拦截HTTPS Grizzly服务器中的SSL / TLS请求

时间:2020-06-29 17:58:57

标签: ssl jersey tls1.2 jersey-2.0 grizzly

我已经使用grizzly 2.3.30和jersey 2.25.1设置了HTTPS服务器,可以在here.中找到
服务器运行良好,我可以使用证书授权,证书和密钥来卷曲它:

curl -v --cacert $CERTS/myCA.pem --key $CERTS/grizzly.key --cert $CERTS/grizzly.crt https://localhost:9999/hello

我想拦截TLS / SSL请求,因此我可以记录哪些失败,例如:

curl -v https://localhost:9999/hello

我正在以这种方式在Jersey上使用Grizzly Http Server Framework:

public class MyGrizzlyServer {

    public static void main(String[] args) throws Exception {

        System.out.println("Hello main!");
        String uriStr = "https://0.0.0.0:9999/";
        URI uri = URI.create(uriStr);
        final ResourceConfig rc = new ResourceConfig().packages("org");
        HttpServer server = GrizzlyHttpServerFactory.createHttpServer(uri, rc, false);

        SSLEngineConfigurator engineConfig = getSslEngineConfig();

        for (NetworkListener listener : server.getListeners()) {

            listener.setSecure(true);
            listener.setSSLEngineConfig(engineConfig);
        }

        HttpHandler handler = server.getHttpHandler();

        System.out.println("Http server start...");
        server.start();
        System.out.println("Hit enter to stop it...");
        System.in.read();
        server.shutdownNow();
    }

    private static SSLEngineConfigurator getSslEngineConfig() {

        SSLContextConfigurator sslConfigurator = new SSLContextConfigurator();

        sslConfigurator.setKeyStoreFile("./mycerts/grizzly.jks");
        sslConfigurator.setKeyStorePass("awesome");
        sslConfigurator.setTrustStoreFile("./mycerts/myCA.jks");
        sslConfigurator.setTrustStorePass("mycapass");
        sslConfigurator.setSecurityProtocol("TLS");

        SSLContext context = sslConfigurator.createSSLContext(true);
        SSLEngineConfigurator sslEngineConfigurator = new SSLEngineConfigurator(context);
        sslEngineConfigurator.setNeedClientAuth(true);
        sslEngineConfigurator.setClientMode(false);
        return sslEngineConfigurator;
    }
}

我一直在阅读Grizzly documentation,以熟悉其内部结构。
灰熊似乎堆积filter chains用于运输,ssl,http等。
我正在对此进行试验,但是还没有弄清楚如何实现它。

任何提示将不胜感激。

1 个答案:

答案 0 :(得分:0)

在使用过滤器链后,我能够删除默认的SSLBaseFilter并添加从SSLBaseFilter继承的自定义SSL过滤器。
这样,我可以捕获失败的TLS / SSL请求引发的异常。

在MyGrizzlyServer服务器中:

    server.start();

    NetworkListener listener = server.getListener("grizzly");
    FilterChain filterChain = listener.getFilterChain();

    int sslBaseFilterIndex = filterChain.indexOfType(SSLBaseFilter.class);
    filterChain.remove(sslBaseFilterIndex);

    MySslFilter sslFilter = new MySslFilter(sslEngineConfig);
    filterChain.add(sslBaseFilterIndex, sslFilter);

使用自定义SSL过滤器:

public class MySslFilter extends SSLBaseFilter {

    MySslFilter(SSLEngineConfigurator configurator) {
        super(configurator);
    }

    @Override
    public NextAction handleRead(FilterChainContext ctx) throws IOException {

        NextAction nextAction = null;
        try {
            System.out.println(" *** MySslFilter handleRead ***" );
            nextAction = super.handleRead(ctx);
        } catch (IOException e) {
            System.out.println(" *** MySslFilter Exception ***" );
            e.printStackTrace();
        }

        return nextAction;
    }
}
相关问题
最新问题