etcd4j icon indicating copy to clipboard operation
etcd4j copied to clipboard

Published 20 hours ago verified publisher icon jurmous

Handling SSL certificate file

Open adholland opened this issue 7 years ago • 3 comments

Hi,

I'm attempting to use the etcd4j lib to access an etcd service within BlueMix. The issue I have is how to handle the certificate (ca_certificate_base64) contained in the credentials below : -

{ "compose-for-etcd": [ { "credentials": { "db_type": "etcd", "name": "bmix-dal-yp-03b4f889-d2c1", "uri_cli": "etcdctl --ca-file [CA_CERT_FILE] --no-sync --peers https://bluemix-address-portal.8.dblayer.com:25302,https://bluemix-address-portal.7.dblayer.com:25302 -u root:PASSWORD ls /", "uri_direct_1": "https://root:[email protected]:25302/v2/keys", "ca_certificate_base64": "cert_blah_blah=", "deployment_id": "deployment_id", "uri": "https://root:[email protected]:25302/v2/keys" }, "syslog_drain_url": null, "label": "compose-for-etcd", "provider": null, "plan": "Standard", "name": "Compose for etcd-zk", "tags": [ "big_data", "data_management", "ibm_created", "ibm_beta" ] } ] }

I'm not sure how I create the etcd4j client and initialise it with the ca certificate.

adholland avatar Apr 07 '17 13:04 adholland

Attempting to use the client, passing in the cert as follows: -

        final X509Certificate caCert = (X509Certificate)cf.generateCertificate(is);
        final TrustManagerFactory tmf = TrustManagerFactory
                .getInstance(TrustManagerFactory.getDefaultAlgorithm());
        final KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
        ks.load(null);
        ks.setCertificateEntry("caCert", caCert);

        tmf.init(ks);

        final SSLContext sslContext = SSLContext.getInstance("TLS");
        sslContext.init(null, tmf.getTrustManagers(), null);
        final EtcdSecurityContext esContent = new EtcdSecurityContext(sslContext, etcdUser, etcdPassword);
        final EtcdClient etcdClient = new EtcdClient(esContent, URI.create(etcdURL));
        final String health = etcdClient.getHealth().getHealth();

This code just hangs when I hit the getHealth() method.

Note: Using liberty.

adholland avatar Apr 07 '17 16:04 adholland

Using etcd4j with the following code also hangs on the getHealth() method: -

        final InputStream is = new ByteArrayInputStream(sslBytes);
        final SslContext sslContext = SslContextBuilder.forClient().trustManager(is).build();
        final EtcdClient etcdClient = new EtcdClient(sslContext, etcdUser, etcdPassword, URI.create(etcdURL));
        final String health = etcdClient.getHealth().getHealth();

adholland avatar Apr 07 '17 16:04 adholland

looks like it may be related to jurmous/etcd4j#139

adholland avatar Apr 07 '17 16:04 adholland