[英]Grpc Java : Set up SSLContext on Server
我想在我的GRPC服务器上设置SSL。 为此,我需要证书链和pkcs8私钥。
我已经完成以下工作:
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
openssl genrsa -des3 -out server.key 4096
openssl req-新-key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
openssl rsa -in server.key -out server.key
openssl pkcs8 -topk8 -nocrypt-输入server.key -out pkcs8_key.pem
现在我有了server.cert和pkcs8_key.pem文件,我已经这样创建了服务器:
InputStream certChain = MyServer.class.getResourceAsStream("/server.crt");
InputStream privateKey = MyServer.class.getResourceAsStream("/pkcs8_key.pem");
SslContext sslContext = GrpcSslContexts.forServer(certChain, privateKey, "password").build();
Server server = NettyServerBuilder.forPort(8080)
.sslContext(sslContext)
.addService(new ChatService())
.addService(new HelloWorldService())
.useTransportSecurity(certChain, privateKey)
.build();
类路径已正确配置。
我得到的错误堆栈:
Exception in thread "main" java.lang.IllegalArgumentException: Input stream does not contain valid private key.
at io.grpc.netty.shaded.io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:296)
at io.grpc.netty.shaded.io.netty.handler.ssl.SslContextBuilder.forServer(SslContextBuilder.java:104)
at io.grpc.netty.shaded.io.grpc.netty.GrpcSslContexts.forServer(GrpcSslContexts.java:162)
at server.MyServer.main(MyServer.java:20)
Caused by: java.io.IOException: overrun, bytes = 2353
at javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:92)
at io.grpc.netty.shaded.io.netty.handler.ssl.SslContext.generateKeySpec(SslContext.java:978)
at io.grpc.netty.shaded.io.netty.handler.ssl.SslContext.getPrivateKeyFromByteBuffer(SslContext.java:1034)
at io.grpc.netty.shaded.io.netty.handler.ssl.SslContext.toPrivateKey(SslContext.java:1024)
at io.grpc.netty.shaded.io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:294)
... 3 more
异常是由以下行引起的:
SslContext sslContext = GrpcSslContexts
.forServer(certChain, privateKey, "password").build();
由于您的pkcs8密钥没有密码,因此您不应传递密码,而应使用两种参数的方法:
SslContext sslContext = GrpcSslContexts
.forServer(certChain, privateKey).build();
请注意,调用useTransportSecurity()将覆盖对sslContext()调用,因此您不应同时调用两者。 调用这两种方法都会中断当前代码,因为forServer()会消耗并关闭提供的InputStream ,因此您需要将关闭的useTransportSecurity() 。
如何使用Java中来自Azure KeyVault的证书设置SSLContext
[英]How do I set up a SSLContext using certificate from Azure KeyVault in Java
使用SSLContext.getDefault()在春季使用SSL设置Ignite群集
[英]Set up Ignite cluster with SSL in spring using SSLContext.getDefault()
gRPC protobuffers Java无法为BlockingStub设置CallOptions
[英]gRPC protobuffers Java cannot set CallOptions for BlockingStub
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.