lxy/redkale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
Redkale
2018-03-13 09:28:13 +08:00
parent 34e37471b8
commit bf535a7161
3 changed files with 69 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/META-INF/application-template.xml
View File

@@ -129,8 +129,13 @@
<!-- <!--
【节点在<server>中唯一】 【节点在<server>中唯一】
value: 创建SSLContext的实现类, 可自定义必须是org.redkale.net.SSLCreator的子类 value: 创建SSLContext的实现类, 可自定义必须是org.redkale.net.SSLCreator的子类
clientauth: true/false/want
keystorepass: KEY密码
keystorefile: KEY文件
truststorepass: TRUST密码
truststorefile: TRUST文件
--> -->
<ssl creator="" p12="{APP_HOME}/conf/xxx.p12" jks="{APP_HOME}/conf/xxx.jks" pem="{APP_HOME}/conf/xxx.pem"/> <ssl creator=""/>
<!-- <!--
加载所有的Service服务; 加载所有的Service服务;

20
src/org/redkale/net/SSLClientAuth.java Normal file
View File

@@ -0,0 +1,20 @@
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package org.redkale.net;
/**
*
* <p>
* 详情见: https://redkale.org
*
* @author zhangjx
*/
public enum SSLClientAuth {
NONE,
NEED,
WANT,
CLIENT;
}

47
src/org/redkale/net/SSLCreator.java
View File

@@ -5,8 +5,10 @@
*/ */
package org.redkale.net; package org.redkale.net;
import java.io.IOException; import java.io.*;
import javax.net.ssl.SSLContext; import java.security.*;
import java.security.cert.*;
import javax.net.ssl.*;
import org.redkale.util.*; import org.redkale.util.*;
/** /**
@@ -19,8 +21,45 @@ import org.redkale.util.*;
*/ */
public interface SSLCreator { public interface SSLCreator {
default SSLContext create(Server server, AnyValue sslConf) throws IOException { default SSLContext create(Server server, AnyValue sslConf) throws Exception {
String keyfile = sslConf.getValue("keystorefile");
String keypass = sslConf.getValue("keystorepass", "");
KeyManager[] keyManagers = null;
if (keyfile != null) {
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(keyfile), keypass.toCharArray());
kmf.init(ks, keypass.toCharArray());
keyManagers = kmf.getKeyManagers();
}
return null; String trustfile = sslConf.getValue("truststorefile");
String trustpass = sslConf.getValue("truststorepass", "");
TrustManager[] trustManagers;
if (trustfile != null) {
KeyStore ts = KeyStore.getInstance("JKS");
ts.load(new FileInputStream(trustfile), trustpass.toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ts);
trustManagers = tmf.getTrustManagers();
} else {
trustManagers = new TrustManager[]{new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}};
}
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagers, trustManagers, new SecureRandom());
return sslContext;
} }
} }