通过自定义证书在Netty IO中支持SSL

时间:2014-11-07 14:23:38

标签: openssl ssl-certificate netty x509certificate

我正在尝试在Netty版本4.0.23.Final上支持SSL。

我参考了Netty提供的示例示例 - NettyHTTPSnoop

它工作正常

但是,我需要通过自定义生成的证书来支持它。所以,我使用以下openssl命令生成证书 - 

D:\Program_Files\OpenSSL-Win64\bin>openssl req -x509 -keyout abc.key -out xyz.csr -newkey                  rsa:2048 -config D:\Program_Files\OpenSSL-Win64\bin\openssl.cfg
WARNING: can't open config file: /usr/local/ssl/openssl.cnf 
Loading 'screen' into random state - done
Generating a 2048 bit RSA private key
..+++
...........+++
writing new private key to 'abc.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:---
State or Province Name (full name) [Some-State]:--
Locality Name (eg, city) []:----
Organization Name (eg, company) [Internet Widgits Pty Ltd]:----
Organizational Unit Name (eg, section) []:----
Common Name (e.g. server FQDN or YOUR name) []:-----
Email Address []:------

我将ChannelInitializer更新为以下内容 - 

public class ProxyClientChannelInitializer extends
    ChannelInitializer<SocketChannel> {

@Override
protected void initChannel(SocketChannel ch) throws Exception {

    SelfSignedCertificate ssc = new SelfSignedCertificate();
 //  SslContext sslCtx = SslContext.newServerContext(ssc.certificate(), ssc.privateKey());


    SslContext sslCtx = SslContext.newServerContext(new File(
            "./key/xyz.csr"), new File("./key/abc.key"),"password");

    ch.pipeline().addLast(sslCtx.newHandler(ch.alloc()));

    ch.pipeline().addLast(new LoggingHandler(LogLevel.INFO));

    ch.pipeline().addLast(
            "codec",
            new HttpServerCodec(Integer.MAX_VALUE, Integer.MAX_VALUE,
                    Integer.MAX_VALUE));

    ch.pipeline().addLast("aggregator",
            new HttpObjectAggregator(Integer.MAX_VALUE));

    ch.pipeline().addLast(new ProxyClientChannelHandler());

}
}

当我运行程序时,出现以下错误 - 

io.netty.channel.ChannelInitializer channelRegistered
WARNING: Failed to initialize a channel. Closing: [id: 0x90e8990c, /192.168.56.1:58340 =>    /192.168.56.1:8088]
javax.net.ssl.SSLException: failed to initialize the server-side SSL context
   at io.netty.handler.ssl.JdkSslServerContext.<init>(JdkSslServerContext.java:187)
   at io.netty.handler.ssl.SslContext.newServerContext(SslContext.java:189)
   at io.netty.handler.ssl.SslContext.newServerContext(SslContext.java:99)
at     test.example.netty.proxy.ProxyClientChannelInitializer.initChannel(ProxyClientChannelInitializer.java:31)
at test.example.netty.proxy.ProxyClientChannelInitializer.initChannel(ProxyClientChannelInitializer.java:1)
at io.netty.channel.ChannelInitializer.channelRegistered(ChannelInitializer.java:69)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRegistered(AbstractChannelHandlerContext.java:158)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRegistered(AbstractChannelHandlerContext.java:144)
at io.netty.channel.DefaultChannelPipeline.fireChannelRegistered(DefaultChannelPipeline.java:732)
at io.netty.channel.AbstractChannel$AbstractUnsafe.register0(AbstractChannel.java:442)
at io.netty.channel.AbstractChannel$AbstractUnsafe.access$100(AbstractChannel.java:374)
at io.netty.channel.AbstractChannel$AbstractUnsafe$1.run(AbstractChannel.java:418)
at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:380)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:357)
at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:116)
at io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:137)
at java.lang.Thread.run(Unknown Source)
Caused by: java.security.NoSuchAlgorithmException: 1.2.840.113549.1.5.13 SecretKeyFactory not available
at javax.crypto.SecretKeyFactory.<init>(SecretKeyFactory.java:121)
at javax.crypto.SecretKeyFactory.getInstance(SecretKeyFactory.java:159)
at io.netty.handler.ssl.JdkSslServerContext.generateKeySpec(JdkSslServerContext.java:231)
at io.netty.handler.ssl.JdkSslServerContext.<init>(JdkSslServerContext.java:148)
... 16 more

我不知道我的错误在于证书是否未正确生成或代码中存在问题。请帮我解决一下。我在Google上搜索它,但似乎没有任何效果。

2 个答案:

答案 0 :(得分:2)

如果您直接传递密钥,则需要pkcs8 format中定义的Netty docs

答案 1 :(得分:1)

对于其他人的参考,我也在编写用于以pkcs8格式创建密钥的命令 - 

openssl pkcs8 -topk8 -inform PEM -outform PEM -in abc.key -out abc.pem
相关问题
最新问题