我正在尝试使我的套接字appender安全。 目前的配置是:
appender.socket.type = Socket
appender.socket.name = SOCKET_APPENDER
appender.socket.host = localhost
appender.socket.port = 4712
appender.socket.reconnectionDelayMillis = 10000
如何向其添加SSL配置(密钥库配置和信任库配置)?
答案 0 :(得分:0)
通过添加:
让它发挥作用appender.smswebstart.protocol = TCP
appender.smswebstart.ssl.type = SSL
appender.smswebstart.ssl.protocol = SSL
appender.smswebstart.ssl.keystore.type=KeyStore
appender.smswebstart.ssl.keystore.location=${ctx:location}
appender.smswebstart.ssl.keystore.password=${ctx:password}
appender.smswebstart.ssl.truststore.type=TrustStore
appender.smswebstart.ssl.truststore.location=${ctx:location}
appender.smswebstart.ssl.truststore.password=${ctx:password}
这个问题是它使商店密钥在这里是纯文本。 所以,另一种方法是使用自定义appender。
以下是我如何获得自定义appender。
@Plugin(
name = "SSLSocket",
category = "Core",
elementType = "appender",
printObject = true
)
public class SSLSocketAppender extends SocketAppender {
private static StatusLogger statusLogger = StatusLogger.getLogger();
protected SSLSocketAppender(String name, Layout<? extends Serializable> layout, Filter filter, AbstractSocketManager manager, boolean ignoreExceptions, boolean immediateFlush, Advertiser advertiser) {
super(name, layout, filter, manager, ignoreExceptions, immediateFlush, advertiser);
}
@PluginFactory
public static SSLSocketAppender createAppender(@PluginAttribute("host") String host, @PluginAttribute(value = "port", defaultInt = 0) int port, @PluginAttribute("protocol") Protocol protocol, @PluginAttribute("name") String name, @PluginElement("Layout") Layout<? extends Serializable> layout, @PluginElement("Filter") Filter filter, @PluginAttribute(value = "connectTimeoutMillis",defaultInt = 0) int connectTimeoutMillis, @PluginAliases({"reconnectionDelay"}) @PluginAttribute(value = "reconnectionDelayMillis",defaultInt = 0) int reconnectDelayMillis, @PluginAttribute(value = "immediateFail",defaultBoolean = true) boolean immediateFail) {
AbstractSocketManager manager = SslSocketManager.getSocketManager(getSSLConfig(), host, port, connectTimeoutMillis, reconnectDelayMillis, immediateFail, layout);
return new SSLSocketAppender(name, layout, filter, manager, true, true, null);
}
private static SslConfiguration getSSLConfig() {
KeyStoreConfiguration keyStoreConfig = null;
TrustStoreConfiguration trustStoreConfig = null;
try {
keyStoreConfig = KeyStoreConfiguration.createKeyStoreConfiguration(keyStorePath, keyStoreKey.toString(), keyFormat, null);
trustStoreConfig = TrustStoreConfiguration.createKeyStoreConfiguration(keyStorePath, keyStoreKey.toString(), keyFormat, null);
}
catch (StoreConfigurationException sce)
{
statusLogger.log(Level.ERROR, "Unable to configure secure socket : " + sce.getMessage());
}
SslConfiguration sslConfig = SslConfiguration.createSSLConfiguration(Protocol.SSL.toString(),keyStoreConfig, trustStoreConfig);
return sslConfig;
}
}
并在配置中使用“SSLSocket”作为appender类型而不是“Socket”