如何在Grizzly 2.3中获取X.509客户端证书(使用客户端身份验证时)
[英]How to get X.509 client certificate in Grizzly 2.3 (when using client authentication)
问题描述
I would like to verify the CN field of the client x.509 certificate on my server that runs a JAX-RS web service based on Grizzly 2.3. 
我想在运行基于Grizzly 2.3的JAX-RS Web服务的服务器上验证客户端x.509证书的CN字段。 I found some examples for Grizzly 1, but it seems the code has changed significantly. 我找到了Grizzly 1的一些例子,但似乎代码发生了重大变化。 Here the code I have: 这里是我的代码:
class Transport {
public static void main(String[] args){
ResourceConfig rc = new PackagesResourceConfig(Transport.class.getPackage().getName());
String url = "http://myhost:8080/myURL";
URI uri = UriBuilder.fromUri(url).build();
HttpServer server = GrizzlyServerFactory.createHttpServer(uri, rc);
SSLContextConfigurator sslContext = new SSLContextConfigurator();
sslContext.setKeyStoreFile("path_to_my_keystore");
sslContext.setKeyStorePass("password");
sslContext.setTrustStoreFile("path_to_my_truststore");
sslContext.setTrustStorePass("password");
sslContext.setSecurityProtocol("TLSv1.2");
SSLEngineConfigurator sslEngineConfigurator = new SSLEngineConfigurator(sslContext);
sslEngineConfigurator.setNeedClientAuth(true);
sslEngineConfigurator.setWantClientAuth(true);
sslEngineConfigurator.setEnabledCipherSuites(new String[]{"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA"});
sslEngineConfigurator.setClientMode(false);
NetworkListener listener = new NetworkListener("grizzly_ssl", uri.getHost(), 8443);
listener.setSecure(true);
listener.setSSLEngineConfig(sslEngineConfigurator);
server.addListener(listener);
}
@POST
@Produces({ MediaType.APPLICATION_XML })
@Consumes({ MediaType.APPLICATION_XML })
@Path("foo")
public Response receivePayload(MyPayload payload) {
// How can I get the CN of the client x.509 certificate / or the fingerprint of the certificate?
}
}
1 个解决方案
解决方案1
2 已采纳 2013-07-02 23:28:18
I found the answer here [1] and [2]. 我在这里找到答案[1]和[2]。
[1] How to grab a pki certificate with Jersey / Spring? [1] 如何获得Jersey / Spring的pki证书? [2] Grizzly and ServletContainerContext [2] Grizzly和ServletContainerContext
Here is the code that works (only for Jersey 1.1, not for Jersey 2): 这是有效的代码(仅适用于Jersey 1.1,不适用于Jersey 2):
class Transport {
public static void main(String[] args){
ResourceConfig rc = new PackagesResourceConfig(Transport.class.getPackage().getName());
String url = "http://myhost:8080/myURL";
URI uri = UriBuilder.fromUri(url).build();
HttpServer server = GrizzlyServerFactory.createHttpServer(uri, new HttpHandler() {
@Override
public void service(Request request, org.glassfish.grizzly.http.server.Response response) throws Exception {
response.setStatus(404, "Not found");
response.getWriter().write("404: not found");
}
});
// Initialize and register Jersey Servlet
WebappContext context = new WebappContext("WebappContext", "");
ServletRegistration registration = context.addServlet("ServletContainer", ServletContainer.class);
registration.setInitParameter(ServletContainer.RESOURCE_CONFIG_CLASS,
ClassNamesResourceConfig.class.getName());
registration.setInitParameter(ClassNamesResourceConfig.PROPERTY_CLASSNAMES, Transport.class.getName());
registration.addMapping("/*");
context.deploy(server);
SSLContextConfigurator sslContext = new SSLContextConfigurator();
sslContext.setKeyStoreFile("path_to_my_keystore");
sslContext.setKeyStorePass("password");
sslContext.setTrustStoreFile("path_to_my_truststore");
sslContext.setTrustStorePass("password");
sslContext.setSecurityProtocol("TLSv1.2");
SSLEngineConfigurator sslEngineConfigurator = new SSLEngineConfigurator(sslContext);
sslEngineConfigurator.setNeedClientAuth(true);
sslEngineConfigurator.setWantClientAuth(true);
sslEngineConfigurator.setEnabledCipherSuites(new String[]{"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA"});
sslEngineConfigurator.setClientMode(false);
NetworkListener listener = new NetworkListener("grizzly_ssl", uri.getHost(), 8443);
listener.setSecure(true);
listener.setSSLEngineConfig(sslEngineConfigurator);
server.addListener(listener);
}
@POST
@Produces({ MediaType.APPLICATION_XML })
@Consumes({ MediaType.APPLICATION_XML })
@Path("foo")
public Response receivePayload(@Context HttpServletRequest request, MyPayload payload) {
X509Certificate[] certChain = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
if (certChain == null || certChain.length == 0){
LOG.info("X509cert not found");
return null;
}
X509Certificate certificate = certChain[0];
// get information such as CN from certificate
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
通过X.509客户端证书(.cer文件)进行Python身份验证并与Java比较 - Python authentication via X.509 client certificate (.cer file) and comparison with Java
Spring Kafka Handshake Failure 没有用于客户端身份验证的 X.509 证书,但我的密钥库中有一个 - Spring Kafka Handshake Failure No X.509 certificate for client authentication, but there is one in my keystore
如何为使用X.509保护的WCF服务创建Java客户端? - How to make a Java client for a WCF service secured with X.509?
使用X.509证书的数字签名 - Digital signature using X.509 certificate
配置Java MongoClient以使用X.509证书进行身份验证 - Configuring Java MongoClient to use X.509 certificate for the authentication
证书请求到X.509 - Certificate request to X.509
如何在Play Framework 1.2.x中获得当前的ssl客户端X509证书 - how to get current ssl client X509 certificate in play framework 1.2.x
使用带有iText的X.509 SmartCard证书对PDF进行签名 - Signing a PDF using a X.509 SmartCard certificate with iText in Java
使用Java代码将X.509证书存储到密钥库中 - Storing an X.509 certificate into a keystore using java code
Android 应用程序使用 X.509 证书连接到 AWS IoT - Android app to connect to AWS IoT using X.509 certificate
相关标签