NettyServerBuilder支持配置crl列表以及如何配置crl列表。版本grpc-netty:1.44.1我找不到介绍如何配置crl列表的文档。我只是通过SslContextBuilder.keyManager和SslContextBuilder.trustManager找到了如何配置keyManager和trustCert
fafcakar1#
sslHandler.handshakeFuture().addListener(new MyGenericFutureListener(sslHandler,crlPath));
字符串我的通用未来:
public class MyGenericFutureListener implements GenericFutureListener<DefaultPromise<Channel>> {SslHandler sslHandler;String crlPath;public MyGenericFutureListener(SslHandler sslHandler, String crlPath) { this.sslHandler = sslHandler; this.crlPath = crlPath;}@Overridepublic void operationComplete(DefaultPromise<Channel> channelFuture) throws Exception { if (channelFuture.isSuccess()) { SSLSession sslSession = sslHandler.engine().getSession(); X509Certificate cert = (X509Certificate) sslSession.getPeerCertificates()[0]; if (isCertificateRevoked(cert)) { log.error("Certificate revoked"); //channelFuture.get().close(); } }}@SneakyThrowsprivate boolean isCertificateRevoked(X509Certificate cert) { X509CRL crl = (X509CRL) CertificateFactory.getInstance("X.509").generateCRL(new FileInputStream(crlPath)); return crl.isRevoked(cert);}
public class MyGenericFutureListener implements GenericFutureListener<DefaultPromise<Channel>> {
SslHandler sslHandler;
String crlPath;
public MyGenericFutureListener(SslHandler sslHandler, String crlPath) {
this.sslHandler = sslHandler;
this.crlPath = crlPath;
}
@Override
public void operationComplete(DefaultPromise<Channel> channelFuture) throws Exception {
if (channelFuture.isSuccess()) {
SSLSession sslSession = sslHandler.engine().getSession();
X509Certificate cert = (X509Certificate) sslSession.getPeerCertificates()[0];
if (isCertificateRevoked(cert)) {
log.error("Certificate revoked");
//channelFuture.get().close();
@SneakyThrows
private boolean isCertificateRevoked(X509Certificate cert) {
X509CRL crl = (X509CRL) CertificateFactory.getInstance("X.509").generateCRL(new FileInputStream(crlPath));
return crl.isRevoked(cert);
型
1条答案
按热度按时间fafcakar1#
字符串
我的通用未来:
型