Hi Alan, Hi Stian, Please refer my latest commit @ https://github.com/NadeeshDilanga/incubator-taverna-common-activities/commits/docker/taverna-docker-activity
where I have implemented reading a injected configuration. Can you please review this and let me know what I am missing here. But one thing I would like to know is, who is responsible of creating(populating) the DockerContainerConfiguration ? We have to allow user to give a docker.conf and from which some one construct the DockerContainerConfiguration and inject it to the activity plugin. Then I went through the taverna-engine repo code base looking for the clue Stian gave, where I have to implement Configurable interface, and use ConfigurationManager. And Configuration manager interface had store/populate methods to override, but I found it bit unclear to figure out how exactly I can use that to my use case/how it works/relation ship between Configurable interface and ConfigurationManager. Do we have any documentation on that ? For SSL issue, I am calling the container as https://192.168.99.100:2376/containers/create where 192.168.99.100 is my container host. I assume that is the target you meant ? On Fri, Jun 17, 2016 at 10:12 AM, Stian Soiland-Reyes <[email protected]> wrote: > Probably it is that the local Docker daemon has a self-signed > certificate that Java does not recognize. > > > Taverna has the credential manager - which should normally pop up and > ask if you want to accept (and store) the certificate. > > I'm not sure why that is not happening here.. perhaps because your > RESTUtil uses the Apache HTTPClient rather than the built-in URL > handling, then there is no link to the Credential Manager? > > > Could you try if it works to do a "dummy connection" first with > something like new URL("https://localhost:1239/";).openConnection() > (whatever the port is) -- this should trigger the certificate > handling in Java. > > > I must admit I could not find out how this is done in the REST activity.. > > https://github.com/apache/incubator-taverna-common-activities/blob/master/taverna-rest-activity/src/main/java/org/apache/taverna/activities/rest/RESTActivityCredentialsProvider.java > > is used for username/password (e.g. http basic auth) through Credential > Manager. > > > Does the REST activity today support https:// connections against > 'unknown' SSL certificates? (e.g. triggering the pop-ups in Workbench) > > > This file CLAIMS to do it, but doesn't seem to: > > > https://github.com/apache/incubator-taverna-common-activities/blob/master/taverna-rest-activity/src/main/java/org/apache/taverna/activities/rest/HTTPRequestHandler.java#L116 > > // Register a protocol scheme for https that uses Taverna's > // SSLSocketFactory > > but it uses the regular org.apache.http.conn.ssl.SSLSocketFactory > > .. I would have thought it should use > CredentialManager.getTavernaSSLSocketFactory() from > > > https://github.com/apache/incubator-taverna-engine/blob/master/taverna-credential-manager-impl/src/main/java/org/apache/taverna/security/credentialmanager/impl/CredentialManagerImpl.java#L2004 > > > Perhaps something similar to that HTTPRequestHandler code to > initialise org.apache.http would work? > > > On 17 June 2016 at 06:32, Nadeesh Dilanga <[email protected]> wrote: > > Still got stuck further on the SSL issue[1]. May be something to do with > my > > setup. So I also implemented invoking simple HTTP(without SSL) in > > additional to HTTP SSL. > > > > Meanwhile I already started getting configuration thru that spring > > inject-able framework. Will commit those changes also(without just > blocking > > on Http SSL issue) to my private repo from which I am planning to send > > pull request. > > > > [1]: > > > > avax.net.ssl.SSLHandshakeException: > > sun.security.validator.ValidatorException: PKIX path building failed: > > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find > > valid certification path to requested target > > at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) > > at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1902) > > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276) > > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270) > > at > > > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1338) > > at > > > sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154) > > at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) > > at sun.security.ssl.Handshaker.process_record(Handshaker.java:804) > > at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1032) > > at > > > sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1328) > > at > > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355) > > at > > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339) > > at > > > org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:543) > > at > > > org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:409) > > at > > > org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:479) > > at > > > org.apache.http.conn.scheme.SchemeSocketFactoryAdaptor.connectSocket(SchemeSocketFactoryAdaptor.java:66) > > at > > > org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177) > > at > > > org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144) > > at > > > org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:131) > > at > > > org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611) > > at > > > org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446) > > at > > > org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882) > > at > > > org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) > > at > > > org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) > > at > > > org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55) > > at > > org.apache.taverna.activities.docker.RESTUtil.doPost(RESTUtil.java:125) > > at > > > org.apache.taverna.activities.docker.RESTUtil.createContainer(RESTUtil.java:90) > > at > > > org.apache.taverna.activities.docker.test.TestCreateContainer.testCreateContainer(TestCreateContainer.java:40) > > at > > > org.apache.taverna.activities.docker.test.TestCreateContainer.main(TestCreateContainer.java:32) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at > > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > > at > > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > > at java.lang.reflect.Method.invoke(Method.java:601) > > at > com.intellij.rt.execution.application.AppMain.main(AppMain.java:134) > > Caused by: sun.security.validator.ValidatorException: PKIX path building > > failed: sun.security.provider.certpath.SunCertPathBuilderException: > unable > > to find valid certification path to requested target > > at > sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385) > > at > > > sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) > > at sun.security.validator.Validator.validate(Validator.java:260) > > at > > > sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326) > > at > > > sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231) > > at > > > sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126) > > at > > > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1320) > > ... 29 more > > Caused by: sun.security.provider.certpath.SunCertPathBuilderException: > > unable to find valid certification path to requested target > > at > > > sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196) > > at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268) > > at > sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380) > > ... 35 more > > > > > > On Wed, Jun 15, 2016 at 6:17 PM, Nadeesh Dilanga <[email protected]> > > wrote: > > > >> It is the container host and I am invoking the remote API. Will do more > >> troubleshooting and get back. > >> > >> On Wed, Jun 15, 2016 at 7:05 AM, Alan Williams < > [email protected]> > >> wrote: > >> > >>> On 15-Jun-16 09:02, Nadeesh Dilanga wrote: > >>> > >>>> Hi Alan, > >>>> Thank you very much for the pointer. I went through and understood how > >>>> works. > >>>> 1. Implement docker factory class to return an activity configuration. > >>>> 2. Accept the configuration in the DockerActivity constructor. > >>>> > >>>> Please correct me if I missed something. > >>>> > >>> > >>> I need a picture of what is being proposed :) > >>> > >>> Also I am working on the implementation and commiting my code to my > forked > >>>> repo at [1]. I will send pull requests once following TODOs finishes. > >>>> 1. Test HTTPS invocation(right now I am having a SSL handshake issue > and > >>>> working on it) > >>>> > >>>> I am using SSLContext.getDefault() and gives me > >>>> javax.net.ssl.SSLHandshakeException: > >>>> sun.security.validator.ValidatorException: PKIX path building failed: > >>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to > >>>> find > >>>> valid certification path to requested target > >>>> > >>>> I have a unit test to test this. I also tried setting system > properties > >>>> javax.net.ssl.keyStore, javax.net.ssl.trustStore, > >>>> javax.net.ssl.keyStorePassword. But no luck. > >>>> > >>> > >>> What is the target of the HTTPS ? Does it have a valid certificate? > >>> > >>> 2. Enhance the activity class to read configuration injected by > Spring. > >>>> > >>>> > >>>> [1] - > >>>> > >>>> > https://github.com/NadeeshDilanga/incubator-taverna-common-activities/commits/docker > >>>> > >>> > >>> Great. > >>> > >>> Alan > >>> > >>> > >>> > >> > > > > -- > Stian Soiland-Reyes > Apache Taverna (incubating), Apache Commons > http://orcid.org/0000-0001-9842-9718 >
