个人中心
gpt4 book ai didi

java - SSL 加密和 Cassandra

转载 作者:太空宇宙 更新时间:2023-11-03 12:54:45 25 4
gpt4 key购买 nike

我正在尝试启用客户端到节点的 SSL 加密,但是在 cassandra.yaml 中将 client_encryption_options 设置为 true 后尝试启动 DSE 时,我一直遇到最奇怪的错误

这是来自 dse 日志:

ERROR 15:09:42,277  DseModule.java:108 - Unable to start server. Exiting...
com.google.inject.CreationException: Unable to create injector, see the following errors:

1) An exception was caught and reported. Message: Failed to initialize SSLContext: File '/home/ec2-user/keystore.node2' does not exist
  at com.datastax.bdp.DseModule.configure(Unknown Source)

1 error
        at com.google.inject.internal.Errors.throwCreationExceptionIfErrorsExist(Errors.java:466) ~[guice-4.0.jar:na]
        at com.google.inject.internal.InternalInjectorCreator.initializeStatically(InternalInjectorCreator.java:155) ~[guice-4.0.jar:na]
        at com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:107) ~[guice-4.0.jar:na]
        at com.google.inject.Guice.createInjector(Guice.java:96) ~[guice-4.0.jar:na]
        at com.google.inject.Guice.createInjector(Guice.java:73) ~[guice-4.0.jar:na]
        at com.google.inject.Guice.createInjector(Guice.java:62) ~[guice-4.0.jar:na]
        at com.datastax.bdp.ioc.DseInjector.get(DseInjector.java:31) ~[dse-core-5.0.6.jar:5.0.6]
        at com.datastax.bdp.DseModule.main(DseModule.java:89) ~[dse-core-5.0.6.jar:5.0.6]
Caused by: org.apache.cassandra.exceptions.ConfigurationException: Failed to initialize SSLContext: File '/home/ec2-user/keystore.node2' does not exist
        at com.datastax.bdp.config.DseConfig.init(DseConfig.java:443) ~[dse-core-5.0.6.jar:5.0.6]
        at com.datastax.bdp.DseCoreModule.<init>(DseCoreModule.java:76) ~[dse-core-5.0.6.jar:5.0.6]
        at com.datastax.bdp.DseModule.getRequiredModules(DseModule.java:139) ~[dse-core-5.0.6.jar:5.0.6]
        at com.datastax.bdp.server.AbstractDseModule.configure(AbstractDseModule.java:27) ~[dse-core-5.0.6.jar:5.0.6]
        at com.datastax.bdp.DseModule.configure(DseModule.java:76) ~[dse-core-5.0.6.jar:5.0.6]
        at com.google.inject.AbstractModule.configure(AbstractModule.java:62) ~[guice-4.0.jar:na]
        at com.google.inject.spi.Elements$RecordingBinder.install(Elements.java:340) ~[guice-4.0.jar:na]
        at com.google.inject.spi.Elements.getElements(Elements.java:110) ~[guice-4.0.jar:na]
        at com.google.inject.internal.InjectorShell$Builder.build(InjectorShell.java:138) ~[guice-4.0.jar:na]
        at com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:104) ~[guice-4.0.jar:na]
        ... 5 common frames omitted
Caused by: java.io.FileNotFoundException: File '/home/ec2-user/keystore.node2' does not exist
        at org.apache.commons.io.FileUtils.openInputStream(FileUtils.java:299) ~[commons-io-2.4.jar:2.4]
        at org.apache.commons.io.FileUtils.readFileToByteArray(FileUtils.java:1763) ~[commons-io-2.4.jar:2.4]
        at com.datastax.bdp.util.SSLUtil.createKeyStore(SSLUtil.java:127) ~[dse-core-5.0.6.jar:5.0.6]
        at com.datastax.bdp.util.SSLUtil.initKeyManagerFactory(SSLUtil.java:115) ~[dse-core-5.0.6.jar:5.0.6]
        at com.datastax.bdp.config.DseConfig.resolveKeyManagerFactorySafely(DseConfig.java:831) ~[dse-core-5.0.6.jar:5.0.6]
        at com.datastax.bdp.config.DseConfig.getSSLContext(DseConfig.java:737) ~[dse-core-5.0.6.jar:5.0.6]
        at com.datastax.bdp.config.DseConfig.init(DseConfig.java:439) ~[dse-core-5.0.6.jar:5.0.6]
        ... 14 common frames omitted

这是我的cassandra.yaml文件

client_encryption_options:
    enabled: false
    # If enabled and optional is set to true encrypted and unencrypted connections are handled.
    optional: false
    keystore: /home/ec2-user/keystore.node2
    keystore_password: cassandra
    require_client_auth: true
    # Set trustore and truststore_password if require_client_auth is true
    truststore: /home/ec2-user/truststore.node2
    truststore_password: cassandra
    # More advanced defaults below:
    protocol: TLS
    algorithm: SunX509
    store_type: JKS
    cipher_suites: [TLS_RSA_WITH_AES_256_CBC_SHA]

我不知道为什么我总是收到

SSLContext: File '/home/ec2-user/keystore.node2' does not exist

这是我的 keystore 的位置 -

[ec2-user@ip-172-18-51-175 ~]$ locate keystore.node2
/home/ec2-user/keystore.node2

我可能做错了什么?

最佳答案

切换到您的 cassandra 用户,然后执行 cat/home/ec2-user/keystore.node2 并查看该用户是否可以看到该文件

同时运行:ls -lna/home/ec2-user/keystore.node2 并在此处发布。

关于java - SSL 加密和 Cassandra,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/42332754/

25 4 0
文章推荐: Java SSL : how to get client certificate information
文章推荐: c# - 与 C# 程序通信 Erlang 服务器
文章推荐: ssl - https 客户端使用客户端证书和密码获取 cpp-netlib
文章推荐: Android 主题首选项对话框
太空宇宙
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com