Looking further it looks like an error coming from the server. You can see for yourself by looking at https://github.com/grpc/grpc-java/blob/master/stub/src/main/java/io/grpc/stub/ClientCalls.java and tracing the line numbers. At this stage it is best for you to troubleshoot this yourself. Couple of suggestions I have:
- log/print the request going out on the wire in each case (C++ and Java) and see what is different. - see if you can get the logs on the server (some kind of a Vendor router you mentioned?) and see if those logs reveal anything for the error case On Wed, Jan 23, 2019 at 1:19 PM kishore.ganipineni via grpc.io < [email protected]> wrote: > Hi Sanjay, > > StackTrace for INVALID_ARGUMENT exception. > > [2019-01-23 21:16:50,523 UTC] [INFO ] pool-1-thread-1 > com.verizon.eclipse.client.OpenConfigTelemetryClient - connectivityState in > connect:: IDLE > > io.grpc.StatusRuntimeException: INVALID_ARGUMENT > at > io.grpc.stub.ClientCalls.toStatusRuntimeException(ClientCalls.java:233) > at io.grpc.stub.ClientCalls.getUnchecked(ClientCalls.java:214) > at io.grpc.stub.ClientCalls.blockingUnaryCall(ClientCalls.java:139) > at > .proto_compiled.telemetry.OpenConfigGrpc$OpenConfigBlockingStub.get(OpenConfigGrpc.java:373) > at > OpenConfigTelemetryClient.get(OpenConfigTelemetryClient.java:187) > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > [2019-01-23 21:16:51,252 UTC] [ERROR] pool-1-thread-1 > OpenConfigTelemetryClient - sre.getTrailers():: Metadata() > [2019-01-23 21:16:51,252 UTC] [ERROR] pool-1-thread-1 > OpenConfigTelemetryClient - Error Code:: INVALID_ARGUMENT > [2019-01-23 21:16:51,252 UTC] [ERROR] pool-1-thread-1 > OpenConfigTelemetryClient - Error description:: null > [2019-01-23 21:16:51,252 UTC] [ERROR] pool-1-thread-1 > OpenConfigTelemetryClient - Error Cause:: null > > > > On Tuesday, January 22, 2019 at 7:21:51 PM UTC-5, [email protected] > wrote: >> >> Kishore: I think you should go back to using "username" instead of >> "userId" or "usernId" and then troubleshooting the code. I also noticed >> this catch clause in your Java code >> >> } catch (Exception e) { >> >> metadataApplier.fail(Status.UNAUTHENTICATED.withCause(e)); >> e.printStackTrace(); >> } >> >> where your code is generating the UNAUTHENTICATED error and not gRPC >> layer or the server. That could also be a source of confusion. >> >> Looking at >> https://github.com/grpc/grpc-java/blob/master/core/src/main/java/io/grpc/Metadata.java >> there are multiple places where it calls checkArgument (which throws the >> INVALID_ARGUMENT exception) for different reasons. Generate a stack trace >> again and see where it is coming from. >> >> >> On Tuesday, January 22, 2019 at 1:35:15 PM UTC-8, [email protected] >> wrote: >>> >>> The real problem seems to be INVALID_ARGUMENT you are getting on the >>> Java client side. If the server is expecting "username" header that needs >>> to be sent and not something else. Let me see if I can find something about >>> INVALID_ARGUMENT on the grpc java code side >>> >>> On Tuesday, January 22, 2019 at 12:54:02 PM UTC-8, [email protected] >>> wrote: >>>> >>>> Hi Sanjay, >>>> >>>> I tried first with "username" to copy c++ but got INVALID_ARGUMENT >>>> exception. When I was searching for some solutions some where I got >>>> "userid" after using userid instead of username INVALID_ARGUMENT gone and >>>> getting UNAUTHENTICATED exception. >>>> >>>> Yes I am printing request in Java too, below is the result >>>> [2019-01-22 20:28:18,574 UTC] [INFO ] pool-1-thread-1 >>>> com.verizon.eclipse.client.OpenConfigTelemetryClient - Path List:: >>>> [element: "/statistics/otm"] >>>> >>>> C++ result: >>>> Prefix : -- >>>> AsyncGet(GetRquest) =>: >>>> Path: "statistics" "otm" >>>> >>>> >>>> On Tuesday, January 22, 2019 at 12:36:50 PM UTC-5, Sanjay Pujare wrote: >>>>> >>>>> Hi Kishore, >>>>> >>>>> For encryption TLS (SSL) also works so mTLS is not needed for >>>>> encryption. >>>>> >>>>> In any case the info you have provided is useful although we still >>>>> don't have the root cause. It seems the error occurred on the server side >>>>> (was an ExecutionException) and we can rule out mTLS related issues. >>>>> >>>>> In your C++ snippet you had "printGetRequest(&getReq);". Can you >>>>> insert a similar print/log statement in the Java code and just compare the >>>>> 2 requests going out? >>>>> >>>>> BTW I noticed that >>>>> Your C++ code sets "username": >>>>> >>>>> context.AddMetadata("username", userid); >>>>> >>>>> But your Java code has typos: >>>>> >>>>> Metadata.Key<String> usernameKey = >>>>> Metadata.Key.of("usernId", Metadata.ASCII_STRING_MARSHALLER); >>>>> headers.put(usernameKey, username); >>>>> >>>>> in one place and >>>>> >>>>> Metadata.Key<String> usernameKey = >>>>> Metadata.Key.of("userid", Metadata.ASCII_STRING_MARSHALLER); >>>>> headers.put(usernameKey, user); >>>>> >>>>> in a different place. Why are you not using "username" here as well? >>>>> >>>>> >>>>> On Tue, Jan 22, 2019 at 8:47 AM kishore.ganipineni via grpc.io < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi Sanjay, >>>>>> >>>>>> More specific details are needed here and you should look them up in >>>>>> the Vendor Router documentation to answer the following questions: >>>>>> >>>>>> - are certificates needed only for establishing (one-way) SSL or >>>>>> mTLS? I am assuming it is not mTLS but it is good to confirm. Note that >>>>>> mTLS is used to authenticate a client by the server. >>>>>> >>>>>> My understanding is for encryption might be. I don't have the >>>>>> documentation right now in hand, will get it and check the documentation. >>>>>> >>>>>> - the credentials are just passed as "username" and "password" >>>>>> headers just like your C++ example shows? That should be relatively >>>>>> straightforward as shown in the Java auth examples here ( >>>>>> https://github.com/grpc/grpc-java/blob/master/examples/AUTHENTICATION_EXAMPLE.md >>>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_grpc_grpc-2Djava_blob_master_examples_AUTHENTICATION-5FEXAMPLE.md&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=ChxOdF9MDUHQXGXXLqr7elRy8wuLMzBP10cgEfyTxR4&m=VfK4hE15PIJMhiK5G3q2YFZVALYCa4LU4byHE8zcyIc&s=vCl7rFkMAR-IOWVrWZjZdwH1u04DicEhy0MLmXC4cqI&e=>). >>>>>> I suggest you use that approach - of using ClientInterceptor and adding >>>>>> headers - instead of stub.withCallCredentials(). >>>>>> >>>>>> - can you provide the stack trace of UNAUTHENTICATED exception you >>>>>> are getting? >>>>>> >>>>>> I have tried the ClientInterceptor option , still getting the >>>>>> UNAUTHENTICATED exception. Below is the stacktrace. >>>>>> >>>>>> io.grpc.StatusRuntimeException: UNAUTHENTICATED >>>>>> at >>>>>> io.grpc.stub.ClientCalls.toStatusRuntimeException(ClientCalls.java:233) >>>>>> at io.grpc.stub.ClientCalls.getUnchecked(ClientCalls.java:214) >>>>>> at >>>>>> io.grpc.stub.ClientCalls.blockingUnaryCall(ClientCalls.java:139) >>>>>> at >>>>>> telemetry.OpenConfigGrpc$OpenConfigBlockingStub.get(OpenConfigGrpc.java:373) >>>>>> at >>>>>> OpenConfigTelemetryClient.get(OpenConfigTelemetryClient.java:208) >>>>>> at >>>>>> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) >>>>>> at >>>>>> java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) >>>>>> at >>>>>> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) >>>>>> at >>>>>> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) >>>>>> at >>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) >>>>>> at >>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) >>>>>> at java.lang.Thread.run(Thread.java:745) >>>>>> [2019-01-22 16:33:27,534 UTC] [ERROR] pool-1-thread-1 >>>>>> OpenConfigTelemetryClient - Error Code:: UNAUTHENTICATED >>>>>> [2019-01-22 16:33:27,534 UTC] [ERROR] pool-1-thread-1 >>>>>> OpenConfigTelemetryClient - Error description:: null >>>>>> [2019-01-22 16:33:27,534 UTC] [ERROR] pool-1-thread-1 >>>>>> OpenConfigTelemetryClient - Error Cause:: null >>>>>> >>>>>> *Channel Creation code:* >>>>>> >>>>>> channel = NettyChannelBuilder.forAddress(ip, port) >>>>>> .useTransportSecurity() >>>>>> .negotiationType(NegotiationType.TLS) >>>>>> .sslContext(sslContext) >>>>>> .intercept(interceptor) >>>>>> .build(); >>>>>> >>>>>> >>>>>> *ClientInterceptor Code:* >>>>>> >>>>>> public <ReqT, RespT> ClientCall<ReqT, RespT> >>>>>> interceptCall(MethodDescriptor<ReqT, RespT> methodDescriptor, CallOptions >>>>>> callOptions, Channel channel) { >>>>>> return new ForwardingClientCall.SimpleForwardingClientCall<ReqT, >>>>>> RespT>(channel.newCall(methodDescriptor, callOptions)) { >>>>>> @Override >>>>>> public void start(Listener<RespT> responseListener, Metadata headers) >>>>>> { >>>>>> //callOptions.withCallCredentials(credentials); >>>>>> Metadata.Key<String> usernameKey = Metadata.Key.of("userid", >>>>>> Metadata.ASCII_STRING_MARSHALLER); >>>>>> headers.put(usernameKey, user); >>>>>> Metadata.Key<String> passwordKey = Metadata.Key.of("password", >>>>>> Metadata.ASCII_STRING_MARSHALLER); >>>>>> headers.put(passwordKey, pass); >>>>>> super.start(responseListener, headers); >>>>>> } >>>>>> }; >>>>>> } >>>>>> >>>>>> >>>>>> >>>>>> On Tuesday, January 15, 2019 at 4:09:39 PM UTC-5, Kishore Ganipineni >>>>>> wrote: >>>>>>> >>>>>>> SSL/TLS Authentication of gRPC using root.pem file and username & >>>>>>> password at client side. >>>>>>> >>>>>>> To Authenticate the gRPC server using root pem certificate file and >>>>>>> credentials in C++ we have a facility to provide both options from >>>>>>> client >>>>>>> like below. >>>>>>> >>>>>>> pem file setup using environment variable option (C++): >>>>>>> >>>>>>> setenv("GRPC_DEFAULT_SSL_ROOTS_FILE_PATH", fileBuff1, true); >>>>>>> sprintf(setSecBuff, "chmod 777 %s", fileBuff1); >>>>>>> system(setSecBuff); >>>>>>> Creating Channel Using ssl options(keyPassword if any): >>>>>>> >>>>>>> SslCredentialsOptions ssl_opts; >>>>>>> TelemAsyncClient >>>>>>> telemAsyncClient(grpc::CreateChannel(std::string(hostIpStr), >>>>>>> grpc::SslCredentials(ssl_opts), ChannelArguments())); >>>>>>> Passing credentials using ClientContext(C++): >>>>>>> >>>>>>> ClientContext context; >>>>>>> CompletionQueue cq; >>>>>>> Status status; >>>>>>> >>>>>>> context.AddMetadata("username", userid); >>>>>>> context.AddMetadata("password", password); >>>>>>> >>>>>>> >>>>>>> // Print Populated GetRequest >>>>>>> printGetRequest(&getReq); >>>>>>> std::unique_ptr<ClientAsyncResponseReader<GetResponse> > >>>>>>> rpc(stub_->AsyncGet(&context, getReq, &cq)); >>>>>>> In java we have facility to pass the pem file but how to pass the >>>>>>> credentials? Java code to pass pem file: ============================ >>>>>>> >>>>>>> ManagedChannel channel = NettyChannelBuilder.forAddress(ip, port) >>>>>>> .useTransportSecurity() >>>>>>> .negotiationType(NegotiationType.TLS) >>>>>>> .sslContext(GrpcSslContexts.forClient() >>>>>>> .trustManager(new File("<path>/test.pem")) >>>>>>> .clientAuth(ClientAuth.REQUIRE) >>>>>>> .build()) >>>>>>> .overrideAuthority("test") >>>>>>> .build(); >>>>>>> Tried to set the credentials using CallCredentials and >>>>>>> ClientInterceptor options but none of the worked. Server side Username >>>>>>> is >>>>>>> not receiving. Hence getting io.grpc.StatusRuntimeException: >>>>>>> UNAUTHENTICATED exception. >>>>>>> >>>>>>> CallCredentials Tried: >>>>>>> >>>>>>> OpenConfigGrpc.OpenConfigBlockingStub blockingStub = >>>>>>> OpenConfigGrpc.newBlockingStub(channel).withCallCredentials(credentials); >>>>>>> >>>>>>> public void applyRequestMetadata(MethodDescriptor<?, ?> >>>>>>> methodDescriptor, Attributes attributes, Executor executor, final >>>>>>> MetadataApplier metadataApplier) { >>>>>>> String authority = attributes.get(ATTR_AUTHORITY); >>>>>>> Attributes.Key<String> usernameKey = >>>>>>> Attributes.Key.of("userId"); >>>>>>> Attributes.Key<String> passwordKey = >>>>>>> Attributes.Key.of("password"); >>>>>>> attributes.newBuilder().set(usernameKey, username).build(); >>>>>>> attributes.newBuilder().set(passwordKey, pasfhocal).build(); >>>>>>> System.out.println(authority); >>>>>>> executor.execute(new Runnable() { >>>>>>> public void run() { >>>>>>> try { >>>>>>> Metadata headers = new Metadata(); >>>>>>> Metadata.Key<String> usernameKey = >>>>>>> Metadata.Key.of("userId", Metadata.ASCII_STRING_MARSHALLER); >>>>>>> Metadata.Key<String> passwordKey = >>>>>>> Metadata.Key.of("password", Metadata.ASCII_STRING_MARSHALLER); >>>>>>> headers.put(usernameKey, username); >>>>>>> headers.put(passwordKey, pasfhocal); >>>>>>> metadataApplier.apply(headers); >>>>>>> } catch (Exception e) { >>>>>>> >>>>>>> metadataApplier.fail(Status.UNAUTHENTICATED.withCause(e)); >>>>>>> e.printStackTrace(); >>>>>>> }finally{ >>>>>>> logger.info("Inside CienaCallCredentials >>>>>>> finally."); >>>>>>> } >>>>>>> } >>>>>>> }); >>>>>>> } >>>>>>> Interceptors Tried: >>>>>>> >>>>>>> OpenConfigGrpc.OpenConfigBlockingStub blockingStub = >>>>>>> OpenConfigGrpc.newBlockingStub(channel).withInterceptors(interceptors); >>>>>>> >>>>>>> public <ReqT, RespT> ClientCall<ReqT, RespT> >>>>>>> interceptCall(MethodDescriptor<ReqT, RespT> methodDescriptor, >>>>>>> CallOptions >>>>>>> callOptions, Channel channel) { >>>>>>> return new >>>>>>> ForwardingClientCall.SimpleForwardingClientCall<ReqT, >>>>>>> RespT>(channel.newCall(methodDescriptor, callOptions)) { >>>>>>> @Override >>>>>>> public void start(Listener<RespT> responseListener, >>>>>>> Metadata headers) { >>>>>>> callOptions.withCallCredentials(credentials); >>>>>>> Metadata.Key<String> usernameKey = >>>>>>> Metadata.Key.of("usernId", Metadata.ASCII_STRING_MARSHALLER); >>>>>>> headers.put(usernameKey, username); >>>>>>> Metadata.Key<String> passwordKey = >>>>>>> Metadata.Key.of("password", Metadata.ASCII_STRING_MARSHALLER); >>>>>>> headers.put(passwordKey, pasfhocal); >>>>>>> super.start(responseListener, headers); >>>>>>> } >>>>>>> }; >>>>>>> } >>>>>>> Much appreciated your help if some can help on this how to >>>>>>> authenticate gRPC using root.pem file and username and password. >>>>>>> >>>>>>> Thanks in Advance, Kishore >>>>>>> >>>>>>> -- >>>>>> You received this message because you are subscribed to a topic in >>>>>> the Google Groups "grpc.io" group. >>>>>> To unsubscribe from this topic, visit >>>>>> https://groups.google.com/d/topic/grpc-io/ZB2bwPCxOHI/unsubscribe. >>>>>> To unsubscribe from this group and all its topics, send an email to >>>>>> [email protected]. >>>>>> To post to this group, send email to [email protected]. >>>>>> Visit this group at https://groups.google.com/group/grpc-io. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/d/msgid/grpc-io/79f3ee80-8a44-400e-a3cf-ce10f7312fbe%40googlegroups.com >>>>>> <https://groups.google.com/d/msgid/grpc-io/79f3ee80-8a44-400e-a3cf-ce10f7312fbe%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> -- > You received this message because you are subscribed to a topic in the > Google Groups "grpc.io" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/grpc-io/ZB2bwPCxOHI/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/grpc-io. > To view this discussion on the web visit > https://groups.google.com/d/msgid/grpc-io/02bc3504-8600-43c5-9e80-bce9938a4382%40googlegroups.com > <https://groups.google.com/d/msgid/grpc-io/02bc3504-8600-43c5-9e80-bce9938a4382%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/CA%2BPad6h8scBeRbiWsfBz9W5672gEQeNCOc%3D1pVyhjqTiKaok7Q%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
