bsm-lab
/
dfxconsole
1
0
Fork 0
Code Issues 7 Pull Requests Packages Projects Releases Wiki Activity

dfxagent 사설 인증서를 통한 https 통신 기능 테스트 완료

Browse Source
main
icksishu@gmail.com 1 week ago
parent 8c0ebd7b49
commit 7da201a635
4 changed files with 131 additions and 7 deletions
Show Stats Download Patch File Download Diff File

63
src/certificate/create-leaf-bsm-lab-postgres.md
Unescape View File

@ -116,3 +116,66 @@ openssl pkcs12 -export -inkey dfxagent-bsm-lab-postgres.key -in dfxagent-bsm-lab
Enter Export Password: 백세민1! Enter Export Password: 백세민1!
--- ---
# TLS 적용시 실행환경에 옵션 추가 필요
## 1) java 옵션 설정
### 필수 옵션
```
-Djavax.net.ssl.trustStore="D:\projects\bsm-lab\dfx\dfxagent\src\docs\agent-bsm-lab-postgres\cert\truststore-merged.jks"
-Djavax.net.ssl.trustStorePassword=changeit
-Djavax.net.ssl.keyStore="D:\projects\bsm-lab\dfx\dfxagent\src\docs\agent-bsm-lab-postgres\cert\dfxagent-bsm-lab-postgres.p12"
-Djavax.net.ssl.keyStorePassword=qortpals1!
-Djavax.net.ssl.keyStoreType=PKCS12
```
### 메모리 설정, 디버그 등 선택 옵션
```
-Dfile.encoding=UTF-8 -Xms2048m -Xmx8192m -XshowSettings:properties
-Djavax.net.debug=ssl,handshake,trustmanager
```
> 주의할 점 : -jar 옵션 앞에 위치하여야 함
## 2) 실행 스크립트
### 2-1) linux 환경
```bash
#!/bin/sh
AGENT_HOME=/home/dfxagent/agent
JAVA_OPTS="-Xms2048m -Xmx8192m"
TLS_OPTS="-Djavax.net.ssl.trustStore=$AGENT_HOME/cert/truststore-merged.jks -Djavax.net.ssl.trustStorePassword=changeit -Djavax.net.ssl.keyStore=$AGENT_HOME/cert/dfxagent-tuf-a15-defree-oracle.p12 -Djavax.net.ssl.keyStorePassword=qortpals1! -Djavax.net.ssl.keyStoreType=PKCS12"
TODAY=$(date "+%Y%m%d")
#java -jar $AGENT_HOME/lib/dfxagent.jar -Xms2048m -Xmx8192m --setting.file=$AGENT_HOME/conf/settings.json &
java -XX:TieredStopAtLevel=1 $JAVA_OPTS $TLS_OPTS -jar $AGENT_HOME/lib/dfxagent.jar -Xms2048m -Xmx8192m --setting.file=$AGENT_HOME/conf/settings.json &
#JDK: Red Hat OpenJDK 17.0.11+9 (LTS), OS: Rocky Linux 8.10 사용 중 하기의 오류 발생 -> -XX:TieredStopAtLevel=1 추가 (C1만 사용하여 C2 비활성화)
#크래시 시그널: SIGSEGV
#문제 프레임: PhaseOutput::BuildOopMaps() (HotSpot C2 JIT 내부)
#크래시 스레드: "C2 CompilerThread2" (JIT 컴파일러 스레드)
#크래시 직전 컴파일 중이던 메서드: C2: ... org.springframework.boot.loader.net.protocol.jar.Handler::openConnection (5 bytes)
```
### 2-2) windows 환경
```cmd
@echo off
setlocal
REM Update this path for your Windows environment.
set "JAVA_HOME=C:\Program Files\Java\jdk-17"
set "AGENT_HOME=D:\projects\bsm-lab\dfx\dfxagent\src\docs\agent-bsm-lab-postgres"
set "JAVA_OPTS= -Dfile.encoding=UTF-8 -Xms2048m -Xmx8192m -XshowSettings:properties"
set "TLS_OPTS= -Djavax.net.debug=ssl,handshake,trustmanager -Djavax.net.ssl.trustStore="%AGENT_HOME%\cert\truststore-merged.jks" -Djavax.net.ssl.trustStorePassword=changeit -Djavax.net.ssl.keyStore="%AGENT_HOME%\cert\dfxagent-bsm-lab-postgres.p12" -Djavax.net.ssl.keyStorePassword=qortpals1! -Djavax.net.ssl.keyStoreType=PKCS12"
for /f %%i in ('powershell -NoProfile -Command "Get-Date -Format yyyyMMdd"') do set "TODAY=%%i"
chcp 65001
REM 콘솔 출력이 필요한 경우 아래의 명령으로 실행
REM start "" cmd /c ""%JAVA_HOME%\bin\java.exe" %JAVA_OPTS% %TLS_OPTS% -jar "%AGENT_HOME%\..\..\..\build\libs\dfxagent-1.0.9.jar" --setting.file="%AGENT_HOME%\conf\dfxagent-bsm-lab-postgres.json" 1>>"dfxagent-bsm-lab-postgres-console-debug-%TODAY%.log" 2>&1"
REM 일반적으로 실행할 경우 아래의 명령으로 실행
start "" "%JAVA_HOME%\bin\java.exe" %JAVA_OPTS% %TLS_OPTS% -jar "%AGENT_HOME%\..\..\..\build\libs\dfxagent-1.0.9.jar" --setting.file="%AGENT_HOME%\conf\dfxagent-bsm-lab-postgres.json" 2>&1
endlocal
```
---

62
src/certificate/create-leaf-tuf-a15-defree-oracle.md
Unescape View File

@ -117,3 +117,65 @@ Enter Export Password: 백세민1!
--- ---
# TLS 적용시 실행환경에 옵션 추가 필요
## 1) java 옵션 설정
### 필수 옵션
```
-Djavax.net.ssl.trustStore="D:\projects\bsm-lab\dfx\dfxagent\src\docs\agent-tuf-a15-defree-oracle\cert\truststore-merged.jks"
-Djavax.net.ssl.trustStorePassword=changeit
-Djavax.net.ssl.keyStore="D:\projects\bsm-lab\dfx\dfxagent\src\docs\agent-tuf-a15-defree-oracle\cert\dfxagent-tuf-a15-defree-oracle.p12"
-Djavax.net.ssl.keyStorePassword=qortpals1!
-Djavax.net.ssl.keyStoreType=PKCS12
```
### 메모리 설정, 디버그 등 선택 옵션
```
-Dfile.encoding=UTF-8 -Xms2048m -Xmx8192m -XshowSettings:properties
-Djavax.net.debug=ssl,handshake,trustmanager
```
> 주의할 점 : -jar 옵션 앞에 위치하여야 함
## 2) 실행 스크립트
### 2-1) linux 환경
```bash
#!/bin/sh
AGENT_HOME=/home/dfxagent/agent
JAVA_OPTS="-Xms2048m -Xmx8192m"
TLS_OPTS="-Djavax.net.ssl.trustStore=$AGENT_HOME/cert/truststore-merged.jks -Djavax.net.ssl.trustStorePassword=changeit -Djavax.net.ssl.keyStore=$AGENT_HOME/cert/dfxagent-tuf-a15-defree-oracle.p12 -Djavax.net.ssl.keyStorePassword=qortpals1! -Djavax.net.ssl.keyStoreType=PKCS12"
TODAY=$(date "+%Y%m%d")
#java -jar $AGENT_HOME/lib/dfxagent.jar -Xms2048m -Xmx8192m --setting.file=$AGENT_HOME/conf/settings.json &
java -XX:TieredStopAtLevel=1 $JAVA_OPTS $TLS_OPTS -jar $AGENT_HOME/lib/dfxagent.jar -Xms2048m -Xmx8192m --setting.file=$AGENT_HOME/conf/settings.json &
#JDK: Red Hat OpenJDK 17.0.11+9 (LTS), OS: Rocky Linux 8.10 사용 중 하기의 오류 발생 -> -XX:TieredStopAtLevel=1 추가 (C1만 사용하여 C2 비활성화)
#크래시 시그널: SIGSEGV
#문제 프레임: PhaseOutput::BuildOopMaps() (HotSpot C2 JIT 내부)
#크래시 스레드: "C2 CompilerThread2" (JIT 컴파일러 스레드)
#크래시 직전 컴파일 중이던 메서드: C2: ... org.springframework.boot.loader.net.protocol.jar.Handler::openConnection (5 bytes)
```
### 2-2) windows 환경
```cmd
@echo off
setlocal
REM Update this path for your Windows environment.
set "JAVA_HOME=C:\Program Files\Java\jdk-17"
set "AGENT_HOME=D:\projects\bsm-lab\dfx\dfxagent\src\docs\agent-tuf-a15-defree-oracle"
set "JAVA_OPTS= -Dfile.encoding=UTF-8 -Xms2048m -Xmx8192m -XshowSettings:properties"
set "TLS_OPTS= -Djavax.net.debug=ssl,handshake,trustmanager -Djavax.net.ssl.trustStore="%AGENT_HOME%\cert\truststore-merged.jks" -Djavax.net.ssl.trustStorePassword=changeit -Djavax.net.ssl.keyStore="%AGENT_HOME%\cert\dfxagent-tuf-a15-defree-oracle.p12" -Djavax.net.ssl.keyStorePassword=qortpals1! -Djavax.net.ssl.keyStoreType=PKCS12"
for /f %%i in ('powershell -NoProfile -Command "Get-Date -Format yyyyMMdd"') do set "TODAY=%%i"
chcp 65001
REM 콘솔 출력이 필요한 경우 아래의 명령으로 실행
REM start "" cmd /c ""%JAVA_HOME%\bin\java.exe" %JAVA_OPTS% %TLS_OPTS% -jar "%AGENT_HOME%\..\..\..\build\libs\dfxagent-1.0.9.jar" --setting.file="%AGENT_HOME%\conf\dfxagent-bsm-lab-postgres.json" 1>>"dfxagent-bsm-lab-postgres-console-debug-%TODAY%.log" 2>&1"
REM 일반적으로 실행할 경우 아래의 명령으로 실행
start "" "%JAVA_HOME%\bin\java.exe" %JAVA_OPTS% %TLS_OPTS% -jar "%AGENT_HOME%\..\..\..\build\libs\dfxagent-1.0.9.jar" --setting.file="%AGENT_HOME%\conf\dfxagent-bsm-lab-postgres.json" 2>&1
endlocal
```
---

8
src/certificate/create-rootca.md
Unescape View File

@ -110,13 +110,17 @@ type ..\intermediate\intermediate-kdn.crt rootca-kdn.crt > ..\intermediate\ca-ch
--- ---
## 3) (클라이언트 검증용) truststore 만들기 - JKS truststore ## 3) 공인 CA + (클라이언트 검증용) truststore 만들기 - JKS truststore
```bash ```bash
cd ../intermediate cd ../intermediate
keytool -importcert -alias dfxagent-kdn -file ca-chain-kdn.crt -keystore truststore-dfxagent-kdn.jks -storepass qortpals1! -noprompt cp $JAVA_HOME/lib/security/cacerts truststore-public.jks
cp truststore-public.jks truststore-merged.jks
keytool -importcert -alias dfxagent-kdn -file ca-chain-kdn.crt -keystore truststore-merged.jks -storepass changeit -noprompt
``` ```
console 등 공인 CA를 사용할 수도 있기 때문에 jdk에 포함된 CA truststore에 생성한 keystore 추가함(cacerts
--- ---
## 4) 다음 단계(참고): leaf(에이전트/웹서버) 발급은 Intermediate로 ## 4) 다음 단계(참고): leaf(에이전트/웹서버) 발급은 Intermediate로

5
src/main/java/com/bsmlab/dfx/agent/config/AgentConfigDto.java
Unescape View File

@ -12,11 +12,6 @@ public class AgentConfigDto {
private String myHostName; private String myHostName;
private int myListenPort; private int myListenPort;
private boolean sslEnabled; private boolean sslEnabled;
private String keyStorePath;
private String keyStorePassword;
private String keyStoreAlias;
private String trustStorePath;
private String trustStorePassword;
private List<KnownAgent> knownAgentList; private List<KnownAgent> knownAgentList;
private StatusChecker statusChecker; private StatusChecker statusChecker;
private List<DataSourceConfig> dataSourceConfig; private List<DataSourceConfig> dataSourceConfig;

Write Preview
Loading…
Cancel
Save