src/META-INF/application-template.xml

@@ -129,8 +129,13 @@
         <!-- 
            【节点在<server>中唯一】
            value: 创建SSLContext的实现类, 可自定义，必须是org.redkale.net.SSLCreator的子类
+           clientauth: true/false/want
+           keystorepass: KEY密码
+           keystorefile: KEY文件
+           truststorepass: TRUST密码
+           truststorefile: TRUST文件
         -->
-        <ssl creator="" p12="{APP_HOME}/conf/xxx.p12" jks="{APP_HOME}/conf/xxx.jks" pem="{APP_HOME}/conf/xxx.pem"/>
+        <ssl creator=""/>
         
         <!-- 
            加载所有的Service服务;

src/org/redkale/net/SSLClientAuth.java

@@ -0,0 +1,20 @@
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package org.redkale.net;
+
+/**
+ *
+ * <p>
+ * 详情见: https://redkale.org
+ *
+ * @author zhangjx
+ */
+public enum SSLClientAuth {
+    NONE,
+    NEED,
+    WANT,
+    CLIENT;
+}

src/org/redkale/net/SSLCreator.java

@@ -5,8 +5,10 @@
  */
 package org.redkale.net;
 
-import java.io.IOException;
-import javax.net.ssl.SSLContext;
+import java.io.*;
+import java.security.*;
+import java.security.cert.*;
+import javax.net.ssl.*;
 import org.redkale.util.*;
 
 /**
@@ -19,8 +21,45 @@ import org.redkale.util.*;
  */
 public interface SSLCreator {
 
-    default SSLContext create(Server server, AnyValue sslConf) throws IOException {
+    default SSLContext create(Server server, AnyValue sslConf) throws Exception {
+        String keyfile = sslConf.getValue("keystorefile");
+        String keypass = sslConf.getValue("keystorepass", "");
+        KeyManager[] keyManagers = null;
+        if (keyfile != null) {
+            KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
+            KeyStore ks = KeyStore.getInstance("JKS");
+            ks.load(new FileInputStream(keyfile), keypass.toCharArray());
+            kmf.init(ks, keypass.toCharArray());
+            keyManagers = kmf.getKeyManagers();
+        }
 
-        return null;
+        String trustfile = sslConf.getValue("truststorefile");
+        String trustpass = sslConf.getValue("truststorepass", "");
+        TrustManager[] trustManagers;
+        if (trustfile != null) {
+            KeyStore ts = KeyStore.getInstance("JKS");
+            ts.load(new FileInputStream(trustfile), trustpass.toCharArray());
+            TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
+            tmf.init(ts);
+            trustManagers = tmf.getTrustManagers();
+        } else {
+            trustManagers = new TrustManager[]{new X509TrustManager() {
+                @Override
+                public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
+                }
+
+                @Override
+                public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
+                }
+
+                @Override
+                public X509Certificate[] getAcceptedIssuers() {
+                    return new X509Certificate[0];
+                }
+            }};
+        }
+        SSLContext sslContext = SSLContext.getInstance("TLS");
+        sslContext.init(keyManagers, trustManagers, new SecureRandom());
+        return sslContext;
     }
 }