首页 > 其他分享 >mongo ssl

mongo ssl

时间:2023-11-20 17:46:07浏览次数:46  
标签:mongo builder ssl static import true public 

import com.mongodb.ConnectionString;
import com.mongodb.MongoClientSettings;
import com.mongodb.client.MongoClients;
import com.mongodb.client.MongoClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.concurrent.TimeUnit;

public class MongoClientUtil {

    private static final Logger logger = LoggerFactory.getLogger(MongoClientUtil.class);

    private MongoClientUtil() {}

    private static MongoClient mongoClient;
    public static MongoClient getInstance() {
        return mongoClient;
    }

    static {
        try {
            SSLContext sslcontext = SSLContext.getInstance("TLS");
            sslcontext.init(null, new TrustManager[]{new MyX509TrustManager()}, new java.security.SecureRandom());
            MongoClientSettings settings = MongoClientSettings.builder()
                    .applyConnectionString(new ConnectionString("mongodb://,,/admin?authSource=admin&readPreference=primary&ssl=true&tlsAllowInvalidCertificates=true&tlsAllowInvalidHostnames=true"))
                    .applyToClusterSettings(builder -> builder.serverSelectionTimeout(5, TimeUnit.SECONDS))
                    .applyToSocketSettings(builder -> builder.connectTimeout(5, TimeUnit.SECONDS).readTimeout(10, TimeUnit.SECONDS))
                    .applyToSslSettings(builder -> builder.invalidHostNameAllowed(true).enabled(true).context(sslcontext))
                    .build();
            mongoClient = MongoClients.create(settings);
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
        }
    }

    private static class MyX509TrustManager implements X509TrustManager {

        @Override
        public void checkClientTrusted(X509Certificate certificates[], String authType) throws CertificateException {
            logger.info("check client");
        }

        @Override
        public void checkServerTrusted(X509Certificate[] ax509certificate, String s) throws CertificateException {
            logger.info("check server");
        }

        @Override
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }

}

  

在windows compass中有用的tlsAllowInvalidCertificates,这个client并不支持,所以一定要定义一个sslcontext信任所有服务器证书

标签:mongo,builder,ssl,static,import,true,public
From: https://www.cnblogs.com/silyvin/p/17844465.html

相关文章

  • openwrt uhttpd 配置 ssl 证书用于 dnspod 域名
    uHTTPd 是一个OpenWrt/LUCI开发者从头编写的Web服务器。它着力于实现一个稳定高效的服务器,能够满足嵌入式设备的轻量级任务需求,且能够与OpenWrt的配置框架(UCI)整合。默认情况下它被用于OpenWrt的Web管理接口 LuCI。当然,uHTTPd也能提供一个常规Web服务器所需要......
  • JVM深入学习-ClassLoader篇(一)
    初识JVM---ClassLoader深入理解ClassLoader、SPI机制Class对象的理解java在诞生之初,就有一次编译到处运行的名言,今天我们来探究一下,从java代码到class到运行,JVM中的ClassLoader充当一个什么样的角色。一个简单的JVM流程图(简单了解)流程图.jpg从位置角度理解JVM:就JVM在......
  • C++使用OpenSSL实现AES-256-CBC加密解密实例----亲测OK
    摘自:https://blog.csdn.net/GerZhouGengCheng/article/details/106103039//AesUtil.h#ifndef__AES_UTIL_H__#define__AES_UTIL_H__#ifdef__cplusplus//告诉编译器,这部分代码按C语言的格式进行编译,而不是C++的extern"C"{#endifstringUTIL_aes_cbc_e......
  • Base64编码、解码 C语言例子(使用OpenSSL库)----亲测OK
    摘自:https://www.dandelioncloud.cn/article/details/1498198300963708930 //Base64Util.h#ifndef__BASE64_UTIL_H__#define__BASE64_UTIL_H__#ifdef__cplusplus//告诉编译器,这部分代码按C语言的格式进行编译,而不是C++的extern"C"{#endifstring......
  • openssl做HMAC实例(C++)----自测OK
    摘自:https://blog.csdn.net/mijichui2153/article/details/1047414601、HMAC简介(1)MAC(MessageAuthenticationCode,消息认证码算法),可以将其认为是含有秘钥的散列(Hash)函数算法;即兼容了MD和SHA算法,并在此基础上加上了秘钥。因此MAC算法也经常被称作HMAC算法。当然HMAC就是“基......
  • openssl做HMAC实例(C++)原文
    摘自:https://blog.csdn.net/mijichui2153/article/details/1047414601、HMAC简介(1)MAC(MessageAuthenticationCode,消息认证码算法),可以将其认为是含有秘钥的散列(Hash)函数算法;即兼容了MD和SHA算法,并在此基础上加上了秘钥。因此MAC算法也经常被称作HMAC算法。当然HMAC就是“基......
  • 设置pgsql使用SSL加密(自签名证书)
    1、切换至postgres用户supostgres2、进入到pgsql的安装目录cd/home/data/postgresql-11.63、生成自签名证书opensslreq-new-x509-days365-nodes-outserver.crt-keyoutserver.key依次输入国家:CN哪个州:Asia城市:SHANGHAI公司:SH部门:SH服务器名称:SH邮箱:可不写如图......
  • mongoDB命令行交互
    命令行交互命令行交互一般是学习数据库的第一步,不过这些命令在后续用的比较少,了解即可。角色命令创建角色useadmindb.createUser({"user":"root","pwd":passwordPrompt(),"roles":[{role:"role",db:"<database>"}|"root"]})校验......
  • OpenSSL - Certificate Generation
    WewillusetheOpenSSL(https://www.openssl.org/source/)tooltogenerateself-signedcertificates.Acertificateauthority(CA)isresponsibleforstoring,signing,and issuingdigitalcertificates.Thismeanswewillfirstgenerateaprivatekeyanda......
  • DOCKER安装mongo
    下载指定版本的mongo镜像​ dockerpullmongo:4.4.0启动镜像dockerrun-d--namemongo--restart=always-eTZ=Asia/Shanghai-v/home/mongo/data/db:/data/db-v/home/mongo/data/log:/var/log/mongodb-p27017:27017--privileged=truemongo:4.4.0-authdocke......

赞助商

阅读排行

网站主页关于我们联系我们网站地图

本网站内容转载自其他媒体,侵权联系[admin##ips99.com]。

Copyright © 2020-2023 IPS99 版权所有 IPS99