如何在Jetty Websocket中访问TLS证书

时间:2016-10-26 09:19:36

标签: java ssl jetty

我有一个TLS安全连接,在此基础上执行通过Web套接字的通信。我想要做的是检查证书中包含的用于TLS连接的属性。

Jetty用于HTTP通信,协议将作为karaf组件运行。

我试图尽可能深入挖掘图层。我希望在WebsocketComponentServlet中找到一些东西。至少有ServletUpgradeRequest:

public class WebsocketComponentServlet extends WebSocketServlet {
    @Override
    public void configure(WebSocketServletFactory factory) {
        factory.setCreator(new WebSocketCreator() {
        @Override
        public Object createWebSocket(ServletUpgradeRequest req,    ServletUpgradeResponse resp)             
            ...

我试图深入了解HTTPSession或ServletUpgradeRequest,但我无法在那里找到证书信息。如果我继续往下走,我会进入WebsocketComponent,它至少包含SSLContextParameters。但除了正确设置的密钥库密码外,大多数字段都是空的。 我是朝着正确的方向前进还是我完全忽略了这一点?

编辑:我想我需要更具体一点。下面的答案(谢谢你)指出了部署和配置jetty的常用方法。我尝试从我的测试中访问证书数据。我包含了源代码:

public class WssProducerConsumerTest extends CamelTestSupport {
    protected static final String TEST_MESSAGE = "Hello World!";
    protected static final int PORT = AvailablePortFinder.getNextAvailable();
    protected Server server;
    private Process tpm2dclient = null;
    private Process tpm2dserver = null;
    private Process ttp = null;
    private File socketServer;
    private File socketClient;
    protected List<Object> messages;
    private static String PWD = "password";

    public void startTestServer() throws Exception {
        // start a simple websocket echo service
        server = new Server(PORT);
        Connector connector = new ServerConnector(server);
        server.addConnector(connector);

        ServletContextHandler ctx = new ServletContextHandler();
        ctx.setContextPath("/");
        ctx.addServlet(TestServletFactory.class.getName(), "/*");

        server.setHandler(ctx);

        server.start();
        assertTrue(server.isStarted());      
    }

    public void stopTestServer() throws Exception {
        server.stop();
        server.destroy();
    }

    @Override
    public void setUp() throws Exception {

        ClassLoader classLoader = getClass().getClassLoader();
        URL trustStoreURL = classLoader.getResource("jsse/client-truststore.jks");
        System.setProperty("javax.net.ssl.trustStore", trustStoreURL.getFile());
        System.setProperty("javax.net.ssl.trustStorePassword", "password");
        startTestServer();
        super.setUp();
    }

    @Override
    public void tearDown() throws Exception {
        super.tearDown();
        stopTestServer();
    }

    @Test
    public void testTwoRoutes() throws Exception {
        MockEndpoint mock = getMockEndpoint("mock:result");
        mock.expectedBodiesReceived(TEST_MESSAGE);

        template.sendBody("direct:input", TEST_MESSAGE);

        mock.assertIsSatisfied();
    }


    private static SSLContextParameters defineClientSSLContextClientParameters() {

        KeyStoreParameters ksp = new KeyStoreParameters();
        ksp.setResource(Thread.currentThread().getContextClassLoader().getResource("jsse/client-keystore.jks").toString());
        ksp.setPassword(PWD);

        KeyManagersParameters kmp = new KeyManagersParameters();
        kmp.setKeyPassword(PWD);
        kmp.setKeyStore(ksp);

        KeyStoreParameters tsp = new KeyStoreParameters();
        tsp.setResource(Thread.currentThread().getContextClassLoader().getResource("jsse/client-truststore.jks").toString());

        tsp.setPassword(PWD);

        TrustManagersParameters tmp = new TrustManagersParameters();
        tmp.setKeyStore(tsp);

        SSLContextServerParameters scsp = new SSLContextServerParameters();
        //scsp.setClientAuthentication(ClientAuthentication.REQUIRE.name());
        scsp.setClientAuthentication(ClientAuthentication.NONE.name());

        SSLContextParameters sslContextParameters = new SSLContextParameters();
        sslContextParameters.setKeyManagers(kmp);
        sslContextParameters.setTrustManagers(tmp);
        sslContextParameters.setServerParameters(scsp);


        return sslContextParameters;
    }

    private static SSLContextParameters defineServerSSLContextParameters() {
        KeyStoreParameters ksp = new KeyStoreParameters();
        ksp.setResource(Thread.currentThread().getContextClassLoader().getResource("jsse/server-keystore.jks").toString());
        ksp.setPassword(PWD);

        KeyManagersParameters kmp = new KeyManagersParameters();
        kmp.setKeyPassword(PWD);
        kmp.setKeyStore(ksp);

        KeyStoreParameters tsp = new KeyStoreParameters();
        tsp.setResource(Thread.currentThread().getContextClassLoader().getResource("jsse/server-truststore.jks").toString());
        tsp.setPassword(PWD);

        TrustManagersParameters tmp = new TrustManagersParameters();
        tmp.setKeyStore(tsp);

        SSLContextServerParameters scsp = new SSLContextServerParameters();
        //scsp.setClientAuthentication(ClientAuthentication.REQUIRE.name());
        scsp.setClientAuthentication(ClientAuthentication.NONE.name());

        SSLContextParameters sslContextParameters = new SSLContextParameters();
        sslContextParameters.setKeyManagers(kmp);
        sslContextParameters.setTrustManagers(tmp);
        sslContextParameters.setServerParameters(scsp);


       return sslContextParameters;
    }

    @Override
    protected RouteBuilder[] createRouteBuilders() throws Exception {
        RouteBuilder[] rbs = new RouteBuilder[2];

        // An ips consumer
        rbs[0] = new RouteBuilder() {
            public void configure() {

                // Needed to configure TLS on the client side
                WsComponent wsComponent = (WsComponent) context.getComponent("ipsclient");
                wsComponent.setSslContextParameters(defineClientSSLContextClientParameters());

                from("direct:input").routeId("foo")
                    .log(">>> Message from direct to WebSocket Client : ${body}")
                    .to("ipsclient://localhost:9292/echo")
                    .log(">>> Message from WebSocket Client to server: ${body}");
                }
        };

        // An ips provider
        rbs[1] = new RouteBuilder() {
            public void configure() {

                    // Needed to configure TLS on the server side
                    WebsocketComponent websocketComponent = (WebsocketComponent) context.getComponent("ipsserver");
                    websocketComponent.setSslContextParameters(defineServerSSLContextParameters());

                    // This route is set to use TLS, referring to the parameters set above
                    from("ipsserver:localhost:9292/echo")
                    .log(">>> Message from WebSocket Server to mock: ${body}")
                    .to("mock:result");
            }
        };
        return rbs;
    }
}

1 个答案:

答案 0 :(得分:0)

  

注意:以下答案仅适用于以下条件

     
      
  1. ServerConnector支持HTTPS / SSL / TLS。
    2.   
  2. ServerConnector有适当的HttpConfiguration,指明其流量是安全的
    3.   
  3. ServerConnector已将SecureRequestCustomizer添加到其HttpConfiguration(这样可以填充HttpServletRequest属性以及有关安全连接的各种servlet规范详细信息)< / LI>   
  4. 已收到此ServerConnector
    5. 的请求   
  5. 您在Jetty终止SSL / TLS(如果您在Jetty之前终止SSL / TLS,那么Jetty无权访问此证书信息)
    6.   

org.eclipse.jetty.websocket.servlet.ServletUpgradeRequest

中有几个选项
相关问题
最新问题