Mongo Exension

[clement escoffier]

Hello,

I’ve been working on a Mongo extension. It’s still in a pre-alpha stage, but my branch is there: https://github.com/cescoffier/quarkus/tree/features/mongo-client-extension.

What does it do:

* configure and exposes a MongoClient and a Reactive Mongo client

* work in JVM and native mode (but the set of substitutions will need refinement)

It requires:

* lots, really a lot of tests and documentation

There is an integration tests (https://github.com/cescoffier/quarkus/tree/features/mongo-client-extension/integration-tests/mongo-client) for these who want to go further.

Clement

[Loïc MATHIEU]

Hello

Cool! I was asking Emmanuel and Guillaume about Mongo support last Friday ! 

I was planning to implements a Panache like entity /  repository for Mongo. I Will prepare tomorrow a description of what I have in mind. 

Anyway I can test what you already done and help for the documentation. 

Regards

Loïc 

--
You received this message because you are subscribed to the Google Groups "Quarkus Development mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to quarkus-dev...@googlegroups.com.
Visit this group at https://groups.google.com/group/quarkus-dev.
To view this discussion on the web visit https://groups.google.com/d/msgid/quarkus-dev/860A24CD-7CD0-472B-A7FE-0AAAEA0C1D7C%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Stephane Epardaud]

Funny, somebody asked me if we had something like that just today. Very curious to see this :)

To view this discussion on the web visit https://groups.google.com/d/msgid/quarkus-dev/CAJLxjVET2j9PWMDBLqFmwzvsoBV5RsC707hKbwG60_5x-Uhd0Q%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

--

Stéphane Épardaud

[Loïc MATHIEU]

Should be able to show something in a few days, not working of course because I will need some help with the deployment part of the extention (working with Quarkus Build step is not easy).

[Loïc MATHIEU]

Hello,

@clement escoffier I test your extension and start writing some documentation that can be found here : https://github.com/loicmathieu/quarkus/blob/feat/document_mongo_client/docs/src/main/asciidoc/mongo-guide.adoc

This is basically a step by step tutorial of what I did to test it, in the shape of a Quarkus Guide ;)

I found one bug regarding the usage of Bson Codec, I resolved it this way I don't know if it's correct as I don't know how Quarkus uses classloaders:

--- a/extensions/mongo-client/runtime/src/main/java/io/quarkus/mongo/runtime/MongoClientTemplate.java
+++ b/extensions/mongo-client/runtime/src/main/java/io/quarkus/mongo/runtime/MongoClientTemplate.java
@@ -178,7 +178,7 @@ public class MongoClientTemplate {
         List<CodecProvider> providers = new ArrayList<>();
         for (String name : classNames) {
             try {
-                Class<?> clazz = MongoClientTemplate.class.getClassLoader().loadClass(name);
+                Class<?> clazz = Thread.currentThread().getContextClassLoader().loadClass(name);
                 providers.add((CodecProvider) clazz.newInstance());
             } catch (Exception e) {
                 // TODO LOG ME

I found two limitations on the current implementation (they are listed in my guide):

- Hot reload didn't work for Bson Codec

- The mongo reactive client didn't work in native mode : java.lang.IllegalStateException: No ReactiveStreamsFactory implementation found! (I can send you the full stacktrace)

I want to test SSL and authenticated database but didn't have the time yet to do it.

Anyway, good job on this extension ;) I saw that the native part seems to have been difficult !

My documentation is still a work in progress, but if there is some interest in it I can continue to work on it, please give me feedback on this (feedback on the content not the spelling/phrasing/...).

Regards,

Loïc

[clement escoffier]

On 18 Jun 2019, at 15:07, Loïc MATHIEU <loik...@gmail.com> wrote:

Hello,

@clement escoffier I test your extension and start writing some documentation that can be found here : https://github.com/loicmathieu/quarkus/blob/feat/document_mongo_client/docs/src/main/asciidoc/mongo-guide.adoc

This is basically a step by step tutorial of what I did to test it, in the shape of a Quarkus Guide ;)

I found one bug regarding the usage of Bson Codec, I resolved it this way I don't know if it's correct as I don't know how Quarkus uses classloaders:

--- a/extensions/mongo-client/runtime/src/main/java/io/quarkus/mongo/runtime/MongoClientTemplate.java
+++ b/extensions/mongo-client/runtime/src/main/java/io/quarkus/mongo/runtime/MongoClientTemplate.java
@@ -178,7 +178,7 @@ public class MongoClientTemplate {
         List<CodecProvider> providers = new ArrayList<>();
         for (String name : classNames) {
             try {
-                Class<?> clazz = MongoClientTemplate.class.getClassLoader().loadClass(name);
+                Class<?> clazz = Thread.currentThread().getContextClassLoader().loadClass(name);
                 providers.add((CodecProvider) clazz.newInstance());
             } catch (Exception e) {
                 // TODO LOG ME

I’m very proud of my "TODO LOG ME”. Anyway, I’m going to apply this change right now.

I found two limitations on the current implementation (they are listed in my guide):

- Hot reload didn't work for Bson Codec

That’s a good point. Codec are find at build time and registered at build time. 

- The mongo reactive client didn't work in native mode : java.lang.IllegalStateException: No ReactiveStreamsFactory implementation found! (I can send you the full stacktrace)

So, this is a bug. If you look at the integration tests, in the pom.xml file, there is a TODO just above the dependency on the quarkus-smallrye-reactive-streams-operators dependency saying: It should not be required ;-) I need to have a look at this. 

I want to test SSL and authenticated database but didn't have the time yet to do it.

Anyway, good job on this extension ;) I saw that the native part seems to have been difficult !

Yeah, that’s been an interesting journey. I will need to refine the substitutions, I may have cut too much. I’m not a Mongo expert, so hard to completely understand how the internals work.

My documentation is still a work in progress, but if there is some interest in it I can continue to work on it, please give me feedback on this (feedback on the content not the spelling/phrasing/…).

I will have a look! Thanks!

Clement

[Emmanuel Bernard]

On Tue, Jun 18, 2019 at 3:46 PM clement escoffier <clement....@gmail.com> wrote:

On 18 Jun 2019, at 15:07, Loïc MATHIEU <loik...@gmail.com> wrote:

Hello,

@clement escoffier I test your extension and start writing some documentation that can be found here : https://github.com/loicmathieu/quarkus/blob/feat/document_mongo_client/docs/src/main/asciidoc/mongo-guide.adoc

This is basically a step by step tutorial of what I did to test it, in the shape of a Quarkus Guide ;)

I found one bug regarding the usage of Bson Codec, I resolved it this way I don't know if it's correct as I don't know how Quarkus uses classloaders:

--- a/extensions/mongo-client/runtime/src/main/java/io/quarkus/mongo/runtime/MongoClientTemplate.java
+++ b/extensions/mongo-client/runtime/src/main/java/io/quarkus/mongo/runtime/MongoClientTemplate.java
@@ -178,7 +178,7 @@ public class MongoClientTemplate {
         List<CodecProvider> providers = new ArrayList<>();
         for (String name : classNames) {
             try {
-                Class<?> clazz = MongoClientTemplate.class.getClassLoader().loadClass(name);
+                Class<?> clazz = Thread.currentThread().getContextClassLoader().loadClass(name);
                 providers.add((CodecProvider) clazz.newInstance());
             } catch (Exception e) {
                 // TODO LOG ME

I’m very proud of my "TODO LOG ME”. Anyway, I’m going to apply this change right now.

I found two limitations on the current implementation (they are listed in my guide):

- Hot reload didn't work for Bson Codec

That’s a good point. Codec are find at build time and registered at build time. 

I don't understand, by build time you mean extension build time? This is done by the hot reload process to rerun extensions.

[clement escoffier]

Application build time, but using the wrong class loader. Fixing it. 

Clement

[Loïc MATHIEU]

Hello,

I did more test on the Mongo Client extention, here are some feedback:

- Modifying the mongo URL triggers a hot reload but the connection to Mongo is not closed/restarted so we need to restart Quarkus => I add a warning on my doc

- I tested the reactive client in native mode when adding the library and it works. => I add a warning on my doc

- There is a bug in the way credentials are implemented in the config => after correcting it the credentials works, I can login in an authenticated database
     -> It's not a trivial bug. I also find some limitation on the config (missing a 'database' property) and the credentials are computed twice. I will propose a PR to your branch with my changes, I still needs some time to finish it.

- Authentication is not working on native mode :
Caused by: javax.security.sasl.SaslException: Algorithm for 'HmacSHA256' could not be found. [Caused by java.security.NoSuchAlgorithmException: Algorithm HmacSHA256 not available]
at com.mongodb.internal.connection.ScramShaAuthenticator$ScramShaSaslClient.hi(ScramShaAuthenticator.java:271)
at com.mongodb.internal.connection.ScramShaAuthenticator$ScramShaSaslClient.getClientProof(ScramShaAuthenticator.java:205)
at com.mongodb.internal.connection.ScramShaAuthenticator$ScramShaSaslClient.computeClientFinalMessage(ScramShaAuthenticator.java:182)
at com.mongodb.internal.connection.ScramShaAuthenticator$ScramShaSaslClient.evaluateChallenge(ScramShaAuthenticator.java:121)
at com.mongodb.internal.connection.SaslAuthenticator$1.run(SaslAuthenticator.java:59)
... 93 more
Caused by: java.security.NoSuchAlgorithmException: Algorithm HmacSHA256 not available
at javax.crypto.Mac.getInstance(Mac.java:181)
at com.mongodb.internal.connection.ScramShaAuthenticator$ScramShaSaslClient.hi(ScramShaAuthenticator.java:258)
... 97 more

Regards,

Loïc

[clement escoffier]

On 19 Jun 2019, at 15:06, Loïc MATHIEU <loik...@gmail.com> wrote:

Hello,

I did more test on the Mongo Client extention, here are some feedback:

- Modifying the mongo URL triggers a hot reload but the connection to Mongo is not closed/restarted so we need to restart Quarkus => I add a warning on my doc

Thinking about this one.

We should close the client(s) when the application is stopped. 

- I tested the reactive client in native mode when adding the library and it works. => I add a warning on my doc

I need to fix this one. It’s a dependency missing somewhere (but where?)

- There is a bug in the way credentials are implemented in the config => after correcting it the credentials works, I can login in an authenticated database
     -> It's not a trivial bug. I also find some limitation on the config (missing a 'database' property) and the credentials are computed twice. I will propose a PR to your branch with my changes, I still needs some time to finish it.

I’ve merged your PR, thanks! 

- Authentication is not working on native mode :
Caused by: javax.security.sasl.SaslException: Algorithm for 'HmacSHA256' could not be found. [Caused by java.security.NoSuchAlgorithmException: Algorithm HmacSHA256 not available]
at com.mongodb.internal.connection.ScramShaAuthenticator$ScramShaSaslClient.hi(ScramShaAuthenticator.java:271)
at com.mongodb.internal.connection.ScramShaAuthenticator$ScramShaSaslClient.getClientProof(ScramShaAuthenticator.java:205)
at com.mongodb.internal.connection.ScramShaAuthenticator$ScramShaSaslClient.computeClientFinalMessage(ScramShaAuthenticator.java:182)
at com.mongodb.internal.connection.ScramShaAuthenticator$ScramShaSaslClient.evaluateChallenge(ScramShaAuthenticator.java:121)
at com.mongodb.internal.connection.SaslAuthenticator$1.run(SaslAuthenticator.java:59)
... 93 more
Caused by: java.security.NoSuchAlgorithmException: Algorithm HmacSHA256 not available
at javax.crypto.Mac.getInstance(Mac.java:181)
at com.mongodb.internal.connection.ScramShaAuthenticator$ScramShaSaslClient.hi(ScramShaAuthenticator.java:258)
... 97 more

Ok, that one is interesting. I will try to reproduce it.

[clement escoffier]

Small update:

* No more need to depend on Reactive Streams Ops in the end user application in native (I’ve found the missing dependency)

* Reloading fixed (config change and database change)

* The security issue can be fixed with the following adjustment to the pom.xml file:

<enableJni>true</enableJni>
<enableAllSecurityServices>true</enableAllSecurityServices>

Is there anything else that should be fixed? 

Clement

[Guillaume Smet]

If you expect people to use SSL by default, maybe you should add this: https://github.com/quarkusio/quarkus/blob/master/extensions/agroal/deployment/src/main/java/io/quarkus/agroal/deployment/AgroalProcessor.java#L115 ?

It should fix the issue you have.

--
You received this message because you are subscribed to the Google Groups "Quarkus Development mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to quarkus-dev...@googlegroups.com.
Visit this group at https://groups.google.com/group/quarkus-dev.

To view this discussion on the web visit https://groups.google.com/d/msgid/quarkus-dev/BA37DF43-ECEC-4DE8-8B2A-46E412C042ED%40gmail.com.

[Loïc MATHIEU]

Hi,

Seems cool, I need to relaunch my current test and validate it.

I didn't test the SSL configuration, nor did I create a Docker image ...

I also see that you rebase on master, that would have been my last request so good for me ;)

I will also continue working on my guide and some example apps that we will then be able to integrate as a quickstart apps,

Regards,

Loïc

[clement escoffier]

On 21 Jun 2019, at 14:20, Guillaume Smet <guillau...@gmail.com> wrote:

If you expect people to use SSL by default, maybe you should add this: https://github.com/quarkusio/quarkus/blob/master/extensions/agroal/deployment/src/main/java/io/quarkus/agroal/deployment/AgroalProcessor.java#L115 ?

It should fix the issue you have.

I still need to understand when it’s required and when it’s not… 

My simple rule I would say right now is:

If authentication is enabled -> enable it (and in this case, yes, I need to enable it in the extension).

Clement

To view this discussion on the web visit https://groups.google.com/d/msgid/quarkus-dev/CALt0%2Bo-UZB6FpN%3Dg1n9B-D_SZ5PQQNy9on0g15ebW5VVMqkmHA%40mail.gmail.com.

[Guillaume Smet]

On Fri, Jun 21, 2019 at 5:30 PM clement escoffier <clement....@gmail.com> wrote:

I still need to understand when it’s required and when it’s not… 

My simple rule I would say right now is:

If authentication is enabled -> enable it (and in this case, yes, I need to enable it in the extension).

It might be hard to say because authentication might be enabled only at runtime. I don't know if it's the case for your extension. And using SSL might be done via auto-negotiation so you might not enable it explicitly but connecting to a given server might require it.

The idea of this hint is to say to Quarkus that, unless told otherwise, having this extension around should enable the SSL support.

Sure, it embarks SSL even sometimes when it's not needed (but you can disable it with quarkus.ssl.native=false) but at least it's easier for the user in most of the cases (using SSL should be the de facto standard now).

HTH

[clement escoffier]

I’ve looked at the client code a bit more closely, and it’s really hard to say when it’s going to be used. So, yes, let’s enabled it every time.

Clement

HTH

[Loïc MATHIEU]

Hi Clement,

I tested all the issues that I reported and they are all OK now.

I try to connect to Mongo in native mode to a cluster on Mongo Atlas with TLS and I found a few new issues :

- the mongo+srv protocol is not working, this can be easily worked around by setting all the cluster hosts in the URL (the mongo protocol) so it's not urgent to fix it (we could open an issue about it when the extension would be out)

- TLS seems not to work, I try force the strustStore to a recent one (with -Djavax.net.ssl.trustStore) but it didn't change anything

- CTL-C didn't kill the processus (it returns to the command line but still runs in background)

These two bugs are native only, it works fine on standard JAR.

You can find bellow the two stacktraces of the issues :

1. protocol mongo+svr not working in native :

-----------------------------------------------------------

Exception in thread "main" java.lang.RuntimeException: Failed to start quarkus
at io.quarkus.runner.ApplicationImpl1.doStart(Unknown Source)
at io.quarkus.runtime.Application.start(Application.java:100)
at io.quarkus.runtime.Application.run(Application.java:212)
at io.quarkus.runner.GeneratedMain.main(Unknown Source)
Caused by: com.mongodb.MongoClientException: Unable to support mongodb+srv// style connections as the 'com.sun.jndi.dns.DnsContextFactory' class is not available in this JRE. A JNDI context is required for resolving SRV records.
at com.mongodb.internal.dns.DefaultDnsResolver.createDnsDirContext(DefaultDnsResolver.java:152)
at com.mongodb.internal.dns.DefaultDnsResolver.resolveAdditionalQueryParametersFromTxtRecords(DefaultDnsResolver.java:112)
at com.mongodb.ConnectionString.<init>(ConnectionString.java:371)
at io.quarkus.mongo.runtime.MongoClientTemplate.initialize(MongoClientTemplate.java:71)
at io.quarkus.mongo.runtime.MongoClientTemplate.configureTheClient(MongoClientTemplate.java:40)
at io.quarkus.deployment.steps.MongoClientProcessor$build16.deploy_0(Unknown Source)
at io.quarkus.deployment.steps.MongoClientProcessor$build16.deploy(Unknown Source)
at io.quarkus.runner.ApplicationImpl1.doStart(Unknown Source)
... 3 more
Caused by: javax.naming.NoInitialContextException: Cannot instantiate class: com.sun.jndi.dns.DnsContextFactory [Root exception is java.lang.ClassNotFoundException: com.sun.jndi.dns.DnsContextFactory]
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:674)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
at javax.naming.InitialContext.init(InitialContext.java:244)
at javax.naming.InitialContext.<init>(InitialContext.java:216)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
at com.mongodb.internal.dns.DefaultDnsResolver.createDnsDirContext(DefaultDnsResolver.java:150)
... 10 more
Caused by: java.lang.ClassNotFoundException: com.sun.jndi.dns.DnsContextFactory
at com.oracle.svm.core.hub.ClassForNameSupport.forName(ClassForNameSupport.java:51)
at java.lang.Class.forName(DynamicHub.java:1143)
at com.sun.naming.internal.VersionHelper12.loadClass(VersionHelper12.java:91)
at com.sun.naming.internal.VersionHelper12.loadClass(VersionHelper12.java:61)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:672)
... 15 more

2. TLS not working in native

 com.mongodb.MongoSocketWriteException: Exception sending message
at com.mongodb.internal.connection.InternalStreamConnection.translateWriteException(InternalStreamConnection.java:541)
at com.mongodb.internal.connection.InternalStreamConnection.sendMessage(InternalStreamConnection.java:429)
at com.mongodb.internal.connection.InternalStreamConnection.sendCommandMessage(InternalStreamConnection.java:269)
at com.mongodb.internal.connection.InternalStreamConnection.sendAndReceive(InternalStreamConnection.java:253)
at com.mongodb.internal.connection.CommandHelper.sendAndReceive(CommandHelper.java:83)
at com.mongodb.internal.connection.CommandHelper.executeCommand(CommandHelper.java:33)
at com.mongodb.internal.connection.InternalStreamConnectionInitializer.initializeConnectionDescription(InternalStreamConnectionInitializer.java:105)
at com.mongodb.internal.connection.InternalStreamConnectionInitializer.initialize(InternalStreamConnectionInitializer.java:62)
at com.mongodb.internal.connection.InternalStreamConnection.open(InternalStreamConnection.java:127)
at com.mongodb.internal.connection.DefaultServerMonitor$ServerMonitorRunnable.run(DefaultServerMonitor.java:117)
at java.lang.Thread.run(Thread.java:748)
at com.oracle.svm.core.thread.JavaThreads.threadStartRoutine(JavaThreads.java:473)
at com.oracle.svm.core.posix.thread.PosixJavaThreads.pthreadStartRoutine(PosixJavaThreads.java:193)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address 34.76.92.223 found
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:750)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
at com.mongodb.internal.connection.SocketStream.write(SocketStream.java:99)
at com.mongodb.internal.connection.InternalStreamConnection.sendMessage(InternalStreamConnection.java:426)
... 11 more
Caused by: java.security.cert.CertificateException: No subject alternative names matching IP address 34.76.92.223 found
at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:168)
at sun.security.util.HostnameChecker.match(HostnameChecker.java:94)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:200)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)
... 20 more

2019-06-24 15:47:00,163 INFO  [org.mon.dri.cluster] (cluster-ClusterId{value='5d10d454faf1890162509a4f', description='null'}-cluster0-shard-00-02-j57zm.gcp.mongodb.net:27017) Exception in monitor thread while connecting to server cluster0-shard-00-02-j57zm.gcp.mongodb.net:27017: com.mongodb.MongoSocketWriteException: Exception sending message
at com.mongodb.internal.connection.InternalStreamConnection.translateWriteException(InternalStreamConnection.java:541)
at com.mongodb.internal.connection.InternalStreamConnection.sendMessage(InternalStreamConnection.java:429)
at com.mongodb.internal.connection.InternalStreamConnection.sendCommandMessage(InternalStreamConnection.java:269)
at com.mongodb.internal.connection.InternalStreamConnection.sendAndReceive(InternalStreamConnection.java:253)
at com.mongodb.internal.connection.CommandHelper.sendAndReceive(CommandHelper.java:83)
at com.mongodb.internal.connection.CommandHelper.executeCommand(CommandHelper.java:33)
at com.mongodb.internal.connection.InternalStreamConnectionInitializer.initializeConnectionDescription(InternalStreamConnectionInitializer.java:105)
at com.mongodb.internal.connection.InternalStreamConnectionInitializer.initialize(InternalStreamConnectionInitializer.java:62)
at com.mongodb.internal.connection.InternalStreamConnection.open(InternalStreamConnection.java:127)
at com.mongodb.internal.connection.DefaultServerMonitor$ServerMonitorRunnable.run(DefaultServerMonitor.java:117)
at java.lang.Thread.run(Thread.java:748)
at com.oracle.svm.core.thread.JavaThreads.threadStartRoutine(JavaThreads.java:473)
at com.oracle.svm.core.posix.thread.PosixJavaThreads.pthreadStartRoutine(PosixJavaThreads.java:193)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address 34.76.166.102 found
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:750)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
at com.mongodb.internal.connection.SocketStream.write(SocketStream.java:99)
at com.mongodb.internal.connection.InternalStreamConnection.sendMessage(InternalStreamConnection.java:426)
... 11 more
Caused by: java.security.cert.CertificateException: No subject alternative names matching IP address 34.76.166.102 found
at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:168)
at sun.security.util.HostnameChecker.match(HostnameChecker.java:94)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:200)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)
... 20 more

2019-06-24 15:47:00,169 ERROR [org.mon.dri.con.tls] (async-channel-group-0-handler-executor) error in operation: java.lang.UnsatisfiedLinkError: sun.security.ec.ECKeyPairGenerator.generateECKeyPair(I[B[B)[Ljava/lang/Object; [symbol: Java_sun_security_ec_ECKeyPairGenerator_generateECKeyPair or Java_sun_security_ec_ECKeyPairGenerator_generateECKeyPair__I_3B_3B]
at com.oracle.svm.jni.access.JNINativeLinkage.getOrFindEntryPoint(JNINativeLinkage.java:145)
at com.oracle.svm.jni.JNIGeneratedMethodSupport.nativeCallAddress(JNIGeneratedMethodSupport.java:57)
at sun.security.ec.ECKeyPairGenerator.generateECKeyPair(ECKeyPairGenerator.java)
at sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:128)
at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:703)
at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:78)
at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:783)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:302)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:970)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:967)
at java.security.AccessController.doPrivileged(AccessController.java:98)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1459)
at com.mongodb.internal.connection.tlschannel.impl.TlsChannelImpl.handleTask(TlsChannelImpl.java:271)
at com.mongodb.internal.connection.tlschannel.impl.TlsChannelImpl.handshakeLoop(TlsChannelImpl.java:599)
at com.mongodb.internal.connection.tlschannel.impl.TlsChannelImpl.handshake(TlsChannelImpl.java:554)
at com.mongodb.internal.connection.tlschannel.impl.TlsChannelImpl.doHandshake(TlsChannelImpl.java:529)
at com.mongodb.internal.connection.tlschannel.impl.TlsChannelImpl.handshake(TlsChannelImpl.java:511)
at com.mongodb.internal.connection.tlschannel.impl.TlsChannelImpl.write(TlsChannelImpl.java:385)
at com.mongodb.internal.connection.tlschannel.ClientTlsChannel.write(ClientTlsChannel.java:181)
at com.mongodb.internal.connection.tlschannel.async.AsynchronousTlsChannelGroup.writeHandlingTasks(AsynchronousTlsChannelGroup.java:553)
at com.mongodb.internal.connection.tlschannel.async.AsynchronousTlsChannelGroup.doWrite(AsynchronousTlsChannelGroup.java:501)
at com.mongodb.internal.connection.tlschannel.async.AsynchronousTlsChannelGroup.access$400(AsynchronousTlsChannelGroup.java:67)
at com.mongodb.internal.connection.tlschannel.async.AsynchronousTlsChannelGroup$6.run(AsynchronousTlsChannelGroup.java:459)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
at com.oracle.svm.core.thread.JavaThreads.threadStartRoutine(JavaThreads.java:473)
at com.oracle.svm.core.posix.thread.PosixJavaThreads.pthreadStartRoutine(PosixJavaThreads.java:193)

2019-06-24 15:47:00,169 ERROR [org.mon.dri.con.tls] (async-channel-group-0-handler-executor) error in operation: java.lang.UnsatisfiedLinkError: sun.security.ec.ECKeyPairGenerator.generateECKeyPair(I[B[B)[Ljava/lang/Object; [symbol: Java_sun_security_ec_ECKeyPairGenerator_generateECKeyPair or Java_sun_security_ec_ECKeyPairGenerator_generateECKeyPair__I_3B_3B]
at com.oracle.svm.jni.access.JNINativeLinkage.getOrFindEntryPoint(JNINativeLinkage.java:145)
at com.oracle.svm.jni.JNIGeneratedMethodSupport.nativeCallAddress(JNIGeneratedMethodSupport.java:57)
at sun.security.ec.ECKeyPairGenerator.generateECKeyPair(ECKeyPairGenerator.java)
at sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:128)
at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:703)
at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:78)
at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:783)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:302)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:970)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:967)
at java.security.AccessController.doPrivileged(AccessController.java:98)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1459)
at com.mongodb.internal.connection.tlschannel.impl.TlsChannelImpl.handleTask(TlsChannelImpl.java:271)
at com.mongodb.internal.connection.tlschannel.impl.TlsChannelImpl.handshakeLoop(TlsChannelImpl.java:599)
at com.mongodb.internal.connection.tlschannel.impl.TlsChannelImpl.handshake(TlsChannelImpl.java:554)
at com.mongodb.internal.connection.tlschannel.impl.TlsChannelImpl.doHandshake(TlsChannelImpl.java:529)
at com.mongodb.internal.connection.tlschannel.impl.TlsChannelImpl.handshake(TlsChannelImpl.java:511)
at com.mongodb.internal.connection.tlschannel.impl.TlsChannelImpl.write(TlsChannelImpl.java:385)
at com.mongodb.internal.connection.tlschannel.ClientTlsChannel.write(ClientTlsChannel.java:181)
at com.mongodb.internal.connection.tlschannel.async.AsynchronousTlsChannelGroup.writeHandlingTasks(AsynchronousTlsChannelGroup.java:553)
at com.mongodb.internal.connection.tlschannel.async.AsynchronousTlsChannelGroup.doWrite(AsynchronousTlsChannelGroup.java:501)
at com.mongodb.internal.connection.tlschannel.async.AsynchronousTlsChannelGroup.access$400(AsynchronousTlsChannelGroup.java:67)
at com.mongodb.internal.connection.tlschannel.async.AsynchronousTlsChannelGroup$6.run(AsynchronousTlsChannelGroup.java:459)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
at com.oracle.svm.core.thread.JavaThreads.threadStartRoutine(JavaThreads.java:473)
at com.oracle.svm.core.posix.thread.PosixJavaThreads.pthreadStartRoutine(PosixJavaThreads.java:193)

--
You received this message because you are subscribed to the Google Groups "Quarkus Development mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to quarkus-dev...@googlegroups.com.
Visit this group at https://groups.google.com/group/quarkus-dev.

To view this discussion on the web visit https://groups.google.com/d/msgid/quarkus-dev/DDEA4834-2867-46A1-B806-1405FB0EDA2B%40gmail.com.

[clement escoffier]

Hello,

On 24 Jun 2019, at 15:59, Loïc MATHIEU <loik...@gmail.com> wrote:

Hi Clement,

I tested all the issues that I reported and they are all OK now.

I try to connect to Mongo in native mode to a cluster on Mongo Atlas with TLS and I found a few new issues :

- the mongo+srv protocol is not working, this can be easily worked around by setting all the cluster hosts in the URL (the mongo protocol) so it's not urgent to fix it (we could open an issue about it when the extension would be out)

So it’s a can of worms… The Mongo client is using JNDI to read SRV and TXT records. It actually uses Sun JDNI implementation (and force it). Embedding it won’t work as it would require some work around SecureRandom and so on. I’ve tried to substitute this DNS lookup to use the Vert.x DNS client, but behind the hood it uses a method not provided by SubstrateVM (David Lloyd is looking into that). I may have found a way, but it might be tricky. It might be better to just wait until Substrate adds the missing method. 

- TLS seems not to work, I try force the strustStore to a recent one (with -Djavax.net.ssl.trustStore) but it didn't change anything

How did you run Mongo with TLS?

- CTL-C didn't kill the processus (it returns to the command line but still runs in background)

After a failure due to TLS, or even when everything is working? I was not able to reproduce it.

Clement

[Loïc MATHIEU]

Hello,

For the mongo+srv protocol, as it's a 'new' features of Mongo 3.6 and it is not needed to works with Mongo (it's just easiest to works with it because you can only give a single entry point to the cluster then the client discover the other nodes) we can wait for a fix on SubstratVM.

For TLS, I use a cluster on Mongo Atlas, all cluster on Mongo Altas has TLS enabled (https://docs.atlas.mongodb.com/setup-cluster-security/#tls-ssl) I will send you in a direct mail the URL to the cluster I created on Mongo Atas for you to test it.

For the CTL-C issue with native Mongo, I can have multiple reproducer : with an address alreay in use (so launch two) and for a TLS error

I'll send you a direct mail with a way to check the TLS on native with my test apps and the URL to my Mongo Atlas custer.

Regards,

Loïc

[Abel Salgado Romero]

Hi,

What's the status on this? We are facing issues connection to Mongo Atlas, even creating a MongoClient by hand using the same code and driver of another Spring project that works, fails with Quarkus. And setting the different hosts in a normal mongodb:// connection string does not work either :/

Is there a workarround?

Hello,

To unsubscribe from this group and stop receiving emails from it, send an email to quark...@googlegroups.com.

[Guillaume Smet]

Hi Abel,

On Thu, Apr 30, 2020 at 12:14 AM Abel Salgado Romero <abelr...@gmail.com> wrote:

What's the status on this? We are facing issues connection to Mongo Atlas, even creating a MongoClient by hand using the same code and driver of another Spring project that works, fails with Quarkus. And setting the different hosts in a normal mongodb:// connection string does not work either :/

Is there a workarround?

Are you using Quarkus with GraalVM or in JVM mode? 

[Loïc MATHIEU]

Hi Abel,

> And setting the different hosts in a normal mongodb:// connection string does not work either

Can you give an example of the your MongoDB URL, I tested connection to MongoDB Atlas when helping to test our mongodb extension one year ago and this worked.

We recently upgrade to mongodb driver v4 but this should not have changed anything regarding connection handling?

In native mode, mongodb+svr protocol is not supported, you need to configure the list of the servers.

Regards,

Loïc

--

You received this message because you are subscribed to the Google Groups "Quarkus Development mailing list" group.

To unsubscribe from this group and stop receiving emails from it, send an email to quarkus-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/quarkus-dev/CALt0%2Bo-0oCkcYX%2BiKnAiYLP1ZL6VC%2BKAo2zYyzK4vk-TtCMiPQ%40mail.gmail.com.