HI Community Folks, Is anyone having any inputs about this ves-java library certificate issue for sending HTTPS request to collector ?
Regards, ________________________________________________________ Velugubantla Praveen Engineer - Non-Media Solutions Communications & Media L&T TECHNOLOGY SERVICES LIMITED L3 Building, Manyata Embassy Business Park, Nagawara Hobli, Bengaluru-560045 ________________________________________________________ Mobile: +91 9154111420 www.LTTS.com<http://www.ltts.com/> [cid:df6331b3-1730-4fa3-901c-97b5d3eea117] ________________________________ From: [email protected] <[email protected]> on behalf of Velugubantla Praveen via lists.onap.org <[email protected]> Sent: Tuesday, December 22, 2020 6:37 PM To: [email protected] <[email protected]>; FREEMAN, BRIAN D <[email protected]>; [email protected] <[email protected]>; LOVETT, TREVOR J <[email protected]>; VENKATESH KUMAR, VIJAY <[email protected]> Cc: JOMY JOSE <[email protected]>; Naveen S. Sankad <[email protected]> Subject: Re: [onap-discuss] #ves Exception while sending https request to ves-collector(Frankfurt)-SSLHandshakeException. What are the certificates to be added? Hi Brian & all, We are trying to send a VES7 notification request to the ves-collector from a simulator. I had taken the available VES-JAVA_Library from (vnfsdk-ves-agent<https://ind01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fonap%2Fvnfsdk-ves-agent&data=04%7C01%7Cvelugubantla.praveen%40ltts.com%7C09452d6c04a94a2f8a7108d8a67aa103%7C311b33788e8a4b5ea33fe80a3d8ba60a%7C0%7C0%7C637442392921544100%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=eeacmBglOgYbvUmx9mQzWDvnm0JrhI%2BEroCaLMwWKQ4%3D&reserved=0>) repo and just modified the Main.Java required according to my request but the underlying evel library is same not even changed a line. For http connection, I can successfully send the ves-notification request but only after enabling the ves-collector pod for http. Now I am trying to the same with https, but I didn't find the certificate related info. Can someone please give your suggestions to make the HTTPS working with the available evel_java_library. Thanks in Advance. Regards, Praveen V *********** CURRENT ERROR TRACE *************** 788 [Thread-0] ERROR evel_javalibrary.att.com.AgentMain - SSL/TLS connection error 1248 [Thread-0] ERROR evel_javalibrary.att.com.AgentMain - Exception during POST javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:350) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:293) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:288) at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1356) at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1231) at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1174) at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392) at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422) at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:183) at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:171) at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1408) at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1314) at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:440) at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:411) at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:567) at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) at java.base/sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1367) at java.base/sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1342) at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:246) at evel_javalibrary.att.com.AgentMain.doPost(AgentMain.java:176) at evel_javalibrary.att.com.AgentMain.sendObjectWithReturn(AgentMain.java:441) at evel_javalibrary.att.com.AgentMain$AgentDispatcher.sendObject(AgentMain.java:121) at evel_javalibrary.att.com.AgentMain$AgentDispatcher.run(AgentMain.java:146) at java.base/java.lang.Thread.run(Thread.java:834) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) at java.base/sun.security.validator.Validator.validate(Validator.java:264) at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313) at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:222) at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129) at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1340) ... 21 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ... 27 more 1251 [Thread-0] TRACE evel_javalibrary.att.com.AgentMain - https://20.0.0.31:30417/eventListener/v7Got an event size second collector 1014 1251 [Thread-0] TRACE evel_javalibrary.att.com.AgentMain - {"event":{"commonEventHeader":{"vesEventListenerVersion":"7.1","domain":"notification","eventId":"FileReady_1797490e-10ae-4d48-9ea7-3d7d790b25e1","eventName":"notifyFileReady","lastEpochMicrosec":191198530486,"priority":"Normal","reportingEntityName":"Praveen_System","sequence":1000,"sourceName":"Praveen_System","startEpochMicrosec":0,"version":"4.1","reportingEntityId":"F48E38B27428","sourceId":"F48E38B27428","eventType":"Perf management","nfcNamingCode":"NfcNamingCode","nfNamingCode":"NfNamingCode","nfVendorName":"nfVendorName","timeZoneOffset":"UTC-5:30"},"notificationFields":{"changeIdentifier":"PM_MEAS_FILES","changeType":"fileReady","notificationFieldsVersion":"2.0","stateInterface":"StateChange","arrayOfNamedHashMap":[{"name":"B20202212.1630+05:30-1631+05:30_AMFJob9_S-NSSAI.xml","hashMap":{"location":"sftp://admin:[email protected]:22/pm_directory/B20202212.1630+05:30-1631+05:30_AMFJob9_S-NSSAI.xml","fileFormatType":"org.3GPP.32.435#measCollec","fileFormatVersion":"V10","compression":"gzip"}}]}}} 1260 [Thread-0] ERROR evel_javalibrary.att.com.AgentMain - SSL/TLS connection error 1295 [Thread-0] TRACE evel_javalibrary.att.com.AgentMain - https://20.0.0.31:30417/eventListener/v7Connection HTTP Response code :0 1295 [Thread-0] TRACE evel_javalibrary.att.com.AgentMain - https://20.0.0.31:30417/eventListener/v7 **INFO** Regards, ________________________________________________________ Velugubantla Praveen Engineer - Non-Media Solutions Communications & Media L&T TECHNOLOGY SERVICES LIMITED L3 Building, Manyata Embassy Business Park, Nagawara Hobli, Bengaluru-560045 ________________________________________________________ Mobile: +91 9154111420 www.LTTS.com<https://ind01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.ltts.com%2F&data=04%7C01%7Cvelugubantla.praveen%40ltts.com%7C09452d6c04a94a2f8a7108d8a67aa103%7C311b33788e8a4b5ea33fe80a3d8ba60a%7C0%7C0%7C637442392921544100%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=SKUT%2BXNbNg3zBFxnpGrxs%2BXvZBA6kmgM2DX9aFtg2uc%3D&reserved=0> [cid:bc4e3338-5572-4460-b5ef-51098aebc189] ________________________________ From: [email protected] <[email protected]> on behalf of Brian Freeman via lists.onap.org <[email protected]> Sent: Thursday, May 7, 2020 5:07 PM To: [email protected] <[email protected]>; FREEMAN, BRIAN D <[email protected]>; [email protected] <[email protected]> Subject: Re: [onap-discuss] #ves Exception while sending https request to ves-collector(Frankfurt)-SSLHandshakeException. What are the certificates to be added? https://gerrit.onap.org/r/gitweb?p=demo.git;a=blob;f=vnfs/VESreporting_vFW5.0/vpp_measurement_reporter.c;h=123d50364f3ccb3faa8d100f7fb80e43eb116a1d;hb=refs/heads/master From: [email protected] <[email protected]> On Behalf Of FREEMAN, BRIAN D Sent: Thursday, May 7, 2020 7:35 AM To: [email protected]; [email protected] Subject: Re: [onap-discuss] #ves Exception while sending https request to ves-collector(Frankfurt)-SSLHandshakeException. What are the certificates to be added? ***Security Advisory: This Message Originated Outside of AT&T *** Reference http://cso.att.com/EmailSecurity/IDSP.html<https://ind01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcso.att.com%2FEmailSecurity%2FIDSP.html&data=04%7C01%7Cvelugubantla.praveen%40ltts.com%7C09452d6c04a94a2f8a7108d8a67aa103%7C311b33788e8a4b5ea33fe80a3d8ba60a%7C0%7C0%7C637442392921554097%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Uk%2BSQzpaU8QY7y4PYKwHOdHgaaY8hmX9sjr%2B5Poh5M0%3D&reserved=0> for more information. See the example VESreporting 5.0 for vFWCL or vFWCLDN sample1:sample1 I believe are the default credentials. Brian From: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> On Behalf Of niranjana.y60 via lists.onap.org Sent: Thursday, May 7, 2020 7:27 AM To: FREEMAN, BRIAN D <[email protected]<mailto:[email protected]>>; [email protected]<mailto:[email protected]> Subject: Re: [onap-discuss] #ves Exception while sending https request to ves-collector(Frankfurt)-SSLHandshakeException. What are the certificates to be added? Hi Brian, Thanks for you response. I am able to establish SSL connection but I am getting 401 unauthorized exception while sending https request to ves. Is there any particular userName and password I should use in the authorization header before sending request? Below are the logs in in dcae-ves-collector pod when I send request: 2020-05-07 10:37:42 INFO SubjectDN didn't match with any regexp from /opt/app/VESCollector/etc/certSubjectMatcher.properties 2020-05-07 10:37:42 ERROR EVENT_RECEIPT_FAILURE: Unauthorized user 2020-05-07 10:37:42 INFO SubjectDN didn't match with any regexp from /opt/app/VESCollector/etc/certSubjectMatcher.properties 2020-05-07 10:37:42 ERROR EVENT_RECEIPT_FAILURE: Unauthorized user Regards, Niranjana L&T Technology Services Ltd www.LTTS.com L&T Technology Services Limited (LTTS) is committed to safeguard your data privacy. For more information to view our commitment towards data privacy under GDPR, please visit the privacy policy on our website www.Ltts.com. This Email may contain confidential or privileged information for the intended recipient (s). If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. L&T Technology Services Ltd www.LTTS.com L&T Technology Services Limited (LTTS) is committed to safeguard your data privacy. For more information to view our commitment towards data privacy under GDPR, please visit the privacy policy on our website www.Ltts.com. This Email may contain confidential or privileged information for the intended recipient (s). If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. L&T Technology Services Ltd www.LTTS.com L&T Technology Services Limited (LTTS) is committed to safeguard your data privacy. For more information to view our commitment towards data privacy under GDPR, please visit the privacy policy on our website www.Ltts.com. This Email may contain confidential or privileged information for the intended recipient (s). If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#22677): https://lists.onap.org/g/onap-discuss/message/22677 Mute This Topic: https://lists.onap.org/mt/73330751/21656 Mute #ves:https://lists.onap.org/g/onap-discuss/mutehashtag/ves Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
