問題を解決する方法を見つけました。
確かに、ここに示すように、mongo証明書をJavaセキュリティに登録しました:
sudo keytool -import -alias ca1 -file mongo-CA-cert.crt -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit
私は次のことを行いました:1)pemファイルをpkcs12に変換します
openssl pkcs12 -export -out hikmatuser.pfx -inkey hkshreimuser.key -in hkshreimuser.crt -certfile mongo-CA-cert.crt
2)テスト用に次のJAVAコードを記述しましたが、正常に動作します:
private SSLContext getSSLContext(String filePath){
String password = "123456";
String jvm_certs_path = "/usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts";
String jvm_certs_password = "changeit";
try{
KeyStore clientStore = KeyStore.getInstance("PKCS12");
clientStore.load(new FileInputStream(filePath), password.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(clientStore, password.toCharArray());
KeyManager[] kms = kmf.getKeyManagers();
KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(new FileInputStream(jvm_certs_path), jvm_certs_password.toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(trustStore);
TrustManager[] tms = tmf.getTrustManagers();
SSLContext sslContext = null;
sslContext = SSLContext.getInstance("TLS");
sslContext.init(kms, tms, new SecureRandom());
return sslContext;
}catch (Exception e){
e.printStackTrace();
}
return null;
}
public void getMongoClient() {
String filePath2 = "/home/hikmat/mongodbssl/s2/hikmatuser.pfx";
String user = "[email protected],CN=xxxx,OU=xxxxxx,O=xxxxxx,L=xxxx,ST=xxxx,C=XX";
SSLContext sslContext = getSSLContext(filePath2);
MongoCredential credential = MongoCredential.createMongoX509Credential(user);
MongoClientOptions options = MongoClientOptions.builder().sslEnabled(true).sslContext(sslContext).build();
//mongodbserver should be the same name "CN" that you use when you create server cert file
MongoClient mongoClient = new MongoClient(new ServerAddress("mongodbserver", 27017), credential,options);
return mongoClient;
}// end of method