Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/ssl/3.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
NoHostAvailableException::Java到Cassandra SSL群集连接失败_Java_Ssl_Cassandra_Cassandra 3.0_Datastax Java Driver - Fatal编程技术网
Fatal编程技术网
  • java/
  • NoHostAvailableException::Java到Cassandra SSL群集连接失败

NoHostAvailableException::Java到Cassandra SSL群集连接失败

java ssl cassandra

NoHostAvailableException::Java到Cassandra SSL群集连接失败,java,ssl,cassandra,cassandra-3.0,datastax-java-driver,Java,Ssl,Cassandra,Cassandra 3.0,Datastax Java Driver,我正在尝试从Java客户端程序连接到一个3节点Cassandra集群,Cassandra集群配置为启用了客户端到节点的加密。我在所有三个节点中部署了三个自签名证书,并根据文档将公共证书导入到其他每个节点。当我运行客户端程序时,我得到以下异常 Exception in thread "main" com.datastax.driver.core.exceptions.NoHostAvailableException: All host(s) tried for query failed (tri

我正在尝试从Java客户端程序连接到一个3节点Cassandra集群,Cassandra集群配置为启用了客户端到节点的加密。我在所有三个节点中部署了三个自签名证书,并根据文档将公共证书导入到其他每个节点。当我运行客户端程序时,我得到以下异常

 Exception in thread "main" com.datastax.driver.core.exceptions.NoHostAvailableException: All host(s) tried for query failed (tried: clm-pun-swpry4/10.133.181.157:9042 (com.datastax.driver.core.exceptions.TransportException: [clm-pun-swpry4/10.133.181.157:9042] Channel has been closed), clm-pun-swpryf/10.133.181.156:9042 (com.datastax.driver.core.exceptions.TransportException: [clm-pun-swpryf/10.133.181.156:9042] Channel has been closed), clm-pun-sqbgda/10.133.172.70:9042 (com.datastax.driver.core.exceptions.TransportException: [clm-pun-sqbgda/10.133.172.70:9042] Channel has been closed))
    at com.datastax.driver.core.ControlConnection.reconnectInternal(ControlConnection.java:233)
    at com.datastax.driver.core.ControlConnection.connect(ControlConnection.java:79)
    at com.datastax.driver.core.Cluster$Manager.init(Cluster.java:1483)
    at com.datastax.driver.core.Cluster.init(Cluster.java:159)
    at com.datastax.driver.core.SessionManager.initAsync(SessionManager.java:78)
    at com.datastax.driver.core.SessionManager.executeAsync(SessionManager.java:139)
    at com.datastax.driver.core.AbstractSession.execute(AbstractSession.java:68)
    at com.datastax.driver.core.AbstractSession.execute(AbstractSession.java:43)
    at clm.bmc.saas.incubator.ClientToNodeExample.main(ClientToNodeExample.java:28)
Cassandra.yaml中的我的Cassandra配置(3个节点中每个节点的单独自签名证书):

我的Java程序:


public class ClientToNodeExample {
    private static final Logger LOGGER = LoggerFactory.getLogger(ClientToNodeExample.class);

    public static void main(String[] args) {
        ClientToNodeExample example = new ClientToNodeExample();
        Session session = example.getCluster("C:\\install\\ssl\\cassandraCluster.ks", "changeit",
                new String[]{"clm-pun-sqbgda", "clm-pun-swpryf", "clm-pun-swpry4"}, 9042).newSession();
        ResultSet results = session.execute("SELECT * FROM entity_space.mo;");
        LOGGER.info("NumberOfRows:" + results.all().size());
        session.close();
    }

    private Cluster getCluster(String trustStoreLocation, String trustStorePassword, String[] host, int port) {
        Cluster cluster;
        SSLContext sslcontext = null;
        try {
            InputStream is = ClientToNodeExample.class.getResourceAsStream(trustStoreLocation);
            KeyStore keystore = KeyStore.getInstance("jks");
            char[] pwd = trustStorePassword.toCharArray();
            keystore.load(is, pwd);
            TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            tmf.init(keystore);
            TrustManager[] tm = tmf.getTrustManagers();
            sslcontext = SSLContext.getInstance("TLS");
            sslcontext.init(null, tm, null);
        } catch (Exception e) {
            LOGGER.error("ERROR", e);
        }
        JdkSSLOptions sslOptions = JdkSSLOptions.builder().withSSLContext(sslcontext).build();
        cluster = Cluster.builder().addContactPoints(host).withPort(port).withSSL(sslOptions).build();
        return cluster;
    }
}
但是,如果我尝试使用以下keytool命令检查每个节点的证书,我将获得证书:

keytool -printcert -sslserver clm-pun-sqbgda:9042 -rfc
谁能帮我一下我哪里出了问题

Cassandra version:3.11.0
cassandra-driver-core : 3.1.4
首先,我将尝试通过cqlsh--ssl进行连接(您需要执行一些额外的步骤):

  • 将服务器证书转换为PKCS12格式
  • 将PKCS12转换为PEM
  • 修改cqlshrc文件以使用PEM证书
如果这是确定的,那么设置是正确的,我会删除sslOptions并提供

-Djavax.net.ssl.trustStore
-Djavax.net.ssl.trustStorePassword 
-Djavax.net.debug=ssl.
如果这也有效,那么问题出在
getCluster
方法中

我猜您的密钥库(cassandraCluster.ks)没有正确加载

我以maven项目的形式成功地执行了您的代码,密钥存储在resources文件夹中,并加载了

cluster = getCluster("/client-truststore.jks", "changeit", new String[]{"127.0.0.1"}, 9042);
您的system.log文件中有哪些错误?首先,我将尝试通过cqlsh--ssl进行连接(您需要执行一些额外的步骤)。如果这是确定的,那么设置是正确的,我将删除sslOptions并提供-Djavax.net.ssl.trustStore、-Djavax.net.ssl.trustStorePassword和-Djavax.net.debug=ssl。如果这也是可行的,那么问题在于getCluster方法。我猜您的密钥库(cassandraCluster.ks)没有正确加载。我成功地以maven项目的形式运行了代码,密钥库位于resources文件夹中,并加载了cluster=getCluster(“/client truststore.jks”,“changeit”,new String[]{“127.0.0.1”},9042)@谢谢你指出。信任库的路径不正确。修正后,效果很好。我配置了所有建议的方法,cqlsh,使用系统变量的信任库,最后使用加载的sslcontext:所有方法都很好。非常感谢。好的,很高兴我能帮忙。我会把我的评论作为回答。 
cluster = getCluster("/client-truststore.jks", "changeit", new String[]{"127.0.0.1"}, 9042);