如何在springboot应用程序中启用吊销检查?

t2a7ltrp  于 2021-07-03  发布在  Java
关注(0)|答案(1)|浏览(366)

我正在用OpenJDK11开发一个springboot应用程序。我想了解如何启用吊销检查。默认情况下,正在使用pkixcertpathvalidator,并且已禁用吊销检查。我已经准备好了 -Dcom.sun.security.enableCRLDP=true -Dcom.sun.net.ssl.checkRevocation=true 作为vm参数和 Security.setProperty("ocsp.enable", "true") 但它们似乎对仍处于禁用状态的吊销检查没有任何影响。
感谢您的快速帮助。

Javaspring-bootjava-security

1条答案

按热度按时间
3htmauhk

3htmauhk1#

我有两种方法-
单向-

@Configuration public class ContainerCustomizer {

//Spring properties
@Value("${isRevocationCheckEnabled}")
private String isRevocationCheckEnabled;

//Other Spring properties here

@Bean
@Autowired
public TomcatServletWebServerFactory containerFactory() {
    TomcatServletWebServerFactory  tomcat = new TomcatServletWebServerFactory ();
    tomcat.addAdditionalTomcatConnectors(createSSLConnector(keyStore, keyStorePassword, keyAlias, keyStoreType, clientAuth,
            protocol, enabledProtocol, trustStoreType, trustStore, trustStorePassword, ciphers, port, Boolean.parseBoolean(isRevocationCheckEnabled)));
    return tomcat;
}

private Connector createSSLConnector(String keyStore, String keyStorePassword, String keyAlias, String keyStoreType, 
        String clientAuth, String protocol, String enabledProtocol, String trustStoreType, String trustStore, 
        String trustStorePassword, String ciphers, int port, boolean isRevocationCheckEnabled) {
    Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
    Http11NioProtocol http11NioProtocol = (Http11NioProtocol) connector.getProtocolHandler();
    SSLHostConfig sslHostConfig = new SSLHostConfig();
    sslHostConfig.setRevocationEnabled(isRevocationCheckEnabled);
    http11NioProtocol.addSslHostConfig(sslHostConfig);
    File keystore = new File(keyStore);
    File truststore = new File(trustStore);
    connector.setScheme("https");
    connector.setSecure(true);
    connector.setPort(port);

    http11NioProtocol.setKeystoreType(keyStoreType);
    http11NioProtocol.setKeystoreFile(keystore.getAbsolutePath());
    http11NioProtocol.setKeystorePass(keyStorePassword);
    http11NioProtocol.setKeyAlias(keyAlias);
    http11NioProtocol.setSSLEnabled(true);

    http11NioProtocol.setTruststoreFile(truststore.getAbsolutePath());
    http11NioProtocol.setTruststorePass(trustStorePassword);
    http11NioProtocol.setClientAuth(Boolean.TRUE.toString());

    http11NioProtocol.setCiphers(ciphers);
    http11NioProtocol.setSslEnabledProtocols(enabledProtocol);
    return connector;
}}

第二条路-

@Controller public class ContainerCustomizer implements TomcatConnectorCustomizer {
 //spring properties
 @Value{"isRevocationCheckEnabled"}
 private String isRevocationCheckBoolean;

 @Override
 public void customize(Connector connector){
    Http11NioProtocol protocol = (Http11NioProtocol) connector.getProtocolHandler();
    SSLHostConfig[] sslConfigs = protocol.findSslHostConfigs();
    for (SSLHostConfig sslHostConfig : sslConfigs) {

   sslHostConfig.setRevocationEnabled(Boolean.parseBoolean(isRevocationCheckEnabled));
    }
 }}
赞(0)分享  回复(0)举报  2021-07-03
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com