[
https://issues.apache.org/jira/browse/ARTEMIS-5219?focusedWorklogId=948951&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-948951
]
ASF GitHub Bot logged work on ARTEMIS-5219:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 18/Dec/24 13:21
Start Date: 18/Dec/24 13:21
Worklog Time Spent: 10m
Work Description: lavocatt commented on code in PR #5407:
URL: https://github.com/apache/activemq-artemis/pull/5407#discussion_r1890230376
##########
artemis-cli/src/main/java/org/apache/activemq/artemis/cli/commands/TokenReview.java:
##########
@@ -0,0 +1,69 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.activemq.artemis.cli.commands;
+
+import
org.apache.activemq.artemis.spi.core.security.jaas.kubernetes.client.KubernetesClient;
+import
org.apache.activemq.artemis.spi.core.security.jaas.kubernetes.client.KubernetesClientImpl;
+import picocli.CommandLine;
+
[email protected](name = "token-review", description = "Perform a
kubernetes token review")
+public class TokenReview extends InputAbstract {
+
+ @Override
+ public Object execute(ActionContext context) throws Exception {
+ super.execute(context);
+
+ context.out.println();
+ String kubeHost = input("--kube-host", "What is the cluster host?",
"api.crc.testing");
+ String kubeport = input("--kube-port", "What is the cluster port?",
"6443");
+ String tokenpath = input("--token-path", "What is the token path?",
"/var/run/secrets/kubernetes.io/serviceaccount/token");
+ String capath = input("--ca-path", "What is the ca path?",
"/var/run/secrets/kubernetes.io/serviceaccount/ca.crt");
Review Comment:
I wouldn't consider the CLI command a must have, but I figured that it would
be nice to have an easy way to determine if an openshift config is correctly
working or not. I'm not against removing it if you think it shouldn't be there.
Issue Time Tracking
-------------------
Worklog Id: (was: 948951)
Time Spent: 1h 10m (was: 1h)
> The KubernetesClientImpl doesn't load all the certificates from OpenShift
> correctly leading to tls issues while requesting a token review
> -----------------------------------------------------------------------------------------------------------------------------------------
>
> Key: ARTEMIS-5219
> URL: https://issues.apache.org/jira/browse/ARTEMIS-5219
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Components: JAAS
> Reporter: Thomas Lavocat
> Assignee: Thomas Lavocat
> Priority: Major
> Labels: pull-request-available
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> Requesting a token review from within a pod in OpenShift is throwing a TLS
> error (see the exception below).
> The fix consists in loading all cert certificates from the `ca.crt` file
> OpenShift is providing instead of only one of cert available certs from the
> file.
> {quote}oad of:
> PropsFile=/amq/extra/secrets/custom-jaas-config/k8s-roles.properties loaded
> roles: {kubeadmin=[admin]} Loading client authentication token from
> /var/run/secrets/kubernetes.io/serviceaccount/token Loaded client
> authentication token from /var/run/secrets/kubernetes.io/serviceaccount/token
> Submit TokenReview request to Kubernetes API Unable to request ReviewToken
> javax.net.ssl.SSLHandshakeException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target at
> java.net.http/jdk.internal.net.http.HttpClientImpl.send(HttpClientImpl.java:579)
> ~[?:?] at
> java.net.http/jdk.internal.net.http.HttpClientFacade.send(HttpClientFacade.java:123)
> ~[?:?] at
> org.apache.activemq.artemis.spi.core.security.jaas.kubernetes.client.KubernetesClientImpl.getTokenReview(KubernetesClientImpl.java:117)
> ~[artemis-server-2.38.0.jar:2.38.0] at
> org.apache.activemq.artemis.spi.core.security.jaas.KubernetesLoginModule.login(KubernetesLoginModule.java:102)
> ~[artemis-server-2.38.0.jar:2.38.0] at
> java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
> ~[?:?] at
> java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:679)
> ~[?:?] at
> java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:677)
> ~[?:?] at
> java.base/java.security.AccessController.doPrivileged(AccessController.java:712)
> [?:?] at
> java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:677)
> [?:?] at
> java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:587)
> [?:?] at io.hawt.system.JaasAuthenticator.login(JaasAuthenticator.java:108)
> [hawtio-system-2.17.7.jar:2.17.7] at
> io.hawt.system.JaasAuthenticator.doAuthenticate(JaasAuthenticator.java:82)
> [hawtio-system-2.17.7.jar:2.17.7] at
> io.hawt.system.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:72)
> [hawtio-system-2.17.7.jar:2.17.7] at
> io.hawt.system.AuthenticationManager.authenticate(AuthenticationManager.java:43)
> [hawtio-system-2.17.7.jar:2.17.7] at
> io.hawt.web.auth.AuthenticationFilter.doFilter(AuthenticationFilter.java:79)
> [hawtio-system-2.17.7.jar:2.17.7] at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
> [jetty-servlet-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
> [jetty-servlet-10.0.24.jar:10.0.24] at
> io.hawt.web.filters.HttpHeaderFilter.doFilter(HttpHeaderFilter.java:46)
> [hawtio-system-2.17.7.jar:2.17.7] at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
> [jetty-servlet-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
> [jetty-servlet-10.0.24.jar:10.0.24] at
> io.hawt.web.filters.HttpHeaderFilter.doFilter(HttpHeaderFilter.java:46)
> [hawtio-system-2.17.7.jar:2.17.7] at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
> [jetty-servlet-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
> [jetty-servlet-10.0.24.jar:10.0.24] at
> io.hawt.web.filters.HttpHeaderFilter.doFilter(HttpHeaderFilter.java:46)
> [hawtio-system-2.17.7.jar:2.17.7] at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
> [jetty-servlet-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
> [jetty-servlet-10.0.24.jar:10.0.24] at
> io.hawt.web.filters.HttpHeaderFilter.doFilter(HttpHeaderFilter.java:46)
> [hawtio-system-2.17.7.jar:2.17.7] at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
> [jetty-servlet-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
> [jetty-servlet-10.0.24.jar:10.0.24] at
> io.hawt.web.filters.HttpHeaderFilter.doFilter(HttpHeaderFilter.java:46)
> [hawtio-system-2.17.7.jar:2.17.7] at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
> [jetty-servlet-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
> [jetty-servlet-10.0.24.jar:10.0.24] at
> io.hawt.web.filters.HttpHeaderFilter.doFilter(HttpHeaderFilter.java:46)
> [hawtio-system-2.17.7.jar:2.17.7] at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
> [jetty-servlet-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
> [jetty-servlet-10.0.24.jar:10.0.24] at
> io.hawt.web.filters.HttpHeaderFilter.doFilter(HttpHeaderFilter.java:46)
> [hawtio-system-2.17.7.jar:2.17.7] at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
> [jetty-servlet-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
> [jetty-servlet-10.0.24.jar:10.0.24] at
> io.hawt.web.filters.HttpHeaderFilter.doFilter(HttpHeaderFilter.java:46)
> [hawtio-system-2.17.7.jar:2.17.7] at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
> [jetty-servlet-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
> [jetty-servlet-10.0.24.jar:10.0.24] at
> io.hawt.web.filters.HttpHeaderFilter.doFilter(HttpHeaderFilter.java:46)
> [hawtio-system-2.17.7.jar:2.17.7] at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
> [jetty-servlet-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
> [jetty-servlet-10.0.24.jar:10.0.24] at
> io.hawt.web.auth.SessionExpiryFilter.process(SessionExpiryFilter.java:107)
> [hawtio-system-2.17.7.jar:2.17.7] at
> io.hawt.web.auth.SessionExpiryFilter.doFilter(SessionExpiryFilter.java:60)
> [hawtio-system-2.17.7.jar:2.17.7] at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:210)
> [jetty-servlet-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
> [jetty-servlet-10.0.24.jar:10.0.24] at
> org.apache.activemq.artemis.component.JolokiaFilter.doFilter(JolokiaFilter.java:50)
> [artemis-web-2.38.0.jar:2.38.0] at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
> [jetty-servlet-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
> [jetty-servlet-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:527)
> [jetty-servlet-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131)
> [jetty-server-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:598)
> [jetty-security-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
> [jetty-server-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223)
> [jetty-server-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1580)
> [jetty-server-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221)
> [jetty-server-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1384)
> [jetty-server-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176)
> [jetty-server-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484)
> [jetty-servlet-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1553)
> [jetty-server-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174)
> [jetty-server-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1306)
> [jetty-server-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129)
> [jetty-server-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:51)
> [jetty-server-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
> [jetty-server-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.server.Server.handle(Server.java:563)
> [jetty-server-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.server.HttpChannel$RequestDispatchable.dispatch(HttpChannel.java:1598)
> [jetty-server-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:753)
> [jetty-server-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:501)
> [jetty-server-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:287)
> [jetty-server-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314)
> [jetty-io-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
> [jetty-io-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)
> [jetty-io-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:969)
> [jetty-util-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1194)
> [jetty-util-10.0.24.jar:10.0.24] at
> org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1149)
> [jetty-util-10.0.24.jar:10.0.24] at
> java.base/java.lang.Thread.run(Thread.java:840) [?:?] Caused by:
> javax.net.ssl.SSLHandshakeException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target at
> java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at
> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:383)
> ~[?:?] at
> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:326)
> ~[?:?] at
> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
> ~[?:?] at
> java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1351)
> ~[?:?] at
> java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1226)
> ~[?:?] at
> java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1169)
> ~[?:?] at
> java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?]
> at
> java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
> ~[?:?] at
> java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277)
> ~[?:?] at
> java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264)
> ~[?:?] at
> java.base/java.security.AccessController.doPrivileged(AccessController.java:712)
> [?:?] at
> java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209)
> ~[?:?] at java.base/java.util.ArrayList.forEach(ArrayList.java:1511) ~[?:?]
> at
> java.net.http/jdk.internal.net.http.common.SSLFlowDelegate.lambda$executeTasks$3(SSLFlowDelegate.java:1132)
> ~[?:?] at
> java.net.http/jdk.internal.net.http.HttpClientImpl$DelegatingExecutor.execute(HttpClientImpl.java:158)
> ~[?:?] at
> java.net.http/jdk.internal.net.http.common.SSLFlowDelegate.executeTasks(SSLFlowDelegate.java:1127)
> ~[?:?] at
> java.net.http/jdk.internal.net.http.common.SSLFlowDelegate.doHandshake(SSLFlowDelegate.java:1093)
> ~[?:?] at
> java.net.http/jdk.internal.net.http.common.SSLFlowDelegate$Reader.processData(SSLFlowDelegate.java:498)
> ~[?:?] at
> java.net.http/jdk.internal.net.http.common.SSLFlowDelegate$Reader$ReaderDownstreamPusher.run(SSLFlowDelegate.java:282)
> ~[?:?] at
> java.net.http/jdk.internal.net.http.common.SequentialScheduler$LockingRestartableTask.run(SequentialScheduler.java:205)
> ~[?:?] at
> java.net.http/jdk.internal.net.http.common.SequentialScheduler$CompleteRestartableTask.run(SequentialScheduler.java:149)
> ~[?:?] at
> java.net.http/jdk.internal.net.http.common.SequentialScheduler$TryEndDeferredCompleter.complete(SequentialScheduler.java:347)
> ~[?:?] at
> java.net.http/jdk.internal.net.http.common.SequentialScheduler$CompleteRestartableTask.run(SequentialScheduler.java:151)
> ~[?:?] at
> java.net.http/jdk.internal.net.http.common.SequentialScheduler$SchedulableTask.run(SequentialScheduler.java:230)
> ~[?:?] at
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
> ~[?:?] at
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
> ~[?:?] ... 1 more Caused by: sun.security.validator.ValidatorException: PKIX
> path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target at
> java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
> ~[?:?] at
> java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
> ~[?:?] at
> java.base/sun.security.validator.Validator.validate(Validator.java:264)
> ~[?:?] at
> java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285)
> ~[?:?] at
> java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144)
> ~[?:?] at
> java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1329)
> ~[?:?] at
> java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1226)
> ~[?:?] at
> java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1169)
> ~[?:?] at
> java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?]
> at
> java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
> ~[?:?] at
> java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277)
> ~[?:?] at
> java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264)
> ~[?:?] at
> java.base/java.security.AccessController.doPrivileged(AccessController.java:712)
> ~[?:?] at
> java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209)
> ~[?:?] at java.base/java.util.ArrayList.forEach(ArrayList.java:1511) ~[?:?]
> at
> java.net.http/jdk.internal.net.http.common.SSLFlowDelegate.lambda$executeTasks$3(SSLFlowDelegate.java:1132)
> ~[?:?] at
> java.net.http/jdk.internal.net.http.HttpClientImpl$DelegatingExecutor.execute(HttpClientImpl.java:158)
> ~[?:?] at
> java.net.http/jdk.internal.net.http.common.SSLFlowDelegate.executeTasks(SSLFlowDelegate.java:1127)
> ~[?:?] at
> java.net.http/jdk.internal.net.http.common.SSLFlowDelegate.doHandshake(SSLFlowDelegate.java:1093)
> ~[?:?] at
> java.net.http/jdk.internal.net.http.common.SSLFlowDelegate$Reader.processData(SSLFlowDelegate.java:498)
> ~[?:?] at
> java.net.http/jdk.internal.net.http.common.SSLFlowDelegate$Reader$ReaderDownstreamPusher.run(SSLFlowDelegate.java:282)
> ~[?:?] at
> java.net.http/jdk.internal.net.http.common.SequentialScheduler$LockingRestartableTask.run(SequentialScheduler.java:205)
> ~[?:?] at
> java.net.http/jdk.internal.net.http.common.SequentialScheduler$CompleteRestartableTask.run(SequentialScheduler.java:149)
> ~[?:?] at
> java.net.http/jdk.internal.net.http.common.SequentialScheduler$TryEndDeferredCompleter.complete(SequentialScheduler.java:347)
> ~[?:?] at
> java.net.http/jdk.internal.net.http.common.SequentialScheduler$CompleteRestartableTask.run(SequentialScheduler.java:151)
> ~[?:?] at
> java.net.http/jdk.internal.net.http.common.SequentialScheduler$SchedulableTask.run(SequentialScheduler.java:230)
> ~[?:?] at
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
> ~[?:?] at
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
> ~[?:?] ... 1 more Caused by:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target at
> java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:148)
> ~[?:?] at
> java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:129)
> ~[?:?] at
> java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
> ~[?:?] at
> java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
> ~[?:?] at
> java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
> ~[?:?] at
> java.base/sun.security.validator.Validator.validate(Validator.java:264)
> ~[?:?] at
> java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285)
> ~[?:?] at
> java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144)
> ~[?:?] at
> java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1329)
> ~[?:?] at
> java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1226)
> ~[?:?] at
> java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1169)
> ~[?:?] at
> java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?]
> at
> java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
> ~[?:?] at
> java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277)
> ~[?:?] at
> java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264)
> ~[?:?] at
> java.base/java.security.AccessController.doPrivileged(AccessController.java:712)
> ~[?:?] at
> java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209)
> ~[?:?] at java.base/java.util.ArrayList.forEach(ArrayList.java:1511) ~[?:?]
> at
> java.net.http/jdk.internal.net.http.common.SSLFlowDelegate.lambda$executeTasks$3(SSLFlowDelegate.java:1132)
> ~[?:?] at
> java.net.http/jdk.internal.net.http.HttpClientImpl$DelegatingExecutor.execute(HttpClientImpl.java:158)
> ~[?:?] at
> java.net.http/jdk.internal.net.http.common.SSLFlowDelegate.executeTasks(SSLFlowDelegate.java:1127)
> ~[?:?] at
> java.net.http/jdk.internal.net.http.common.SSLFlowDelegate.doHandshake(SSLFlowDelegate.java:1093)
> ~[?:?] at
> java.net.http/jdk.internal.net.http.common.SSLFlowDelegate$Reader.processData(SSLFlowDelegate.java:498)
> ~[?:?] at
> java.net.http/jdk.internal.net.http.common.SSLFlowDelegate$Reader$ReaderDownstreamPusher.run(SSLFlowDelegate.java:282)
> ~[?:?] at
> java.net.http/jdk.internal.net.http.common.SequentialScheduler$LockingRestartableTask.run(SequentialScheduler.java:205)
> ~[?:?] at
> java.net.http/jdk.internal.net.http.common.SequentialScheduler$CompleteRestartableTask.run(SequentialScheduler.java:149)
> ~[?:?] at
> java.net.http/jdk.internal.net.http.common.SequentialScheduler$TryEndDeferredCompleter.complete(SequentialScheduler.java:347)
> ~[?:?] at
> java.net.http/jdk.internal.net.http.common.SequentialScheduler$CompleteRestartableTask.run(SequentialScheduler.java:151)
> ~[?:?] at
> java.net.http/jdk.internal.net.http.common.SequentialScheduler$SchedulableTask.run(SequentialScheduler.java:230)
> ~[?:?] at
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
> ~[?:?] at
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
> ~[?:?] ... 1 more{quote}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
