要使用SSL-Config还是SSLContext?在Akka Http SSL Java中

时间:2017-04-18 09:46:38

标签: java ssl akka-http

我使用的是来自第三方的SSL证书 - 我使用以下命令

创建了一个.p12密钥库
openssl pkcs12 -export -CAfile Geotrust_EV_Intermediate_Bundle.crt -in www_domainName_in.crt -inkey domainName.in.key -out wtkeystore1.p12 -name CompanyName -passout pass:SomePassWord

我已经推荐了Akka HTTPS支持文档,并按照

编码
public HttpsConnectionContext useHttps(ActorSystem system) {
HttpsConnectionContext https = null;
try {
  final char[] password = properties.keystorePassword().toCharArray();

  final KeyStore ks = KeyStore.getInstance("PKCS12");
  final InputStream keystore = WDService.class.getClassLoader().getResourceAsStream("wtkeystore.p12");
  if (keystore == null) {
    throw new RuntimeException("Keystore required!");
  }
  ks.load(keystore, password);
  final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
  keyManagerFactory.init(ks, password);

  final TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
  tmf.init(ks);

  final SSLContext sslContext = SSLContext.getInstance("TLS");
  sslContext.init(keyManagerFactory.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());
  final AkkaSSLConfig sslConfig = AkkaSSLConfig.get(system);
  https = ConnectionContext.https(sslContext);
} catch (NoSuchAlgorithmException | KeyManagementException e) {
  system.log().error(e.getCause() + " while configuring HTTPS.", e);
} catch (CertificateException | KeyStoreException | UnrecoverableKeyException | IOException e) {
  system.log().error(e.getCause() + " while ", e);
}

return https;

}

我的主要文件代码如下

final Http http = Http.get(system);

log.info("Starting on " + properties.url() + ":" + properties.port());
final ConnectHttp host = ConnectHttp.toHost(properties.url(), properties.port());

Http.get(system).bindAndHandle(appRoute().flow(system, materializer), host, materializer);
log.info("Started on " + properties.url() + ":" + properties.port());

if (properties.useSSL()) {

  HttpsConnectionContext https = useHttps(system);
  http.setDefaultServerHttpContext(https);

  Http.get(system).bindAndHandle(appRoute().flow(system, materializer),
      ConnectHttp.toHost(properties.urlSSL(), properties.portSSL()), materializer);
  log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}

现在我能够绑定到Akka Http,并且根本没有报告错误,但我的https请求在服务器上被拒绝(并且它甚至没有达到akka / http - 所以在akka系统中没有错误日志)和{ {3}}工作正常。

问题:

  1. 我错过了上面的任何一步吗?

  2. 我只使用SSLContext - 是的,还是我还要使用SSLConfig?如果是 - 那么我如何使用SSLConfig,因为似乎没有给出适当的文件

  3. 是否需要通过keytool使用Java默认密钥库?因为我相信使用openssl生成的wtkeystore.p12文件也是一个密钥库,并且足以使用。
  4. 更新了代码1: 建议:

    if (properties.useSSL()) {
    
      HttpsConnectionContext https = useHttps(system);
      ConnectHttp connect = ConnectHttp.toHostHttps(properties.urlSSL(), properties.portSSL())
          .withCustomHttpsContext(https);
    
      Http.get(system).bindAndHandle(appRoute().flow(system, materializer), connect, materializer);
      log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
    }
    
      

    并确保防火墙/网络对端口443开放,但是   netstat仍然显示状态为“已建立'然后我telnet到它,这个端口连接然后关闭

    当我调试时,我将SSLConfig和其他对象作为None,除了SSLContext对象。这是正常吗? http://domainName.in

2 个答案:

答案 0 :(得分:1)

尝试类似的东西:

if (properties.useSSL()) {
  ConnectHttp connect =
    ConnectHttp.toHostHttps(properties.urlSSL(), properties.portSSL())
      .withCustomHttpsContext(useHttps(system));

  Http.get(system).bindAndHandle(appRoute().flow(system, materializer),
      connect, materializer);
  log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}

答案 1 :(得分:0)

最后!它解决了......

我正在制作2个新的Http.get(系统)对象,而不是一个单个对象 所以我的更新代码如下

final Http http = Http.get(system); // Created Once Only

log.info("Starting on " + properties.url() + ":" + properties.port());
final ConnectHttp host = ConnectHttp.toHost(properties.url(), properties.port());

http.bindAndHandle(appRoute().flow(system, materializer), host, materializer);
log.info("Started on " + properties.url() + ":" + properties.port());

if (properties.useSSL()) {

  HttpsConnectionContext https = useHttps(system);
  ConnectHttp connect = ConnectHttp.toHostHttps(properties.urlSSL(), properties.portSSL())
      .withCustomHttpsContext(https);

  http.bindAndHandle(appRoute().flow(system, materializer), connect, materializer);
  log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}

也是Thanx to jrudolph帮助代码...我还必须打开防火墙端口443并使域指向服务器的IP地址

根据Akka Http Docs使用SSLContext是可以的......如果您按照文档显示使用SSLContext,则无需使用SSLConfig - 我目前正在使用Akka v2.4.7。