这是基于netty项目的HttpSnoop服务器示例的解决方案。
设置客户端管道时,必须如下设置ssl引擎:
public ChannelPipeline getPipeline() throws Exception { // Create a default pipeline implementation. ChannelPipeline pipeline = pipeline(); // Uncomment the following line if you want HTTPS SSLEngine engine = SecureChatSslContextFactory.getServerContext().createSSLEngine(); engine.setUseClientMode(false); engine.setNeedClientAuth(true); pipeline.addLast("ssl", new SslHandler(engine)); pipeline.addLast("deprer", new HttpRequestDeprer()); pipeline.addLast("logger", new RequestAuditLogger()); // Uncomment the following line if you don't want to handle HttpChunks. pipeline.addLast("aggregator", new HttpChunkAggregator(1048576)); pipeline.addLast("outputLogger", new ResponseAuditLogger()); pipeline.addLast("enprer", new HttpResponseEnprer()); // Remove the following line if you don't want automatic content compression. pipeline.addLast("deflater", new HttpContentCompressor()); pipeline.addLast("handler", new HttpSnoopServerHandler()); return pipeline;}}然后,必须对SSLContext进行如下修改,以建立除密钥库(SecureChatSslContextFactory)之外的信任库:
public final class SecureChatSslContextFactory {private static Logger logger = LoggerFactory.getLogger(SecureChatSslContextFactory.class);private static final String PROTOCOL = "TLS";private static final SSLContext SERVER_CONTEXT;private static final SSLContext CLIENT_CONTEXT;static { SSLContext serverContext = null; SSLContext clientContext = null; // get keystore and trustore locations and passwords String keyStoreLocation = System.getProperty("javax.net.ssl.keyStore"); String keyStorePassword = System.getProperty("javax.net.ssl.keyStorePassword"); String trustStoreLocation = System.getProperty("javax.net.ssl.trustStore"); String trustStorePassword = System.getProperty("javax.net.ssl.trustStorePassword"); try { KeyStore ks = KeyStore.getInstance("JKS"); ks.load(KeyStoreStreamManager.asInputStream(keyStoreLocation), keyStorePassword.toCharArray()); // Set up key manager factory to use our key store KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, keyStorePassword.toCharArray()); // truststore KeyStore ts = KeyStore.getInstance("JKS"); ts.load(KeyStoreStreamManager.asInputStream(trustStoreLocation), trustStorePassword.toCharArray()); // set up trust manager factory to use our trust store TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(ts); // Initialize the SSLContext to work with our key managers. serverContext = SSLContext.getInstance(PROTOCOL); serverContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); } catch (Exception e) { throw new Error( "Failed to initialize the server-side SSLContext", e); } try { clientContext = SSLContext.getInstance(PROTOCOL); clientContext.init(null, SecureChatTrustManagerFactory.getTrustManagers(), null); } catch (Exception e) { throw new Error( "Failed to initialize the client-side SSLContext", e); } SERVER_ConTEXT = serverContext; CLIENT_ConTEXT = clientContext;}public static SSLContext getServerContext() { return SERVER_CONTEXT;}public static SSLContext getClientContext() { return CLIENT_CONTEXT;}private SecureChatSslContextFactory() { // Unused}}
