io.grpc.netty.NettyServerBuilder 支持配置 crl 列表以及 NettyServerBuilder 如何配置 crl 列表。
grpc-netty版本:1.44.1
我找不到介绍如何配置 crl list 的文档。
我刚刚找到如何通过 SslContextBuilder.keyManager 和 SslContextBuilder.trustManager 配置 keyManager 和 trustCert
sslHandler.handshakeFuture().addListener(new MyGenericFutureListener(sslHandler,crlPath));
MyGenericFutureListener:
public class MyGenericFutureListener implements GenericFutureListener<DefaultPromise<Channel>> {
SslHandler sslHandler;
String crlPath;
public MyGenericFutureListener(SslHandler sslHandler, String crlPath) {
this.sslHandler = sslHandler;
this.crlPath = crlPath;
}
@Override
public void operationComplete(DefaultPromise<Channel> channelFuture) throws Exception {
if (channelFuture.isSuccess()) {
SSLSession sslSession = sslHandler.engine().getSession();
X509Certificate cert = (X509Certificate) sslSession.getPeerCertificates()[0];
if (isCertificateRevoked(cert)) {
log.error("Certificate revoked");
//channelFuture.get().close();
}
}
}
@SneakyThrows
private boolean isCertificateRevoked(X509Certificate cert) {
X509CRL crl = (X509CRL) CertificateFactory.getInstance("X.509").generateCRL(new FileInputStream(crlPath));
return crl.isRevoked(cert);
}