MongoDB
 sql >> Database >  >> NoSQL >> MongoDB

Mongodb x.509 'Nessun nome soggetto verificato disponibile dal cliente'

Ho trovato come devo risolvere il problema.

Di sicuro ho registrato il certificato mongo su java security come mostrato qui:

sudo keytool -import -alias ca1 -file mongo-CA-cert.crt -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit

Ho fatto quanto segue:1) Convertire il file pem in pkcs12

openssl pkcs12 -export -out hikmatuser.pfx -inkey hkshreimuser.key -in hkshreimuser.crt -certfile mongo-CA-cert.crt

2) Scrivo il seguente codice JAVA per il test e funziona bene:

private SSLContext getSSLContext(String filePath){

        String password = "123456";
        String jvm_certs_path = "/usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts";
        String jvm_certs_password = "changeit";

        try{

            KeyStore clientStore = KeyStore.getInstance("PKCS12");
            clientStore.load(new FileInputStream(filePath), password.toCharArray());

            KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            kmf.init(clientStore, password.toCharArray());
            KeyManager[] kms = kmf.getKeyManagers();

            KeyStore trustStore = KeyStore.getInstance("JKS");
            trustStore.load(new FileInputStream(jvm_certs_path), jvm_certs_password.toCharArray());

            TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            tmf.init(trustStore);
            TrustManager[] tms = tmf.getTrustManagers();

            SSLContext sslContext = null;
            sslContext = SSLContext.getInstance("TLS");
            sslContext.init(kms, tms, new SecureRandom());

            return  sslContext;

        }catch (Exception e){
            e.printStackTrace();
        }

        return null;

    }

    public void getMongoClient() {

        String filePath2 = "/home/hikmat/mongodbssl/s2/hikmatuser.pfx";
        String user = "[email protected],CN=xxxx,OU=xxxxxx,O=xxxxxx,L=xxxx,ST=xxxx,C=XX";


        SSLContext sslContext = getSSLContext(filePath2);

        MongoCredential credential = MongoCredential.createMongoX509Credential(user);
        MongoClientOptions options = MongoClientOptions.builder().sslEnabled(true).sslContext(sslContext).build();

        //mongodbserver should be the same name "CN" that you use when you create server cert file
        MongoClient mongoClient = new MongoClient(new ServerAddress("mongodbserver", 27017), credential,options);


        return mongoClient;

    }// end of method