I'm facing a problem when maven building my springboot project containing the keystore and truststore. I have a separate keystore and truststore that I use to communicate with my mongo replica (x509). To do so, I generated pragmatically the ssl context and pass it to the MongoClient and this works. This is where I initiate the MongoClient (for the moment is in the Application main class:
@Value("${mongo.keyStore}")
private String keyStore;
@Value("${mongo.keyStorePassword}")
private String keyStorePassword;
@Value("${mongo.trustStore}")
private String trustStore;
@Value("${mongo.trustStorePassword}")
private String trustStorePassword;
@Value("${mongo.keyAlias}")
private String keyAlias;
@Value("${mongo.subject}")
private String subject;
@Bean
public SSLContext mongoSSLContext() throws GeneralSecurityException, IOException {
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
try (InputStream in = new FileInputStream(keyStore)) {
keystore.load(in, keyStorePassword.toCharArray());
}
KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keystore, keyStorePassword.toCharArray());
KeyStore ts = KeyStore.getInstance(KeyStore.getDefaultType());
try (InputStream in = new FileInputStream(trustStore)) {
ts.load(in, trustStorePassword.toCharArray());
}
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(ts);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());
return sslContext;
}
@Bean
public X509Certificate mongoClientCertificate() throws GeneralSecurityException, IOException {
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
try (InputStream in = new FileInputStream(keyStore)) {
keystore.load(in, keyStorePassword.toCharArray());
}
KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keystore, keyStorePassword.toCharArray());
X509KeyManager keyManager = (X509KeyManager) keyManagerFactory.getKeyManagers()[0];
return keyManager.getCertificateChain(keyAlias)[0];
}
@Bean
public MongoClientSettingsBuilderCustomizer mongoSslCustomizer(SSLContext mongoSSLContext) {
return clientSettingsBuilder -> clientSettingsBuilder.applyToSslSettings(sslBuilder -> sslBuilder.context(mongoSSLContext));
}
and here are my configs:
mongo:
trustStore: ${PWD}/src/main/resources/keystore/ts.keystore
trustStorePassword: <password>
keyStore: ${PWD}/src/main/resources/keystore/ks.jks
keyStorePassword: <password>
keyAlias: <key-alias>
subject: <subject>
The keystore and truststore reside in src/main/resources. At the moment the application starts up correctly. But when I issue the mvn clean package
, I get the error of malformed input, which is coming from the keystore and truststore files. I tried to remove them from the project and place them somewhere else at installation time, but it is complaining because the files are not found.
I suspect that I'm not doing this correctly... Can someone help?
Thank you!
Can you try this out in your pom.xml ?
<build>
<resources>
<resource>
<directory>${project.basedir}/src/main/resources</directory>
<filtering>true</filtering>
<excludes>
<exclude>**/*.keystore</exclude>
<exclude>**/*.jks</exclude>
</excludes>
</resource>
<resource>
<directory>src/main/resources</directory>
<filtering>false</filtering>
<includes>
<include>**/*.keystore</include>
<include>**/*.jks</include>
</includes>
</resource>
</resources>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.