我想创建嵌入式https服务器,要求客户端提供证书,我使用的是: http://www.smartjava.org/content/embedded-jetty-client-certificates
现在我的问题是,如果我的码头被剔除,我怎样才能为我的代码提供密钥库和信任库文件。 我的意思是代码中的这些行:
// the keystore (with one key) we'll use to make the connection with the
// broker
private final static String KEYSTORE_LOCATION = "src/main/resources/client_keystore.jks";
private final static String KEYSTORE_PASS = "secret";
// the truststore we use for our server. This keystore should contain all the keys
// that are allowed to make a connection to the server
private final static String TRUSTSTORE_LOCATION = "src/main/resources/truststore.jks";
private final static String TRUSTSTORE_PASS = "secret";
由于
答案 0 :(得分:0)
在github.com/eclipse/jetty.project
上有许多Jetty嵌入式使用示例示例:LikeJettyXml.java - 没有使用XML的Jetty 8,设置SSL连接器。
SslSelectChannelConnector ssl_connector = new SslSelectChannelConnector();
ssl_connector.setPort(8443);
SslContextFactory cf = ssl_connector.getSslContextFactory();
cf.setKeyStorePath(jetty_home + "/etc/keystore");
cf.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
cf.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
cf.setTrustStore(jetty_home + "/etc/keystore");
cf.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
cf.setExcludeCipherSuites(
new String[] {
"SSL_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_DSS_WITH_DES_CBC_SHA",
"SSL_RSA_EXPORT_WITH_RC4_40_MD5",
"SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"
});
ssl_connector.setStatsOn(false);
server.addConnector(ssl_connector);
ssl_connector.open();
SslSocketConnector ssl2_connector = new SslSocketConnector(cf);
ssl2_connector.setPort(8444);
ssl2_connector.setStatsOn(false);
server.addConnector(ssl2_connector);
ssl2_connector.open();