我有一个 NetTy HTTP(启用SSL)客户端,它均与彼此身份验证启用服务器和相互身份验证非启用服务器。
以下是我用来为客户端设置SSL处理程序的代码。
TrustManagerFactory tmf= ...// Necessary Trust certs
KeyManagerFactory kmf = ...// Necessary Client certs
SslContext sslContext = SslContextBuilder.forClient().keyManager(kmf).trustManager(tmf).build();
SslHandler sslHandler = sslContex.newHandler(ByteBuffAllocator);
我在管道中使用上述 sslhandler
。我知道,如果服务器请求,提供 Keymanager(KMF)
将为服务器提供客户端证书。一切都按预期工作。
我的需求:我需要知道服务器是否在SSL握手过程中要求服务器请求的客户端证书(即启用了互助的服务器)。完成握手过程后,我需要知道这一点。
I have a Netty HTTPS(SSL ENABLED) Client which communicates with both Mutual Authentication enabled servers and Mutual Authentication non-enabled servers.
Following is the code I use to Setup SSL Handler for Client.
TrustManagerFactory tmf= ...// Necessary Trust certs
KeyManagerFactory kmf = ...// Necessary Client certs
SslContext sslContext = SslContextBuilder.forClient().keyManager(kmf).trustManager(tmf).build();
SslHandler sslHandler = sslContex.newHandler(ByteBuffAllocator);
I use the above sslHandler
in the pipeline. I know that providing keyManager(kmf)
will provide client certificate to server if server requests. Everything works as expected.
MY NEED : I need to know if the Server requested Client certificate or not(ie. Mutual Auth enabled server or not) in SSL Handshake process. I need to know this after completion of Handshake process.
发布评论
评论(1)
您可以提供自己的
Keymanager
实现(后来调用实际的Keymanager)。如果被称为您知道服务器已请求客户端证书。You could provide your own
KeyManager
implementation (that later calls the actual KeyManager). If getPrivateKey() is called you know that the server has requested the client certificate.