Need help with Riak-KV (2.1.4) certificate based authentication using Java client

Jonathan Joseph jonbjoseph at gmail.com
Thu Aug 25 20:53:07 EDT 2016


Try adding the following Java property setting when launching your java
client in order to see SSL Handshake related debug information:

-Djavax.net.debug=ssl:handshake

Or to see all ssl related debug output:

-Djavax.net.debug=ssl



On Thu, Aug 25, 2016 at 4:24 PM, Nguyen, Kyle <kyle.nguyen at philips.com>
wrote:

> Hi all,
>
>
>
> I was trying to implement client certificate based authentication
> following http://docs.basho.com/riak/kv/2.1.4/using/security/basics/ but
> kept getting the following SSL Handshake exception. I believe I have the
> client keystore, truststore and riak server cert/key setup properly. Both
> client cert and riak server cert are signed with the same CA. Any advice
> and suggestions will be greatly appreciated!
>
>
>
> 2016-08-25 12:53:24 DEBUG InternalLoggerFactory:71 - Using SLF4J as the
> default logging framework
>
> 2016-08-25 12:53:24 DEBUG MultithreadEventLoopGroup:76 -
> -Dio.netty.eventLoopThreads: 16
>
> 2016-08-25 12:53:24 DEBUG PlatformDependent0:76 - java.nio.Buffer.address:
> available
>
> 2016-08-25 12:53:24 DEBUG PlatformDependent0:76 -
> sun.misc.Unsafe.theUnsafe: available
>
> 2016-08-25 12:53:24 DEBUG PlatformDependent0:71 -
> sun.misc.Unsafe.copyMemory: available
>
> 2016-08-25 12:53:24 DEBUG PlatformDependent0:76 - java.nio.Bits.unaligned:
> true
>
> 2016-08-25 12:53:24 DEBUG PlatformDependent:71 - Platform: Windows
>
> 2016-08-25 12:53:24 DEBUG PlatformDependent:76 - Java version: 8
>
> 2016-08-25 12:53:24 DEBUG PlatformDependent:76 - -Dio.netty.noUnsafe: false
>
> 2016-08-25 12:53:24 DEBUG PlatformDependent:76 - sun.misc.Unsafe: available
>
> 2016-08-25 12:53:24 DEBUG PlatformDependent:76 - -Dio.netty.noJavassist:
> false
>
> 2016-08-25 12:53:24 DEBUG PlatformDependent:71 - Javassist: unavailable
>
> 2016-08-25 12:53:24 DEBUG PlatformDependent:71 - You don't have Javassist
> in your class path or you don't have enough permission to load dynamically
> generated classes.  Please check the configuration for better performance.
>
> 2016-08-25 12:53:24 DEBUG PlatformDependent:76 - -Dio.netty.tmpdir:
> C:\apache-tomcat-7.0.54\temp (java.io.tmpdir)
>
> 2016-08-25 12:53:24 DEBUG PlatformDependent:76 - -Dio.netty.bitMode: 64
> (sun.arch.data.model)
>
> 2016-08-25 12:53:24 DEBUG PlatformDependent:76 -
> -Dio.netty.noPreferDirect: false
>
> 2016-08-25 12:53:24 DEBUG NioEventLoop:76 - -Dio.netty.noKeySetOptimization:
> false
>
> 2016-08-25 12:53:24 DEBUG NioEventLoop:76 - -Dio.netty.selectorAutoRebuildThreshold:
> 512
>
> 2016-08-25 12:53:24 INFO  RiakJKSConnection:73 - initializeRiak Cluster is
> OK
>
> 2016-08-25 12:53:24 DEBUG ThreadLocalRandom:71 - -Dio.netty.initialSeedUniquifier:
> 0xac658e47a52a7794 (took 3 ms)
>
> 2016-08-25 12:53:24 DEBUG ByteBufUtil:76 - -Dio.netty.allocator.type:
> unpooled
>
> 2016-08-25 12:53:24 DEBUG ByteBufUtil:76 - -Dio.netty.threadLocalDirectBufferSize:
> 65536
>
> 2016-08-25 12:53:24 DEBUG ByteBufUtil:76 - -Dio.netty.maxThreadLocalCharBufferSize:
> 16384
>
> 2016-08-25 12:53:24 DEBUG RiakNode:762 - Using TLSv1.2
>
> 2016-08-25 12:53:24 DEBUG RiakSecurityDecoder:166 - Handler Added
>
> 2016-08-25 12:53:24 DEBUG RiakNode:777 - Waiting on SSL Promise
>
> 2016-08-25 12:53:24 DEBUG AbstractByteBuf:81 - -Dio.netty.buffer.bytebuf.checkAccessible:
> true
>
> 2016-08-25 12:53:24 DEBUG ResourceLeakDetector:81 -
> -Dio.netty.leakDetection.level: simple
>
> 2016-08-25 12:53:24 DEBUG ResourceLeakDetector:81 -
> -Dio.netty.leakDetection.maxRecords: 4
>
> 2016-08-25 12:53:24 DEBUG Recycler:76 - -Dio.netty.recycler.maxCapacity.default:
> 262144
>
> 2016-08-25 12:53:24 DEBUG Cleaner0:76 - java.nio.ByteBuffer.cleaner():
> available
>
> 2016-08-25 12:53:24 DEBUG RiakSecurityDecoder:69 - RiakSecurityDecoder
> decode
>
> 2016-08-25 12:53:24 DEBUG RiakSecurityDecoder:93 - Received
> MSG_RpbStartTls reply
>
> 2016-08-25 12:53:24 ERROR RiakSecurityDecoder:230 - SSL Handshake failed:
>
> java.nio.channels.ClosedChannelException
>
> 2016-08-25 12:53:24 ERROR RiakNode:787 - Failure during Auth;
> 127.0.0.1:8087 java.nio.channels.ClosedChannelException
>
> 2016-08-25 12:53:24 DEBUG RiakSecurityDecoder:181 - Channel Inactive
>
>
>
> RiakNode builder setup:
>
>
>
> *public* *static* RiakCluster getRiakCluster(String riakUserName, String
> userPassword, String storePath, String storePasswd, String keyPasswd)
> *throws* UnknownHostException{
>
>
>
>        KeyStore keyStore = *loadKeystore*(storePath,storePasswd);
>
>        //riak with one node
>
>        RiakNode.Builder builder = *new* RiakNode.Builder().
> withRemoteAddress("127.0.0.1").withRemotePort(8087);
>
>        builder.withAuth(riakUserName, userPassword, *trustStore*, keyStore,
> keyPasswd);
>
>        builder.withConnectionTimeout(30000);
>
>        RiakCluster cluster = *cluster = new
> RiakCluster.Builder(builder.build()).build();*
>
> *       cluster.start();*
>
>        *return* cluster;
>
>
>
>
>
>     }
>
>
>
> Thanks
>
>
>
> -Kyle-
>
> ------------------------------
> The information contained in this message may be confidential and legally
> protected under applicable law. The message is intended solely for the
> addressee(s). If you are not the intended recipient, you are hereby
> notified that any use, forwarding, dissemination, or reproduction of this
> message is strictly prohibited and may be unlawful. If you are not the
> intended recipient, please contact the sender by return e-mail and destroy
> all copies of the original message.
>
> _______________________________________________
> riak-users mailing list
> riak-users at lists.basho.com
> http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.basho.com/pipermail/riak-users_lists.basho.com/attachments/20160825/3abaf815/attachment-0002.html>


More information about the riak-users mailing list