Need help with Riak-KV (2.1.4) certificate based authentication using Java client

Nguyen, Kyle kyle.nguyen at philips.com
Thu Aug 25 16:24:46 EDT 2016


Hi all,

I was trying to implement client certificate based authentication following http://docs.basho.com/riak/kv/2.1.4/using/security/basics/ but kept getting the following SSL Handshake exception. I believe I have the client keystore, truststore and riak server cert/key setup properly. Both client cert and riak server cert are signed with the same CA. Any advice and suggestions will be greatly appreciated!

2016-08-25 12:53:24 DEBUG InternalLoggerFactory:71 - Using SLF4J as the default logging framework
2016-08-25 12:53:24 DEBUG MultithreadEventLoopGroup:76 - -Dio.netty.eventLoopThreads: 16
2016-08-25 12:53:24 DEBUG PlatformDependent0:76 - java.nio.Buffer.address: available
2016-08-25 12:53:24 DEBUG PlatformDependent0:76 - sun.misc.Unsafe.theUnsafe: available
2016-08-25 12:53:24 DEBUG PlatformDependent0:71 - sun.misc.Unsafe.copyMemory: available
2016-08-25 12:53:24 DEBUG PlatformDependent0:76 - java.nio.Bits.unaligned: true
2016-08-25 12:53:24 DEBUG PlatformDependent:71 - Platform: Windows
2016-08-25 12:53:24 DEBUG PlatformDependent:76 - Java version: 8
2016-08-25 12:53:24 DEBUG PlatformDependent:76 - -Dio.netty.noUnsafe: false
2016-08-25 12:53:24 DEBUG PlatformDependent:76 - sun.misc.Unsafe: available
2016-08-25 12:53:24 DEBUG PlatformDependent:76 - -Dio.netty.noJavassist: false
2016-08-25 12:53:24 DEBUG PlatformDependent:71 - Javassist: unavailable
2016-08-25 12:53:24 DEBUG PlatformDependent:71 - You don't have Javassist in your class path or you don't have enough permission to load dynamically generated classes.  Please check the configuration for better performance.
2016-08-25 12:53:24 DEBUG PlatformDependent:76 - -Dio.netty.tmpdir: C:\apache-tomcat-7.0.54\temp (java.io.tmpdir)
2016-08-25 12:53:24 DEBUG PlatformDependent:76 - -Dio.netty.bitMode: 64 (sun.arch.data.model)
2016-08-25 12:53:24 DEBUG PlatformDependent:76 - -Dio.netty.noPreferDirect: false
2016-08-25 12:53:24 DEBUG NioEventLoop:76 - -Dio.netty.noKeySetOptimization: false
2016-08-25 12:53:24 DEBUG NioEventLoop:76 - -Dio.netty.selectorAutoRebuildThreshold: 512
2016-08-25 12:53:24 INFO  RiakJKSConnection:73 - initializeRiak Cluster is OK
2016-08-25 12:53:24 DEBUG ThreadLocalRandom:71 - -Dio.netty.initialSeedUniquifier: 0xac658e47a52a7794 (took 3 ms)
2016-08-25 12:53:24 DEBUG ByteBufUtil:76 - -Dio.netty.allocator.type: unpooled
2016-08-25 12:53:24 DEBUG ByteBufUtil:76 - -Dio.netty.threadLocalDirectBufferSize: 65536
2016-08-25 12:53:24 DEBUG ByteBufUtil:76 - -Dio.netty.maxThreadLocalCharBufferSize: 16384
2016-08-25 12:53:24 DEBUG RiakNode:762 - Using TLSv1.2
2016-08-25 12:53:24 DEBUG RiakSecurityDecoder:166 - Handler Added
2016-08-25 12:53:24 DEBUG RiakNode:777 - Waiting on SSL Promise
2016-08-25 12:53:24 DEBUG AbstractByteBuf:81 - -Dio.netty.buffer.bytebuf.checkAccessible: true
2016-08-25 12:53:24 DEBUG ResourceLeakDetector:81 - -Dio.netty.leakDetection.level: simple
2016-08-25 12:53:24 DEBUG ResourceLeakDetector:81 - -Dio.netty.leakDetection.maxRecords: 4
2016-08-25 12:53:24 DEBUG Recycler:76 - -Dio.netty.recycler.maxCapacity.default: 262144
2016-08-25 12:53:24 DEBUG Cleaner0:76 - java.nio.ByteBuffer.cleaner(): available
2016-08-25 12:53:24 DEBUG RiakSecurityDecoder:69 - RiakSecurityDecoder decode
2016-08-25 12:53:24 DEBUG RiakSecurityDecoder:93 - Received MSG_RpbStartTls reply
2016-08-25 12:53:24 ERROR RiakSecurityDecoder:230 - SSL Handshake failed:
java.nio.channels.ClosedChannelException
2016-08-25 12:53:24 ERROR RiakNode:787 - Failure during Auth; 127.0.0.1:8087 java.nio.channels.ClosedChannelException
2016-08-25 12:53:24 DEBUG RiakSecurityDecoder:181 - Channel Inactive

RiakNode builder setup:

public static RiakCluster getRiakCluster(String riakUserName, String userPassword, String storePath, String storePasswd, String keyPasswd) throws UnknownHostException{

       KeyStore keyStore = loadKeystore(storePath,storePasswd);
       //riak with one node
       RiakNode.Builder builder = new RiakNode.Builder().withRemoteAddress("127.0.0.1").withRemotePort(8087);
       builder.withAuth(riakUserName, userPassword, trustStore, keyStore, keyPasswd);
       builder.withConnectionTimeout(30000);
       RiakCluster cluster = cluster = new RiakCluster.Builder(builder.build()).build();
       cluster.start();
       return cluster;


    }

Thanks

-Kyle-

________________________________
The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.basho.com/pipermail/riak-users_lists.basho.com/attachments/20160825/f101c3df/attachment-0002.html>


More information about the riak-users mailing list