[
https://issues.apache.org/jira/browse/CMIS-1007?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15822099#comment-15822099
]
Chris Turchin commented on CMIS-1007:
-------------------------------------
Hi [~fmui], it is the 1.0 version (AFAICT the most current).
I tried with OkHttp with this host (BTW the cert for testhost.test-domain.de is
different than test-domain.de -- hosts and domains obfuscated) and now get:
{code}
19:10:35 ERROR hemistry.opencmis.workbench.ClientHelper:
CmisConnectionException: Cannot access
"https://testhost.test-domain.de/mc/cmis/atom": Hostname
testhost.test-domain.de not verified:
certificate: sha256/9dFizKzH7KVbIXi+G9rRyH1gTjQNtWZM6LGOvprHdps=
DN: CN=test-domain.de
subjectAltNames: [test-domain.de]
org.apache.chemistry.opencmis.commons.exceptions.CmisConnectionException:
Cannot access "https://testhost.test-domain.de/mc/cmis/atom": Hostname
testhost.test-domain.de not verified:
certificate: sha256/9dFizKzH7KVbIXi+G9rRyH1gTjQNtWZM6LGOvprHdps=
DN: CN=test-domain.de
subjectAltNames: [test-domain.de]
at
org.apache.chemistry.opencmis.client.bindings.spi.http.OkHttpHttpInvoker.invoke(OkHttpHttpInvoker.java:252)
at
org.apache.chemistry.opencmis.client.bindings.spi.http.OkHttpHttpInvoker.invokeGET(OkHttpHttpInvoker.java:64)
at
org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubService.read(AbstractAtomPubService.java:697)
at
org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubService.getRepositoriesInternal(AbstractAtomPubService.java:873)
at
org.apache.chemistry.opencmis.client.bindings.spi.atompub.RepositoryServiceImpl.getRepositoryInfos(RepositoryServiceImpl.java:66)
at
org.apache.chemistry.opencmis.client.bindings.impl.RepositoryServiceImpl.getRepositoryInfos(RepositoryServiceImpl.java:92)
at
org.apache.chemistry.opencmis.client.runtime.SessionFactoryImpl.getRepositories(SessionFactoryImpl.java:120)
at
org.apache.chemistry.opencmis.workbench.model.ClientSession.connect(ClientSession.java:243)
at
org.apache.chemistry.opencmis.workbench.model.ClientSession.<init>(ClientSession.java:124)
at
org.apache.chemistry.opencmis.workbench.LoginDialog.createClientSession(LoginDialog.java:302)
at
org.apache.chemistry.opencmis.workbench.LoginDialog$1.actionPerformed(LoginDialog.java:123)
at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown
Source)
at java.awt.Component.processMouseEvent(Unknown Source)
at javax.swing.JComponent.processMouseEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Window.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$500(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at
java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown
Source)
at
java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown
Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at
java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown
Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.WaitDispatchSupport$2.run(Unknown Source)
at java.awt.WaitDispatchSupport$4.run(Unknown Source)
at java.awt.WaitDispatchSupport$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.awt.WaitDispatchSupport.enter(Unknown Source)> 19:10:35 ERROR
hemistry.opencmis.workbench.ClientHelper: Error code: 0
> 19:11:04 ERROR hemistry.opencmis.workbench.ClientHelper:
> CmisConnectionException: Cannot access
> "https://testhost.test-domain.de/mc/cmis/atom": Hostname
> testhost.test-domain.de not verified:
certificate: sha256/9dFizKzH7KVbIXi+G9rRyH1gTjQNtWZM6LGOvprHdps=
DN: CN=test-domain.de
subjectAltNames: [test-domain.de]
org.apache.chemistry.opencmis.commons.exceptions.CmisConnectionException:
Cannot access "https://testhost.test-domain.de/mc/cmis/atom": Hostname
testhost.test-domain.de not verified:
certificate: sha256/9dFizKzH7KVbIXi+G9rRyH1gTjQNtWZM6LGOvprHdps=
DN: CN=test-domain.de
subjectAltNames: [test-domain.de]
at
org.apache.chemistry.opencmis.client.bindings.spi.http.OkHttpHttpInvoker.invoke(OkHttpHttpInvoker.java:252)
at
org.apache.chemistry.opencmis.client.bindings.spi.http.OkHttpHttpInvoker.invokeGET(OkHttpHttpInvoker.java:64)
at
org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubService.read(AbstractAtomPubService.java:697)
at
org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubService.getRepositoriesInternal(AbstractAtomPubService.java:873)
at
org.apache.chemistry.opencmis.client.bindings.spi.atompub.RepositoryServiceImpl.getRepositoryInfos(RepositoryServiceImpl.java:66)
at
org.apache.chemistry.opencmis.client.bindings.impl.RepositoryServiceImpl.getRepositoryInfos(RepositoryServiceImpl.java:92)
at
org.apache.chemistry.opencmis.client.runtime.SessionFactoryImpl.getRepositories(SessionFactoryImpl.java:120)
at
org.apache.chemistry.opencmis.workbench.model.ClientSession.connect(ClientSession.java:243)
at
org.apache.chemistry.opencmis.workbench.model.ClientSession.<init>(ClientSession.java:124)
at
org.apache.chemistry.opencmis.workbench.LoginDialog.createClientSession(LoginDialog.java:302)
at
org.apache.chemistry.opencmis.workbench.LoginDialog$1.actionPerformed(LoginDialog.java:123)
at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown
Source)
at java.awt.Component.processMouseEvent(Unknown Source)
at javax.swing.JComponent.processMouseEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Window.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$500(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at
java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown
Source)
at
java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown
Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at
java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown
Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.WaitDispatchSupport$2.run(Unknown Source)
at java.awt.WaitDispatchSupport$4.run(Unknown Source)
at java.awt.WaitDispatchSupport$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.awt.WaitDispatchSupport.enter(Unknown Source)> 19:11:04 ERROR
hemistry.opencmis.workbench.ClientHelper: Error code: 0
{code}
I have also tried using the same configuration with a different site, where the
letsencrypt certificate is being provided directly by wildfly-10.1 (no proxy)
using the http2 protocol I get another error (hostnames/ports are all valid):
{code}
> 19:12:28 ERROR hemistry.opencmis.workbench.ClientHelper:
> CmisConnectionException: Cannot access
> "https://mediacockpit-cloud.de:8443/mc/cmis/atom":
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
org.apache.chemistry.opencmis.commons.exceptions.CmisConnectionException:
Cannot access "https://mediacockpit-cloud.de:8443/mc/cmis/atom":
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at
org.apache.chemistry.opencmis.client.bindings.spi.http.OkHttpHttpInvoker.invoke(OkHttpHttpInvoker.java:252)
at
org.apache.chemistry.opencmis.client.bindings.spi.http.OkHttpHttpInvoker.invokeGET(OkHttpHttpInvoker.java:64)
at
org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubService.read(AbstractAtomPubService.java:697)
at
org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubService.getRepositoriesInternal(AbstractAtomPubService.java:873)
at
org.apache.chemistry.opencmis.client.bindings.spi.atompub.RepositoryServiceImpl.getRepositoryInfos(RepositoryServiceImpl.java:66)
at
org.apache.chemistry.opencmis.client.bindings.impl.RepositoryServiceImpl.getRepositoryInfos(RepositoryServiceImpl.java:92)
at
org.apache.chemistry.opencmis.client.runtime.SessionFactoryImpl.getRepositories(SessionFactoryImpl.java:120)
at
org.apache.chemistry.opencmis.workbench.model.ClientSession.connect(ClientSession.java:243)
at
org.apache.chemistry.opencmis.workbench.model.ClientSession.<init>(ClientSession.java:124)
at
org.apache.chemistry.opencmis.workbench.LoginDialog.createClientSession(LoginDialog.java:302)
at
org.apache.chemistry.opencmis.workbench.LoginDialog$1.actionPerformed(LoginDialog.java:123)
at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown
Source)
at java.awt.Component.processMouseEvent(Unknown Source)
at javax.swing.JComponent.processMouseEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Window.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$500(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at
java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown
Source)
at
java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown
Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at
java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown
Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.WaitDispatchSupport$2.run(Unknown Source)
at java.awt.WaitDispatchSupport$4.run(Unknown Source)
at java.awt.WaitDispatchSupport$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.awt.WaitDispatchSupport.enter(Unknown Source)> 19:12:28 ERROR
hemistry.opencmis.workbench.ClientHelper: Error code: 0
{code}
I tried using {{cmis.workbench.acceptSelfSignedCertificates=true}} but seems to
make no difference. If you would like a test login on the site, pls. contact me
directly, I'd rather not post it in a JIRA comment. Chrome and FF both think
the cert and the configuration are OK.
> Server name indication support for cmis-workbench
> -------------------------------------------------
>
> Key: CMIS-1007
> URL: https://issues.apache.org/jira/browse/CMIS-1007
> Project: Chemistry
> Issue Type: Improvement
> Components: opencmis-workbench
> Affects Versions: OpenCMIS 1.0.0
> Environment: Windows 8.1
> Reporter: Chris Turchin
> Labels: features, security
>
> I have recently started using letsencrypt as a certificate authority for my
> development servers.
> Unfortunately, I get the following error when trying to login to my cmis
> server using the latest version of cmis-workbench:
> {code}
> > 18:17:48 ERROR hemistry.opencmis.workbench.ClientHelper:
> > CmisPermissionDeniedException: Forbidden
> org.apache.chemistry.opencmis.commons.exceptions.CmisPermissionDeniedException:
> Forbidden
> at
> org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubService.convertStatusCode(AbstractAtomPubService.java:497)
> at
> org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubService.read(AbstractAtomPubService.java:701)
> at
> org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubService.getRepositoriesInternal(AbstractAtomPubService.java:873)
> at
> org.apache.chemistry.opencmis.client.bindings.spi.atompub.RepositoryServiceImpl.getRepositoryInfos(RepositoryServiceImpl.java:66)
> at
> org.apache.chemistry.opencmis.client.bindings.impl.RepositoryServiceImpl.getRepositoryInfos(RepositoryServiceImpl.java:92)
> at
> org.apache.chemistry.opencmis.client.runtime.SessionFactoryImpl.getRepositories(SessionFactoryImpl.java:120)
> at
> org.apache.chemistry.opencmis.workbench.model.ClientSession.connect(ClientSession.java:243)
> at
> org.apache.chemistry.opencmis.workbench.model.ClientSession.<init>(ClientSession.java:124)
> at
> org.apache.chemistry.opencmis.workbench.LoginDialog.createClientSession(LoginDialog.java:302)
> at
> org.apache.chemistry.opencmis.workbench.LoginDialog$1.actionPerformed(LoginDialog.java:123)
> at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
> at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
> at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
> at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
> at javax.swing.AbstractButton.doClick(Unknown Source)
> at
> javax.swing.plaf.basic.BasicRootPaneUI$Actions.actionPerformed(Unknown Source)
> at javax.swing.SwingUtilities.notifyAction(Unknown Source)
> at javax.swing.JComponent.processKeyBinding(Unknown Source)
> at javax.swing.KeyboardManager.fireBinding(Unknown Source)
> at javax.swing.KeyboardManager.fireKeyboardAction(Unknown Source)
> at javax.swing.JComponent.processKeyBindingsForAllComponents(Unknown
> Source)
> at javax.swing.JComponent.processKeyBindings(Unknown Source)
> at javax.swing.JComponent.processKeyEvent(Unknown Source)
> at java.awt.Component.processEvent(Unknown Source)
> at java.awt.Container.processEvent(Unknown Source)
> at java.awt.Component.dispatchEventImpl(Unknown Source)
> at java.awt.Container.dispatchEventImpl(Unknown Source)
> at java.awt.Component.dispatchEvent(Unknown Source)
> at java.awt.KeyboardFocusManager.redispatchEvent(Unknown Source)
> at java.awt.DefaultKeyboardFocusManager.dispatchKeyEvent(Unknown Source)
> at java.awt.DefaultKeyboardFocusManager.preDispatchKeyEvent(Unknown
> Source)
> at java.awt.DefaultKeyboardFocusManager.typeAheadAssertions(Unknown
> Source)
> at java.awt.DefaultKeyboardFocusManager.dispatchEvent(Unknown Source)
> at java.awt.Component.dispatchEventImpl(Unknown Source)
> at java.awt.Container.dispatchEventImpl(Unknown Source)
> at java.awt.Window.dispatchEventImpl(Unknown Source)
> at java.awt.Component.dispatchEvent(Unknown Source)
> at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
> at java.awt.EventQueue.access$500(Unknown Source)
> at java.awt.EventQueue$3.run(Unknown Source)
> at java.awt.EventQueue$3.run(Unknown Source)
> at java.security.AccessController.doPrivileged(Native Method)
> at
> java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown
> Source)
> at
> java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown
> Source)
> at java.awt.EventQueue$4.run(Unknown Source)
> at java.awt.EventQueue$4.run(Unknown Source)
> at java.security.AccessController.doPrivileged(Native Method)
> at
> java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown
> Source)
> at java.awt.EventQueue.dispatchEvent(Unknown Source)> 18:17:48 ERROR
> hemistry.opencmis.workbench.ClientHelper: Error code: 0
> > 18:17:48 ERROR hemistry.opencmis.workbench.ClientHelper: Error content:
> > <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> <html><head>
> <title>403 Forbidden</title>
> </head><body>
> <h1>Forbidden</h1>
> <p>You don't have permission to access /mc/cmis/atom
> on this server.<br />
> Reason: The client software did not provide a hostname using Server Name
> Indication (SNI), which is required to access this server.<br />
> </p>
> </body></html>
> {code}
> The certificate is on the reverse proxy, running Apache/2.4.18 (Ubuntu) and
> looks basically like this:
> {code}
> <VirtualHost somehost.somedomain:443>
> ServerName somehost.somedomain
> SSLEngine On
> SSLCertificateFile /var/letsencrypt/somehost.somedomain/signed.crt
> SSLCertificateKeyFile /var/letsencrypt/somehost.somedomain/domain.key
> SSLCACertificateFile
> /var/letsencrypt/somehost.somedomain/intermediate.pem
> SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1
> SSLOpenSSLConfCmd DHParameters "/usr/local/apache2/1024dhparams.pem"
> SSLProxyEngine on
> ProxyPass / http://localhost:8379/ timeout=600
> ProxyPassReverse / http://localhost:8379/ timeout=600
> ProxyPreserveHost On
> Header set Access-Control-Allow-Origin "*"
> Header set Access-Control-Allow-Credentials "true"
> Header edit Location ^http(\:\/\/.*)$ https$1
> </VirtualHost>
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
