Mongo Client Exercise (with SSL)

I have had the chance recently to use Mongo DB with SSL. Part of this exercise, I tried a few ways to create mongo client to connect to mongo db with and without SSL.

Prerequisites

Before we write and try any client code, we have to have a mongo db running with SSL support.

# install Mongo DB with SSL using brew (on Mac)

brew install mongodb --with-openssl

see: Install MongoDB on OS X

# create SSL key and cert for mongo db

# mongodb-cert.crt and mongodb-cert.key files will be created

openssl req -newkey rsa:2048 -new -x509 -days 365 -nodes -out mongodb-cert.crt -keyout mongodb-cert.key

# create pem file

cat mongodb-cert.key mongodb-cert.crt > mongodb.pem

see: Configure mongod and mongos for SSL

# configure /usr/local/etc/mongod.conf file

# Store data in /usr/local/var/mongodb instead of the default /data/db
dbpath = /usr/local/var/mongodb

# Append logs to /usr/local/var/log/mongodb/mongo.log
logpath = /usr/local/var/log/mongodb/mongo.log
logappend = true

# Only accept local connections
bind_ip = 127.0.0.1

sslMode = allowSSL
sslPEMKeyFile = /path/to/mongodb.pem

# start mongod

mongod --config /usr/local/etc/mongod.conf

# before creating a user
# login to mongo
# switch to dummy db and create a “tests” collection

use dummy
db.createCollection("tests", null)

# while login into mongo, create a user, the command here are for illustrative purposes only

db.createUser({"user":"user1","pwd":"some.password","roles":["readWrite","dbAdmin"]})

# from command line, verify login to dummy db

mongo --ssl dummy -u user1 -p some.password

# from command line, add mongo cert to keystore

keytool -import -keystore /path/to/keystore -alias localmongo -file /path/to/mongodb-cert.crt

System Properties

# to be able to use SSL, we also need to specify the location to the truststore in the code

System.setProperty("javax.net.ssl.trustStore", "/path/to/truststore");
System.setProperty("javax.net.ssl.trustStoreType", "jks");
System.setProperty("javax.net.ssl.trustStorePassword", "trust.store.password");

Use MongoClient without SSL

# SSL is not required, credential is not required

 System.out.println("running:MongoClientWithNoSSL");
 MongoClient m = new MongoClient("localhost", 27017);

 DB db = m.getDB("dummy");

 Set<String> colls = db.getCollectionNames();

 System.out.println(colls);
 System.out.println("end");

 m.close();

Use MongoClient with MongoClientOptions and with SSL

# SSL is provided, credential is not required

 System.out.println("running:MongoClientWithMongoOptionAndSSL");
 MongoClientOptions o = new MongoClientOptions.Builder()
 .socketFactory(SSLSocketFactory.getDefault())
 .build();

 MongoClient m = new MongoClient("localhost", o);

 DB db = m.getDB("dummy");

 Set<String> colls = db.getCollectionNames();

 System.out.println(colls);
 System.out.println("end");

 m.close();

Use MongoClientURI without SSL

 System.out.println("running:MongoClientURIAndNoSSL");

 MongoClientURI mongoClientURI = new MongoClientURI(
 "mongodb://user1:some.password@localhost:27017/dummy?ssl=false");

 MongoClient m = new MongoClient(mongoClientURI);

 System.out.println(m.getDatabaseNames());

 DB db = m.getDB("dummy");

 System.out.println(db.getCollectionNames());

 System.out.println("end");

 m.close();

Use MongoClientURI with SSL

  System.out.println("running:MongoClientURIWithSSL");
 MongoClientURI mongoClientURI = new MongoClientURI(
 "mongodb://user1:some.password@localhost:27017/dummy?ssl=true");

 MongoClient m = new MongoClient(mongoClientURI);

 System.out.println(m.getDatabaseNames());

 DB db = m.getDB("dummy");

 System.out.println(db.getCollectionNames());

 System.out.println("end");

 m.close();

Use MongoClientURI with replica set and with SSL

 System.out.println("running:MongoClientURIWithReplicaSetAndSSL");
 String connectionString =
 "mongodb://user1:som.password@host1:27017,host2:27017,host3:27017/dummy?replicaSet=replica-set-name&ssl=true";

 MongoClientURI mongoClientURI = new MongoClientURI(connectionString);

 MongoClient m = new MongoClient(mongoClientURI);

 System.out.println(m.getDatabaseNames());

 DB db = m.getDB("dummy");

 System.out.println("end");
 
 m.close();  

Use MongoTemplate without SSL

 System.out.println("running:MongoTemplateAndNoSSL");
 MongoClientOptions.Builder builder = MongoClientOptions.builder();
 builder.maxConnectionIdleTime(Integer.parseInt("1000000"));
 MongoOptions options = new MongoOptions(builder.build());
 options.setSocketKeepAlive(true);
 options.setAutoConnectRetry(true);

 MongoFactoryBean mongoFactoryBean = new MongoFactoryBean();
 mongoFactoryBean.setHost("localhost");
 mongoFactoryBean.setMongoOptions(options);
 mongoFactoryBean.afterPropertiesSet();
 Mongo mongo = mongoFactoryBean.getObject();

 MongoDbFactory mongoDbFactory = new SimpleMongoDbFactory(mongo, "dummy",
 new UserCredentials("user1", "some.password"));

 MongoTemplate mongoTemplate = new MongoTemplate(mongoDbFactory);

 System.out.println(mongoTemplate.getCollectionNames());
 System.out.println("end");

 mongo.close();

Use MongoTemplate with SSL

 System.out.println("running:MongoTemplateAndSSL");
 MongoClientOptions.Builder builder = MongoClientOptions.builder();
 builder.maxConnectionIdleTime(Integer.parseInt("1000000"));
 MongoOptions options = new MongoOptions(builder.build());
 options.setSocketKeepAlive(true);
 options.setAutoConnectRetry(true);
 options.socketFactory = SSLSocketFactory.getDefault();

 MongoFactoryBean mongoFactoryBean = new MongoFactoryBean();
 mongoFactoryBean.setHost("localhost");
 mongoFactoryBean.setMongoOptions(options);
 mongoFactoryBean.afterPropertiesSet();
 Mongo mongo = mongoFactoryBean.getObject();

 MongoDbFactory mongoDbFactory = new SimpleMongoDbFactory(mongo, "dummy",
 new UserCredentials("user1", "some.password"));

 MongoTemplate mongoTemplate = new MongoTemplate(mongoDbFactory);

 System.out.println(mongoTemplate.getCollectionNames());
 System.out.println("end");

 mongo.close();
Advertisements
Mongo Client Exercise (with SSL)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s