要使用的 SSL-Config 或 SSLContext?在 Akka Http SSL Java
SSL-Config or SSLContext to be used ? in Akka Http SSL Java
我正在使用来自第三方的 SSL 证书 - 我使用以下命令创建了一个 .p12 密钥库
openssl pkcs12 -export -CAfile Geotrust_EV_Intermediate_Bundle.crt -in www_domainName_in.crt -inkey domainName.in.key -out wtkeystore1.p12 -name CompanyName -passout pass:SomePassWord
我参考了 Akka HTTPS 支持文档并编码如下
public HttpsConnectionContext useHttps(ActorSystem system) {
HttpsConnectionContext https = null;
try {
final char[] password = properties.keystorePassword().toCharArray();
final KeyStore ks = KeyStore.getInstance("PKCS12");
final InputStream keystore = WDService.class.getClassLoader().getResourceAsStream("wtkeystore.p12");
if (keystore == null) {
throw new RuntimeException("Keystore required!");
}
ks.load(keystore, password);
final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
keyManagerFactory.init(ks, password);
final TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
final SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagerFactory.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());
final AkkaSSLConfig sslConfig = AkkaSSLConfig.get(system);
https = ConnectionContext.https(sslContext);
} catch (NoSuchAlgorithmException | KeyManagementException e) {
system.log().error(e.getCause() + " while configuring HTTPS.", e);
} catch (CertificateException | KeyStoreException | UnrecoverableKeyException | IOException e) {
system.log().error(e.getCause() + " while ", e);
}
return https;
}
我的主文件代码如下
final Http http = Http.get(system);
log.info("Starting on " + properties.url() + ":" + properties.port());
final ConnectHttp host = ConnectHttp.toHost(properties.url(), properties.port());
Http.get(system).bindAndHandle(appRoute().flow(system, materializer), host, materializer);
log.info("Started on " + properties.url() + ":" + properties.port());
if (properties.useSSL()) {
HttpsConnectionContext https = useHttps(system);
http.setDefaultServerHttpContext(https);
Http.get(system).bindAndHandle(appRoute().flow(system, materializer),
ConnectHttp.toHost(properties.urlSSL(), properties.portSSL()), materializer);
log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}
现在我可以绑定到 Akka Http,并且根本没有报告错误,但是我的 https 请求在服务器上被拒绝了(它甚至没有到达 akka/http - 所以没有错误登录 akka系统)和 http://domainName.in 工作正常。
问题:
我是不是漏掉了上面的任何步骤??
我只使用 SSLContext - 可以吗,或者我也应该使用 SSLConfig 吗?如果是 - 那么我该如何使用 SSLConfig,因为似乎没有提供适当的文档
- 是否需要通过 keytool 使用 Java 默认密钥库?因为我相信使用 openssl 生成的 wtkeystore.p12 文件也是一个密钥库并且足够好可以使用。
更新代码 1:
根据建议:
if (properties.useSSL()) {
HttpsConnectionContext https = useHttps(system);
ConnectHttp connect = ConnectHttp.toHostHttps(properties.urlSSL(), properties.portSSL())
.withCustomHttpsContext(https);
Http.get(system).bindAndHandle(appRoute().flow(system, materializer), connect, materializer);
log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}
and also Made sure that Firewall/Network is open for port 443 but
netstat is still showing status as 'ESTABLISHED' and i do telnet to it, this port connection is then closed
当我调试时,我得到 SSLConfig 和其他对象 None,除了 SSLContext 对象。这是正常的??
尝试这样的事情:
if (properties.useSSL()) {
ConnectHttp connect =
ConnectHttp.toHostHttps(properties.urlSSL(), properties.portSSL())
.withCustomHttpsContext(useHttps(system));
Http.get(system).bindAndHandle(appRoute().flow(system, materializer),
connect, materializer);
log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}
终于!解决了...
我正在制作 2 个新的 Http.get(system) 对象而不是一个对象
所以我更新后的代码如下
final Http http = Http.get(system); // Created Once Only
log.info("Starting on " + properties.url() + ":" + properties.port());
final ConnectHttp host = ConnectHttp.toHost(properties.url(), properties.port());
http.bindAndHandle(appRoute().flow(system, materializer), host, materializer);
log.info("Started on " + properties.url() + ":" + properties.port());
if (properties.useSSL()) {
HttpsConnectionContext https = useHttps(system);
ConnectHttp connect = ConnectHttp.toHostHttps(properties.urlSSL(), properties.portSSL())
.withCustomHttpsContext(https);
http.bindAndHandle(appRoute().flow(system, materializer), connect, materializer);
log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}
也感谢 jrudolph 帮助编写代码...我还必须打开防火墙端口 443 并使域指向服务器的 IP 地址
根据 Akka Http 文档使用 SSLContext 没问题...如果您根据文档显示使用 SSLContext,则无需使用 SSLConfig - 我目前使用的是 Akka v2.4.7。
我正在使用来自第三方的 SSL 证书 - 我使用以下命令创建了一个 .p12 密钥库
openssl pkcs12 -export -CAfile Geotrust_EV_Intermediate_Bundle.crt -in www_domainName_in.crt -inkey domainName.in.key -out wtkeystore1.p12 -name CompanyName -passout pass:SomePassWord
我参考了 Akka HTTPS 支持文档并编码如下
public HttpsConnectionContext useHttps(ActorSystem system) {
HttpsConnectionContext https = null;
try {
final char[] password = properties.keystorePassword().toCharArray();
final KeyStore ks = KeyStore.getInstance("PKCS12");
final InputStream keystore = WDService.class.getClassLoader().getResourceAsStream("wtkeystore.p12");
if (keystore == null) {
throw new RuntimeException("Keystore required!");
}
ks.load(keystore, password);
final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
keyManagerFactory.init(ks, password);
final TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
final SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagerFactory.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());
final AkkaSSLConfig sslConfig = AkkaSSLConfig.get(system);
https = ConnectionContext.https(sslContext);
} catch (NoSuchAlgorithmException | KeyManagementException e) {
system.log().error(e.getCause() + " while configuring HTTPS.", e);
} catch (CertificateException | KeyStoreException | UnrecoverableKeyException | IOException e) {
system.log().error(e.getCause() + " while ", e);
}
return https;
}
我的主文件代码如下
final Http http = Http.get(system);
log.info("Starting on " + properties.url() + ":" + properties.port());
final ConnectHttp host = ConnectHttp.toHost(properties.url(), properties.port());
Http.get(system).bindAndHandle(appRoute().flow(system, materializer), host, materializer);
log.info("Started on " + properties.url() + ":" + properties.port());
if (properties.useSSL()) {
HttpsConnectionContext https = useHttps(system);
http.setDefaultServerHttpContext(https);
Http.get(system).bindAndHandle(appRoute().flow(system, materializer),
ConnectHttp.toHost(properties.urlSSL(), properties.portSSL()), materializer);
log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}
现在我可以绑定到 Akka Http,并且根本没有报告错误,但是我的 https 请求在服务器上被拒绝了(它甚至没有到达 akka/http - 所以没有错误登录 akka系统)和 http://domainName.in 工作正常。
问题:
我是不是漏掉了上面的任何步骤??
我只使用 SSLContext - 可以吗,或者我也应该使用 SSLConfig 吗?如果是 - 那么我该如何使用 SSLConfig,因为似乎没有提供适当的文档
- 是否需要通过 keytool 使用 Java 默认密钥库?因为我相信使用 openssl 生成的 wtkeystore.p12 文件也是一个密钥库并且足够好可以使用。
更新代码 1: 根据建议:
if (properties.useSSL()) {
HttpsConnectionContext https = useHttps(system);
ConnectHttp connect = ConnectHttp.toHostHttps(properties.urlSSL(), properties.portSSL())
.withCustomHttpsContext(https);
Http.get(system).bindAndHandle(appRoute().flow(system, materializer), connect, materializer);
log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}
and also Made sure that Firewall/Network is open for port 443 but netstat is still showing status as 'ESTABLISHED' and i do telnet to it, this port connection is then closed
当我调试时,我得到 SSLConfig 和其他对象 None,除了 SSLContext 对象。这是正常的??
尝试这样的事情:
if (properties.useSSL()) {
ConnectHttp connect =
ConnectHttp.toHostHttps(properties.urlSSL(), properties.portSSL())
.withCustomHttpsContext(useHttps(system));
Http.get(system).bindAndHandle(appRoute().flow(system, materializer),
connect, materializer);
log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}
终于!解决了...
我正在制作 2 个新的 Http.get(system) 对象而不是一个对象 所以我更新后的代码如下
final Http http = Http.get(system); // Created Once Only
log.info("Starting on " + properties.url() + ":" + properties.port());
final ConnectHttp host = ConnectHttp.toHost(properties.url(), properties.port());
http.bindAndHandle(appRoute().flow(system, materializer), host, materializer);
log.info("Started on " + properties.url() + ":" + properties.port());
if (properties.useSSL()) {
HttpsConnectionContext https = useHttps(system);
ConnectHttp connect = ConnectHttp.toHostHttps(properties.urlSSL(), properties.portSSL())
.withCustomHttpsContext(https);
http.bindAndHandle(appRoute().flow(system, materializer), connect, materializer);
log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}
也感谢 jrudolph 帮助编写代码...我还必须打开防火墙端口 443 并使域指向服务器的 IP 地址
根据 Akka Http 文档使用 SSLContext 没问题...如果您根据文档显示使用 SSLContext,则无需使用 SSLConfig - 我目前使用的是 Akka v2.4.7。