Я использую эластичный поиск 7.1.0. Я хочу подключиться к защищенному кластеру elasicsearch. Когда я пытаюсь записать данные с помощью RestHighLevelClient, я всегда получаю исключение, несмотря ни на что.
Я работаю в Ubuntu 18.04.2 LTS, а intellJ использует / usr / lib / jvm / java-11-openjdk-amd64, и я использую весеннюю загрузку
Сначала я создаю хранилище ключей, а затем добавляю закрытый ключ и цепочку сертификатов.
Чем я назначаю хранилище ключей в хранилище доверенных сертификатов.
Когда создается @Bean HighRestLevelClient, я добавляю sslContext в клиент Rest, как показано здесь:
https://www.elastic.co/guide/en/elasticsearch/client/java-rest/current/_encrypted_communication.html
Пожалуйста, смотрите код.
@Bean
public void initKeyStore() {
try {
log.info("start creating keystore");
KeyStore keyStore = KeyStore.getInstance("JKS");
char[] pwdArray = "pwd".toCharArray();
keyStore.load(null, pwdArray);
FileOutputStream fos = new FileOutputStream("absolutPathToKeystore/elasticKeyStore");
keyStore.store(fos, pwdArray);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate certCA = cf.generateCertificate(new FileInputStream("es-certs/ca.crt"));
Certificate esNodeCert = cf.generateCertificate(new FileInputStream("es-node.crt"));
X509Certificate[] certificates = new X509Certificate[2];
certificates[0] = (X509Certificate)esNodeCert;
certificates[1] = (X509Certificate)certCA;
byte[] keyBytes = Files.readAllBytes(Paths.get("es-node-pkcs8.der"));;
PKCS8EncodedKeySpec pubSpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory kf = KeyFactory.getInstance("RSA");
PrivateKey privateKey = kf.generatePrivate(pubSpec);
keyStore.setKeyEntry("secure-elastic-connection", privateKey, pwdArray, certificates);
System.setProperty("javax.net.ssl.trustStore", "absolutPathToKeystore/elasticKeyStore");
} catch (KeyStoreException | IOException | NoSuchAlgorithmException | CertificateException | InvalidKeySpecException e) {
log.error("something went wrong creating keystore");
log.error(e.getMessage());
}
log.info("finished creating keystore");
}
@Bean(destroyMethod = "close")
@DependsOn("initKeyStore")
public RestHighLevelClient client() {
RestHighLevelClient client = null;
try {
log.info("start setting up elastic search connection");
final CredentialsProvider credentialsProvider =
new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY,
new UsernamePasswordCredentials("elasticuser", "pwd"));
KeyStore truststore = KeyStore.getInstance(KeyStore.getDefaultType());
truststore.load(new FileInputStream("absolutPathTo/elasticKeyStore"), "pwd".toCharArray());
SSLContextBuilder sslBuilder = SSLContexts.custom()
.loadTrustMaterial(truststore, null);
final SSLContext sslContext = sslBuilder.build();
client = new RestHighLevelClient(
RestClient.builder(new HttpHost(esHost, esPort, "https"))
.setHttpClientConfigCallback(new RestClientBuilder.HttpClientConfigCallback() {
@Override
public HttpAsyncClientBuilder customizeHttpClient(
HttpAsyncClientBuilder httpClientBuilder) {
return httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider).setSSLContext(sslContext);
}
}));
} catch (KeyStoreException | IOException | CertificateException e) {
log.info("something went wrong loading keystore for elasticsearch");
log.error(e.getMessage());
} catch (NoSuchAlgorithmException | KeyManagementException e) {
log.info("something went wrong loading sslcontext for elasticsearch");
log.error(e.getMessage());
}
log.info("finished setting up elasic search connection");
return client;
}
java.io.IOException: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at org.elasticsearch.client.RestClient$SyncResponseListener.get(RestClient.java:948)
at org.elasticsearch.client.RestClient.performRequest(RestClient.java:227)
at org.elasticsearch.client.RestHighLevelClient.internalPerformRequest(RestHighLevelClient.java:1433)
at org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1403)
at org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1373)
at org.elasticsearch.client.RestHighLevelClient.index(RestHighLevelClient.java:821)
at com.x24factory.monitoring.service.ElasticsearchServiceImpl.sendOverviewPOJOToElastic(ElasticsearchServiceImpl.java:43)
at com.x24factory.monitoring.service.MonitoringCreatorServiceImpl.sendOverviewToElasticsearch(MonitoringCreatorServiceImpl.java:77)
at com.x24factory.monitoring.service.MonitoringCreatorServiceImpl.createMonitoring(MonitoringCreatorServiceImpl.java:38)
at com.x24factory.monitoring.MonitoringApplication.run(MonitoringApplication.java:56)
at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:813)
at org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:797)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:324)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1260)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1248)
at com.x24factory.monitoring.MonitoringApplication.main(MonitoringApplication.java:33)
Caused by: javax.net.ssl.SSLException: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at org.apache.http.nio.reactor.ssl.SSLIOSession.convert(SSLIOSession.java:258)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doWrap(SSLIOSession.java:265)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:301)
at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:509)
at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:120)
at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:162)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:337)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276)
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:591)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at java.base/java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
at java.base/java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120)
at java.base/java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104)
at java.base/sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:86)
at java.base/sun.security.validator.Validator.getInstance(Validator.java:181)
at java.base/sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:308)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:176)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:249)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:141)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:620)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:461)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:361)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:448)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1065)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1052)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:999)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:281)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:339)
... 9 more