问题
Refer to Running the client with SSL/TLS. This explains a scenario where server does a client authentication. I am using Spring Integration to process TLS connections. My spring-context file is:
<bean id="sslContextSupport"
class="org.springframework.integration.ip.tcp.connection.DefaultTcpSSLContextSupport">
<constructor-arg value="file:keystore.jks"/>
<constructor-arg value="file:truststore.jks"/>
<constructor-arg value="keystorepass"/>
<constructor-arg value="trustpass"/>
</bean>
<int-ip:tcp-connection-factory id="crLfServer"
type="server"
port="${availableServerSocket}"
single-use="true"
so-timeout="10000"
using-nio="false"
ssl-context-support="sslContextSupport" />
My Server is accepting SSL connections and processing with certificates installed on my server and client. I am not sure whether the above spring configuration is setup for client authentication or not. is the client authentication done at the SSL transaport level or in the Application code?
回答1:
The Spring Integration DefaultTcpSSLContextSupport is fully based on the SSLContext sslContext = SSLContext.getInstance(protocol);. So, what you see in the standard Java SSL/TLS documentation is applied here as well.
Since that your <int-ip:tcp-connection-factory> produces type="server", that is definitely the case of
the server does client authentication
All the hard SSL work is done in the SSLContext layer, not in the TcpNetServerConnectionFactory, if that is the question.
In other words: it doesn't matter that it is Spring Integration or not. Everything works the same way as in any other Java application which users standard SSL/TLS approach.
来源:https://stackoverflow.com/questions/37754652/how-to-setup-tls-server-to-authenticate-client-in-spring-integration