Question

我尝试通过SSL证书连接到mongo。我使用MongoClientOptions。我使用KeyManager（带有我的证书）和TrustManager（允许所有）将SSLContext设置为SSLContext。我使用VM选项javax.net.debug = ssl。

在我从javax.net.debug遇到致命错误（描述为致命，描述= unknown_certificate）之前，但现在我在ssl握手期间仅看到警告close_notify，因此我不能低估mongo为什么返回18 Authenticate Failure。我的证书也可以识别，我在javax.net.debug = ssl

的相同日志中看到了它

我的SSLContext：

private static SSLContext getNoopSslSocketFactory() {
        SSLContext sslContext;
        try {
            sslContext = SSLContext.getInstance("SSL");
            FileInputStream myKeys = new FileInputStream("jopa.jks");
            KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(myKeys, "password".toCharArray());
            kmf.init(keyStore, "password".toCharArray());
            KeyManager[] keyManagers = kmf.getKeyManagers();
            sslContext.init(keyManagers, new TrustManager[]{new X509TrustManager() {
                @Override
                public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
                }
                @Override
                public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
                }
                @Override
                public X509Certificate[] getAcceptedIssuers() {
                    return new X509Certificate[0];
                }
            }}, new SecureRandom());
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
        return sslContext;
    }

我的MongoClient设置：

    List<ServerAddress> serverAddresses = new ArrayList<>();
    serverAddresses.add(new ServerAddress(
            host,
            30300));

    serverAddresses.add(new ServerAddress(
            safetyHost,
            30300));
    MongoCredential credential;

    if (environment.getActiveProfiles().length == 0 || environment.getActiveProfiles()[0].equals("!test")) {
        credential = MongoCredential.createCredential(
                username,
                database,
                password.toCharArray());
    } else {
        credential = MongoCredential.createCredential(
                username,
                databaseTest,
                password.toCharArray());
    }

    MongoClientOptions options = MongoClientOptions.builder()
            .readPreference(ReadPreference.primaryPreferred())
            .retryWrites(true)
            .requiredReplicaSetName("replset")
            .maxConnectionIdleTime(6000)
            .sslContext(getNoopSslSocketFactory())
            .sslEnabled(true)
            .build();

    return new MongoClient(serverAddresses, credential, options);

我的错误：

    cluster-ClusterId{value='5d59b55a129d951bc4a931af', description='null'}-HIDDEN, WRITE: TLSv1.2 Application Data, length = 352
cluster-ClusterId{value='5d59b55a129d951bc4a931af', description='null'}-HIDDEN-SAFETY, READ: TLSv1.2 Application Data, length = 1248
cluster-ClusterId{value='5d59b55a129d951bc4a931af', description='null'}-HIDDEN, READ: TLSv1.2 Application Data, length = 1216
cluster-ClusterId{value='5d59b55a129d951bc4a931af', description='null'}-HIDDEN-SAFETY, WRITE: TLSv1.2 Application Data, length = 128
cluster-ClusterId{value='5d59b55a129d951bc4a931af', description='null'}-HIDDEN, WRITE: TLSv1.2 Application Data, length = 128
cluster-ClusterId{value='5d59b55a129d951bc4a931af', description='null'}-HIDDEN-SAFETY, READ: TLSv1.2 Application Data, length = 1504
cluster-ClusterId{value='5d59b55a129d951bc4a931af', description='null'}-HIDDEN-SAFETY, WRITE: TLSv1.2 Application Data, length = 272
cluster-ClusterId{value='5d59b55a129d951bc4a931af', description='null'}-HIDDEN, READ: TLSv1.2 Application Data, length = 1504
cluster-ClusterId{value='5d59b55a129d951bc4a931af', description='null'}-HIDDEN, WRITE: TLSv1.2 Application Data, length = 272
cluster-ClusterId{value='5d59b55a129d951bc4a931af', description='null'}-HIDDEN-SAFETY, READ: TLSv1.2 Application Data, length = 336
cluster-ClusterId{value='5d59b55a129d951bc4a931af', description='null'}-HIDDEN, READ: TLSv1.2 Application Data, length = 336
cluster-ClusterId{value='5d59b55a129d951bc4a931af', description='null'}-HIDDEN-SAFETY, called close()
cluster-ClusterId{value='5d59b55a129d951bc4a931af', description='null'}-HIDDEN-SAFETY, called closeInternal(true)
cluster-ClusterId{value='5d59b55a129d951bc4a931af', description='null'}-HIDDEN, called close()
cluster-ClusterId{value='5d59b55a129d951bc4a931af', description='null'}-HIDDEN, called closeInternal(true)
cluster-ClusterId{value='5d59b55a129d951bc4a931af', description='null'}-HIDDEN-SAFETY, SEND TLSv1.2 ALERT:  warning, description = close_notify
cluster-ClusterId{value='5d59b55a129d951bc4a931af', description='null'}-HIDDEN, SEND TLSv1.2 ALERT:  warning, description = close_notify
cluster-ClusterId{value='5d59b55a129d951bc4a931af', description='null'}-HIDDEN-SAFETY, WRITE: TLSv1.2 Alert, length = 80
cluster-ClusterId{value='5d59b55a129d951bc4a931af', description='null'}-HIDDEN, WRITE: TLSv1.2 Alert, length = 80
cluster-ClusterId{value='5d59b55a129d951bc4a931af', description='null'}-HIDDEN-SAFETY, called closeSocket(true)
cluster-ClusterId{value='5d59b55a129d951bc4a931af', description='null'}-HIDDEN, called closeSocket(true)
18-08-2019 23:30:18.487 [INFO ] iec-stats-custom, cluster-ClusterId{value='5d59b55a129d951bc4a931af', description='null'}-HIDDEN-SAFETY,  org.mongodb.driver.cluster - Exception in monitor thread while connecting to server HIDDEN-SAFETY
com.mongodb.MongoSecurityException: Exception authenticating MongoCredential{mechanism=null, userName='HIDDEN-NAME', source='logging-custom-test', password=<hidden>, mechanismProperties={}}
    at com.mongodb.connection.SaslAuthenticator.wrapException(SaslAuthenticator.java:162)
    at com.mongodb.connection.SaslAuthenticator.access$200(SaslAuthenticator.java:39)
    at com.mongodb.connection.SaslAuthenticator$1.run(SaslAuthenticator.java:68)
    at com.mongodb.connection.SaslAuthenticator$1.run(SaslAuthenticator.java:46)
    at com.mongodb.connection.SaslAuthenticator.doAsSubject(SaslAuthenticator.java:168)
    at com.mongodb.connection.SaslAuthenticator.authenticate(SaslAuthenticator.java:46)
    at com.mongodb.connection.DefaultAuthenticator.authenticate(DefaultAuthenticator.java:32)
    at com.mongodb.connection.InternalStreamConnectionInitializer.authenticateAll(InternalStreamConnectionInitializer.java:122)
    at com.mongodb.connection.InternalStreamConnectionInitializer.initialize(InternalStreamConnectionInitializer.java:52)
    at com.mongodb.connection.InternalStreamConnection.open(InternalStreamConnection.java:127)
    at com.mongodb.connection.DefaultServerMonitor$ServerMonitorRunnable.run(DefaultServerMonitor.java:114)
    at java.lang.Thread.run(Thread.java:748)
Caused by: com.mongodb.MongoCommandException: Command failed with error 18: 'Authentication failed.' on server HIDDEN-SAFETY. The full response is { "operationTime" : { "$timestamp" : { "t" : 1566160216, "i" : 1 } }, "ok" : 0.0, "errmsg" : "Authentication failed.", "code" : 18, "codeName" : "AuthenticationFailed", "$clusterTime" : { "clusterTime" : { "$timestamp" : { "t" : 1566160216, "i" : 1 } }, "signature" : { "hash" : { "$binary" : "uwH/Dl+sK7tJdD/bxIejcXmhnLs=", "$type" : "00" }, "keyId" : { "$numberLong" : "6712027632940089345" } } } }
    at com.mongodb.connection.ProtocolHelper.getCommandFailureException(ProtocolHelper.java:164)
    at com.mongodb.connection.InternalStreamConnection.receiveCommandMessageResponse(InternalStreamConnection.java:295)
    at com.mongodb.connection.InternalStreamConnection.sendAndReceive(InternalStreamConnection.java:255)
    at com.mongodb.connection.CommandHelper.sendAndReceive(CommandHelper.java:84)
    at com.mongodb.connection.CommandHelper.executeCommand(CommandHelper.java:34)
    at com.mongodb.connection.SaslAuthenticator.sendSaslStart(SaslAuthenticator.java:119)
    at com.mongodb.connection.SaslAuthenticator.access$000(SaslAuthenticator.java:39)
    at com.mongodb.connection.SaslAuthenticator$1.run(SaslAuthenticator.java:52)
    ... 9 common frames omitted
18-08-2019 23:30:18.487 [INFO ] iec-stats-custom, cluster-ClusterId{value='5d59b55a129d951bc4a931af', description='null'}-HIDDEN,  org.mongodb.driver.cluster - Exception in monitor thread while connecting to server HIDDEN
com.mongodb.MongoSecurityException: Exception authenticating MongoCredential{mechanism=null, userName='HIDDEN-NAME', source='logging-custom-test', password=<hidden>, mechanismProperties={}}
    at com.mongodb.connection.SaslAuthenticator.wrapException(SaslAuthenticator.java:162)
    at com.mongodb.connection.SaslAuthenticator.access$200(SaslAuthenticator.java:39)
    at com.mongodb.connection.SaslAuthenticator$1.run(SaslAuthenticator.java:68)
    at com.mongodb.connection.SaslAuthenticator$1.run(SaslAuthenticator.java:46)
    at com.mongodb.connection.SaslAuthenticator.doAsSubject(SaslAuthenticator.java:168)
    at com.mongodb.connection.SaslAuthenticator.authenticate(SaslAuthenticator.java:46)
    at com.mongodb.connection.DefaultAuthenticator.authenticate(DefaultAuthenticator.java:32)
    at com.mongodb.connection.InternalStreamConnectionInitializer.authenticateAll(InternalStreamConnectionInitializer.java:122)
    at com.mongodb.connection.InternalStreamConnectionInitializer.initialize(InternalStreamConnectionInitializer.java:52)
    at com.mongodb.connection.InternalStreamConnection.open(InternalStreamConnection.java:127)
    at com.mongodb.connection.DefaultServerMonitor$ServerMonitorRunnable.run(DefaultServerMonitor.java:114)
    at java.lang.Thread.run(Thread.java:748)
Caused by: com.mongodb.MongoCommandException: Command failed with error 18: 'Authentication failed.' on server HIDDEN. The full response is { "operationTime" : { "$timestamp" : { "t" : 1566160216, "i" : 1 } }, "ok" : 0.0, "errmsg" : "Authentication failed.", "code" : 18, "codeName" : "AuthenticationFailed", "$clusterTime" : { "clusterTime" : { "$timestamp" : { "t" : 1566160216, "i" : 1 } }, "signature" : { "hash" : { "$binary" : "uwH/Dl+sK7tJdD/bxIejcXmhnLs=", "$type" : "00" }, "keyId" : { "$numberLong" : "6712027632940089345" } } } }
    at com.mongodb.connection.ProtocolHelper.getCommandFailureException(ProtocolHelper.java:164)
    at com.mongodb.connection.InternalStreamConnection.receiveCommandMessageResponse(InternalStreamConnection.java:295)
    at com.mongodb.connection.InternalStreamConnection.sendAndReceive(InternalStreamConnection.java:255)
    at com.mongodb.connection.CommandHelper.sendAndReceive(CommandHelper.java:84)
    at com.mongodb.connection.CommandHelper.executeCommand(CommandHelper.java:34)
    at com.mongodb.connection.SaslAuthenticator.sendSaslStart(SaslAuthenticator.java:119)
    at com.mongodb.connection.SaslAuthenticator.access$000(SaslAuthenticator.java:39)
    at com.mongodb.connection.SaslAuthenticator$1.run(SaslAuthenticator.java:52)
    ... 9 common frames omitted
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, called close()
Finalizer, called closeInternal(true)

通过SSL连接到mongo

0 个答案: