我正在使用一些安全函数库,它允许我创建自定义java.security。提供程序,KeyManagerFactory, TrustManagerFactory具有特定的TLS密码套装,算法,密钥和信任存储格式。通常Netty允许我像下面这样配置sslContext来启动工作。是否有一种方法来配置Netty使用的Vertx库层?
val nettyProvider = SslProvider.JDK
val (keyManagerFactory, trustManagerFactory) = loadKeyCertStuff()
val customJcaProvider: java.security.Provider = CustomTlsProvider()
return SslContextBuilder.forClient()
.sslProvider(nettyProvider)
.keyManager(keyManagerFactory.keyManagers[0])
.trustManager(trustManagerFactory.trustManagers[0])
.sslContextProvider(customJcaProvider)
.ciphers(listOf("TLS_CIPHER_2012"))
.build()
看起来这个配置选项在Vertx库的API中没有考虑到,它允许设置自定义KeyManagerFactory和TrustManagerFactory,但是没有办法设置java.security.Provider。
这是可能的,因为Vert。x 4.3.4, PR #4468
简而言之,您需要创建一个SslContextFactory。下面是TCP客户端:
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(
null,
tmFactory.getTrustManagers(),
null
);
client = vertx.createNetClient(new NetClientOptions().setSsl(true)
.setSslEngineOptions(new JdkSSLEngineOptions() {
@Override
public SslContextFactory sslContextFactory() {
return new SslContextFactory() {
@Override
public SslContext create() {
return new JdkSslContext(
sslContext,
true,
null,
IdentityCipherSuiteFilter.INSTANCE,
ApplicationProtocolConfig.DISABLED,
io.netty.handler.ssl.ClientAuth.NONE,
null,
false);
}
};
}
}));