rquast/MongoConfig.java

## MongoConfig.java
import com.mongodb.MongoClient;
import com.mongodb.MongoClientOptions;
import com.mongodb.MongoCredential;
import com.mongodb.ServerAddress;
import lombok.extern.log4j.Log4j2;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.data.mongodb.config.AbstractMongoConfiguration;
import org.springframework.data.mongodb.repository.config.EnableMongoRepositories;

import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

@Configuration
@Log4j2
@EnableMongoRepositories(basePackages = "<REPOSITORIES_PACKAGE>")
public class MongoConfig extends AbstractMongoConfiguration {
    @Value("${DB_HOST}")
    private String dbUri;
    @Value("${DB_PORT}")
    private String port;
    @Value("${DB_NAME}")
    private String dbName;
    @Value("${APP_DIR}")
    private String directory;
    @Value("${DB_USER}")
    private String dbUser;
    @Value("${DB_PWD}")
    private char[] dbPassword;

    private static final String RDS_COMBINED_CA_BUNDLE = "rds-combined-ca-bundle.pem";

    @Override
    protected String getDatabaseName() {
        return db;
    }

    @Override
    public MongoClient mongoClient() {
        MongoClient mongoClient = new MongoClient(new ServerAddress(dbUri, Integer.parseInt(port)), mongoCredentials(), mongoClientOptions());
        return mongoClient;
    }

    @Bean
    public MongoClientOptions mongoClientOptions() {
        MongoClientOptions.Builder mongoClientOptions = MongoClientOptions.builder().sslInvalidHostNameAllowed(true).sslEnabled(true);
        try {
            String fileName = directory + RDS_COMBINED_CA_BUNDLE;
            InputStream is = new FileInputStream(fileName);
// You could get a resource as a stream instead.

            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            X509Certificate caCert = (X509Certificate) cf.generateCertificate(is);

            TrustManagerFactory tmf = TrustManagerFactory
                    .getInstance(TrustManagerFactory.getDefaultAlgorithm());
            KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
            ks.load(null); // You don't need the KeyStore instance to come from a file.
            ks.setCertificateEntry("caCert", caCert);

            tmf.init(ks);

            SSLContext sslContext = SSLContext.getInstance("TLS");
            sslContext.init(null, tmf.getTrustManagers(), null);
            mongoClientOptions.sslContext(sslContext);
        } catch (Exception e) {
            log.error(e);
        }


        return mongoClientOptions.build();
    }

    private MongoCredential mongoCredentials() {
        return MongoCredential.createCredential(dbUser, dbName, dbPassword);
    }
}
	import com.mongodb.MongoClient;
	import com.mongodb.MongoClientOptions;
	import com.mongodb.MongoCredential;
	import com.mongodb.ServerAddress;
	import lombok.extern.log4j.Log4j2;
	import org.springframework.beans.factory.annotation.Value;
	import org.springframework.context.annotation.Bean;
	import org.springframework.context.annotation.Configuration;
	import org.springframework.context.annotation.Profile;
	import org.springframework.data.mongodb.config.AbstractMongoConfiguration;
	import org.springframework.data.mongodb.repository.config.EnableMongoRepositories;

	import javax.net.ssl.SSLContext;
	import javax.net.ssl.TrustManagerFactory;
	import java.io.FileInputStream;
	import java.io.InputStream;
	import java.security.KeyStore;
	import java.security.cert.CertificateFactory;
	import java.security.cert.X509Certificate;

	@Configuration
	@Log4j2
	@EnableMongoRepositories(basePackages = "<REPOSITORIES_PACKAGE>")
	public class MongoConfig extends AbstractMongoConfiguration {
	@Value("${DB_HOST}")
	private String dbUri;
	@Value("${DB_PORT}")
	private String port;
	@Value("${DB_NAME}")
	private String dbName;
	@Value("${APP_DIR}")
	private String directory;
	@Value("${DB_USER}")
	private String dbUser;
	@Value("${DB_PWD}")
	private char[] dbPassword;

	private static final String RDS_COMBINED_CA_BUNDLE = "rds-combined-ca-bundle.pem";

	@Override
	protected String getDatabaseName() {
	return db;
	}

	@Override
	public MongoClient mongoClient() {
	MongoClient mongoClient = new MongoClient(new ServerAddress(dbUri, Integer.parseInt(port)), mongoCredentials(), mongoClientOptions());
	return mongoClient;
	}

	@Bean
	public MongoClientOptions mongoClientOptions() {
	MongoClientOptions.Builder mongoClientOptions = MongoClientOptions.builder().sslInvalidHostNameAllowed(true).sslEnabled(true);
	try {
	String fileName = directory + RDS_COMBINED_CA_BUNDLE;
	InputStream is = new FileInputStream(fileName);
	// You could get a resource as a stream instead.

	CertificateFactory cf = CertificateFactory.getInstance("X.509");
	X509Certificate caCert = (X509Certificate) cf.generateCertificate(is);

	TrustManagerFactory tmf = TrustManagerFactory
	.getInstance(TrustManagerFactory.getDefaultAlgorithm());
	KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
	ks.load(null); // You don't need the KeyStore instance to come from a file.
	ks.setCertificateEntry("caCert", caCert);

	tmf.init(ks);

	SSLContext sslContext = SSLContext.getInstance("TLS");
	sslContext.init(null, tmf.getTrustManagers(), null);
	mongoClientOptions.sslContext(sslContext);
	} catch (Exception e) {
	log.error(e);
	}


	return mongoClientOptions.build();
	}

	private MongoCredential mongoCredentials() {
	return MongoCredential.createCredential(dbUser, dbName, dbPassword);
	}
	}