoreParameters ksp = new KeyStoreParameters();
ksp.setResource(Thread.currentThread().getContextClassLoader().getResource("jsse/client-keystore.jks").toString());
ksp.setPassword(PWD);
KeyManagersParameters kmp = new KeyManagersParameters();
kmp.setKeyPassword(PWD);
kmp.setKeyStore(ksp);
KeyStoreParameters tsp = new KeyStoreParameters();
tsp.setResource(Thread.currentThread().getContextClassLoader().getResource("jsse/client-truststore.jks").toString());
tsp.setPassword(PWD);
TrustManagersParameters tmp = new TrustManagersParameters();
tmp.setKeyStore(tsp);
SSLContextServerParameters scsp = new SSLContextServerParameters();
//scsp.setClientAuthentication(ClientAuthentication.REQUIRE.name());
scsp.setClientAuthentication(ClientAuthentication.NONE.name());
SSLContextParameters sslContextParameters = new SSLContextParameters();
sslContextParameters.setKeyManagers(kmp);
sslContextParameters.setTrustManagers(tmp);
sslContextParameters.setServerParameters(scsp);
return sslContextParameters;
}
private static SSLContextParameters defineServerSSLContextParameters() {
KeyStoreParameters ksp = new KeyStoreParameters();
ksp.setResource(Thread.currentThread().getContextClassLoader().getResource("jsse/server-keystore.jks").toString());
ksp.setPassword(PWD);
KeyManagersParameters kmp = new KeyManagersParameters();
kmp.setKeyPassword(PWD);
kmp.setKeyStore(ksp);
KeyStoreParameters tsp = new KeyStoreParameters();
tsp.setResource(Thread.currentThread().getContextClassLoader().getResource("jsse/server-truststore.jks").toString());
tsp.setPassword(PWD);
TrustManagersParameters tmp = new TrustManagersParameters();
tmp.setKeyStore(tsp);
SSLContextServerParameters scsp = new SSLContextServerParameters();
//scsp.setClientAuthentication(ClientAuthentication.REQUIRE.name());
scsp.setClientAuthentication(ClientAuthentication.NONE.name());
SSLContextParameters sslContextParameters = new SSLContextParameters();
sslContextParameters.setKeyManagers(kmp);
sslContextParameters.setTrustManagers(tmp);
sslContextParameters.setServerParameters(scsp);
return sslContextParameters;
}
@Override
protected RouteBuilder[] createRouteBuilders() throws Exception {
RouteBuilder[] rbs = new RouteBuilder[2];
// An ips consumer
rbs[0] = new RouteBuilder() {
public void configure() {
// Needed to configure TLS on the client side
WsComponent wsComponent = (WsComponent) context.getComponent("ipsclient");
wsComponent.setSslContextParameters(defineClientSSLContextClientParameters());
from("direct:input").routeId("foo")
.log(">>> Message from direct to WebSocket Client : ${body}")
.to("ipsclient://localhost:9292/echo")
.log(">>> Message from WebSocket Client to server: ${body}");
}
};
// An ips provider
rbs[1] = new RouteBuilder() {
public void configure() {
// Needed to configure TLS on the server side
WebsocketComponent websocketComponent = (WebsocketComponent) context.getComponent("ipsserver");
websocketComponent.setSslContextParameters(defineServerSSLContextParameters());
// This route is set to use TLS, referring to the parameters set above
from("ipsserver:localhost:9292/echo")
.log(">>> Message from WebSocket Server to mock: ${body}")
.to("mock:result");
}
};
return rbs;
}
}
公共类WssProducerConsumerTest扩展了CamelTest支持{
受保护的静态最终字符串测试\u MESSAGE=“Hello World!”;
受保护的静态最终int端口=AvailablePortFinder.getNextAvailable();
受保护的服务器;
私有进程tpm2dclient=null;
私有进程tpm2dserver=null;
私有进程ttp=null;
私有文件socketServer;
私有文件socketClient;
受保护的列表消息;
私有静态字符串PWD=“密码”;
public void startSetServer()引发异常{
//启动一个简单的websocket回显服务
服务器=新服务器(端口);
连接器连接器=新的服务器连接器(服务器);
addConnector(连接器);
ServletContextHandler ctx=新的ServletContextHandler();
ctx.setContextPath(“/”);
addServlet(TestServletFactory.class.getName(),“/*”);
setHandler(ctx);
server.start();
assertTrue(server.isStarted());
}
public void stopTestServer()引发异常{
server.stop();
server.destroy();
}
@凌驾
public void setUp()引发异常{
ClassLoader ClassLoader=getClass().getClassLoader();
URL trustStoreURL=classLoader.getResource(“jsse/client-truststore.jks”);
setProperty(“javax.net.ssl.trustStore”,trustStoreURL.getFile());
setProperty(“javax.net.ssl.trustStorePassword”、“password”);
starttsetserver();
super.setUp();
}
@凌驾
public void tearDown()引发异常{
super.tearDown();
stopTestServer();
}
@试验
public void testTwoRoutes()引发异常{
MockEndpoint mock=getMockEndpoint(“mock:result”);
收到模拟的预期实体(测试消息);
发送体(“直接:输入”,测试消息);
mock.assertessatified();
}
私有静态SSLContextParameters defineClientSSLContextClientParameters(){
KeyStoreParameters ksp=新KeyStoreParameters();
setResource(Thread.currentThread().getContextClassLoader().getResource(“jsse/client keystore.jks”).toString());
ksp.setPassword(PWD);
KeyManagersParameters kmp=新的KeyManagersParameters();
kmp.设置密钥密码(PWD);
kmp.setKeyStore(ksp);
KeyStoreParameters tsp=新KeyStoreParameters();
setResource(Thread.currentThread().getContextClassLoader().getResource(“jsse/client truststore.jks”).toString());
设置密码(PWD);
TrustManagersParameters tmp=新的TrustManagersParameters();
tmp.setKeyStore(tsp);
SSLContextServerParameters scsp=新的SSLContextServerParameters();
//scsp.setClientAuthentication(ClientAuthentication.REQUIRE.name());
scsp.setClientAuthentication(ClientAuthentication.NONE.name());
SSLContextParameters SSLContextParameters=新的SSLContextParameters();
sslContextParameters.setKeyManager(kmp);
sslContextParameters.setTrustManager(tmp);
sslContextParameters.setServerParameters(scsp);
返回sslContextParameters;
}
专用静态SSLContextParameters defineServerSSLContextParameters(){
KeyStoreParameters ksp=新KeyStoreParameters();
setResource(Thread.currentThread().getContextClassLoader().getResource(“jsse/server keystore.jks”).toString());
ksp.setPassword(PWD);
KeyManagersParameters kmp=新的KeyManagersParameters();
kmp.设置密钥密码(PWD);
kmp.setKeyStore(ksp);
KeyStoreParameters tsp=新KeyStoreParameters();
setResource(Thread.currentThread().getContextClassLoader().getResource(“jsse/server truststore.jks”).toString());
设置密码(PWD);
TrustManagersParameters tmp=新的TrustManagersParameters();
tmp.setKeyStore(tsp);
SSLContextServerParameters scsp=新的SSLContextServerParameters();
//scsp.setClientAuthentication(ClientAuthentication.REQUIRE.name());
scsp.setClientAuthentication(ClientAuthentication.NONE.name());
SSLContextParameters SSLContextParameters=新的SSLContextParameters();
sslContextParameters.setKeyManager(kmp);
sslContextParameters.setTrustManager(tmp);
sslContextParameters.setServerParameters(scsp);
返回sslContextParameters;
}
@凌驾
受保护的RouteBuilder[]createRouteBuilders()引发异常{
RouteBuilder[]rbs=新RouteBuilder[2];
//ips消费者
rbs[0]=新RouteBuilder(){
public void configure(){
//需要在客户端配置TLS
WsComponent=(WsComponent)context.getComponent(“ipsclient”);
wsComponent.setSslContextParameters(定义文件)