環境說明
MongoDB版本
MongoDB 3.4 docker容器
pom.xml
<dependency>
<groupId>org.mongodb</groupId>
<artifactId>mongo-java-driver</artifactId>
<version>3.8.1</version>
</dependency>
JDK版本
JDK 1.8
MongoDB的SSL連接配置
JDBC連接PostgreSQL
JDBC以SSL方式連接MongoDB需要兩個文件ca.pem(根證書)
、client.pem(客戶端證書)
1、將ca.pem
和client.pem
拷貝到目標機
2、根據官方文檔說明,需要將ca.pem入庫
$ keytool -import -keystore cacerts -file ca.pem -storepass 123456
參數說明:
-storepass: 密鑰庫密碼
-keystore cacerts: cacertes爲密鑰庫文件
3、client.pem需轉化爲pkcs12格式
$ openssl pkcs12 -export -out mongodb.pkcs12 -in client.pem
編寫下載代碼
由於配置證書文件用的是FileInputStream
,當證書地址是遠程地址時會報錯,因此需將遠程證書下載到本地後,使用本地地址填寫。
/**
* 下載證書
* @param fileName 文件名
* @param path 下載後文件放置的地址
*/
public static void downCA(String fileName, String path) {
URL url = null;
try {
url = new URL("http://localhost:9999/" + fileName);
ReadableByteChannel rbc = Channels.newChannel(url.openStream());
FileOutputStream fos = new FileOutputStream(path + "/" + fileName);
fos.getChannel().transferFrom(rbc, 0, Long.MAX_VALUE);
} catch (Exception e) {
e.printStackTrace();
}
}
編寫JDBC SSL連接MongoDB代碼
package ssl;
import com.mongodb.MongoClient;
import com.mongodb.MongoClientURI;
import java.io.File;
import java.io.FileOutputStream;
import java.net.URL;
import java.nio.channels.Channels;
import java.nio.channels.ReadableByteChannel;
/**
* @author UV
* @version 1.0
* @date 2020/6/12
*/
public class MongoTest {
public static void main(String[] args) {
// 獲取當前路徑
String path = new File("").getAbsolutePath();
// 下載密鑰庫
downCA("cacerts", path);
// 獲取轉化後的客戶端證書
downCA("mongodb.pkcs12", path);
// 配置信任庫
System.setProperty("javax.net.ssl.trustStore", path + "/cacerts");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
// 配置信任證書
System.setProperty("javax.net.ssl.keyStore", path + "/mongodb.pkcs12");
System.setProperty("javax.net.ssl.keyStorePassword", "123456");
// 連接mongo數據庫
MongoClientURI uri = new MongoClientURI("mongodb://admin:[email protected]" +
".254.81:27018/?authSource=admin&serverSelectionTimeoutMS=1000&ssl=true" +
"&sslinvalidhostnameallowed=true");
MongoClient client = new MongoClient(uri);
// 獲取mongo數據庫中的庫名
System.out.println(client.listDatabaseNames().first());
}
public static void downCA(String fileName, String path) {
URL url = null;
try {
url = new URL("http://localhost:9999/" + fileName);
ReadableByteChannel rbc = Channels.newChannel(url.openStream());
FileOutputStream fos = new FileOutputStream(path + "/" + fileName);
fos.getChannel().transferFrom(rbc, 0, Long.MAX_VALUE);
} catch (Exception e) {
e.printStackTrace();
}
}
}