Embedded Jetty with client certificates

2019-02-21 04:57发布

I want to create embedded https server that required the clients to present a certificate and I am using this: http://www.smartjava.org/content/embedded-jetty-client-certificates

Now my question is that how can I provide keystore and truststore file for my code given that my jetty is emedded. I mean these lines in the code:

// the keystore (with one key) we'll use to make the connection with the
    // broker
    private final static String KEYSTORE_LOCATION = "src/main/resources/client_keystore.jks";
    private final static String KEYSTORE_PASS = "secret";

    // the truststore we use for our server. This keystore should contain all the keys
    // that are allowed to make a connection to the server
    private final static String TRUSTSTORE_LOCATION = "src/main/resources/truststore.jks";
    private final static String TRUSTSTORE_PASS = "secret";

Thanks

1条回答
我只想做你的唯一
2楼-- · 2019-02-21 05:27

There are numerous examples of Jetty embedded use on github.com/eclipse/jetty.project

Example: LikeJettyXml.java - Jetty 8, with no XML used, setting up an SSL connector.

    SslSelectChannelConnector ssl_connector = new SslSelectChannelConnector();
    ssl_connector.setPort(8443);
    SslContextFactory cf = ssl_connector.getSslContextFactory();
    cf.setKeyStorePath(jetty_home + "/etc/keystore");
    cf.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
    cf.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
    cf.setTrustStore(jetty_home + "/etc/keystore");
    cf.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
    cf.setExcludeCipherSuites(
            new String[] {
                "SSL_RSA_WITH_DES_CBC_SHA",
                "SSL_DHE_RSA_WITH_DES_CBC_SHA",
                "SSL_DHE_DSS_WITH_DES_CBC_SHA",
                "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
                "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
                "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
                "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"
            });
    ssl_connector.setStatsOn(false);
    server.addConnector(ssl_connector);
    ssl_connector.open();

    SslSocketConnector ssl2_connector = new SslSocketConnector(cf);
    ssl2_connector.setPort(8444);
    ssl2_connector.setStatsOn(false);
    server.addConnector(ssl2_connector);
    ssl2_connector.open();
查看更多
登录 后发表回答