Couldn't instantiate rest high level client with SSL enabled at HTTP layer.
577 views
Skip to first unread message
Kutty Kumar
Oct 30, 2017, 4:16:02 AM10/30/17
to Search Guard Community Forum
When asking questions, please provide the following information:
Guys i have a cluster which is running with elasticsearch 5.6.2, and it has searchguard plugin enabled, also SSL is enabled for both the transport layer as well as the http layer, when i execute the following curl command from the terminal
`curl -k -u user:password https://localhost:9200`, the response is returned and its fine, but when i instantiate a high level rest client using the following code
public RccRestClient()
throws NodeValidationException, IOException, CertificateException, NoSuchAlgorithmException,
KeyStoreException, KeyManagementException, UnrecoverableKeyException {
SSLContextBuilder sslBuilder = SSLContexts.custom()
//.loadTrustMaterial(new File("/Users/kumard/Desktop/elasticsearch-5.6.2/config/truststore.jks"),"password".toCharArray());
.loadKeyMaterial(new File("/Users/kumard/Desktop/elasticsearch-5.6.2/config/0-keystore.jks"),"password".toCharArray(),"password".toCharArray());
final SSLContext sslContext = sslBuilder.build();
final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY,
new UsernamePasswordCredentials("user", "password"));
Header[] defaultHeaders = new Header[] {
new BasicHeader("Authorization", "Basic " + encodeBase64("user:password".getBytes())) };
RestClientBuilder restClientBuilder = RestClient
.builder(new HttpHost("localhost",
Integer.valueOf("9200"), "https"))
.setHttpClientConfigCallback(new RestClientBuilder.HttpClientConfigCallback() {
@Override
public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) {
return httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
}
});
// .setHttpClientConfigCallback(
// new RestClientBuilder.HttpClientConfigCallback() {
// @Override
// public HttpAsyncClientBuilder customizeHttpClient(
// HttpAsyncClientBuilder httpClientBuilder) {
// httpClientBuilder.setDefaultHeaders(Arrays.asList(defaultHeaders));
// httpClientBuilder.setSSLContext(sslContext);
// return httpClientBuilder;
// }
// }
//
// );
restClientBuilder.setMaxRetryTimeoutMillis(10000);
restClientBuilder.setDefaultHeaders(defaultHeaders);
restClientBuilder.setFailureListener(new RestClient.FailureListener() {
@Override
public void onFailure(HttpHost host) {
LOGGER.error("Couldn't initialize Low Level Rest Client");
System.exit(-1);
}
});
i am getting IO exception saying with timeouts, there is no error being logged. what is the correct way to achieve this.
Guys i have a cluster which is running with elasticsearch 5.6.2, and it has searchguard plugin enabled, also SSL is enabled for both the transport layer as well as the http layer, when i execute the following curl command from the terminal
`curl -k -u user:password https://localhost:9200`, the response is returned and its fine, but when i instantiate a high level rest client using the following code
public RccRestClient()
throws NodeValidationException, IOException, CertificateException, NoSuchAlgorithmException,
KeyStoreException, KeyManagementException, UnrecoverableKeyException {
SSLContextBuilder sslBuilder = SSLContexts.custom()
//.loadTrustMaterial(new File("/Users/kumard/Desktop/elasticsearch-5.6.2/config/truststore.jks"),"password".toCharArray());
.loadKeyMaterial(new File("/Users/kumard/Desktop/elasticsearch-5.6.2/config/0-keystore.jks"),"password".toCharArray(),"password".toCharArray());
final SSLContext sslContext = sslBuilder.build();
final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY,
new UsernamePasswordCredentials("user", "password"));
Header[] defaultHeaders = new Header[] {
new BasicHeader("Authorization", "Basic " + encodeBase64("user:password".getBytes())) };
RestClientBuilder restClientBuilder = RestClient
.builder(new HttpHost("localhost",
Integer.valueOf("9200"), "https"))
.setHttpClientConfigCallback(new RestClientBuilder.HttpClientConfigCallback() {
@Override
public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) {
return httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
}
});
// .setHttpClientConfigCallback(
// new RestClientBuilder.HttpClientConfigCallback() {
// @Override
// public HttpAsyncClientBuilder customizeHttpClient(
// HttpAsyncClientBuilder httpClientBuilder) {
// httpClientBuilder.setDefaultHeaders(Arrays.asList(defaultHeaders));
// httpClientBuilder.setSSLContext(sslContext);
// return httpClientBuilder;
// }
// }
//
// );
restClientBuilder.setMaxRetryTimeoutMillis(10000);
restClientBuilder.setDefaultHeaders(defaultHeaders);
restClientBuilder.setFailureListener(new RestClient.FailureListener() {
@Override
public void onFailure(HttpHost host) {
LOGGER.error("Couldn't initialize Low Level Rest Client");
System.exit(-1);
}
});
i am getting IO exception saying with timeouts, there is no error being logged. what is the correct way to achieve this.
* Search Guard and Elasticsearch version
* Installed and used enterprise modules, if any
* JVM version and operating system version
* Search Guard configuration files
* Elasticsearch log messages on debug level
* Other installed Elasticsearch or Kibana plugins, if any
SG
Nov 1, 2017, 4:28:59 PM11/1/17
to search...@googlegroups.com
see https://github.com/floragunncom/search-guard-module-auditlog/blob/master/src/main/java/com/floragunn/searchguard/httpclient/HttpClient.java
> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/bd272c28-f257-456b-98e4-e0e165fd2d4d%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/bd272c28-f257-456b-98e4-e0e165fd2d4d%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Kasinaat Selvi Sukesh
Jan 25, 2019, 5:34:04 AM1/25/19
to Search Guard Community Forum
Here you are using java keystore.What should I do if I want to use client certificate authentication?
秋明本
Jan 25, 2019, 8:04:54 AM1/25/19
to search...@googlegroups.com
I am using high level rest client, and I am just trying to use the account and password to connect to the cluster. I don't know about certificate verification. You can check the description in this link.
Kasinaat Selvi Sukesh <kasin...@gmail.com>于2019年1月25日 周五下午6:34写道:
--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/031e8d6b-2632-46c5-93e8-9d1b09b410eb%40googlegroups.com.
SG
Feb 3, 2019, 11:18:13 AM2/3/19
to search...@googlegroups.com
see https://gist.github.com/floragunncom/e1807599f0fa9c9338ffcb0ac45b27d1
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CADZDP89hscehO6cME%2BKFGhDCEOk91NRz0Pz9zx3Y_rcY4X_enQ%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages