Hi Sanjay,
StackTrace for INVALID_ARGUMENT exception.
[2019-01-23 21:16:50,523 UTC] [INFO ] pool-1-thread-1
com.verizon.eclipse.client.OpenConfigTelemetryClient - connectivityState in
connect:: IDLE
io.grpc.StatusRuntimeException: INVALID_ARGUMENT
at
io.grpc.stub.ClientCalls.toStatusRuntimeException(ClientCalls.java:233)
at io.grpc.stub.ClientCalls.getUnchecked(ClientCalls.java:214)
at io.grpc.stub.ClientCalls.blockingUnaryCall(ClientCalls.java:139)
at
.proto_compiled.telemetry.OpenConfigGrpc$OpenConfigBlockingStub.get(OpenConfigGrpc.java:373)
at OpenConfigTelemetryClient.get(OpenConfigTelemetryClient.java:187)
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
[2019-01-23 21:16:51,252 UTC] [ERROR] pool-1-thread-1
OpenConfigTelemetryClient - sre.getTrailers():: Metadata()
[2019-01-23 21:16:51,252 UTC] [ERROR] pool-1-thread-1
OpenConfigTelemetryClient - Error Code:: INVALID_ARGUMENT
[2019-01-23 21:16:51,252 UTC] [ERROR] pool-1-thread-1
OpenConfigTelemetryClient - Error description:: null
[2019-01-23 21:16:51,252 UTC] [ERROR] pool-1-thread-1
OpenConfigTelemetryClient - Error Cause:: null
On Tuesday, January 22, 2019 at 7:21:51 PM UTC-5, [email protected]
wrote:
>
> Kishore: I think you should go back to using "username" instead of
> "userId" or "usernId" and then troubleshooting the code. I also noticed
> this catch clause in your Java code
>
> } catch (Exception e) {
>
> metadataApplier.fail(Status.UNAUTHENTICATED.withCause(e));
> e.printStackTrace();
> }
>
> where your code is generating the UNAUTHENTICATED error and not gRPC layer
> or the server. That could also be a source of confusion.
>
> Looking at
> https://github.com/grpc/grpc-java/blob/master/core/src/main/java/io/grpc/Metadata.java
>
> there are multiple places where it calls checkArgument (which throws the
> INVALID_ARGUMENT exception) for different reasons. Generate a stack trace
> again and see where it is coming from.
>
>
> On Tuesday, January 22, 2019 at 1:35:15 PM UTC-8, [email protected]
> wrote:
>>
>> The real problem seems to be INVALID_ARGUMENT you are getting on the Java
>> client side. If the server is expecting "username" header that needs to be
>> sent and not something else. Let me see if I can find something about
>> INVALID_ARGUMENT on the grpc java code side
>>
>> On Tuesday, January 22, 2019 at 12:54:02 PM UTC-8, [email protected]
>> wrote:
>>>
>>> Hi Sanjay,
>>>
>>> I tried first with "username" to copy c++ but got INVALID_ARGUMENT
>>> exception. When I was searching for some solutions some where I got
>>> "userid" after using userid instead of username INVALID_ARGUMENT gone and
>>> getting UNAUTHENTICATED exception.
>>>
>>> Yes I am printing request in Java too, below is the result
>>> [2019-01-22 20:28:18,574 UTC] [INFO ] pool-1-thread-1
>>> com.verizon.eclipse.client.OpenConfigTelemetryClient - Path List::
>>> [element: "/statistics/otm"]
>>>
>>> C++ result:
>>> Prefix : --
>>> AsyncGet(GetRquest) =>:
>>> Path: "statistics" "otm"
>>>
>>>
>>> On Tuesday, January 22, 2019 at 12:36:50 PM UTC-5, Sanjay Pujare wrote:
>>>>
>>>> Hi Kishore,
>>>>
>>>> For encryption TLS (SSL) also works so mTLS is not needed for
>>>> encryption.
>>>>
>>>> In any case the info you have provided is useful although we still
>>>> don't have the root cause. It seems the error occurred on the server side
>>>> (was an ExecutionException) and we can rule out mTLS related issues.
>>>>
>>>> In your C++ snippet you had "printGetRequest(&getReq);". Can you insert
>>>> a similar print/log statement in the Java code and just compare the 2
>>>> requests going out?
>>>>
>>>> BTW I noticed that
>>>> Your C++ code sets "username":
>>>>
>>>> context.AddMetadata("username", userid);
>>>>
>>>> But your Java code has typos:
>>>>
>>>> Metadata.Key<String> usernameKey =
>>>> Metadata.Key.of("usernId", Metadata.ASCII_STRING_MARSHALLER);
>>>> headers.put(usernameKey, username);
>>>>
>>>> in one place and
>>>>
>>>> Metadata.Key<String> usernameKey =
>>>> Metadata.Key.of("userid", Metadata.ASCII_STRING_MARSHALLER);
>>>> headers.put(usernameKey, user);
>>>>
>>>> in a different place. Why are you not using "username" here as well?
>>>>
>>>>
>>>> On Tue, Jan 22, 2019 at 8:47 AM kishore.ganipineni via grpc.io <
>>>> [email protected]> wrote:
>>>>
>>>>> Hi Sanjay,
>>>>>
>>>>> More specific details are needed here and you should look them up in
>>>>> the Vendor Router documentation to answer the following questions:
>>>>>
>>>>> - are certificates needed only for establishing (one-way) SSL or mTLS?
>>>>> I am assuming it is not mTLS but it is good to confirm. Note that mTLS is
>>>>> used to authenticate a client by the server.
>>>>>
>>>>> My understanding is for encryption might be. I don't have the
>>>>> documentation right now in hand, will get it and check the documentation.
>>>>>
>>>>> - the credentials are just passed as "username" and "password" headers
>>>>> just like your C++ example shows? That should be relatively
>>>>> straightforward
>>>>> as shown in the Java auth examples here (
>>>>> https://github.com/grpc/grpc-java/blob/master/examples/AUTHENTICATION_EXAMPLE.md
>>>>>
>>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_grpc_grpc-2Djava_blob_master_examples_AUTHENTICATION-5FEXAMPLE.md&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=ChxOdF9MDUHQXGXXLqr7elRy8wuLMzBP10cgEfyTxR4&m=VfK4hE15PIJMhiK5G3q2YFZVALYCa4LU4byHE8zcyIc&s=vCl7rFkMAR-IOWVrWZjZdwH1u04DicEhy0MLmXC4cqI&e=>).
>>>>>
>>>>> I suggest you use that approach - of using ClientInterceptor and adding
>>>>> headers - instead of stub.withCallCredentials().
>>>>>
>>>>> - can you provide the stack trace of UNAUTHENTICATED exception you are
>>>>> getting?
>>>>>
>>>>> I have tried the ClientInterceptor option , still getting the
>>>>> UNAUTHENTICATED exception. Below is the stacktrace.
>>>>>
>>>>> io.grpc.StatusRuntimeException: UNAUTHENTICATED
>>>>> at
>>>>> io.grpc.stub.ClientCalls.toStatusRuntimeException(ClientCalls.java:233)
>>>>> at io.grpc.stub.ClientCalls.getUnchecked(ClientCalls.java:214)
>>>>> at
>>>>> io.grpc.stub.ClientCalls.blockingUnaryCall(ClientCalls.java:139)
>>>>> at
>>>>> telemetry.OpenConfigGrpc$OpenConfigBlockingStub.get(OpenConfigGrpc.java:373)
>>>>> at
>>>>> OpenConfigTelemetryClient.get(OpenConfigTelemetryClient.java:208)
>>>>> at
>>>>> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
>>>>> at
>>>>> java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)
>>>>> at
>>>>> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)
>>>>> at
>>>>> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)
>>>>> at
>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>>>>> at
>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>>>>> at java.lang.Thread.run(Thread.java:745)
>>>>> [2019-01-22 16:33:27,534 UTC] [ERROR] pool-1-thread-1
>>>>> OpenConfigTelemetryClient - Error Code:: UNAUTHENTICATED
>>>>> [2019-01-22 16:33:27,534 UTC] [ERROR] pool-1-thread-1
>>>>> OpenConfigTelemetryClient - Error description:: null
>>>>> [2019-01-22 16:33:27,534 UTC] [ERROR] pool-1-thread-1
>>>>> OpenConfigTelemetryClient - Error Cause:: null
>>>>>
>>>>> *Channel Creation code:*
>>>>>
>>>>> channel = NettyChannelBuilder.forAddress(ip, port)
>>>>> .useTransportSecurity()
>>>>> .negotiationType(NegotiationType.TLS)
>>>>> .sslContext(sslContext)
>>>>> .intercept(interceptor)
>>>>> .build();
>>>>>
>>>>>
>>>>> *ClientInterceptor Code:*
>>>>>
>>>>> public <ReqT, RespT> ClientCall<ReqT, RespT>
>>>>> interceptCall(MethodDescriptor<ReqT, RespT> methodDescriptor, CallOptions
>>>>> callOptions, Channel channel) {
>>>>> return new ForwardingClientCall.SimpleForwardingClientCall<ReqT,
>>>>> RespT>(channel.newCall(methodDescriptor, callOptions)) {
>>>>> @Override
>>>>> public void start(Listener<RespT> responseListener, Metadata headers) {
>>>>> //callOptions.withCallCredentials(credentials);
>>>>> Metadata.Key<String> usernameKey = Metadata.Key.of("userid",
>>>>> Metadata.ASCII_STRING_MARSHALLER);
>>>>> headers.put(usernameKey, user);
>>>>> Metadata.Key<String> passwordKey = Metadata.Key.of("password",
>>>>> Metadata.ASCII_STRING_MARSHALLER);
>>>>> headers.put(passwordKey, pass);
>>>>> super.start(responseListener, headers);
>>>>> }
>>>>> };
>>>>> }
>>>>>
>>>>>
>>>>>
>>>>> On Tuesday, January 15, 2019 at 4:09:39 PM UTC-5, Kishore Ganipineni
>>>>> wrote:
>>>>>>
>>>>>> SSL/TLS Authentication of gRPC using root.pem file and username &
>>>>>> password at client side.
>>>>>>
>>>>>> To Authenticate the gRPC server using root pem certificate file and
>>>>>> credentials in C++ we have a facility to provide both options from
>>>>>> client
>>>>>> like below.
>>>>>>
>>>>>> pem file setup using environment variable option (C++):
>>>>>>
>>>>>> setenv("GRPC_DEFAULT_SSL_ROOTS_FILE_PATH", fileBuff1, true);
>>>>>> sprintf(setSecBuff, "chmod 777 %s", fileBuff1);
>>>>>> system(setSecBuff);
>>>>>> Creating Channel Using ssl options(keyPassword if any):
>>>>>>
>>>>>> SslCredentialsOptions ssl_opts;
>>>>>> TelemAsyncClient
>>>>>> telemAsyncClient(grpc::CreateChannel(std::string(hostIpStr),
>>>>>> grpc::SslCredentials(ssl_opts), ChannelArguments()));
>>>>>> Passing credentials using ClientContext(C++):
>>>>>>
>>>>>> ClientContext context;
>>>>>> CompletionQueue cq;
>>>>>> Status status;
>>>>>>
>>>>>> context.AddMetadata("username", userid);
>>>>>> context.AddMetadata("password", password);
>>>>>>
>>>>>>
>>>>>> // Print Populated GetRequest
>>>>>> printGetRequest(&getReq);
>>>>>> std::unique_ptr<ClientAsyncResponseReader<GetResponse> >
>>>>>> rpc(stub_->AsyncGet(&context, getReq, &cq));
>>>>>> In java we have facility to pass the pem file but how to pass the
>>>>>> credentials? Java code to pass pem file: ============================
>>>>>>
>>>>>> ManagedChannel channel = NettyChannelBuilder.forAddress(ip, port)
>>>>>> .useTransportSecurity()
>>>>>> .negotiationType(NegotiationType.TLS)
>>>>>> .sslContext(GrpcSslContexts.forClient()
>>>>>> .trustManager(new File("<path>/test.pem"))
>>>>>> .clientAuth(ClientAuth.REQUIRE)
>>>>>> .build())
>>>>>> .overrideAuthority("test")
>>>>>> .build();
>>>>>> Tried to set the credentials using CallCredentials and
>>>>>> ClientInterceptor options but none of the worked. Server side Username
>>>>>> is
>>>>>> not receiving. Hence getting io.grpc.StatusRuntimeException:
>>>>>> UNAUTHENTICATED exception.
>>>>>>
>>>>>> CallCredentials Tried:
>>>>>>
>>>>>> OpenConfigGrpc.OpenConfigBlockingStub blockingStub =
>>>>>> OpenConfigGrpc.newBlockingStub(channel).withCallCredentials(credentials);
>>>>>>
>>>>>> public void applyRequestMetadata(MethodDescriptor<?, ?>
>>>>>> methodDescriptor, Attributes attributes, Executor executor, final
>>>>>> MetadataApplier metadataApplier) {
>>>>>> String authority = attributes.get(ATTR_AUTHORITY);
>>>>>> Attributes.Key<String> usernameKey =
>>>>>> Attributes.Key.of("userId");
>>>>>> Attributes.Key<String> passwordKey =
>>>>>> Attributes.Key.of("password");
>>>>>> attributes.newBuilder().set(usernameKey, username).build();
>>>>>> attributes.newBuilder().set(passwordKey, pasfhocal).build();
>>>>>> System.out.println(authority);
>>>>>> executor.execute(new Runnable() {
>>>>>> public void run() {
>>>>>> try {
>>>>>> Metadata headers = new Metadata();
>>>>>> Metadata.Key<String> usernameKey =
>>>>>> Metadata.Key.of("userId", Metadata.ASCII_STRING_MARSHALLER);
>>>>>> Metadata.Key<String> passwordKey =
>>>>>> Metadata.Key.of("password", Metadata.ASCII_STRING_MARSHALLER);
>>>>>> headers.put(usernameKey, username);
>>>>>> headers.put(passwordKey, pasfhocal);
>>>>>> metadataApplier.apply(headers);
>>>>>> } catch (Exception e) {
>>>>>>
>>>>>> metadataApplier.fail(Status.UNAUTHENTICATED.withCause(e));
>>>>>> e.printStackTrace();
>>>>>> }finally{
>>>>>> logger.info("Inside CienaCallCredentials
>>>>>> finally.");
>>>>>> }
>>>>>> }
>>>>>> });
>>>>>> }
>>>>>> Interceptors Tried:
>>>>>>
>>>>>> OpenConfigGrpc.OpenConfigBlockingStub blockingStub =
>>>>>> OpenConfigGrpc.newBlockingStub(channel).withInterceptors(interceptors);
>>>>>>
>>>>>> public <ReqT, RespT> ClientCall<ReqT, RespT>
>>>>>> interceptCall(MethodDescriptor<ReqT, RespT> methodDescriptor,
>>>>>> CallOptions
>>>>>> callOptions, Channel channel) {
>>>>>> return new
>>>>>> ForwardingClientCall.SimpleForwardingClientCall<ReqT,
>>>>>> RespT>(channel.newCall(methodDescriptor, callOptions)) {
>>>>>> @Override
>>>>>> public void start(Listener<RespT> responseListener,
>>>>>> Metadata headers) {
>>>>>> callOptions.withCallCredentials(credentials);
>>>>>> Metadata.Key<String> usernameKey =
>>>>>> Metadata.Key.of("usernId", Metadata.ASCII_STRING_MARSHALLER);
>>>>>> headers.put(usernameKey, username);
>>>>>> Metadata.Key<String> passwordKey =
>>>>>> Metadata.Key.of("password", Metadata.ASCII_STRING_MARSHALLER);
>>>>>> headers.put(passwordKey, pasfhocal);
>>>>>> super.start(responseListener, headers);
>>>>>> }
>>>>>> };
>>>>>> }
>>>>>> Much appreciated your help if some can help on this how to
>>>>>> authenticate gRPC using root.pem file and username and password.
>>>>>>
>>>>>> Thanks in Advance, Kishore
>>>>>>
>>>>>> --
>>>>> You received this message because you are subscribed to a topic in the
>>>>> Google Groups "grpc.io" group.
>>>>> To unsubscribe from this topic, visit
>>>>> https://groups.google.com/d/topic/grpc-io/ZB2bwPCxOHI/unsubscribe.
>>>>> To unsubscribe from this group and all its topics, send an email to
>>>>> [email protected].
>>>>> To post to this group, send email to [email protected].
>>>>> Visit this group at https://groups.google.com/group/grpc-io.
>>>>> To view this discussion on the web visit
>>>>> https://groups.google.com/d/msgid/grpc-io/79f3ee80-8a44-400e-a3cf-ce10f7312fbe%40googlegroups.com
>>>>>
>>>>> <https://groups.google.com/d/msgid/grpc-io/79f3ee80-8a44-400e-a3cf-ce10f7312fbe%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>>> .
>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>
>>>>
--
You received this message because you are subscribed to the Google Groups
"grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/grpc-io.
To view this discussion on the web visit
https://groups.google.com/d/msgid/grpc-io/02bc3504-8600-43c5-9e80-bce9938a4382%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
