如何使用java连接使用SSL和Auth启用的MongoDB

Question

问题

我拥有cafile.pem认证证书，mongodb.pem认证证书。我不知道如何在java中使用它来进行身份验证和连接MongoDB。任何建议都将不胜感激。如果你想提供更多的信息，请告诉我。

场景：

我使用mongo-java-driver-3.4.3.jar连接到一个启用SSL的、启用身份验证的MongoDB 3.7.9共享集群，其中包含3个实例。下面是我试图连接到这个服务器的java代码。

import java.util.ArrayList;
import java.util.List;

import org.bson.Document;

import com.mongodb.MongoClient;
import com.mongodb.MongoClientOptions;
import com.mongodb.MongoCredential;
import com.mongodb.ReadPreference;
import com.mongodb.ServerAddress;
import com.mongodb.client.MongoCollection;
import com.mongodb.client.MongoDatabase;

public class Starter {

    public static void main(String[] args){

        List<MongoCredential> mongoCredentials = new ArrayList<MongoCredential>();
        mongoCredentials.add(MongoCredential.
        createScramSha1Credential("admin", "admin", "admin".toCharArray()));

        List<ServerAddress> serverAddressArray = new ArrayList<ServerAddress>();

        serverAddressArray.add(new ServerAddress("xyz.domain.com", 27017));

        MongoClientOptions options = new MongoClientOptions.Builder()
                                        .sslInvalidHostNameAllowed(false)
                                        .sslEnabled(true)
                                        .readPreference(ReadPreference.primaryPreferred())
                                        .build();
        MongoClient mongoClient = new MongoClient(serverAddressArray, mongoCredentials, options);
        try {
            System.out.println("----- Step 1 ------");
            MongoDatabase db = mongoClient.getDatabase("CIM");
            System.out.println("----- Step 2 ------");
            MongoCollection<Document> collection = db.getCollection("orders");
            System.out.println("No of Documents in orders collection: " + collection.count());
          } catch (Exception ex) {
              System.out.println(ex.getMessage());
          }
    }       
}

我不犯错误；

----- Step 1 ------
----- Step 2 ------
Sep 20, 2018 2:48:02 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: No server chosen by ReadPreferenceServerSelector{readPreference=ReadPreference{name=primaryPreferred}} from cluster description ClusterDescription{type=UNKNOWN, connectionMode=MULTIPLE, serverDescriptions=[ServerDescription{address=torvm-core16.sigma-systems.com:27017, type=UNKNOWN, state=CONNECTING}]}. Waiting for 30000 ms before timing out
Sep 20, 2018 2:48:03 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: Exception in monitor thread while connecting to server xyz.domain.com:27017
com.mongodb.MongoSocketReadException: Prematurely reached end of stream
    at com.mongodb.connection.SocketStream.read(SocketStream.java:88)
    at com.mongodb.connection.InternalStreamConnection.receiveResponseBuffers(InternalStreamConnection.java:494)
    at com.mongodb.connection.InternalStreamConnection.receiveMessage(InternalStreamConnection.java:224)
    at com.mongodb.connection.CommandHelper.receiveReply(CommandHelper.java:134)
    at com.mongodb.connection.CommandHelper.receiveCommandResult(CommandHelper.java:121)
    at com.mongodb.connection.CommandHelper.executeCommand(CommandHelper.java:32)
    .............

无论如何，我能够连接MongoServer，如下面的RoboMongo3T配置所示。

​

​

mongodb.pem

Bag Attributes
    localKeyID: AA 4A 8D C5 AC CE 7A 08 F6 F1 00 2C 78 20 8D 0C 51 DE 66 F5 
subject=/OU=Domain Control Validated/CN=*.xyz.com
issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgIJAKpTjrMr7rpZMA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
.
.
.
-----END CERTIFICATE-----
Bag Attributes: <No Attributes>
subject=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgIJAKpTjrMr7rpZMA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
.
.
.
-----END CERTIFICATE-----
Bag Attributes
    localKeyID: AA 4A 8D C5 AC CE 7A 08 F6 F1 00 2C 78 20 8D 0C 51 DE 66 F5 
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
MIIFPzCCBCegAwIBAgIJAKpTjrMr7rpZMA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
.
.
.
-----END PRIVATE KEY-----

cafile.pem

-----BEGIN CERTIFICATE-----
MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh
.
.
.
.
.

-----END CERTIFICATE-----

Answer 1

1. 我首先使用命令mongodb.pkcs12创建了一个openssl pkcs12 -export -out mongodb.pkcs12 -in mongodb.pem文件。
2. 我必须将该文件包含在keyStore和trustStore的文件路径中，代码如下(注意事项：我的代码也已更改和最小化)。 进口org.bson.Document；进口com.mongodb.MongoClient；进口com.mongodb.MongoClientURI；进口com.mongodb.client.MongoCollection；进口com.mongodb.client.MongoDatabase；公共类启动器{私有静态MongoClient mongoClient；公共静态空主(String[] args) {String[]“mongodb.pkcs12”；System.setProperty("javax.net.ssl.keyStorePassword"，System.setProperty("javax.net.ssl.keyStore"，"mongodb.pkcs12")；MongoClientURI mongoClientURI =新MongoClientURI( "mongodb://admin:admin@hostname3.xyz.com，hostname2.xyz.com:27017，hostname3.xyz.com:27017/admin?ssl=true")；mongoClient =新MongoClient(mongoClientURI)；尝试{ MongoDatabase db = mongoClient.getDatabase("CIM")；MongoCollection集合= db.getCollection(" orders ")；System.out.println(“orders集合中文档的No：”+ collection.count())；} catch (异常ex) {System.out.println(ex.getMessage()；}})

上面的代码运行得很好，下面是我得到的输出，

    Sep 24, 2018 3:49:13 PM com.mongodb.diagnostics.logging.JULLogger log
    INFO: Discovered cluster type of SHARDED
    Sep 24, 2018 3:49:15 PM com.mongodb.diagnostics.logging.JULLogger log
    INFO: Opened connection [connectionId{localValue:4}] to hostname3.xyz.com:27017
    No of Documents in orders collection: 3