【发布时间】:2021-03-07 12:51:36
【问题描述】:
我们在 Spring Boot 应用程序上实施了客户端字段级加密,使用 AWS KMS 保存主密钥。
我按照 Visweshwar Ganesh 创建的教程进行操作,一切正常。 MongoDB Client-Side Field Level Encryption using Java-Spring
问题是我们需要通过代理连接到 AWS KMS,我找不到任何文档来为 MongoEncription 注入代理配置。
有人知道怎么解决吗?
问候!
编辑:
我们正在使用:spring-boot-starter-data-mongodb-2.2.4.RELEASE,它使用mongodb-driver 3.11.2
我们希望代理调用以从第三方 KMS (AWS) 检索 CMK 以加密和解密数据:
当应用程序启动时,它会使用加密设置创建一个 mongoClient,并验证是否存在带有加密密钥的保管库,如果没有,则尝试创建一个,为此需要将 CMK 存储在 AWS KMS 正是在我们想要注入代理的 buildOrValidateVault() 方法上发生的这个调用中。
PS:此应用程序在 kubernetes 容器上运行。
MongoEncryptionConfig
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bson.BsonDocument;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.mongodb.config.AbstractMongoClientConfiguration;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.mongodb.AutoEncryptionSettings;
import com.mongodb.ConnectionString;
import com.mongodb.MongoClientSettings;
import com.mongodb.MongoDriverInformation;
import com.mongodb.client.MongoClient;
import com.mongodb.client.internal.MongoClientImpl;
import com.mongodb.internal.build.MongoDriverVersion;
@Configuration
public class MongoEncryptionConfig extends AbstractMongoClientConfiguration {
@Value(value = "${mongodb.student.name}")
private String dbDatabase;
@Value(value = "${mongodb.student.uri}")
private String dbConnection;
@Value(value = "${encryption.schema-path}")
private String schemaPath;
@Autowired
private KmsHandlerAws kmsHandler;
private static Logger logger = LogManager.getLogger("MongoEncryptionConfig");
private MongoDriverInformation getMongoDriverInfo() {
return MongoDriverInformation.builder()
.driverName(MongoDriverVersion.NAME)
.driverVersion(MongoDriverVersion.VERSION)
.driverPlatform(java.lang.String.format("Java/%s/%s", java.lang.System.getProperty("java.vendor", "unknown-vendor"),
java.lang.System.getProperty("java.runtime.version", "unknown-version")))
.build();
}
private MongoClientSettings getAutoEncryptMongoClientSettings() {
return MongoClientSettings.builder()
.applyConnectionString(new ConnectionString(dbConnection))
.autoEncryptionSettings(autoEncryptionSettings())
.build();
}
private AutoEncryptionSettings autoEncryptionSettings() {
return AutoEncryptionSettings.builder()
.keyVaultNamespace(kmsHandler.getEncryptionCollectionName())
.kmsProviders(kmsHandler.getKmsProvider())
.extraOptions(kmsHandler.getExtraOptsMap())
.schemaMap(buildOrValidateVault())
.build();
}
private Map<String, BsonDocument> buildOrValidateVault() {
try {
ObjectMapper objectMapper = new ObjectMapper();
for (Path path : loadSchemasPaths(this.schemaPath)) {
logger.debug("Path being iterated: " + path.getFileName().toString());
String encryptKey = this.kmsHandler.buildOrValidateVault();
JsonNode jsonDocument = objectMapper.readTree(Files.readString(path));
return Collections.singletonMap(
this.dbDatabase + "." + jsonDocument.get("metadata").get("collection").asText(),
BsonDocument.parse(String.format(objectMapper.writeValueAsString(jsonDocument.get("schema")), encryptKey)));
}
} catch (IOException e) {
throw new RuntimeException(e);
}
return null;
}
private List<Path> loadSchemasPaths(String encryptionPath) throws IOException {
List<Path> paths = new ArrayList<>();
logger.debug("Encryption Path: " + encryptionPath);
Files.list(Paths.get(encryptionPath))
.forEach(path -> {
logger.debug("Path trying to be add: " + path.getFileName());
if (path.getFileName().toString().endsWith(".json")) {
logger.debug(path.getFileName() + " ends with .json! Yes!");
paths.add(path);
} else {
logger.debug(path.getFileName() + " Doesn't end with .json :(");
}
});
return paths;
}
@Override
public MongoClient mongoClient() {
return new MongoClientImpl(getAutoEncryptMongoClientSettings(), getMongoDriverInfo());
}
@Override
protected String getDatabaseName() {
return dbDatabase;
}
}
KMSHandler
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import org.bson.BsonBinary;
import org.bson.Document;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import com.mongodb.client.MongoClient;
import com.mongodb.client.MongoClients;
import com.mongodb.client.MongoCollection;
import com.mongodb.client.model.Filters;
public abstract class KmsHandler {
Logger logger = LoggerFactory.getLogger(KmsHandler.class);
@Value(value = "${mongodb.student.uri}")
String dbConnection;
@Value(value = "${encryption.vault.database}")
String encryptionVaultDatabase;
@Value(value = "${encryption.vault.collection}")
String encryptionVaultCollection;
@Value(value = "${encryption.vault.name}")
String encryptionVaultName;
private String encryptionKeyBase64;
private UUID encryptionKeyUuid;
public String getEncryptionKeyBase64() {
return encryptionKeyBase64;
}
public void setEncryptionKeyBase64(String encryptionKeyBase64) {
this.encryptionKeyBase64 = encryptionKeyBase64;
}
public UUID getEncryptionKeyUuid() {
return encryptionKeyUuid;
}
public void setEncryptionKeyUuid(UUID encryptionKeyUuid) {
this.encryptionKeyUuid = encryptionKeyUuid;
}
public String getEncryptionCollectionName() {
return encryptionVaultDatabase + "." + encryptionVaultCollection;
}
public Map<String, Object> getExtraOptsMap() {
Map<String, Object> extraOps = new HashMap<>();
//extraOps.put("mongocryptdBypassSpawn", true);
//extraOps.put("mongocryptdURI", "mongodb://localhost:27020");
return extraOps;
}
/**
* Check in database if encryption was already created
* dd
*
* @return true or false
*/
protected String doesEncryptionKeyExist() {
MongoClient mongoClient = MongoClients.create(dbConnection);
MongoCollection<Document> collection = mongoClient.getDatabase(encryptionVaultDatabase).getCollection(encryptionVaultCollection);
Document doc = collection.find(Filters.in("keyAltNames", encryptionVaultName)).first();
if (doc != null) {
return Base64.getEncoder().encodeToString(new BsonBinary((UUID) doc.get("_id")).getData());
} else {
return null;
}
}
}
KMSHandlerAWS
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import org.bson.BsonBinary;
import org.bson.BsonDocument;
import org.bson.BsonString;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import com.mongodb.ClientEncryptionSettings;
import com.mongodb.ConnectionString;
import com.mongodb.MongoClientSettings;
import com.mongodb.client.model.vault.DataKeyOptions;
import com.mongodb.client.vault.ClientEncryption;
import com.mongodb.client.vault.ClientEncryptions;
@Component
public class KmsHandlerAws extends KmsHandler implements IKmsHandler {
@Value(value = "${encryption.kms.aws.region}")
private String encryptionKmsRegion;
@Value(value = "${encryption.kms.aws.key}")
private String encryptionKmsKey;
@Value(value = "${encryption.kms.aws.iam.accessKeyId}")
private String encryptionKmsIamAccessKey;
@Value(value = "${encryption.kms.aws.iam.secretAccessKey}")
private String encryptionKmsIamSecretAccessKey;
public String buildOrValidateVault() {
try {
// Check if encryption key exists
String encryptKey = doesEncryptionKeyExist();
if (encryptKey != null) {
return encryptKey;
}
// Create Encryption Key
BsonBinary dataKeyId = getClientEncryption().createDataKey("aws", this.getDataKeyOptions());
// Save key in instance
this.setEncryptionKeyUuid(dataKeyId.asUuid());
logger.debug("DataKeyID [UUID]{}", dataKeyId.asUuid());
System.out.println("DataKeyID [UUID]: " + dataKeyId.asUuid());
String base64DataKeyId = Base64.getEncoder().encodeToString(dataKeyId.getData());
this.setEncryptionKeyBase64(base64DataKeyId);
logger.debug("DataKeyID [base64]: {}", base64DataKeyId);
System.out.println("DataKeyID [base64]: " + base64DataKeyId);
return super.getEncryptionKeyBase64();
} catch (Exception ex) {
String exceptionMessage = "Exception at buildOrValidateVault(): " + ex.getMessage();
System.out.println(exceptionMessage);
ex.printStackTrace();
return exceptionMessage;
}
}
public Map<String, Map<String, Object>> getKmsProvider() {
Map<String, Object> providerDetails = new HashMap<>();
providerDetails.put("accessKeyId", new BsonString(this.encryptionKmsIamAccessKey).getValue());
providerDetails.put("secretAccessKey", new BsonString(this.encryptionKmsIamSecretAccessKey).getValue());
Map<String, Map<String, Object>> kmsProviders = new HashMap<>();
kmsProviders.put("aws", providerDetails);
return kmsProviders;
}
public ClientEncryption getClientEncryption() {
return ClientEncryptions.create(ClientEncryptionSettings.builder()
.keyVaultMongoClientSettings(MongoClientSettings.builder()
.applyConnectionString(new ConnectionString(this.dbConnection))
.build())
.keyVaultNamespace(this.encryptionVaultDatabase + "." + this.encryptionVaultCollection)
.kmsProviders(this.getKmsProvider())
.build());
}
public DataKeyOptions getDataKeyOptions() {
return new DataKeyOptions().masterKey(
new BsonDocument()
.append("region", new BsonString(this.encryptionKmsRegion))
.append("key", new BsonString(this.encryptionKmsKey))
)
.keyAltNames(Collections.singletonList(this.encryptionVaultName));
}
}
日志错误:
Exception at buildOrValidateVault(): Exception opening connection to Key Management Service
com.mongodb.MongoSocketOpenException: Exception opening connection to Key Management Service
at com.mongodb.client.internal.KeyManagementService.stream(KeyManagementService.java:57)
at com.mongodb.client.internal.Crypt.decryptKey(Crypt.java:299)
at com.mongodb.client.internal.Crypt.decryptKeys(Crypt.java:289)
at com.mongodb.client.internal.Crypt.executeStateMachine(Crypt.java:242)
at com.mongodb.client.internal.Crypt.createDataKey(Crypt.java:155)
at com.mongodb.client.internal.ClientEncryptionImpl.createDataKey(ClientEncryptionImpl.java:50)
at com.example.student.nosql.config.kms.KmsHandlerAws.buildOrValidateVault(KmsHandlerAws.java:40)
at com.example.student.nosql.config.MongoEncryptionConfig.buildOrValidateVault(MongoEncryptionConfig.java:77)
at com.example.student.nosql.config.MongoEncryptionConfig.autoEncryptionSettings(MongoEncryptionConfig.java:68)
at com.example.student.nosql.config.MongoEncryptionConfig.getAutoEncryptMongoClientSettings(MongoEncryptionConfig.java:59)
at com.example.student.nosql.config.MongoEncryptionConfig.mongoClient(MongoEncryptionConfig.java:110)
at org.springframework.data.mongodb.config.AbstractMongoClientConfiguration.mongoDbFactory(AbstractMongoClientConfiguration.java:71)
at com.example.student.nosql.config.MongoEncryptionConfig$$EnhancerBySpringCGLIB$$acc0967d.CGLIB$mongoDbFactory$3(<generated>)
at com.example.student.nosql.config.MongoEncryptionConfig$$EnhancerBySpringCGLIB$$acc0967d$$FastClassBySpringCGLIB$$6e240ce0.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:244)
at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:363)
at com.example.student.nosql.config.MongoEncryptionConfig$$EnhancerBySpringCGLIB$$acc0967d.mongoDbFactory(<generated>)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.base/java.lang.reflect.Method.invoke(Unknown Source)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154)
at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:651)
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:484)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1338)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1177)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:557)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:517)
at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:323)
at org.springframework.beans.factory.support.AbstractBeanFactory$$Lambda$172/0x00000000b0807980.getObject(Unknown Source)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:321)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.resolveBeanReference(ConfigurationClassEnhancer.java:394)
at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:366)
at com.example.student.nosql.config.MongoEncryptionConfig$$EnhancerBySpringCGLIB$$acc0967d.mongoDbFactory(<generated>)
at org.springframework.data.mongodb.config.AbstractMongoClientConfiguration.mongoTemplate(AbstractMongoClientConfiguration.java:58)
at com.example.student.nosql.config.MongoEncryptionConfig$$EnhancerBySpringCGLIB$$acc0967d.CGLIB$mongoTemplate$2(<generated>)
at com.example.student.nosql.config.MongoEncryptionConfig$$EnhancerBySpringCGLIB$$acc0967d$$FastClassBySpringCGLIB$$6e240ce0.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:244)
at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:363)
at com.example.student.nosql.config.MongoEncryptionConfig$$EnhancerBySpringCGLIB$$acc0967d.mongoTemplate(<generated>)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.base/java.lang.reflect.Method.invoke(Unknown Source)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154)
at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:651)
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:484)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1338)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1177)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:557)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:517)
at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:323)
at org.springframework.beans.factory.support.AbstractBeanFactory$$Lambda$172/0x00000000b0807980.getObject(Unknown Source)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:321)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:330)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:113)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1699)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1444)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:594)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:517)
at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:323)
at org.springframework.beans.factory.support.AbstractBeanFactory$$Lambda$172/0x00000000b0807980.getObject(Unknown Source)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:321)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
at org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:276)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1287)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1207)
at org.springframework.beans.factory.support.ConstructorResolver.resolveAutowiredArgument(ConstructorResolver.java:885)
at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:789)
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:228)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1358)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1204)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:557)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:517)
at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:323)
at org.springframework.beans.factory.support.AbstractBeanFactory$$Lambda$172/0x00000000b0807980.getObject(Unknown Source)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:321)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:207)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.resolveBeanByName(AbstractAutowireCapableBeanFactory.java:454)
at org.springframework.context.annotation.CommonAnnotationBeanPostProcessor.autowireResource(CommonAnnotationBeanPostProcessor.java:543)
at org.springframework.context.annotation.CommonAnnotationBeanPostProcessor.getResource(CommonAnnotationBeanPostProcessor.java:513)
at org.springframework.context.annotation.CommonAnnotationBeanPostProcessor$ResourceElement.getResourceToInject(CommonAnnotationBeanPostProcessor.java:653)
at org.springframework.beans.factory.annotation.InjectionMetadata$InjectedElement.inject(InjectionMetadata.java:224)
at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:116)
at org.springframework.context.annotation.CommonAnnotationBeanPostProcessor.postProcessProperties(CommonAnnotationBeanPostProcessor.java:334)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1422)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:594)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:517)
at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:323)
at org.springframework.beans.factory.support.AbstractBeanFactory$$Lambda$172/0x00000000b0807980.getObject(Unknown Source)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:321)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
at org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:276)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1287)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1207)
at org.springframework.beans.factory.support.ConstructorResolver.resolveAutowiredArgument(ConstructorResolver.java:885)
at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:789)
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:228)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1358)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1204)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:557)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:517)
at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:323)
at org.springframework.beans.factory.support.AbstractBeanFactory$$Lambda$172/0x00000000b0807980.getObject(Unknown Source)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:321)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:879)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:878)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:550)
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:141)
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:747)
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:397)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:315)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1226)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1215)
at com.example.student.StudentApplication.main(StudentApplication.java:16)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.base/java.lang.reflect.Method.invoke(Unknown Source)
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:51)
at org.springframework.boot.loader.PropertiesLauncher.main(PropertiesLauncher.java:597)
Caused by: java.net.SocketTimeoutException: connect timed out
at java.base/java.net.AbstractPlainSocketImpl.doConnect(Unknown Source)
at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source)
at java.base/java.net.AbstractPlainSocketImpl.connect(Unknown Source)
at java.base/java.net.SocksSocketImpl.connect(Unknown Source)
at java.base/java.net.Socket.connect(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.connect(Unknown Source)
at com.mongodb.client.internal.KeyManagementService.stream(KeyManagementService.java:54)
... 131 more
【问题讨论】:
-
参考官方驱动文档,包括如何从驱动配置kms,以及你想要代理什么。
-
我根据要求添加了可能对 D. SM 有帮助的新信息
-
所以您想配置 mongocryptd 以引用非默认 KMS URI?
-
是的,我尝试将 http.Proxy 和 http.Port 添加到 providerDetails 映射,但 KMS 提供者似乎只接受 accessKeyId、secretAccessKey、区域和密钥...我希望有同样的行为例如一个 Rest Template,我可以在调用之前添加一个代理,但是 mongo 似乎没有这个功能。我也尝试使用 -Dhttp.proxyHost=HHHHHHH -Dhttp.proxyPort=NNNN 在 jvm 上注入代理,但没有成功。
-
mongocryptd 是用 C++ 编写的,Java 与它无关。
标签: mongodb spring-boot encryption aws-kms