jetty - 码头插件和 SSL 信任

Question

我正在尝试为本地开发设置码头 maven 插件，但我坚持信任 LDAP 服务器的 SSL，我将其与 spring security 一起用于身份验证。

我尝试使用信任库为 SSL 创建一个连接器，但是我仍然在登录时遇到绑定异常。

<Call name="addConnector">
        <Arg>
            <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
                <Arg>
                    <New class="org.eclipse.jetty.http.ssl.SslContextFactory">
                        <Set name="keyStore">servers/jetty/jetty.jks</Set>
                        <Set name="keyStorePassword">password</Set>
                        <Set name="keyManagerPassword">password</Set>
                        <Set name="trustStore">servers/trust.jks</Set>
                        <Set name="trustStorePassword">password</Set> 
                    </New>
                </Arg>
                <Set name="port">443</Set>
                <Set name="maxIdleTime">30000</Set>
            </New>
        </Arg>
    </Call>

这是一个例外：

simple bind failed: host:port; nested exception is javax.naming.CommunicationException: simple bind failed: host:port [Root exception is javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: java.security.cert.CertPathValidatorException: The certificate issued by ROOT CA is not trusted; internal cause is: java.security.cert.CertPathValidatorException: Certificate chaining error]

似乎连接器的信任库仅限于传入的 SSL 连接。无论如何要让这个与码头一起工作？

Answer 1

我解决了如下：

<Call class="java.lang.System" name="setProperty">
    <Arg>javax.net.ssl.trustStore</Arg>
    <Arg>trust.jks</Arg>
</Call>
<Call class="java.lang.System" name="setProperty">
    <Arg>javax.net.ssl.trustStorePassword</Arg>
    <Arg>xxxx</Arg>
</Call>

Answer 2

对我来说是：

<systemProperty>
    <name>javax.net.ssl.trustStore</name>
    <value>/Users/koraytugay/Desktop/cacerts.jks</value>
</systemProperty>
<systemProperty>
    <name>javax.net.ssl.trustStorePassword</name>
    <value>changeit</value>
</systemProperty>