是否可以使用Akka-HTTP的API在运行时在Web服务器中重新加载证书?我希望在不关闭服务器的情况下重新加载HttpsConnectionContext。有没有办法做到这一点?我已经实现了一种读取证书续签的机制,但是我的问题是在运行时重新加载上下文。下面我显示了如何启动服务器:
log.info("HTTPS ENABLED!")
val https: HttpsConnectionContext = newHttpsConnectionContext()
val (host, port, connectionContext) = ("0.0.0.0", 8080, https)
log.debug(s" Binding RESTful Web Services ... https://$host:$port/")
val bindingFuture =
Http().bindAndHandle(
endpoints,
host,
port,
connectionContext
)
bindingFuture.onComplete {
case Success(bind) =>
log.info(s"HTTPS server binding $bind")
binding = Some(bind)
log.warn(
s" Service online at https://$host:$port/"
)
case Failure(ex) =>
log.error(
s" Failed to bind to https://$host:$port/ - Error : ${ex.getMessage}"
)
close()
}
}
def newHttpsConnectionContext(): HttpsConnectionContext = {
import myService.TlsSettings
log.debug(
s"Creating a new HTTPS Connection Context between my Service (Server) and Clients..."
)
val sslParameters: Option[SSLParameters] = None
val sslConnectionContext: HttpsConnectionContext =
ConnectionContext.https(
TlsSettings(
ApplicationProperties.clientCert,
ApplicationProperties.clientPrivKey
).sslContext,
None,
Some(SSL_CIPHER_SUITES),
Some(SSL_PROTOCOLS),
Some(TLSClientAuth.Need),
sslParameters
)
log.info(
s"HTTPS Connection Context my Service <--> Clients created! $sslConnectionContext"
)
sslConnectionContext
}
我会重新考虑您为什么要这么做。您应该选择一个CA,为自己创建一个证书,然后一直使用它。您的客户还应该知道他需要如何加密发送给您的数据。如果您即时进行更改,则可能会使用现有的客户端。您能否详细说明您要解决的情况?