[英]Grpc Java : Set up SSLContext on Server
I want to set-up SSL on my GRPC server. 我想在我的GRPC服务器上设置SSL。 For that I need certificate chain and a pkcs8 private key.
为此,我需要证书链和pkcs8私钥。
I have done the following: 我已经完成以下工作:
openssl genrsa -des3 -out ca.key 4096 openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt openssl req -new -x509 -days 365 -key ca.key -out ca.crt
openssl genrsa -des3 -out server.key 4096 openssl genrsa -des3 -out server.key 4096
openssl req -new -key server.key -out server.csr openssl req-新-key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
openssl rsa -in server.key -out server.key openssl rsa -in server.key -out server.key
openssl pkcs8 -topk8 -nocrypt -in server.key -out pkcs8_key.pem openssl pkcs8 -topk8 -nocrypt-输入server.key -out pkcs8_key.pem
Now that I have my server.cert and pkcs8_key.pem files, I've created the server as such: 现在我有了server.cert和pkcs8_key.pem文件,我已经这样创建了服务器:
InputStream certChain = MyServer.class.getResourceAsStream("/server.crt");
InputStream privateKey = MyServer.class.getResourceAsStream("/pkcs8_key.pem");
SslContext sslContext = GrpcSslContexts.forServer(certChain, privateKey, "password").build();
Server server = NettyServerBuilder.forPort(8080)
.sslContext(sslContext)
.addService(new ChatService())
.addService(new HelloWorldService())
.useTransportSecurity(certChain, privateKey)
.build();
The classpath is configured properly. 类路径已正确配置。
The error stack I'm getting: 我得到的错误堆栈:
Exception in thread "main" java.lang.IllegalArgumentException: Input stream does not contain valid private key.
at io.grpc.netty.shaded.io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:296)
at io.grpc.netty.shaded.io.netty.handler.ssl.SslContextBuilder.forServer(SslContextBuilder.java:104)
at io.grpc.netty.shaded.io.grpc.netty.GrpcSslContexts.forServer(GrpcSslContexts.java:162)
at server.MyServer.main(MyServer.java:20)
Caused by: java.io.IOException: overrun, bytes = 2353
at javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:92)
at io.grpc.netty.shaded.io.netty.handler.ssl.SslContext.generateKeySpec(SslContext.java:978)
at io.grpc.netty.shaded.io.netty.handler.ssl.SslContext.getPrivateKeyFromByteBuffer(SslContext.java:1034)
at io.grpc.netty.shaded.io.netty.handler.ssl.SslContext.toPrivateKey(SslContext.java:1024)
at io.grpc.netty.shaded.io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:294)
... 3 more
The exception is being caused by this line: 异常是由以下行引起的:
SslContext sslContext = GrpcSslContexts
.forServer(certChain, privateKey, "password").build();
Since your pkcs8 key has no password, you should not be passing a password and instead use the two-argument method: 由于您的pkcs8密钥没有密码,因此您不应传递密码,而应使用两种参数的方法:
SslContext sslContext = GrpcSslContexts
.forServer(certChain, privateKey).build();
Note that calling useTransportSecurity()
will overwrite your call to sslContext()
, so you shouldn't call both. 请注意,调用
useTransportSecurity()
将覆盖对sslContext()
调用,因此您不应同时调用两者。 Calling both would break in the current code because forServer()
consumes and close the provided InputStream
s, so you'd be passing closed streams to useTransportSecurity()
. 调用这两种方法都会中断当前代码,因为
forServer()
会消耗并关闭提供的InputStream
,因此您需要将关闭的useTransportSecurity()
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.