Unable Connect Elastic From Java Rest Client using Certificate

security

(Prashant Gupta) #1

Hello Elasticsearch Team,
I am trying to connect the Elastic search 5.6 using Java rest client. I want to connect it using certificate not by using Username/Password below is the code I am Using can someone please help me

public static void main(String args[])
    {
       

        try {

            String host = "****";
            int port = 1234;

            String protocol = "https";


            String keyStorePass = "no_passwd";
            String keystorePath="\\anywhere\\loga.client.truststore.jks";
       

            System.setProperty("javax.net.ssl.trustStore", keystorePath);
             System.setProperty("javax.net.ssl.trustStorePassword", keyStorePass);
            File keyStoreFile = new File(keystorePath);
            char[] keyStorePass_char = keyStorePass.toCharArray();



            SSLContextBuilder sslBuilder = SSLContexts.custom().loadTrustMaterial(keyStoreFile,keyStorePass_char, null);
            final SSLContext sslContext = sslBuilder.build();

            RestClientBuilder builder = RestClient.builder(new HttpHost(host, port,protocol))
                    .setHttpClientConfigCallback(new RestClientBuilder.HttpClientConfigCallback() {
                        @Override
                        public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) {
                            return httpClientBuilder.setSSLContext(sslContext);
                        }
                    });
            RestClient client = builder.build();




            HttpEntity entity = new NStringEntity("{\n"
                    + "    \"query\": {\n"
                    + "        \"match_all\": {}\n"
                    + "    }\n"
                    + "\n"
                    + "}", ContentType.APPLICATION_JSON);
  



            Response indexResponse = null;



            HttpEntity query = new NStringEntity(""
                    + "{\n"
                    + "  \"query\": {\n"
                    + "    \"bool\": {\n"
                    + "      \"must\": [\n"
                    + "        {\n"
                    + "          \"match\": {\n"
                    + "            \"type\": \"employee\"\n"
                    + "          }\n"
                    + "        },\n"
                    + "        {\n"
                    + "          \"match\": {\n"
                    + "            \"empid\": 1234\n"
                    + "          }\n"
                    + "        }\n"
                    + "      ]\n"
                    + "    }\n"
                    + "  }\n"
                    + "}");

            indexResponse = client.performRequest(
                    "POST",
                    "/emp_index*/logs/_search",
                    Collections.<String, String>emptyMap(),query);

            System.out.println(EntityUtils.toString(indexResponse.getEntity()));
            client.close();
        } catch (IOException e) {
            e.printStackTrace();
        } catch (KeyStoreException e) {
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (KeyManagementException e) {
            e.printStackTrace();
        } catch (CertificateException e) {
            e.printStackTrace();
        }

    }

I am getting Below Error

{"error":{"root_cause":[{"type":"security_exception","reason":"action [indices:data/read/search] requires authentication","header":
{"WWW-Authenticate":"Basic realm="security" charset="UTF-8""}}],"type":"security_exception","reason":"action [indices:data/read/search]
requires authentication","header":{"WWW-Authenticate":"Basic realm="security" charset="UTF-8""}},"status":401}

But when I am passing username/pwd it is working.


(Tim Vernum) #2

Have you configured Elasticsearch to accept authentication via PKI certificate?
Can you provide your elasticsearch.yml file?


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.