Need help with Riak-KV (2.1.4) certificate based authentication using Java client

Nguyen, Kyle Thu, 25 Aug 2016 13:26:40 -0700

Hi all,

I was trying to implement client certificate based authentication following 
http://docs.basho.com/riak/kv/2.1.4/using/security/basics/ but kept getting the 
following SSL Handshake exception. I believe I have the client keystore, 
truststore and riak server cert/key setup properly. Both client cert and riak 
server cert are signed with the same CA. Any advice and suggestions will be 
greatly appreciated!


2016-08-25 12:53:24 DEBUG InternalLoggerFactory:71 - Using SLF4J as the default 
logging framework
2016-08-25 12:53:24 DEBUG MultithreadEventLoopGroup:76 - 
-Dio.netty.eventLoopThreads: 16
2016-08-25 12:53:24 DEBUG PlatformDependent0:76 - java.nio.Buffer.address: 
available
2016-08-25 12:53:24 DEBUG PlatformDependent0:76 - sun.misc.Unsafe.theUnsafe: 
available
2016-08-25 12:53:24 DEBUG PlatformDependent0:71 - sun.misc.Unsafe.copyMemory: 
available
2016-08-25 12:53:24 DEBUG PlatformDependent0:76 - java.nio.Bits.unaligned: true
2016-08-25 12:53:24 DEBUG PlatformDependent:71 - Platform: Windows
2016-08-25 12:53:24 DEBUG PlatformDependent:76 - Java version: 8
2016-08-25 12:53:24 DEBUG PlatformDependent:76 - -Dio.netty.noUnsafe: false
2016-08-25 12:53:24 DEBUG PlatformDependent:76 - sun.misc.Unsafe: available
2016-08-25 12:53:24 DEBUG PlatformDependent:76 - -Dio.netty.noJavassist: false
2016-08-25 12:53:24 DEBUG PlatformDependent:71 - Javassist: unavailable
2016-08-25 12:53:24 DEBUG PlatformDependent:71 - You don't have Javassist in 
your class path or you don't have enough permission to load dynamically 
generated classes.  Please check the configuration for better performance.
2016-08-25 12:53:24 DEBUG PlatformDependent:76 - -Dio.netty.tmpdir: 
C:\apache-tomcat-7.0.54\temp (java.io.tmpdir)
2016-08-25 12:53:24 DEBUG PlatformDependent:76 - -Dio.netty.bitMode: 64 
(sun.arch.data.model)
2016-08-25 12:53:24 DEBUG PlatformDependent:76 - -Dio.netty.noPreferDirect: 
false
2016-08-25 12:53:24 DEBUG NioEventLoop:76 - -Dio.netty.noKeySetOptimization: 
false
2016-08-25 12:53:24 DEBUG NioEventLoop:76 - 
-Dio.netty.selectorAutoRebuildThreshold: 512
2016-08-25 12:53:24 INFO  RiakJKSConnection:73 - initializeRiak Cluster is OK
2016-08-25 12:53:24 DEBUG ThreadLocalRandom:71 - 
-Dio.netty.initialSeedUniquifier: 0xac658e47a52a7794 (took 3 ms)
2016-08-25 12:53:24 DEBUG ByteBufUtil:76 - -Dio.netty.allocator.type: unpooled
2016-08-25 12:53:24 DEBUG ByteBufUtil:76 - 
-Dio.netty.threadLocalDirectBufferSize: 65536
2016-08-25 12:53:24 DEBUG ByteBufUtil:76 - 
-Dio.netty.maxThreadLocalCharBufferSize: 16384
2016-08-25 12:53:24 DEBUG RiakNode:762 - Using TLSv1.2
2016-08-25 12:53:24 DEBUG RiakSecurityDecoder:166 - Handler Added
2016-08-25 12:53:24 DEBUG RiakNode:777 - Waiting on SSL Promise
2016-08-25 12:53:24 DEBUG AbstractByteBuf:81 - 
-Dio.netty.buffer.bytebuf.checkAccessible: true
2016-08-25 12:53:24 DEBUG ResourceLeakDetector:81 - 
-Dio.netty.leakDetection.level: simple
2016-08-25 12:53:24 DEBUG ResourceLeakDetector:81 - 
-Dio.netty.leakDetection.maxRecords: 4
2016-08-25 12:53:24 DEBUG Recycler:76 - 
-Dio.netty.recycler.maxCapacity.default: 262144
2016-08-25 12:53:24 DEBUG Cleaner0:76 - java.nio.ByteBuffer.cleaner(): available
2016-08-25 12:53:24 DEBUG RiakSecurityDecoder:69 - RiakSecurityDecoder decode
2016-08-25 12:53:24 DEBUG RiakSecurityDecoder:93 - Received MSG_RpbStartTls 
reply
2016-08-25 12:53:24 ERROR RiakSecurityDecoder:230 - SSL Handshake failed:
java.nio.channels.ClosedChannelException
2016-08-25 12:53:24 ERROR RiakNode:787 - Failure during Auth; 127.0.0.1:8087 
java.nio.channels.ClosedChannelException
2016-08-25 12:53:24 DEBUG RiakSecurityDecoder:181 - Channel Inactive

RiakNode builder setup:

public static RiakCluster getRiakCluster(String riakUserName, String 
userPassword, String storePath, String storePasswd, String keyPasswd) throws 
UnknownHostException{

       KeyStore keyStore = loadKeystore(storePath,storePasswd);
       //riak with one node
       RiakNode.Builder builder = new 
RiakNode.Builder().withRemoteAddress("127.0.0.1").withRemotePort(8087);
       builder.withAuth(riakUserName, userPassword, trustStore, keyStore, 
keyPasswd);
       builder.withConnectionTimeout(30000);
       RiakCluster cluster = cluster = new 
RiakCluster.Builder(builder.build()).build();
       cluster.start();
       return cluster;


    }

Thanks

-Kyle-

________________________________
The information contained in this message may be confidential and legally 
protected under applicable law. The message is intended solely for the 
addressee(s). If you are not the intended recipient, you are hereby notified 
that any use, forwarding, dissemination, or reproduction of this message is 
strictly prohibited and may be unlawful. If you are not the intended recipient, 
please contact the sender by return e-mail and destroy all copies of the 
original message.

_______________________________________________
riak-users mailing list
riak-users@lists.basho.com
http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com

Need help with Riak-KV (2.1.4) certificate based authentication using Java client

Reply via email to