属性文件格式的安全 TCP 套接字附加程序的 log4j2 配置
log4j2 configuration of a secure TCP Socket appender in properties file format
我正在努力使我的套接字附加程序安全。
当前配置为:
appender.socket.type = Socket
appender.socket.name = SOCKET_APPENDER
appender.socket.host = localhost
appender.socket.port = 4712
appender.socket.reconnectionDelayMillis = 10000
如何向其中添加 SSL 配置(密钥库配置和信任库配置)?
通过添加使其工作:
appender.smswebstart.protocol = TCP
appender.smswebstart.ssl.type = SSL
appender.smswebstart.ssl.protocol = SSL
appender.smswebstart.ssl.keystore.type=KeyStore
appender.smswebstart.ssl.keystore.location=${ctx:location}
appender.smswebstart.ssl.keystore.password=${ctx:password}
appender.smswebstart.ssl.truststore.type=TrustStore
appender.smswebstart.ssl.truststore.location=${ctx:location}
appender.smswebstart.ssl.truststore.password=${ctx:password}
这样做的问题是,它使存储密钥在这里成为纯文本。
因此,另一种方法是使用自定义附加程序。
这是我如何获得自定义附加程序的。
@Plugin(
name = "SSLSocket",
category = "Core",
elementType = "appender",
printObject = true
)
public class SSLSocketAppender extends SocketAppender {
private static StatusLogger statusLogger = StatusLogger.getLogger();
protected SSLSocketAppender(String name, Layout<? extends Serializable> layout, Filter filter, AbstractSocketManager manager, boolean ignoreExceptions, boolean immediateFlush, Advertiser advertiser) {
super(name, layout, filter, manager, ignoreExceptions, immediateFlush, advertiser);
}
@PluginFactory
public static SSLSocketAppender createAppender(@PluginAttribute("host") String host, @PluginAttribute(value = "port", defaultInt = 0) int port, @PluginAttribute("protocol") Protocol protocol, @PluginAttribute("name") String name, @PluginElement("Layout") Layout<? extends Serializable> layout, @PluginElement("Filter") Filter filter, @PluginAttribute(value = "connectTimeoutMillis",defaultInt = 0) int connectTimeoutMillis, @PluginAliases({"reconnectionDelay"}) @PluginAttribute(value = "reconnectionDelayMillis",defaultInt = 0) int reconnectDelayMillis, @PluginAttribute(value = "immediateFail",defaultBoolean = true) boolean immediateFail) {
AbstractSocketManager manager = SslSocketManager.getSocketManager(getSSLConfig(), host, port, connectTimeoutMillis, reconnectDelayMillis, immediateFail, layout);
return new SSLSocketAppender(name, layout, filter, manager, true, true, null);
}
private static SslConfiguration getSSLConfig() {
KeyStoreConfiguration keyStoreConfig = null;
TrustStoreConfiguration trustStoreConfig = null;
try {
keyStoreConfig = KeyStoreConfiguration.createKeyStoreConfiguration(keyStorePath, keyStoreKey.toString(), keyFormat, null);
trustStoreConfig = TrustStoreConfiguration.createKeyStoreConfiguration(keyStorePath, keyStoreKey.toString(), keyFormat, null);
}
catch (StoreConfigurationException sce)
{
statusLogger.log(Level.ERROR, "Unable to configure secure socket : " + sce.getMessage());
}
SslConfiguration sslConfig = SslConfiguration.createSSLConfiguration(Protocol.SSL.toString(),keyStoreConfig, trustStoreConfig);
return sslConfig;
}
}
并在配置中使用 "SSLSocket" 作为 appender 类型而不是 "Socket"
我正在努力使我的套接字附加程序安全。 当前配置为:
appender.socket.type = Socket
appender.socket.name = SOCKET_APPENDER
appender.socket.host = localhost
appender.socket.port = 4712
appender.socket.reconnectionDelayMillis = 10000
如何向其中添加 SSL 配置(密钥库配置和信任库配置)?
通过添加使其工作:
appender.smswebstart.protocol = TCP
appender.smswebstart.ssl.type = SSL
appender.smswebstart.ssl.protocol = SSL
appender.smswebstart.ssl.keystore.type=KeyStore
appender.smswebstart.ssl.keystore.location=${ctx:location}
appender.smswebstart.ssl.keystore.password=${ctx:password}
appender.smswebstart.ssl.truststore.type=TrustStore
appender.smswebstart.ssl.truststore.location=${ctx:location}
appender.smswebstart.ssl.truststore.password=${ctx:password}
这样做的问题是,它使存储密钥在这里成为纯文本。 因此,另一种方法是使用自定义附加程序。
这是我如何获得自定义附加程序的。
@Plugin(
name = "SSLSocket",
category = "Core",
elementType = "appender",
printObject = true
)
public class SSLSocketAppender extends SocketAppender {
private static StatusLogger statusLogger = StatusLogger.getLogger();
protected SSLSocketAppender(String name, Layout<? extends Serializable> layout, Filter filter, AbstractSocketManager manager, boolean ignoreExceptions, boolean immediateFlush, Advertiser advertiser) {
super(name, layout, filter, manager, ignoreExceptions, immediateFlush, advertiser);
}
@PluginFactory
public static SSLSocketAppender createAppender(@PluginAttribute("host") String host, @PluginAttribute(value = "port", defaultInt = 0) int port, @PluginAttribute("protocol") Protocol protocol, @PluginAttribute("name") String name, @PluginElement("Layout") Layout<? extends Serializable> layout, @PluginElement("Filter") Filter filter, @PluginAttribute(value = "connectTimeoutMillis",defaultInt = 0) int connectTimeoutMillis, @PluginAliases({"reconnectionDelay"}) @PluginAttribute(value = "reconnectionDelayMillis",defaultInt = 0) int reconnectDelayMillis, @PluginAttribute(value = "immediateFail",defaultBoolean = true) boolean immediateFail) {
AbstractSocketManager manager = SslSocketManager.getSocketManager(getSSLConfig(), host, port, connectTimeoutMillis, reconnectDelayMillis, immediateFail, layout);
return new SSLSocketAppender(name, layout, filter, manager, true, true, null);
}
private static SslConfiguration getSSLConfig() {
KeyStoreConfiguration keyStoreConfig = null;
TrustStoreConfiguration trustStoreConfig = null;
try {
keyStoreConfig = KeyStoreConfiguration.createKeyStoreConfiguration(keyStorePath, keyStoreKey.toString(), keyFormat, null);
trustStoreConfig = TrustStoreConfiguration.createKeyStoreConfiguration(keyStorePath, keyStoreKey.toString(), keyFormat, null);
}
catch (StoreConfigurationException sce)
{
statusLogger.log(Level.ERROR, "Unable to configure secure socket : " + sce.getMessage());
}
SslConfiguration sslConfig = SslConfiguration.createSSLConfiguration(Protocol.SSL.toString(),keyStoreConfig, trustStoreConfig);
return sslConfig;
}
}
并在配置中使用 "SSLSocket" 作为 appender 类型而不是 "Socket"