Netty发送https请求时,需要SSL认证
1.首先创建jks认证证书,认证方式:
通过KeyTool 使用以下命令生成
keytool -genkeypair -alias yourAlias -keypass yourPassword -keyalg RSA -keysize 2048 -validity 365 -keystore filePath -storepass yourPassword
原文链接:
https://www.136.la/jingpin/show-169264.htmlhttps://www.136.la/jingpin/show-169264.html
2.读取jks文件的工具类
public class SslUtil {
private static volatile SSLContext sslContext = null;
/**
* 创建
* @param type 类型(JKS)
* @param path JKS文件路径
* @param password jks 密码
* @return
* @throws Exception
*/
public static SSLContext createSSLContext(String type ,String fileName ,String password) throws Exception {
if(null == sslContext){
synchronized (SslUtil.class) {
if(null == sslContext){
// 支持JKS、PKCS12(我们项目中用的是阿里云免费申请的证书,下载tomcat解压后的pfx文件,对应PKCS12)
KeyStore ks = KeyStore.getInstance(type);
// 证书存放地址
InputStream ksInputStream = SslUtil.class.getClassLoader().getResourceAsStream(fileName);
ks.load(ksInputStream, password.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, password.toCharArray());
sslContext = SSLContext.getInstance("TLS");
sslContext.init(kmf.getKeyManagers(), null, null);
}
}
}
return sslContext;
}
}
3.netty开启ssl验证
SSLContext sslContext = SslUtil.createSSLContext("JKS","xxx.jks","xxxxx");
SSLEngine sslEngine = sslContext.createSSLEngine();
//仅服务端验证
sslEngine.setUseClientMode(true);
sslEngine.setNeedClientAuth(false); //不需要验证客户端
ch.pipeline().addLast("SSL",new SslHandler(sslEngine));
4.以上步骤完成即可完成https请求发送