netty配置SSL、netty配置https(开发)
我们在开发下使用ssl,所用的证书将不被客户端信任。
转自:https://lingkang.top/archives/netty-pei-zhi-ssl
方案一
快速。使用netty提供的临时签发证书
private static SslContext sslContext = null;public ServerChannelHandler(RouterConfig config) {this.config = config;try {if (sslContext != null)return;// 使用临时签发的一个证书SelfSignedCertificate ssc = new SelfSignedCertificate();sslContext = SslContextBuilder.forServer(ssc.certificate(),ssc.privateKey()).build();} catch (Exception e) {e.printStackTrace();}}
配置
@Slf4j
public class ServerChannelHandler extends ChannelInitializer<SocketChannel> {private final RouterConfig config;private static SslContext sslContext = null;public ServerChannelHandler(RouterConfig config) {this.config = config;try {if (sslContext != null)return;// 使用临时签发的一个证书SelfSignedCertificate ssc = new SelfSignedCertificate();sslContext = SslContextBuilder.forServer(ssc.certificate(),ssc.privateKey()).build();} catch (Exception e) {e.printStackTrace();}}@Overrideprotected void initChannel(SocketChannel ch) throws Exception {ChannelPipeline pipeline = ch.pipeline();// 使用netty临时签发的证书pipeline.addLast(sslContext.newHandler(ch.alloc()));pipeline.addLast(new HttpServerCodec());// http编解码pipeline.addLast(new HttpObjectAggregator(config.getMaxContentLength()));pipeline.addLast(new DispatcherHandler(config));}
}
访问时需要你提前加上https,不会为你自动重定向到https
https://localhost:9595/
但是此时你发现控制台:
这是因为证书不被客户端信任,如果你是使用 logback日志,可以配置忽略它:
logback.xml的configuration中添加
<logger name="io.netty.channel.DefaultChannelPipeline" level="OFF"/>
上面的警告日志将不再打印,nice~
方案二
使用jdk自签一个jks证书:
keytool -genkeypair -alias lk -keyalg RSA -keypass 123456 -storepass 123456 -keyalg RSA -keysize 2048 -validity 3650 -keystore lk.jks
配置ssl
@Slf4j
public class ServerChannelHandler extends ChannelInitializer<SocketChannel> {private final RouterConfig config;public ServerChannelHandler(RouterConfig config) {this.config = config;}@Overrideprotected void initChannel(SocketChannel ch) throws Exception {ChannelPipeline pipeline = ch.pipeline();// ssl, 每次访问都要加载新的 SSLEngine 对象SSLEngine sslEngine = getSslContext().createSSLEngine();// 声明服务端sslEngine.setUseClientMode(false);pipeline.addLast(new SslHandler(sslEngine));pipeline.addLast(new HttpServerCodec());// http编解码pipeline.addLast(new HttpObjectAggregator(config.getMaxContentLength()));pipeline.addLast(new DispatcherHandler(config));}private static SSLContext getSslContext() throws Exception {// 密码char[] passArray = "123456".toCharArray();SSLContext sslContext = SSLContext.getInstance("TLSv1");KeyStore ks = KeyStore.getInstance("JKS");//加载keytool 生成的文件FileInputStream inputStream = new FileInputStream("C:\\Users\\Administrator\\Desktop\\temp\\ssl\\lk.jks");ks.load(inputStream, passArray);KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());kmf.init(ks, passArray);sslContext.init(kmf.getKeyManagers(), null, null);inputStream.close();return sslContext;}
}
效果
