[英]How to enable revocation checking in springboot application?
我正在使用 AdoptOpenJDK 11 開發一個 springboot 應用程序。我想了解如何啟用吊銷檢查。 默認情況下,使用 PKIXCertPathValidator 並禁用撤銷檢查。 我已經將-Dcom.sun.security.enableCRLDP=true -Dcom.sun.net.ssl.checkRevocation=true
設置為 VM arguments 和Security.setProperty("ocsp.enable", "true")
但它們似乎沒有對仍被禁用的撤銷檢查產生任何影響。
快速幫助表示贊賞。
我有兩種方法-
單程 -
@Configuration public class ContainerCustomizer {
//Spring properties
@Value("${isRevocationCheckEnabled}")
private String isRevocationCheckEnabled;
//Other Spring properties here
@Bean
@Autowired
public TomcatServletWebServerFactory containerFactory() {
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory ();
tomcat.addAdditionalTomcatConnectors(createSSLConnector(keyStore, keyStorePassword, keyAlias, keyStoreType, clientAuth,
protocol, enabledProtocol, trustStoreType, trustStore, trustStorePassword, ciphers, port, Boolean.parseBoolean(isRevocationCheckEnabled)));
return tomcat;
}
private Connector createSSLConnector(String keyStore, String keyStorePassword, String keyAlias, String keyStoreType,
String clientAuth, String protocol, String enabledProtocol, String trustStoreType, String trustStore,
String trustStorePassword, String ciphers, int port, boolean isRevocationCheckEnabled) {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
Http11NioProtocol http11NioProtocol = (Http11NioProtocol) connector.getProtocolHandler();
SSLHostConfig sslHostConfig = new SSLHostConfig();
sslHostConfig.setRevocationEnabled(isRevocationCheckEnabled);
http11NioProtocol.addSslHostConfig(sslHostConfig);
File keystore = new File(keyStore);
File truststore = new File(trustStore);
connector.setScheme("https");
connector.setSecure(true);
connector.setPort(port);
http11NioProtocol.setKeystoreType(keyStoreType);
http11NioProtocol.setKeystoreFile(keystore.getAbsolutePath());
http11NioProtocol.setKeystorePass(keyStorePassword);
http11NioProtocol.setKeyAlias(keyAlias);
http11NioProtocol.setSSLEnabled(true);
http11NioProtocol.setTruststoreFile(truststore.getAbsolutePath());
http11NioProtocol.setTruststorePass(trustStorePassword);
http11NioProtocol.setClientAuth(Boolean.TRUE.toString());
http11NioProtocol.setCiphers(ciphers);
http11NioProtocol.setSslEnabledProtocols(enabledProtocol);
return connector;
}}
第二種方式——
@Controller public class ContainerCustomizer implements TomcatConnectorCustomizer {
//spring properties
@Value{"isRevocationCheckEnabled"}
private String isRevocationCheckBoolean;
@Override
public void customize(Connector connector){
Http11NioProtocol protocol = (Http11NioProtocol) connector.getProtocolHandler();
SSLHostConfig[] sslConfigs = protocol.findSslHostConfigs();
for (SSLHostConfig sslHostConfig : sslConfigs) {
sslHostConfig.setRevocationEnabled(Boolean.parseBoolean(isRevocationCheckEnabled));
}
}}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.