fix TomcatEngine to support https

2025-07-21 15:09:48 +08:00 · 2024-12-24 23:25:57 +08:00
parent b4eb357775
commit cacfbd9fc8
13 changed files with 252 additions and 32 deletions
--- a/hutool-core/src/main/java/org/dromara/hutool/core/net/ssl/KeyManagerUtil.java
+++ b/hutool-core/src/main/java/org/dromara/hutool/core/net/ssl/KeyManagerUtil.java
@@ -70,6 +70,26 @@ public class KeyManagerUtil {
 		}
 	}

+	/**
+	 * 从KeyStore中获取{@link KeyManagerFactory}
+	 *
+	 * @param keyStore  KeyStore
+	 * @param password  密码
+	 * @param algorithm 算法，{@code null}表示默认算法，如SunX509
+	 * @param provider  算法提供者，{@code null}使用JDK默认
+	 * @return {@link KeyManager}列表
+	 */
+	public static KeyManagerFactory getKeyManagerFactory(final KeyStore keyStore, final char[] password,
+														 final String algorithm, final Provider provider) {
+		final KeyManagerFactory keyManagerFactory = getKeyManagerFactory(algorithm, provider);
+		try {
+			keyManagerFactory.init(keyStore, password);
+		} catch (final KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
+			throw new HutoolException(e);
+		}
+		return keyManagerFactory;
+	}
+
 	/**
 	 * 从KeyStore中获取{@link KeyManager}列表
 	 *
@@ -77,7 +97,7 @@ public class KeyManagerUtil {
 	 * @param password  密码
 	 * @return {@link KeyManager}列表
 	 */
-	public static KeyManager[] getDefaultKeyManagers(final KeyStore keyStore, final char[] password) {
+	public static KeyManager[] getKeyManagers(final KeyStore keyStore, final char[] password) {
 		return getKeyManagers(keyStore, password, null, null);
 	}

@@ -90,13 +110,8 @@ public class KeyManagerUtil {
 	 * @param provider  算法提供者，{@code null}使用JDK默认
 	 * @return {@link KeyManager}列表
 	 */
-	public static KeyManager[] getKeyManagers(final KeyStore keyStore, final char[] password, final String algorithm, final Provider provider) {
-		final KeyManagerFactory keyManagerFactory = getKeyManagerFactory(algorithm, provider);
-		try {
-			keyManagerFactory.init(keyStore, password);
-		} catch (final KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
-			throw new HutoolException(e);
-		}
-		return keyManagerFactory.getKeyManagers();
+	public static KeyManager[] getKeyManagers(final KeyStore keyStore, final char[] password,
+											  final String algorithm, final Provider provider) {
+		return getKeyManagerFactory(keyStore, password, algorithm, provider).getKeyManagers();
 	}
 }
--- a/hutool-core/src/main/java/org/dromara/hutool/core/net/ssl/SSLContextBuilder.java
+++ b/hutool-core/src/main/java/org/dromara/hutool/core/net/ssl/SSLContextBuilder.java
@@ -24,10 +24,7 @@ import org.dromara.hutool.core.text.StrUtil;
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManager;
-import java.security.GeneralSecurityException;
-import java.security.KeyManagementException;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
+import java.security.*;


 /**
@@ -51,6 +48,7 @@ public class SSLContextBuilder implements SSLProtocols, Builder<SSLContext> {
 	private KeyManager[] keyManagers;
 	private TrustManager[] trustManagers;
 	private SecureRandom secureRandom;
+	private Provider provider;


 	/**
@@ -114,6 +112,17 @@ public class SSLContextBuilder implements SSLProtocols, Builder<SSLContext> {
 		return this;
 	}

+	/**
+	 * 设置 Provider
+	 *
+	 * @param provider Provider，{@code null}表示使用默认或全局Provider
+	 * @return this
+	 */
+	public SSLContextBuilder setProvider(final Provider provider) {
+		this.provider = provider;
+		return this;
+	}
+
 	/**
 	 * 构建{@link SSLContext}
 	 *
@@ -133,7 +142,8 @@ public class SSLContextBuilder implements SSLProtocols, Builder<SSLContext> {
 	 * @since 5.7.22
 	 */
 	public SSLContext buildChecked() throws NoSuchAlgorithmException, KeyManagementException {
-		final SSLContext sslContext = SSLContext.getInstance(protocol);
+		final SSLContext sslContext = null != this.provider ?
+			SSLContext.getInstance(protocol, provider) : SSLContext.getInstance(protocol);
 		sslContext.init(this.keyManagers, this.trustManagers, this.secureRandom);
 		return sslContext;
 	}
--- a/hutool-core/src/main/java/org/dromara/hutool/core/net/ssl/SSLContextUtil.java
+++ b/hutool-core/src/main/java/org/dromara/hutool/core/net/ssl/SSLContextUtil.java
@@ -22,6 +22,7 @@ import org.dromara.hutool.core.io.IORuntimeException;
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManager;
+import java.security.KeyStore;
 import java.security.NoSuchAlgorithmException;

 /**
@@ -88,6 +89,33 @@ public class SSLContextUtil {
 			trustManager == null ? null : new TrustManager[]{trustManager});
 	}

+	/**
+	 * 创建和初始化{@link SSLContext}
+	 *
+	 * @param keyStore KeyStore
+	 * @param password 密码
+	 * @return {@link SSLContext}
+	 * @throws IORuntimeException 包装 GeneralSecurityException异常
+	 */
+	public static SSLContext createSSLContext(final KeyStore keyStore, final char[] password) throws IORuntimeException {
+		return createSSLContext(
+			KeyManagerUtil.getKeyManagers(keyStore, password),
+			TrustManagerUtil.getTrustManagers(keyStore)
+		);
+	}
+
+	/**
+	 * 创建和初始化{@link SSLContext}
+	 *
+	 * @param keyManagers   密钥管理器,{@code null}表示默认
+	 * @param trustManagers 信任管理器, {@code null}表示默认
+	 * @return {@link SSLContext}
+	 * @throws IORuntimeException 包装 GeneralSecurityException异常
+	 */
+	public static SSLContext createSSLContext(final KeyManager[] keyManagers, final TrustManager[] trustManagers) throws IORuntimeException {
+		return createSSLContext(null, keyManagers, trustManagers);
+	}
+
 	/**
 	 * 创建和初始化{@link SSLContext}
 	 *
--- a/hutool-core/src/main/java/org/dromara/hutool/core/net/ssl/TrustManagerUtil.java
+++ b/hutool-core/src/main/java/org/dromara/hutool/core/net/ssl/TrustManagerUtil.java
@@ -75,7 +75,8 @@ public class TrustManagerUtil {
 	 * @return {@link X509TrustManager} or {@code null}
 	 * @since 6.0.0
 	 */
-	public static X509TrustManager getTrustManager(final KeyStore keyStore, final String algorithm, final Provider provider) {
+	public static X509TrustManager getTrustManager(final KeyStore keyStore, final String algorithm,
+												   final Provider provider) {
 		final TrustManager[] tms = getTrustManagers(keyStore, algorithm, provider);
 		for (final TrustManager tm : tms) {
 			if (tm instanceof X509TrustManager) {
@@ -94,7 +95,19 @@ public class TrustManagerUtil {
 	 * @since 6.0.0
 	 */
 	public static TrustManager[] getDefaultTrustManagers() {
-		return getTrustManagers(null, null, null);
+		return getTrustManagers(null);
+	}
+
+	/**
+	 * 获取指定的{@link TrustManager}<br>
+	 * 此方法主要用于获取自签证书的{@link TrustManager}
+	 *
+	 * @param keyStore  {@link KeyStore}
+	 * @return {@link TrustManager} or {@code null}
+	 * @since 6.0.0
+	 */
+	public static TrustManager[] getTrustManagers(final KeyStore keyStore) {
+		return getTrustManagers(keyStore, null, null);
 	}

 	/**
@@ -107,7 +120,22 @@ public class TrustManagerUtil {
 	 * @return {@link TrustManager} or {@code null}
 	 * @since 6.0.0
 	 */
-	public static TrustManager[] getTrustManagers(final KeyStore keyStore, String algorithm, final Provider provider) {
+	public static TrustManager[] getTrustManagers(final KeyStore keyStore, final String algorithm,
+												  final Provider provider) {
+		return getTrustManagerFactory(keyStore, algorithm, provider).getTrustManagers();
+	}
+
+	/**
+	 * 获取指定的{@link TrustManagerFactory}
+	 *
+	 * @param keyStore  {@link KeyStore}
+	 * @param algorithm 算法名称，如"SunX509"，{@code null}表示默认SunX509
+	 * @param provider  算法提供者，如bc，{@code null}表示默认SunJSSE
+	 * @return {@link TrustManager} or {@code null}
+	 * @since 6.0.0
+	 */
+	public static TrustManagerFactory getTrustManagerFactory(final KeyStore keyStore, String algorithm,
+															 final Provider provider) {
 		final TrustManagerFactory tmf;

 		if(StrUtil.isEmpty(algorithm)){
@@ -128,6 +156,6 @@ public class TrustManagerUtil {
 			throw new HutoolException(e);
 		}

-		return tmf.getTrustManagers();
+		return tmf;
 	}
 }