Hello!
For Dev-Ops testing we want to make a untrusted connection.
I found a self-side soulution here, but will be glad to avoid the key part.
RestClientBuilder restHttp;
// ....
restHttp.setHttpClientConfigCallback(httpClientBuilder -> httpClientBuilder
.setDefaultCredentialsProvider(finalCredentialsProvider));
rhlClient = new RestHighLevelClient(restHttp);
Can I trust all certificates?
Thanks!
?
thanks!
Please be patient in waiting for responses to your question and refrain from pinging multiple times asking for a response or opening multiple topics for the same question. This is a community forum, it may take time for someone to reply to your question. For more information please refer to the Community Code of Conduct specifically the section "Be patient". Also, please refrain from pinging folks directly, this is a forum and anyone that participates might be able to assist you.
If you are in need of a service with an SLA that covers response times for questions then you may want to consider talking to us about a subscription.
It's fine to answer on your own thread after 2 or 3 days (not including weekends) if you don't have an answer.
TLS configuration is handled by an HttpClientConfigCallback object as we explain here: https://www.elastic.co/guide/en/elasticsearch/client/java-rest/master/_encrypted_communication.html
In short you need to create an SSLContext using a custom TrustManager that performs no check of the certificate.
Create a TrustManager like here: https://github.com/elastic/elasticsearch/blob/2efd22454a62e7387c51eb0cd973e5ff7a3fb09f/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/TrustAllConfig.java#L36
Create an SSLContext like
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, new TrustManager[]{trustAllTrustManager}, new SecureRandom());
HttpAsyncClientBuilder as shown in the docs aboveThank you very much for your response and sorry on my badger..
I'll be glad to get some more help here (I'm really not familiar with certification, we know it's unrecommended to do, it's only temporarily solution for our devops)
I get all needed classes from the github and add a SSL Context:
SSLContext context = null;
if (esConnectionConfiguration.isTrustingAllCertificates()) {
try {
context = SSLContext.getInstance("TLS");
context.init(null, new TrustManager[]{TrustAllConfig.TRUST_MANAGER}, new SecureRandom());
} catch (NoSuchAlgorithmException | KeyManagementException e) {
logger.warn(e.getMessage());
}
}
RestClientBuilder restHttp = RestClient.builder(new HttpHost(InetAddress.getByName(esConnectionConfiguration.getHost()),
esConnectionConfiguration.getPort(), esConnectionConfiguration.getScheme()));
CredentialsProvider finalCredentialsProvider = credentialsProvider;
SSLContext finalContext = context;
restHttp.setHttpClientConfigCallback(httpClientBuilder -> httpClientBuilder
.setSSLContext(finalContext)
.setDefaultCredentialsProvider(finalCredentialsProvider));
rhlClient = new RestHighLevelClient(restHttp);
rhlClient.info(RequestOptions.DEFAULT);
Running this code stuck the app forever, after force stop I get this long error:
Exception in thread "I/O dispatcher 13" java.lang.NoSuchMethodError: org.apache.commons.codec.binary.Base64.(I)V
at org.apache.http.impl.auth.BasicScheme.authenticate(BasicScheme.java:166)
at org.apache.http.impl.auth.HttpAuthenticator.doAuth(HttpAuthenticator.java:233)
at org.apache.http.impl.auth.HttpAuthenticator.generateAuthResponse(HttpAuthenticator.java:213)
at org.apache.http.impl.nio.client.MainClientExec.generateRequest(MainClientExec.java:224)
at org.apache.http.impl.nio.client.DefaultClientExchangeHandlerImpl.generateRequest(DefaultClientExchangeHandlerImpl.java:134)
at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.requestReady(HttpAsyncRequestExecutor.java:193)
at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.connected(HttpAsyncRequestExecutor.java:134)
at org.apache.http.impl.nio.client.InternalIODispatch.onConnected(InternalIODispatch.java:63)
at org.apache.http.impl.nio.client.InternalIODispatch.onConnected(InternalIODispatch.java:39)
at org.apache.http.impl.nio.reactor.AbstractIODispatch.connected(AbstractIODispatch.java:73)
at org.apache.http.impl.nio.reactor.BaseIOReactor.sessionCreated(BaseIOReactor.java:248)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processNewChannels(AbstractIOReactor.java:427)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:287)
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:591)
at java.base/java.lang.Thread.run(Thread.java:835)
Jun 09, 2020 5:30:10 PM org.apache.http.impl.nio.client.InternalHttpAsyncClient run
SEVERE: I/O reactor terminated abnormally
org.apache.http.nio.reactor.IOReactorException: I/O dispatch worker terminated abnormally
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor.execute(AbstractMultiworkerIOReactor.java:359)
at org.apache.http.impl.nio.conn.PoolingNHttpClientConnectionManager.execute(PoolingNHttpClientConnectionManager.java:221)
at org.apache.http.impl.nio.client.CloseableHttpAsyncClientBase$1.run(CloseableHttpAsyncClientBase.java:64)
at java.base/java.lang.Thread.run(Thread.java:835)
Caused by: java.lang.NoSuchMethodError: org.apache.commons.codec.binary.Base64.(I)V
at org.apache.http.impl.auth.BasicScheme.authenticate(BasicScheme.java:166)
at org.apache.http.impl.auth.HttpAuthenticator.doAuth(HttpAuthenticator.java:233)
at org.apache.http.impl.auth.HttpAuthenticator.generateAuthResponse(HttpAuthenticator.java:213)
at org.apache.http.impl.nio.client.MainClientExec.generateRequest(MainClientExec.java:224)
at org.apache.http.impl.nio.client.DefaultClientExchangeHandlerImpl.generateRequest(DefaultClientExchangeHandlerImpl.java:134)
at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.requestReady(HttpAsyncRequestExecutor.java:193)
at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.connected(HttpAsyncRequestExecutor.java:134)
at org.apache.http.impl.nio.client.InternalIODispatch.onConnected(InternalIODispatch.java:63)
at org.apache.http.impl.nio.client.InternalIODispatch.onConnected(InternalIODispatch.java:39)
at org.apache.http.impl.nio.reactor.AbstractIODispatch.connected(AbstractIODispatch.java:73)
at org.apache.http.impl.nio.reactor.BaseIOReactor.sessionCreated(BaseIOReactor.java:248)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processNewChannels(AbstractIOReactor.java:427)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:287)
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:591)
... 1 more
I also tried to not set setDefaultCredentialsProvider but got Elasticsearch exception [type=security_exception, reason=missing authentication credentials for REST request [/]] error.
Thank you again!
Please go through https://www.elastic.co/guide/en/elasticsearch/client/java-rest/master/java-rest-low-usage.html to see how to setup the rest client in general and make sure you have done all necessary actions.
Don't use elasticsearch's TrustAllConfig.java , I shared this as an inspiration, you can do with something simpler, all you need is the TrustManager from there.
When asking for feedback please share the entire section of the code at the minimum, or even better a complete reproducible example. We can't guess what credentialsProvider is above and how you create it. We have examples for authentication in https://www.elastic.co/guide/en/elasticsearch/client/java-rest/master/_basic_authentication.html
Thank you again! I'll try 
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.