在 HTTPS Grizzly 服务器中拦截 SSL/TLS 请求
[英]Intercept SSL/TLS requests in HTTPS Grizzly server
问题描述
I have set up an HTTPS server using grizzly 2.3.30 and jersey 2.25.1, which can be found here.
我已经使用 grizzly 2.3.30 和 jersey 2.25.1 设置了 HTTPS 服务器,可以在此处找到。
The server works well and I can curl to it with certificate-authority, certificate and key:服务器运行良好,我可以使用证书颁发机构、证书和密钥对其进行 curl :
curl -v --cacert $CERTS/myCA.pem --key $CERTS/grizzly.key --cert $CERTS/grizzly.crt https://localhost:9999/hello
I want to intercept TLS/SSL requests, so I can log which ones fail like for example:我想拦截 TLS/SSL 请求,所以我可以记录哪些失败,例如:
curl -v https://localhost:9999/hello
I am using Grizzly Http Server Framework with Jersey in this fashion:我以这种方式使用带有 Jersey 的 Grizzly Http 服务器框架:
public class MyGrizzlyServer {
public static void main(String[] args) throws Exception {
System.out.println("Hello main!");
String uriStr = "https://0.0.0.0:9999/";
URI uri = URI.create(uriStr);
final ResourceConfig rc = new ResourceConfig().packages("org");
HttpServer server = GrizzlyHttpServerFactory.createHttpServer(uri, rc, false);
SSLEngineConfigurator engineConfig = getSslEngineConfig();
for (NetworkListener listener : server.getListeners()) {
listener.setSecure(true);
listener.setSSLEngineConfig(engineConfig);
}
HttpHandler handler = server.getHttpHandler();
System.out.println("Http server start...");
server.start();
System.out.println("Hit enter to stop it...");
System.in.read();
server.shutdownNow();
}
private static SSLEngineConfigurator getSslEngineConfig() {
SSLContextConfigurator sslConfigurator = new SSLContextConfigurator();
sslConfigurator.setKeyStoreFile("./mycerts/grizzly.jks");
sslConfigurator.setKeyStorePass("awesome");
sslConfigurator.setTrustStoreFile("./mycerts/myCA.jks");
sslConfigurator.setTrustStorePass("mycapass");
sslConfigurator.setSecurityProtocol("TLS");
SSLContext context = sslConfigurator.createSSLContext(true);
SSLEngineConfigurator sslEngineConfigurator = new SSLEngineConfigurator(context);
sslEngineConfigurator.setNeedClientAuth(true);
sslEngineConfigurator.setClientMode(false);
return sslEngineConfigurator;
}
}
I have been reading Grizzly documentation to get familiarized with its internals.我一直在阅读Grizzly 文档以熟悉其内部结构。
Grizzly seems to pile filter chains for transport, ssl, http, etc.灰熊似乎在堆过滤链进行运输,ssl、http 等。
I am experimenting with this, but haven't figured out how to achieve it yet.我正在尝试这个,但还没有弄清楚如何实现它。
Any hint will be appreciated.任何提示将不胜感激。
1 个解决方案
解决方案1
0 2020-07-01 09:05:32
After playing a bit with filter chains, I was able to remove default SSLBaseFilter and add a custom SSL Filter inherited from SSLBaseFilter.在玩了一些过滤器链之后,我能够删除默认的 SSLBaseFilter 并添加一个从 SSLBaseFilter 继承的自定义 SSL 过滤器。
That way I could captured exceptions thrown by failed TLS/SSL requests.这样我就可以捕获失败的 TLS/SSL 请求引发的异常。
In MyGrizzlyServer server:在 MyGrizzlyServer 服务器中:
server.start();
NetworkListener listener = server.getListener("grizzly");
FilterChain filterChain = listener.getFilterChain();
int sslBaseFilterIndex = filterChain.indexOfType(SSLBaseFilter.class);
filterChain.remove(sslBaseFilterIndex);
MySslFilter sslFilter = new MySslFilter(sslEngineConfig);
filterChain.add(sslBaseFilterIndex, sslFilter);
With custom SSL filter:使用定制的 SSL 滤波器:
public class MySslFilter extends SSLBaseFilter {
MySslFilter(SSLEngineConfigurator configurator) {
super(configurator);
}
@Override
public NextAction handleRead(FilterChainContext ctx) throws IOException {
NextAction nextAction = null;
try {
System.out.println(" *** MySslFilter handleRead ***" );
nextAction = super.handleRead(ctx);
} catch (IOException e) {
System.out.println(" *** MySslFilter Exception ***" );
e.printStackTrace();
}
return nextAction;
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.