package cn.test.es.config;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import javax.annotation.Resource;
import javax.net.ssl.SSLContext;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.SSLContexts;
import org.elasticsearch.client.RestClient;
import org.elasticsearch.client.RestClientBuilder;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.stereotype.Component;
import co.elastic.clients.elasticsearch.ElasticsearchAsyncClient;
import co.elastic.clients.elasticsearch.ElasticsearchClient;
import co.elastic.clients.json.jackson.JacksonJsonpMapper;
import co.elastic.clients.transport.ElasticsearchTransport;
import co.elastic.clients.transport.rest_client.RestClientTransport;
import nl.altindag.ssl.SSLFactory;
/**
* Copyright (C), 2022-2022, XXX公司
* FileName: ElasticConfig
* Author: Fanwk
* Date: 2022/11/113:45
* Description:
* History:
* <author> <time> <version> <desc>
* 作者名称 修改时间 版本号 描述
*/
@Component
@EnableConfigurationProperties(ElasticResource.class)
public class ElasticConfig {
@Resource
private ElasticResource elasticResource;
private HttpHost[] getHttpHosts(String clientIps, int esHttpPort) {
String[] clientIpList = clientIps.split(",");
HttpHost[] httpHosts = new HttpHost[clientIpList.length];
for (int i = 0; i < clientIpList.length; i++) {
httpHosts[i] = new HttpHost(clientIpList[i], esHttpPort, "https");
}
return httpHosts;
}
// @Bean
// public ElasticsearchClient elasticsearchClient(){
// ElasticsearchTransport transport = getElasticsearchTransport("./http_ca.crt");
// return new ElasticsearchClient(transport);
// }
// @Bean
// public ElasticsearchAsyncClient elasticsearchAsyncClient(){
// ElasticsearchTransport transport = getElasticsearchTransport("./http_ca.crt");
// return new ElasticsearchAsyncClient(transport);
// }
@Bean
public ElasticsearchClient httpclient(){
SSLFactory sslFactory = SSLFactory.builder()
.withUnsafeTrustMaterial()
.withUnsafeHostnameVerifier()
.build();
RestClientBuilder builder = RestClient.builder(new HttpHost("192.168.19.150", 9200, "https"));
final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("elastic", "W*5qopRj0vw4GpYMeb8V"));
builder = builder.setHttpClientConfigCallback(httpClientBuilder -> httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider)
.setSSLContext(sslFactory.getSslContext())
.setSSLHostnameVerifier(sslFactory.getHostnameVerifier()));
return new ElasticsearchClient( new RestClientTransport(builder.build(),new JacksonJsonpMapper()));
}
// CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
// //设置账号密码
// credentialsProvider.setCredentials(
// AuthScope.ANY, new UsernamePasswordCredentials(elasticResource.getUsername(), elasticResource.getPassword()));
// RestClient restClient = RestClient.builder(new HttpHost(elasticResource.getHost(), elasticResource.getPort()))
// .setHttpClientConfigCallback(httpClientBuilder->httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider)).build();
//
// ElasticsearchTransport transport = new RestClientTransport(restClient,new JacksonJsonpMapper());
// return new ElasticsearchClient(transport);
// }
public static RestClient getClient(String capath) throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException, CertificateException, IOException {
// 如果有多个从节点可以持续在内部new多个HttpHost,参数1是ip,参数2是HTTP端口,参数3是通信协议
// RestClientBuilder clientBuilder = RestClient.builder(new HttpHost("localhost", 9200, "http"));
SSLFactory sslFactory = SSLFactory.builder()
.withUnsafeTrustMaterial()
.withUnsafeHostnameVerifier()
.build();
RestClientBuilder clientBuilder = RestClient.builder(new HttpHost("192.168.19.95", 9200, "https"));
final CredentialsProvider credentialsProvider =
new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY,
new UsernamePasswordCredentials("elastic", "W*5qopRj0vw4GpYMeb8V"));
// TODO 注意安装路径
Path caCertificatePath = Paths.get(capath);
CertificateFactory factory =
CertificateFactory.getInstance("X.509");
java.security.cert.Certificate trustedCa;
try (InputStream is = Files.newInputStream(caCertificatePath)) {
trustedCa = factory.generateCertificate(is);
}
KeyStore trustStore = KeyStore.getInstance("pkcs12");
trustStore.load(null, null);
trustStore.setCertificateEntry("ca", trustedCa);
SSLContextBuilder sslContextBuilder = SSLContexts.custom()
.loadTrustMaterial(trustStore, null);
final SSLContext sslContext = sslContextBuilder.build();
clientBuilder.setHttpClientConfigCallback(httpClientBuilder -> httpClientBuilder.setSSLContext(sslContext).setDefaultCredentialsProvider(credentialsProvider));
return clientBuilder.build();
}
private ElasticsearchTransport getElasticsearchTransport(String path) {
SSLFactory sslFactory = SSLFactory.builder()
.withUnsafeTrustMaterial()
.withUnsafeHostnameVerifier()
.build();
final CredentialsProvider credentialsProvider =
new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY,
new UsernamePasswordCredentials(elasticResource.getUsername(),elasticResource.getPassword()));
Path caCertificatePath = Paths.get(path);
SSLContext sslContext = null;
try {
CertificateFactory factory = CertificateFactory.getInstance("X.509");
java.security.cert.Certificate trustedCa;
try (InputStream is = Files.newInputStream(caCertificatePath)) {
trustedCa = factory.generateCertificate(is);
}
KeyStore trustStore = KeyStore.getInstance("pkcs12");
trustStore.load(null, null);
trustStore.setCertificateEntry("ca", trustedCa);
SSLContextBuilder sslContextBuilder = SSLContexts.custom()
.loadTrustMaterial(trustStore, null);
sslContext = sslContextBuilder.build();
} catch (CertificateException | IOException | KeyStoreException | NoSuchAlgorithmException | KeyManagementException e) {
// log.error("ES连接认证失败", e);
}
SSLContext finalSslContext = sslContext;
RestClientBuilder builder = RestClient.builder(
new HttpHost(elasticResource.getHost(), elasticResource.getPort(), "https"))
.setHttpClientConfigCallback(httpClientBuilder -> httpClientBuilder
