3

我正在使用Simple Framework编写 HTTP 服务器,并希望客户端提供由我的证书颁发机构签名的有效证书以建立连接。

我编写了以下准系统服务器。如何修改此代码以要求对所有 SSL 连接进行客户端证书身份验证?

public static void main(String[] args) throws Exception {
    Container container = createContainer();

    Server server = new ContainerServer(container);
    Connection connection = new SocketConnection(server);
    SocketAddress address = new InetSocketAddress(8443);

    KeyManagerFactory km = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    KeyStore serverKeystore = KeyStore.getInstance(KeyStore.getDefaultType());
    try(InputStream keystoreFile = new FileInputStream(SERVER_KEYSTORE_PATH)) {
        serverKeystore.load(keystoreFile, "asdfgh".toCharArray());
    }
    km.init(serverKeystore, SERVER_KS_PASSWORD.toCharArray());

    TrustManagerFactory tm = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    KeyStore caKeystore = KeyStore.getInstance(KeyStore.getDefaultType());
    try(InputStream caCertFile = new FileInputStream(CA_CERT_PATH)) {
        caKeystore.load(caCertFile, CA_KS_PASSWORD.toCharArray());
    }
    tm.init(caKeystore);

    SSLContext sslContext = SSLContext.getInstance("TLS");
    sslContext.init(km.getKeyManagers(), tm.getTrustManagers(), null);

    connection.connect(address, sslContext);
}
4

1 回答 1

3

尝试这个

public class MyServer implements org.simpleframework.transport.Server {

   private Server delegateServer;

   public MyServer(Server delegateServer){
      this.delegateServer = delegateServer;
   }

   public void process(Socket socket){
     socket.getEngine().setNeedClientAuth(true);
     delegateServer.process(socket);
   }
}
于 2013-06-06T07:30:04.130 回答