如何在带有ALPN的Jetty SPDY上使用客户端证书? [英] How to work with client certificates on Jetty SPDY with ALPN?

问题描述

当我将SPDY与Jetty一起使用时，我对客户端证书有疑问.

I have problem with client certifiacates when I use SPDY with Jetty.

当我使用NPN并通过以下方式启动Jetty SPDY服务器时，它可以工作:

It works when I work with NPN and start Jetty SPDY server with:

SSLconnector = new HTTPSPDYServerConnector(server, sslContextFactory);

作为baseRequest.getHttpChannel()，它使用org.eclipse.jetty.spdy.server.http.HttpChannelOverSPDY，我可以使用以下代码读取SSL_SESSION_ID之类的SSL属性和客户端证书:

As a baseRequest.getHttpChannel() it uses org.eclipse.jetty.spdy.server.http.HttpChannelOverSPDY and I can read SSL properties like SSL_SESSION_ID and client certificates with code like:

// ... HttpServletRequest request
java.security.cert.X509Certificate client_certs[] = (java.security.cert.X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");

但是NPN在Java8中不是一个选项(请参阅我的问题如何使用ALPN在SPDY上运行Jetty?).在Java8中，我必须使用ALPN协议，例如:

But NPN is not an option in Java8 (see my question How to run Jetty with SPDY using ALPN?). In Java8 I have to use ALPN protocol like:

sslContextFactory.setWantClientAuth(w3srv_config.want_client_auth);
// ...
HttpConfiguration httpConfig = new HttpConfiguration();

SslConnectionFactory ssl = new SslConnectionFactory(sslContextFactory, "alpn");
ALPNServerConnectionFactory alpn = new ALPNServerConnectionFactory("spdy/3", "http/1.1");
alpn.setDefaultProtocol("http/1.1");
HTTPSPDYServerConnectionFactory spdy = new HTTPSPDYServerConnectionFactory(SPDY.V3, httpConfig);
HttpConnectionFactory http = new HttpConnectionFactory(httpConfig);

SSLconnector = new ServerConnector(server, new ConnectionFactory[]{ssl, alpn, spdy, http});
//...

使用此代码，当我想获取任何与SSL相关的javax.servlet.request.*时，都得到了null.它的baseRequest.getHttpChannel()是org.eclipse.jetty.server.HttpConnection$HttpChannelOverHttp.

With this code I got null when I want to get any SSL related javax.servlet.request.*. Its baseRequest.getHttpChannel() is org.eclipse.jetty.server.HttpConnection$HttpChannelOverHttp.

要使用客户端证书，我需要更改什么?

What I have to change to work with client certificates?

推荐答案

要查找的javax.servlet.request.*属性由Jetty的SecureRequestCustomizer设置，您需要将其添加到在代码中创建的httpConfig对象中上面的例子.

The javax.servlet.request.* properties you are looking for are set by Jetty's SecureRequestCustomizer, which you need to add to the httpConfig object you create in your code example above.

我猜您的NPN配置略有不同，或者您在Jetty中使用了一些实用程序方法，该方法适用于NPN而不适用于ALPN.

I am guessing that your NPN configuration is slightly different, or you use some utility method in Jetty that does this for you with NPN but not with ALPN.

只是做:

HttpConfiguration httpConfig = new HttpConfiguration();
httpConfig.addCustomizer(new SecureRequestCustomizer());

足以解决您的问题.

这篇关于如何在带有ALPN的Jetty SPDY上使用客户端证书?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！