如何使用最新版本的java驱动核心连接到任何支持ssl的cassandra集群

ohfgkhjo  于 2021-06-10  发布在  Cassandra
关注(0)|答案(0)|浏览(252)

我的群集有以下配置

protocol: TLS
algorithm: SunX509
store_type: JKS

下面是正在运行的3.4java驱动程序的代码。

Cluster.builder()
                .addContactPoints(hostNameList)
                .withCredentials(username, password)
                .withPort(port)
                .withSSL(getSslOptions()).build().connect();
private static SSLOptions getSslOptions() throws NoSuchAlgorithmException, KeyManagementException {
        SSLContext sc = SSLContext.getInstance("TLS");
        sc.init(null, new TrustManager[]{new TrustAllX509TrustManager()}, new SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
        HttpsURLConnection.setDefaultHostnameVerifier((string, ssls) -> true);
        return RemoteEndpointAwareJdkSSLOptions.builder().withSSLContext(sc).build();
    }
public class TrustAllX509TrustManager implements X509TrustManager {
    @Override
    public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
    }
    @Override
    public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
    }
    @Override
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}

类似地,我尝试使用4.5 java驱动程序,但遇到错误-com.datastax.oss.driver.api.core.allnodesfailedexception:无法到达任何联系点
代码

CqlSession.builder()
                .withAuthCredentials(username, password)
                .addContactPoints(Arrays.stream(hostNameList).map(host -> new InetSocketAddress(host, port)).collect(Collectors.toList()))
                .withSslContext(getSslContext()).build();
private SSLContext getSslContext() throws NoSuchAlgorithmException, KeyManagementException {
        SSLContext sc = SSLContext.getInstance("TLS");
        sc.init(null, new TrustManager[]{new TrustAllX509TrustManager()}, new SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
        HttpsURLConnection.setDefaultHostnameVerifier((string, ssls) -> true);
        return sc;
    }

我想要一个通用的方法,这就是为什么我不传递密钥库细节的原因。

暂无答案!

目前还没有任何答案,快来回答吧!

相关问题