elasticsearch8.9.2ssl配置 java

package cn.test.es.config; import java.io.IOException; import java.io.InputStream; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; import java.security.KeyManagementException; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import javax.annotation.Resource; import javax.net.ssl.SSLContext; import org.apache.http.HttpHost; import org.apache.http.auth.AuthScope; import org.apache.http.auth.UsernamePasswordCredentials; import org.apache.http.client.CredentialsProvider; import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.apache.http.impl.client.BasicCredentialsProvider; import org.apache.http.ssl.SSLContextBuilder; import org.apache.http.ssl.SSLContexts; import org.elasticsearch.client.RestClient; import org.elasticsearch.client.RestClientBuilder; import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.context.annotation.Bean; import org.springframework.stereotype.Component; import co.elastic.clients.elasticsearch.ElasticsearchAsyncClient; import co.elastic.clients.elasticsearch.ElasticsearchClient; import co.elastic.clients.json.jackson.JacksonJsonpMapper; import co.elastic.clients.transport.ElasticsearchTransport; import co.elastic.clients.transport.rest_client.RestClientTransport; import nl.altindag.ssl.SSLFactory; /** * Copyright (C), 2022-2022, XXX公司 * FileName: ElasticConfig * Author: Fanwk * Date: 2022/11/113:45 * Description: * History: * <author> <time> <version> <desc> * 作者名称 修改时间 版本号 描述 */ @Component @EnableConfigurationProperties(ElasticResource.class) public class ElasticConfig { @Resource private ElasticResource elasticResource; private HttpHost[] getHttpHosts(String clientIps, int esHttpPort) { String[] clientIpList = clientIps.split(","); HttpHost[] httpHosts = new HttpHost[clientIpList.length]; for (int i = 0; i < clientIpList.length; i++) { httpHosts[i] = new HttpHost(clientIpList[i], esHttpPort, "https"); } return httpHosts; } // @Bean // public ElasticsearchClient elasticsearchClient(){ // ElasticsearchTransport transport = getElasticsearchTransport("./http_ca.crt"); // return new ElasticsearchClient(transport); // } // @Bean // public ElasticsearchAsyncClient elasticsearchAsyncClient(){ // ElasticsearchTransport transport = getElasticsearchTransport("./http_ca.crt"); // return new ElasticsearchAsyncClient(transport); // } @Bean public ElasticsearchClient httpclient(){ SSLFactory sslFactory = SSLFactory.builder() .withUnsafeTrustMaterial() .withUnsafeHostnameVerifier() .build(); RestClientBuilder builder = RestClient.builder(new HttpHost("192.168.19.150", 9200, "https")); final CredentialsProvider credentialsProvider = new BasicCredentialsProvider(); credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("elastic", "W*5qopRj0vw4GpYMeb8V")); builder = builder.setHttpClientConfigCallback(httpClientBuilder -> httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider) .setSSLContext(sslFactory.getSslContext()) .setSSLHostnameVerifier(sslFactory.getHostnameVerifier())); return new ElasticsearchClient( new RestClientTransport(builder.build(),new JacksonJsonpMapper())); } // CredentialsProvider credentialsProvider = new BasicCredentialsProvider(); // //设置账号密码 // credentialsProvider.setCredentials( // AuthScope.ANY, new UsernamePasswordCredentials(elasticResource.getUsername(), elasticResource.getPassword())); // RestClient restClient = RestClient.builder(new HttpHost(elasticResource.getHost(), elasticResource.getPort())) // .setHttpClientConfigCallback(httpClientBuilder->httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider)).build(); // // ElasticsearchTransport transport = new RestClientTransport(restClient,new JacksonJsonpMapper()); // return new ElasticsearchClient(transport); // } public static RestClient getClient(String capath) throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException, CertificateException, IOException { // 如果有多个从节点可以持续在内部new多个HttpHost，参数1是ip,参数2是HTTP端口，参数3是通信协议 // RestClientBuilder clientBuilder = RestClient.builder(new HttpHost("localhost", 9200, "http")); SSLFactory sslFactory = SSLFactory.builder() .withUnsafeTrustMaterial() .withUnsafeHostnameVerifier() .build(); RestClientBuilder clientBuilder = RestClient.builder(new HttpHost("192.168.19.95", 9200, "https")); final CredentialsProvider credentialsProvider = new BasicCredentialsProvider(); credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("elastic", "W*5qopRj0vw4GpYMeb8V")); // TODO 注意安装路径 Path caCertificatePath = Paths.get(capath); CertificateFactory factory = CertificateFactory.getInstance("X.509"); java.security.cert.Certificate trustedCa; try (InputStream is = Files.newInputStream(caCertificatePath)) { trustedCa = factory.generateCertificate(is); } KeyStore trustStore = KeyStore.getInstance("pkcs12"); trustStore.load(null, null); trustStore.setCertificateEntry("ca", trustedCa); SSLContextBuilder sslContextBuilder = SSLContexts.custom() .loadTrustMaterial(trustStore, null); final SSLContext sslContext = sslContextBuilder.build(); clientBuilder.setHttpClientConfigCallback(httpClientBuilder -> httpClientBuilder.setSSLContext(sslContext).setDefaultCredentialsProvider(credentialsProvider)); return clientBuilder.build(); } private ElasticsearchTransport getElasticsearchTransport(String path) { SSLFactory sslFactory = SSLFactory.builder() .withUnsafeTrustMaterial() .withUnsafeHostnameVerifier() .build(); final CredentialsProvider credentialsProvider = new BasicCredentialsProvider(); credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(elasticResource.getUsername(),elasticResource.getPassword())); Path caCertificatePath = Paths.get(path); SSLContext sslContext = null; try { CertificateFactory factory = CertificateFactory.getInstance("X.509"); java.security.cert.Certificate trustedCa; try (InputStream is = Files.newInputStream(caCertificatePath)) { trustedCa = factory.generateCertificate(is); } KeyStore trustStore = KeyStore.getInstance("pkcs12"); trustStore.load(null, null); trustStore.setCertificateEntry("ca", trustedCa); SSLContextBuilder sslContextBuilder = SSLContexts.custom() .loadTrustMaterial(trustStore, null); sslContext = sslContextBuilder.build(); } catch (CertificateException | IOException | KeyStoreException | NoSuchAlgorithmException | KeyManagementException e) { // log.error("ES连接认证失败", e); } SSLContext finalSslContext = sslContext; RestClientBuilder builder = RestClient.builder( new HttpHost(elasticResource.getHost(), elasticResource.getPort(), "https")) .setHttpClientConfigCallback(httpClientBuilder -> httpClientBuilder