From 46d62d6aa617e573c31d46961697885116aa6c57 Mon Sep 17 00:00:00 2001 From: xiongxiaoyang <1179705413@qq.com> Date: Tue, 28 Mar 2023 08:50:22 +0800 Subject: [PATCH] fix: fix sun.security.validator.ValidatorException for Elasticsearc PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target --- .../xxyopen/novel/core/config/EsConfig.java | 60 ++++++++++++++++++- 1 file changed, 59 insertions(+), 1 deletion(-) diff --git a/src/main/java/io/github/xxyopen/novel/core/config/EsConfig.java b/src/main/java/io/github/xxyopen/novel/core/config/EsConfig.java index 58eafa9..9578f31 100644 --- a/src/main/java/io/github/xxyopen/novel/core/config/EsConfig.java +++ b/src/main/java/io/github/xxyopen/novel/core/config/EsConfig.java @@ -1,16 +1,33 @@ package io.github.xxyopen.novel.core.config; import co.elastic.clients.json.jackson.JacksonJsonpMapper; +import lombok.extern.slf4j.Slf4j; +import org.apache.http.impl.nio.client.HttpAsyncClientBuilder; +import org.elasticsearch.client.RestClient; +import org.elasticsearch.client.RestClientBuilder; +import org.springframework.beans.factory.ObjectProvider; +import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; +import org.springframework.boot.autoconfigure.elasticsearch.RestClientBuilderCustomizer; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; +import java.security.KeyManagementException; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; +import java.security.cert.X509Certificate; + /** - * elasticsearch 相关配置 + * Elasticsearch 相关配置 * * @author xiongxiaoyang * @date 2022/5/23 */ +@ConditionalOnProperty(value = "spring.elasticsearch.enabled", havingValue = "true") @Configuration +@Slf4j public class EsConfig { /** @@ -21,4 +38,45 @@ public class EsConfig { return new JacksonJsonpMapper(); } + /** + * fix `sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: + * unable to find valid certification path to requested target` + */ + @Bean + RestClient elasticsearchRestClient(RestClientBuilder restClientBuilder, + ObjectProvider builderCustomizers) { + restClientBuilder.setHttpClientConfigCallback((HttpAsyncClientBuilder clientBuilder) -> { + TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() { + @Override + public void checkClientTrusted(X509Certificate[] chain, String authType) { + + } + + @Override + public void checkServerTrusted(X509Certificate[] chain, String authType) { + + } + + @Override + public X509Certificate[] getAcceptedIssuers() { + return new X509Certificate[0]; + } + }}; + SSLContext sc = null; + try { + sc = SSLContext.getInstance("SSL"); + sc.init(null, trustAllCerts, new SecureRandom()); + } catch (KeyManagementException | NoSuchAlgorithmException e) { + log.error("Elasticsearch RestClient 配置失败!", e); + } + assert sc != null; + clientBuilder.setSSLContext(sc); + clientBuilder.setSSLHostnameVerifier((hostname, session) -> true); + + builderCustomizers.orderedStream().forEach((customizer) -> customizer.customize(clientBuilder)); + return clientBuilder; + }); + return restClientBuilder.build(); + } + }