带有客户端证书的嵌入式Jetty
我想创建嵌入式https服务器,要求客户端提供证书,我使用的是: http : //www.smartjava.org/content/embedded-jetty-client-certificates
现在我的问题是,如果我的docker被剔除,我如何为我的代码提供密钥库和信任库文件。 我的意思是代码中的这些行:
// the keystore (with one key) we'll use to make the connection with the // broker private final static String KEYSTORE_LOCATION = "src/main/resources/client_keystore.jks"; private final static String KEYSTORE_PASS = "secret"; // the truststore we use for our server. This keystore should contain all the keys // that are allowed to make a connection to the server private final static String TRUSTSTORE_LOCATION = "src/main/resources/truststore.jks"; private final static String TRUSTSTORE_PASS = "secret"; 谢谢
在github.com/eclipse/jetty.project上有很多关于Jetty嵌入式使用的例子
示例: LikeJettyXml.java – Jetty 8,未使用XML,设置SSL连接器。
SslSelectChannelConnector ssl_connector = new SslSelectChannelConnector(); ssl_connector.setPort(8443); SslContextFactory cf = ssl_connector.getSslContextFactory(); cf.setKeyStorePath(jetty_home + "/etc/keystore"); cf.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"); cf.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g"); cf.setTrustStore(jetty_home + "/etc/keystore"); cf.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"); cf.setExcludeCipherSuites( new String[] { "SSL_RSA_WITH_DES_CBC_SHA", "SSL_DHE_RSA_WITH_DES_CBC_SHA", "SSL_DHE_DSS_WITH_DES_CBC_SHA", "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" }); ssl_connector.setStatsOn(false); server.addConnector(ssl_connector); ssl_connector.open(); SslSocketConnector ssl2_connector = new SslSocketConnector(cf); ssl2_connector.setPort(8444); ssl2_connector.setStatsOn(false); server.addConnector(ssl2_connector); ssl2_connector.open();