encrypted communication elasticsearch java rest client
Posted 衣舞晨风
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了encrypted communication elasticsearch java rest client相关的知识,希望对你有一定的参考价值。
ElasticSearch 7.3.1
Java Rest Client HTTPS连接操作
ElasticSearch版本7.3.1,elasticsearch.yml配置如下:
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /home/jiankunking/elasticsearch-7.3.1/config/certs/_.jiankunking.com.key
xpack.security.transport.ssl.certificate: /home/jiankunking/elasticsearch-7.3.1/config/certs/_.jiankunking.com.cer
xpack.security.transport.ssl.certificate_authorities: [ "/home/jiankunking/elasticsearch-7.3.1/config/certs/_.jiankunking.com_ca.crt" ]
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: /home/jiankunking/elasticsearch-7.3.1/config/certs/_.jiankunking.com.key
xpack.security.http.ssl.certificate: /home/jiankunking/elasticsearch-7.3.1/config/certs/_.jiankunking.com.cer
xpack.security.http.ssl.certificate_authorities: [ "/home/jiankunking/elasticsearch-7.3.1/config/certs/_.jiankunking.com_ca.crt" ]
由于ElasticSearch Java client中的KeyStore Types只支持以下几种:
Type | Description |
---|---|
jceks | The proprietary keystore implementation provided by the SunJCE provider. |
jks | The proprietary keystore implementation provided by the SUN provider. |
dks | A domain keystore is a collection of keystores presented as a single logical keystore. It is specified by configuration data whose syntax is described in DomainLoadStoreParameter. |
pkcs11 | A keystore backed by a PKCS #11 token. |
pkcs12 | The transfer syntax for personal identity information as defined in PKCS #12. |
而我这边证书格式为cer,所以通过keytool进行转换:
keytool -import -v -trustcacerts -file _.jiankunking.com.cer -keystore my_keystore.jks -keypass password -storepass password
证书转换完成后,操作代码如下:
package ssl;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.ssl.SSLContexts;
import org.elasticsearch.client.RequestOptions;
import org.elasticsearch.client.RestClient;
import org.elasticsearch.client.RestClientBuilder;
import org.elasticsearch.client.RestHighLevelClient;
import org.elasticsearch.client.indices.CreateIndexRequest;
import org.elasticsearch.client.indices.CreateIndexResponse;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentType;
import javax.net.ssl.SSLContext;
import java.io.File;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.HashMap;
import java.util.Map;
/**
* @Author: jiankunking
* @Date: 2019/8/27 15:32
* @Description:
*/
public class es
public static void main(String[] args) throws KeyStoreException, IOException, NoSuchAlgorithmException, KeyManagementException, CertificateException
CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("elastic", "jiankunking"));
SSLContext sslContext = SSLContexts.custom()
.loadTrustMaterial(new File("I:\\\\certs\\\\my_keystore.jks"))
.build();
String host = "es.jiankunking.com";
int port = 9200;
String scheme = "https";
String indexName = "twitter2";
RestClientBuilder restClientBuilder = RestClient.builder(new HttpHost(host, port, scheme)).setHttpClientConfigCallback(httpClientBuilder -> httpClientBuilder
.setDefaultCredentialsProvider(credentialsProvider)
.setSSLContext(sslContext)
);
// 到这里RestHighLevelClient已经初始化完成,下面的创建索引是测试
RestHighLevelClient restHighLevelClient = new RestHighLevelClient(restClientBuilder);
// 创建索引请求
CreateIndexRequest request = new CreateIndexRequest(indexName);
request.settings(Settings.builder()
.put("index.number_of_shards", 3)
.put("index.number_of_replicas", 2)
);
request.mapping(
"\\n" +
" \\"properties\\": \\n" +
" \\"message\\": \\n" +
" \\"type\\": \\"text\\"\\n" +
" \\n" +
" \\n" +
"",
XContentType.JSON);
Map<String, Object> message = new HashMap<>();
message.put("type", "text");
Map<String, Object> properties = new HashMap<>();
properties.put("message", message);
Map<String, Object> mapping = new HashMap<>();
mapping.put("properties", properties);
request.mapping(mapping);
CreateIndexResponse createIndexResponse;
try
createIndexResponse = restHighLevelClient.indices().create(request, RequestOptions.DEFAULT);
System.out.println(createIndexResponse);
catch (IOException e)
e.printStackTrace();
以上是关于encrypted communication elasticsearch java rest client的主要内容,如果未能解决你的问题,请参考以下文章
mysql远程连接问题 Lost connection to MySQL server at ‘reading initial communication packet', system e
虚拟机中MySQL连接问题:Lost connection to MySQL server at 'reading initial communication packet, system e
CS 2033 Multimedia and Communications
Mysql : Communications link failure
我需要 Adobe AIR For Android Encrypted Local Store 或 Application Storage 数据,即使在卸载或更新应用程序后也能保留。