how to use etcd4j with SSL - Githubissues

jurmous / etcd4j

Java / Netty client for etcd, the highly-available key value store for shared configuration and service discovery.

Apache License 2.0

267 stars 83 forks source link

how to use etcd4j with SSL #162

Open belovers opened 6 years ago

belovers commented 6 years ago

the doc writes： Setting up SSL (You need to set up the server with SSL)

SslContext sslContext = SslContext.newClientContext();

try(EtcdClient etcd = new EtcdClient(sslContext, URI.create("https://123.45.67.89:8001"), URI.create("https://123.45.67.90:8001"))){ // Logs etcd version System.out.println(etcd.getVersion()); }

but this method is out-of-date how can I generate sslContext？

ajaygk95 commented 6 years ago

If you have pem certs used for your etcd-server then you can use File clientCertFile = new File(CLIENT_CERT_FILE); File clientKeyFile = new File(CLIENT_KEY_FILE); File caFile = new File(CA_FILE); SslContext sslContext = SslContextBuilder.forClient().trustManager(caFile).keyManager(clientCertFile, clientKeyFile).build(); etcdClient = new EtcdClient(sslContext, baseUris);

belovers commented 6 years ago

yeah，i really do like this:

File clientCertFile = new File("E:\\eclipse\\workspace\\test-etcd4j\\etcd.pem");
File clientKeyFile = new File("E:\\eclipse\\workspace\\test-etcd4j\\etcd-key.pem");
File caFile = new File("E:\\eclipse\\workspace\\test-etcd4j\\ca.pem");
System.out.println("1");
SslContext sslContext = SslContextBuilder.forClient().trustManager(caFile).keyManager(clientCertFile, clientKeyFile).build();
etcdClient = new EtcdClient(sslContext, URI.create("https:\\98.0.69.1:2379"));
System.out.println("2");

Qustion: Eclipse Console only print "1" and over? ( both etcd.pem and etcd-key.pem are generated by Openssl tools)

ajaygk95 commented 6 years ago

In URI.create the URI "slash" is https: // 98.0.69.1:2379. You are using using \\ (back-slashes).

ajaygk95 commented 6 years ago

Is it working ??

belovers commented 6 years ago

thank u for reminding, but it does not work either....

ajaygk95 commented 6 years ago

Okay. Can you directly use curl to get keys. What is your etcd version ? This client is only for etcdv2. You can use "curl --cacert ca.pem --key etcd-client-key.pem --cert etcd-client.pem https://98.0.69.1:2379/v2/keys/". If curl is not working and hanging the etcd server has some issues.

And also can you enable logging (for your java-code) to debug and attach the logs.

belovers commented 6 years ago

"curl --cacert ca.pem --key etcd-client-key.pem --cert etcd-client.pem https://98.0.69.1:2379/v2/keys/" is ok，I try to get some logs。thank u

ajaygk95 commented 6 years ago

Any updates/logs ?

dgutierrez-stratio commented 6 years ago

I am currently using this solution for keystores

final KeyStore ks = KeyStore.getInstance("JKS");
final FileInputStream keyFile = new FileInputStream("/path_to_jks");
ks.load(keyFile, "jks_key".toCharArray());
final KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, "jks_key".toCharArray());

SslContextBuilder ctxBuilder = SslContextBuilder.forClient().keyManager(kmf);
SslContext sslCtx = ctxBuilder.build();

EtcdClient etcd = new EtcdClient(sslCtx, new URI("https://10.200.1.244:2379"));

Hope it helps