Mongo Java 客户端:如何在启用 SSL 但没有证书的情况下进行连接?
Mongo Java Client: How can I connect with SSL enabled but no certificate?
为了测试,我设置了一个 mongodb 服务器,它允许在没有证书的情况下进行 ssl 连接。我可以使用 RoboMongo 和 mongo-c-driver 以这种方式连接,但是当我尝试 Java 时,我得到:
{javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}}
我尝试将套接字工厂设置为使用默认套接字,但我得到:
com.mongodb.MongoInternalException: SSL is enabled but the socket is not an instance of javax.net.ssl.SSLSocket
我怎样才能建立这个连接?
所以基于通用 SSL 和 this answer by ZZ Coder
MongoClient mongoClient = new MongoClient(serverAddress,
Collections.singletonList(mongoCredential), MongoClientOptions.builder().sslEnabled(true).socketFactory(getNoopSslSoketFactory()).build());
private static SSLSocketFactory getNoopSslSocketFactory() {
SSLContext sslContext;
try {
sslContext = SSLContext.getInstance("SSL");
// set up a TrustManager that trusts everything
sslContext.init(null, new TrustManager[] { new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { }
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { }
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}}, new SecureRandom());
} catch (NoSuchAlgorithmException | KeyManagementException e) {
LOG.error("Couldn't create SSL Context for MongoDB connection", e);
throw new RuntimeException(e);
}
return sslContext.getSocketFactory();
}
```
为了测试,我设置了一个 mongodb 服务器,它允许在没有证书的情况下进行 ssl 连接。我可以使用 RoboMongo 和 mongo-c-driver 以这种方式连接,但是当我尝试 Java 时,我得到:
{javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}}
我尝试将套接字工厂设置为使用默认套接字,但我得到:
com.mongodb.MongoInternalException: SSL is enabled but the socket is not an instance of javax.net.ssl.SSLSocket
我怎样才能建立这个连接?
所以基于通用 SSL 和 this answer by ZZ Coder
MongoClient mongoClient = new MongoClient(serverAddress,
Collections.singletonList(mongoCredential), MongoClientOptions.builder().sslEnabled(true).socketFactory(getNoopSslSoketFactory()).build());
private static SSLSocketFactory getNoopSslSocketFactory() {
SSLContext sslContext;
try {
sslContext = SSLContext.getInstance("SSL");
// set up a TrustManager that trusts everything
sslContext.init(null, new TrustManager[] { new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { }
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { }
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}}, new SecureRandom());
} catch (NoSuchAlgorithmException | KeyManagementException e) {
LOG.error("Couldn't create SSL Context for MongoDB connection", e);
throw new RuntimeException(e);
}
return sslContext.getSocketFactory();
}
```