使用SslContext 建立ssl连接 File certChainFile = new File ( "D:\\test\\test\\sdk_test03\\test_03.crt" ) ; File keyFile = new File ( "D:\\test\\test\\sdk_test03\\test_03.key" ) ; File rootFile = new File ( "D:/test/MyPKISubCAG1.crt" ) ; String crlPath = "D:/test/test/ca.crl" ; SslContext sslCtx = SslContextBuilder . forServer ( certChainFile, keyFile) . trustManager ( rootFile) . clientAuth ( ClientAuth . REQUIRE ) . build ( ) ;
通过Listener检查crl,证书是否被吊销 ChannelPipeline pipeline = channel. pipeline ( ) ; SslHandler sslHandler = sslContext. newHandler ( channel. alloc ( ) ) ; sslHandler. handshakeFuture ( ) . addListener ( new MyGenericFutureListener ( sslHandler, crlPath) ) ; pipeline. addLast ( sslHandler) ; Listener监听方法 @Slf4j
public class MyGenericFutureListener implements GenericFutureListener < DefaultPromise < Channel > > { SslHandler sslHandler; String crlPath; public MyGenericFutureListener ( SslHandler sslHandler, String crlPath) { this . sslHandler = sslHandler; this . crlPath = crlPath; } @Override public void operationComplete ( DefaultPromise < Channel > ) throws Exception { if ( channelFuture. isSuccess ( ) ) { SSLSession sslSession = sslHandler. engine ( ) . getSession ( ) ; X509Certificate cert = ( X509Certificate ) sslSession. getPeerCertificates ( ) [ 0 ] ; if ( isCertificateRevoked ( cert) ) { log. error ( "Certificate revoked" ) ; } } } @SneakyThrows private boolean isCertificateRevoked ( X509Certificate cert) { X509CRL crl = ( X509CRL ) CertificateFactory . getInstance ( "X.509" ) . generateCRL ( new FileInputStream ( crlPath) ) ; return crl. isRevoked ( cert) ; }
(WGSL源码))
)
:start.S)
