Java non-blocking driver for Vertx.io

koxauvin · November 13, 2017, 11:32pm

Hi,
Does anyone have any experience or advise on a Java non-blocking Postgres driver to use with Vertx.io?
I have played with the following without finding the seemingly correct solution:

vert-x3 + mauricio
which is based on postgresql-async
I can’t seem to connect at all and it doesn’t appear to support a client cert (only user/pass config)
alaisi, supports ssl but it doesn’t appear to support a client cert (only user/pass config)
Wrapping the Postgres jdbc driver with a vertx executeBlocking. Of course, this just makes the vertx event loop non-blocking, but jdbc will always be blocking (by design). This driver support the client cert, see “17.9.1. Using Client Certificates”.
monoid-us
Is a v2 impl and 4 years abandoned…

I’m wondering how others have connected to CockroachDB using vertx.io?
Does anyone know the best driver to use?

Thanks, Kevin

couchand · November 14, 2017, 4:15pm

Hi Kevin,

Unfortunately, we haven’t really seen any successful async Java libraries for CockroachDB yet.

Can you provide more details about the issues you’re running into with postgresql-async? It very well could be minor compatibility issue that shouldn’t be too much trouble for us to fix.

Thanks,
Andrew

koxauvin · November 14, 2017, 6:41pm

Main issues related to ssl/client cert:

Even when I start cockroachdb in --insecure mode to avoid ssl and cert issues, I am unable to connect and the connection callback from client.getConnection is never called (it hangs), whereas using the jdbc driver with the same config I connect successfully. So I see the log statement from LOG.debug("CONNECTING") but nothing more (and the process does not terminate, the web server is up). I think I should get this solved first.
I suspect SSL works fine but I have not been able to successfully connect; hangs as in #1.

For SSL:
The configuration does appear support ssl but does not appear to support client certs.
Following the link, there is no ssl config info, however if you search the codebase for ssl you find an ssl impl
It supports two modes

val VerifyCA = Value(“verify-ca”) // only try an SSL connection, and verify that the server certificate is issued by a trusted certificate authority (CA)

val VerifyFull = Value(“verify-full”) // only try an SSL connection, verify that the server certificate is issued by a trusted CA and that the server host name matches that in the certificate

ex: sslmode=verify-ca

For the client cert:
Maybe I don’t have my cert installed via the keytool correctly - I will start over and try again.
Do you know if it “should” support client certs?

Simple example code for #1

public class MainVerticle extends AbstractVerticle {

  private static final Logger LOG = LoggerFactory.getLogger(MainVerticle.class);
  private Router router = Router.router(vertx);

  public MainVerticle() throws Exception {
    super();
  }

  @Override
  public void start() {

    JsonObject postgreSQLClientConfig = new JsonObject()
      .put("host", "localhost")
      .put("port", 26257)
      .put("database", "mydb")
      .put("username", "root")
      .put("password", "stupidpwd");
    SQLClient client = PostgreSQLClient.createShared(vertx, postgreSQLClientConfig);
    LOG.debug("CONNECTING");
    client.getConnection(res -> {
      LOG.debug("GOT RESULT");
      if (res.succeeded()) {
        LOG.debug("CONNECTED");
        SQLConnection conn = res.result();
        conn.query("SELECT * FROM mydb.mytable", rs -> {
          System.out.print(rs.result().getColumnNames());
          System.out.print("Column 1 returned ");
        });
      } else {
        // Failed to get connection
        LOG.debug("FAIL");
      }
    });
    HttpServer server = vertx.createHttpServer();
    UserRouter.mountRoutes(vertx, router);
    server.requestHandler(router::accept).listen(3000);
  }
}

jordan · November 15, 2017, 3:30pm

I think it would be best to try to debug the non-SSL version first.

I’m not sure what’s going wrong by eyeballing it. I wonder if there’s something about the Postgres protocol we don’t support properly for async mode.

Could you try removing the password setting? You don’t need a password to log in as root in insecure mode.

If that doesn’t work, would you mind sending me the pom.xml you’re using to compile your simple example so I can try it out myself?

Thanks,
Jordan

koxauvin · November 15, 2017, 5:29pm

I have gotten the insecure connection working. I started from scratch and tried to figure out what went off course -> and found it. I had the version of vertx at 3.4.2 and the version of vertx-mysql-postgresql-client at 3.5.0 that I had copy-pasted from the web page. Thus, mismatching… The occurrence of the password property doesn’t seem to make any difference. Now I’m on to the secure connection.

koxauvin · November 16, 2017, 7:46pm

Well, I give up on trying to get SSL and a client cert working on any of the three vertx data access modules. They just don’t seem to support SSL/TLS or any certs. Maybe I’m missing something… And, there’s no docs on how to configure.

I’m now trying the postgres driver that has all the configuration available. My plan is to wrap all the calls with vertx.executeBlocking to deal with blocking nature of the driver.

If anyone has advise, please reply. Thanks! Kevin

jordan · November 16, 2017, 8:01pm

I don’t have any advice to give here unfortunately. You might have better luck asking on one of their support channels, whatever those may be. If you do figure it out, we’d love to know how you did it.

Thanks,
Jordan

koxauvin · November 17, 2017, 6:44pm

I’m giving this a try: https://groups.google.com/forum/?fromgroups#!topic/vertx/B601OdSNElw

koxauvin · December 19, 2017, 9:15am

From the google group, a contributor pointed me to:

This client enables both the ssl and client cert auth, however you still need to provide the username because it doesn’t seem to read it off the cert like the cockroach sql client does. It works nicely.
An example config is:

    PgPoolOptions options = new PgPoolOptions()
      .setPort(26257)
      .setHost("example.com")
      .setDatabase("xxx")
      .setUsername("root")
      .setSsl(true)
      .setPemTrustOptions(new PemTrustOptions()
        .addCertPath("tls/intermediate-combined-domain.pem")
        .addCertPath("tls/certs/ca.crt")
      )
      .setPemKeyCertOptions(new PemKeyCertOptions()
        .addKeyPath("tls/certs/client.root.key")
        .addCertPath("tls/certs/client.root.crt")
      );

sonam · March 4, 2019, 9:13pm

I followed this link for generating cert on server and for a Java client https://www.cockroachlabs.com/docs/stable/build-a-java-app-with-cockroachdb.html

I have similar config to yours but I don’t have a intermediate-combined-domain.pem file so I used a “client.sonam.key” instead.
I keep getting a “VertxException: java.lang.RuntimeException: Missing -----BEGIN CERTIFICATE----- delimiter” error.

Any hints?