http代理服务器(九)签发CA【重点】

经过

 

标题 发布时间 发布状态 评论数 阅读数 操作操作 
https代理服务器(四)java动态签发 (4天前 ) 
 2022-12-16 14:11 已发布 0 2 编辑 删除
https代理服务器(三)实践 (5天前 ) 
 2022-12-15 14:52 已发布 0 1 编辑 删除
https代理服务器(二)浏览器如何验证证书 (6天前 ) 
 2022-12-13 15:33 已发布 0 1 编辑 删除
https代理服务器(一)问题引出 (1周前 ) 

最终决定用mkcert

@Override
protected void decode(ChannelHandlerContext channelHandlerContext, FullHttpRequest fullHttpRequest, List<Object> list) throws Exception {

    if ("CONNECT".equalsIgnoreCase(fullHttpRequest.getMethod().name())) {//HTTPS建立代理握手
        HttpResponse response = new DefaultFullHttpResponse(HttpVersion.HTTP_1_1, HttpResponseStatus.OK);
        channelHandlerContext.writeAndFlush(response);
        System.out.println("ssl request");
        SSLEngine sslEngine = SSLContextFactory.getSslContext(fullHttpRequest.headers().get("host").split(":")[0]).createSSLEngine(); 取出host
        sslEngine.setUseClientMode(false);
        channelHandlerContext.pipeline().addFirst("SslHandler", new SslHandler(sslEngine));
        return;
    }

public static SSLContext getSslContext(String host) throws Exception {
    String level1 = host;
    File file = new File("p12s/" + level1 + ".p12");
    if(!file.exists()) {
        synchronized (SSLContextFactory.class) {
            runShellCommand(String.format("mkcert -pkcs12 -p12-file p12s/%s.p12 %s", level1, level1));
        }
    }
    SSLContext sslContext = SSLContext.getInstance("TLSv1");
    char[] passArray = "changeit".toCharArray();
    KeyStore ks = KeyStore.getInstance("PKCS12");
    FileInputStream inputStream = new FileInputStream("p12s/" + level1 + ".p12");
    ks.load(inputStream, passArray);
    KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    kmf.init(ks, passArray);
    sslContext.init(kmf.getKeyManagers(), null, null);
    inputStream.close();
    return sslContext;
}

 

public static void runShellCommand(String command) {
    String[] cmdStrings = new String[] {"sh", "-c", command};
    Process p = null;
    try {
        p = Runtime.getRuntime().exec(cmdStrings);
        int status = p.waitFor();
        if (status != 0) {
            System.err.println(String.format("runShellCommand: %s, status: %s", command,
                    status));
        }
    } catch (Exception e) {
        e.printStackTrace();
    } finally {
        if (p != null) {
            p.destroy();
        }
    }
}

本来想用一级域名做,但是开百度时有问题 慢慢游可以,那么还是所有多级域名单独生成证书

经过safari 14.0.3和chrome 版本 108.0.5359.124(正式版本) (x86_64)验证可用

posted on 2022-12-20 14:57  silyvin  阅读(80)  评论(0)    收藏  举报