Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Custom SSLContext using a separate keystore supported? #208

Closed
alijaza opened this issue Oct 15, 2019 · 2 comments
Closed

Custom SSLContext using a separate keystore supported? #208

alijaza opened this issue Oct 15, 2019 · 2 comments
Labels
enhancement help wanted
Milestone
4.0.0

Comments

@alijaza
Copy link

alijaza commented Oct 15, 2019

Hello, with the standard Java MongoClient, rather than changing global SSL/TLS settings, we can create a custom SSLContext and initialize it with a trusted certificate and key. Then we generate the SSLSocketFactory from it and provide it to the MongoClientOptions.Builder.

Is there some equivalent to this for the vertx-mongo-client? I don't see this in the documentation for JsonObject config...
@alijaza
Copy link
Author

alijaza commented Oct 15, 2019
edited
Loading

Something like this:

private static SSLContext createSSLContext() {
        try {
            SSLContext sslContext = SSLContext.getInstance("TLS");
            KeyManager[] keyManagers = getKeyManagers();
            sslContext.init(keyManagers, null, null);
            return sslContext;
        } catch (Exception e) {
            logger.error("Cannot create SSLContext", e);
        }
        return null;
    }

    private static KeyManager[] getKeyManagers()
            throws KeyStoreException, NoSuchAlgorithmException, IOException, CertificateException, UnrecoverableKeyException {

        try (InputStream inputStream = new FileInputStream(CERT_FILE)) {
            KeyStore clientKeyStore = KeyStore.getInstance("PKCS12");
            clientKeyStore.load(inputStream, AppConfig.TrMongoProperties.getKeystorePassword().toCharArray());

            KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
            kmf.init(clientKeyStore, AppConfig.TrMongoProperties.getKeystorePassword().toCharArray());
            return kmf.getKeyManagers();
        }
    }

And then something like this:

MongoClientOptions.Builder mco=MongoClientOptions.builder().socketFactory(createSSLContext().getSocketFactory());

@kostya05983
Copy link
Contributor

Hello, @alijaza , No we don't have such options, because vertx mongoClient is multi platform. Default mongoClient allow to set SslContext from javax.net.ssl. But maybe we can add this. @vietj can we ignore some static methods from generation?. I think it's good to be provide static method which can be construct mongo instance from MongoClientSettings for java world.

@karianna karianna added this to the 4.0.0 milestone Oct 21, 2019
@Sgitario Sgitario mentioned this issue Sep 14, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement help wanted
Milestone
4.0.0
Development

No branches or pull requests
3 participants
@karianna @alijaza @kostya05983