Praveen, You can see an example of setting the path to the caFile in the DANOS VES collector (among others). In that example VNF we pass the caFile full path as a parameter to the vpp-measurement-reporter at startup. The onap-ca.crt is in the demo repository - usually with each VNF to make packaging easier.
Brian [demo.git] / vnfs / VESreporting_vFW5.0_DANOS / https://gerrit.onap.org/r/gitweb?p=demo.git;a=blob;f=vnfs/VESreporting_vFW5.0_DANOS/vpp-measurement-reporter-danos.c;h=eb74660c428b889d1f9ecfae3a2ea98ab40306d5;hb=refs/heads/master 75 char* fqdn = argv[1]; 76 int port = atoi(argv[2]); 77 char* caFile = "/opt/VES/config/onap-ca.crt"; /**************************************************************************/ 106 /* Initialize */ 107 /**************************************************************************/ 108 if(evel_initialize(fqdn, /* FQDN */ 109 port, /* Port */ 110 fqdn2, /* Backup FQDN */ 111 port2, /* Backup port */ 112 NULL, /* optional path */ 113 NULL, /* optional topic */ 114 100, /* Ring Buffer size */ 115 1, /* HTTPS? */ 116 NULL, /* cert file */ 117 NULL, /* key file */ 118 caFile, /* ca file */ 119 NULL, /* ca directory */ 120 0, /* verify peer */ 121 0, /* verify host */ 122 userName, /* Username */ 123 passWord, /* Password */ 124 "sample1", /* Username2 */ 125 "sample1", /* Password2 */ 126 NULL, /* Source ip */ 127 NULL, /* Source ip2 */ 128 EVEL_SOURCE_VIRTUAL_MACHINE, /* Source type */ 129 "vFirewall", /* Role */ 130 1)) /* Verbosity */ 131 From: [email protected] <[email protected]> On Behalf Of Velugubantla Praveen Sent: Wednesday, December 23, 2020 11:21 PM To: [email protected]; FREEMAN, BRIAN D <[email protected]>; [email protected]; LOVETT, TREVOR J <[email protected]>; VENKATESH KUMAR, VIJAY <[email protected]> Cc: JOMY JOSE <[email protected]>; Naveen S. Sankad <[email protected]> Subject: Re: [onap-discuss] #ves Exception while sending https request to ves-collector(Frankfurt)-SSLHandshakeException. What are the certificates to be added? HI Community Folks, Is anyone having any inputs about this ves-java library certificate issue for sending HTTPS request to collector ? Regards, ________________________________________________________ Velugubantla Praveen Engineer - Non-Media Solutions Communications & Media L&T TECHNOLOGY SERVICES LIMITED L3 Building, Manyata Embassy Business Park, Nagawara Hobli, Bengaluru-560045 ________________________________________________________ Mobile: +91 9154111420 www.LTTS.com<https://urldefense.com/v3/__http:/www.ltts.com/__;!!BhdT!zLwe2oMj9y6QnGEL9S37ZcLqlyvpix3Q3yewgl4qWnYq_ii_ZkPP-bBvwH6ildU$> [cid:[email protected]] ________________________________ From: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> on behalf of Velugubantla Praveen via lists.onap.org <[email protected]<mailto:[email protected]>> Sent: Tuesday, December 22, 2020 6:37 PM To: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>>; FREEMAN, BRIAN D <[email protected]<mailto:[email protected]>>; [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>>; LOVETT, TREVOR J <[email protected]<mailto:[email protected]>>; VENKATESH KUMAR, VIJAY <[email protected]<mailto:[email protected]>> Cc: JOMY JOSE <[email protected]<mailto:[email protected]>>; Naveen S. Sankad <[email protected]<mailto:[email protected]>> Subject: Re: [onap-discuss] #ves Exception while sending https request to ves-collector(Frankfurt)-SSLHandshakeException. What are the certificates to be added? Hi Brian & all, We are trying to send a VES7 notification request to the ves-collector from a simulator. I had taken the available VES-JAVA_Library from (vnfsdk-ves-agent<https://urldefense.com/v3/__https:/ind01.safelinks.protection.outlook.com/?url=https*3A*2F*2Fgithub.com*2Fonap*2Fvnfsdk-ves-agent&data=04*7C01*7Cvelugubantla.praveen*40ltts.com*7C09452d6c04a94a2f8a7108d8a67aa103*7C311b33788e8a4b5ea33fe80a3d8ba60a*7C0*7C0*7C637442392921544100*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000&sdata=eeacmBglOgYbvUmx9mQzWDvnm0JrhI*2BEroCaLMwWKQ4*3D&reserved=0__;JSUlJSUlJSUlJSUlJSUlJSUlJQ!!BhdT!zLwe2oMj9y6QnGEL9S37ZcLqlyvpix3Q3yewgl4qWnYq_ii_ZkPP-bBvMpFZ-aY$>) repo and just modified the Main.Java required according to my request but the underlying evel library is same not even changed a line. For http connection, I can successfully send the ves-notification request but only after enabling the ves-collector pod for http. Now I am trying to the same with https, but I didn't find the certificate related info. Can someone please give your suggestions to make the HTTPS working with the available evel_java_library. Thanks in Advance. Regards, Praveen V *********** CURRENT ERROR TRACE *************** 788 [Thread-0] ERROR evel_javalibrary.att.com.AgentMain - SSL/TLS connection error 1248 [Thread-0] ERROR evel_javalibrary.att.com.AgentMain - Exception during POST javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:350) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:293) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:288) at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1356) at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1231) at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1174) at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392) at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422) at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:183) at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:171) at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1408) at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1314) at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:440) at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:411) at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:567) at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) at java.base/sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1367) at java.base/sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1342) at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:246) at evel_javalibrary.att.com.AgentMain.doPost(AgentMain.java:176) at evel_javalibrary.att.com.AgentMain.sendObjectWithReturn(AgentMain.java:441) at evel_javalibrary.att.com.AgentMain$AgentDispatcher.sendObject(AgentMain.java:121) at evel_javalibrary.att.com.AgentMain$AgentDispatcher.run(AgentMain.java:146) at java.base/java.lang.Thread.run(Thread.java:834) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) at java.base/sun.security.validator.Validator.validate(Validator.java:264) at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313) at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:222) at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129) at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1340) ... 21 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ... 27 more 1251 [Thread-0] TRACE evel_javalibrary.att.com.AgentMain - https://20.0.0.31:30417/eventListener/v7Got<https://urldefense.com/v3/__https:/20.0.0.31:30417/eventListener/v7Got__;!!BhdT!zLwe2oMj9y6QnGEL9S37ZcLqlyvpix3Q3yewgl4qWnYq_ii_ZkPP-bBvScaCeXE$> an event size second collector 1014 1251 [Thread-0] TRACE evel_javalibrary.att.com.AgentMain - {"event":{"commonEventHeader":{"vesEventListenerVersion":"7.1","domain":"notification","eventId":"FileReady_1797490e-10ae-4d48-9ea7-3d7d790b25e1","eventName":"notifyFileReady","lastEpochMicrosec":191198530486,"priority":"Normal","reportingEntityName":"Praveen_System","sequence":1000,"sourceName":"Praveen_System","startEpochMicrosec":0,"version":"4.1","reportingEntityId":"F48E38B27428","sourceId":"F48E38B27428","eventType":"Perf management","nfcNamingCode":"NfcNamingCode","nfNamingCode":"NfNamingCode","nfVendorName":"nfVendorName","timeZoneOffset":"UTC-5:30"},"notificationFields":{"changeIdentifier":"PM_MEAS_FILES","changeType":"fileReady","notificationFieldsVersion":"2.0","stateInterface":"StateChange","arrayOfNamedHashMap":[{"name":"B20202212.1630+05:30-1631+05:30_AMFJob9_S-NSSAI.xml","hashMap":{"location":"sftp://admin:[email protected]:22/pm_directory/B20202212.1630+05:30-1631+05:30_AMFJob9_S-NSSAI.xml","fileFormatType":"org.3GPP.32.435#measCollec","fileFormatVersion":"V10","compression":"gzip";<https://urldefense.com/v3/__sftp:/admin:[email protected]:22/pm_directory/B20202212.1630*05:30-1631*05:30_AMFJob9_S-NSSAI.xml*22,*22fileFormatType*22:*22org.3GPP.32.435*measCollec*22,*22fileFormatVersion*22:*22V10*22,*22compression*22:*22gzip*22__;KyslJSUlIyUlJSUlJSUlJQ!!BhdT!zLwe2oMj9y6QnGEL9S37ZcLqlyvpix3Q3yewgl4qWnYq_ii_ZkPP-bBvFQ3z-VA$>}}]}}} 1260 [Thread-0] ERROR evel_javalibrary.att.com.AgentMain - SSL/TLS connection error 1295 [Thread-0] TRACE evel_javalibrary.att.com.AgentMain - https://20.0.0.31:30417/eventListener/v7Connection<https://urldefense.com/v3/__https:/20.0.0.31:30417/eventListener/v7Connection__;!!BhdT!zLwe2oMj9y6QnGEL9S37ZcLqlyvpix3Q3yewgl4qWnYq_ii_ZkPP-bBvqiTrKaI$> HTTP Response code :0 1295 [Thread-0] TRACE evel_javalibrary.att.com.AgentMain - https://20.0.0.31:30417/eventListener/v7<https://urldefense.com/v3/__https:/20.0.0.31:30417/eventListener/v7__;!!BhdT!zLwe2oMj9y6QnGEL9S37ZcLqlyvpix3Q3yewgl4qWnYq_ii_ZkPP-bBviVIROSo$> **INFO** Regards, ________________________________________________________ Velugubantla Praveen Engineer - Non-Media Solutions Communications & Media L&T TECHNOLOGY SERVICES LIMITED L3 Building, Manyata Embassy Business Park, Nagawara Hobli, Bengaluru-560045 ________________________________________________________ Mobile: +91 9154111420 www.LTTS.com<https://urldefense.com/v3/__https:/ind01.safelinks.protection.outlook.com/?url=http*3A*2F*2Fwww.ltts.com*2F&data=04*7C01*7Cvelugubantla.praveen*40ltts.com*7C09452d6c04a94a2f8a7108d8a67aa103*7C311b33788e8a4b5ea33fe80a3d8ba60a*7C0*7C0*7C637442392921544100*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000&sdata=SKUT*2BXNbNg3zBFxnpGrxs*2BXvZBA6kmgM2DX9aFtg2uc*3D&reserved=0__;JSUlJSUlJSUlJSUlJSUlJSUlJQ!!BhdT!zLwe2oMj9y6QnGEL9S37ZcLqlyvpix3Q3yewgl4qWnYq_ii_ZkPP-bBvo3u8i3g$> [cid:[email protected]] ________________________________ From: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> on behalf of Brian Freeman via lists.onap.org <[email protected]<mailto:[email protected]>> Sent: Thursday, May 7, 2020 5:07 PM To: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>>; FREEMAN, BRIAN D <[email protected]<mailto:[email protected]>>; [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> Subject: Re: [onap-discuss] #ves Exception while sending https request to ves-collector(Frankfurt)-SSLHandshakeException. What are the certificates to be added? https://gerrit.onap.org/r/gitweb?p=demo.git;a=blob;f=vnfs/VESreporting_vFW5.0/vpp_measurement_reporter.c;h=123d50364f3ccb3faa8d100f7fb80e43eb116a1d;hb=refs/heads/master<https://urldefense.com/v3/__https:/gerrit.onap.org/r/gitweb?p=demo.git;a=blob;f=vnfs*VESreporting_vFW5.0*vpp_measurement_reporter.c;h=123d50364f3ccb3faa8d100f7fb80e43eb116a1d;hb=refs*heads*master__;Ly8vLw!!BhdT!zLwe2oMj9y6QnGEL9S37ZcLqlyvpix3Q3yewgl4qWnYq_ii_ZkPP-bBvCgMopMU$> From: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> On Behalf Of FREEMAN, BRIAN D Sent: Thursday, May 7, 2020 7:35 AM To: [email protected]<mailto:[email protected]>; [email protected]<mailto:[email protected]> Subject: Re: [onap-discuss] #ves Exception while sending https request to ves-collector(Frankfurt)-SSLHandshakeException. What are the certificates to be added? ***Security Advisory: This Message Originated Outside of AT&T *** Reference http://cso.att.com/EmailSecurity/IDSP.html<https://urldefense.com/v3/__https:/ind01.safelinks.protection.outlook.com/?url=http*3A*2F*2Fcso.att.com*2FEmailSecurity*2FIDSP.html&data=04*7C01*7Cvelugubantla.praveen*40ltts.com*7C09452d6c04a94a2f8a7108d8a67aa103*7C311b33788e8a4b5ea33fe80a3d8ba60a*7C0*7C0*7C637442392921554097*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000&sdata=Uk*2BSQzpaU8QY7y4PYKwHOdHgaaY8hmX9sjr*2B5Poh5M0*3D&reserved=0__;JSUlJSUlJSUlJSUlJSUlJSUlJSU!!BhdT!zLwe2oMj9y6QnGEL9S37ZcLqlyvpix3Q3yewgl4qWnYq_ii_ZkPP-bBv-fbZczo$> for more information. See the example VESreporting 5.0 for vFWCL or vFWCLDN sample1:sample1 I believe are the default credentials. Brian From: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> On Behalf Of niranjana.y60 via lists.onap.org Sent: Thursday, May 7, 2020 7:27 AM To: FREEMAN, BRIAN D <[email protected]<mailto:[email protected]>>; [email protected]<mailto:[email protected]> Subject: Re: [onap-discuss] #ves Exception while sending https request to ves-collector(Frankfurt)-SSLHandshakeException. What are the certificates to be added? Hi Brian, Thanks for you response. I am able to establish SSL connection but I am getting 401 unauthorized exception while sending https request to ves. Is there any particular userName and password I should use in the authorization header before sending request? Below are the logs in in dcae-ves-collector pod when I send request: 2020-05-07 10:37:42 INFO SubjectDN didn't match with any regexp from /opt/app/VESCollector/etc/certSubjectMatcher.properties 2020-05-07 10:37:42 ERROR EVENT_RECEIPT_FAILURE: Unauthorized user 2020-05-07 10:37:42 INFO SubjectDN didn't match with any regexp from /opt/app/VESCollector/etc/certSubjectMatcher.properties 2020-05-07 10:37:42 ERROR EVENT_RECEIPT_FAILURE: Unauthorized user Regards, Niranjana L&T Technology Services Ltd www.LTTS.com<https://urldefense.com/v3/__http:/www.LTTS.com__;!!BhdT!zLwe2oMj9y6QnGEL9S37ZcLqlyvpix3Q3yewgl4qWnYq_ii_ZkPP-bBvErBgpgU$> L&T Technology Services Limited (LTTS) is committed to safeguard your data privacy. For more information to view our commitment towards data privacy under GDPR, please visit the privacy policy on our website www.Ltts.com<https://urldefense.com/v3/__http:/www.Ltts.com__;!!BhdT!zLwe2oMj9y6QnGEL9S37ZcLqlyvpix3Q3yewgl4qWnYq_ii_ZkPP-bBvpoZe0SI$>. This Email may contain confidential or privileged information for the intended recipient (s). If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. L&T Technology Services Ltd www.LTTS.com<https://urldefense.com/v3/__http:/www.LTTS.com__;!!BhdT!zLwe2oMj9y6QnGEL9S37ZcLqlyvpix3Q3yewgl4qWnYq_ii_ZkPP-bBvErBgpgU$> L&T Technology Services Limited (LTTS) is committed to safeguard your data privacy. For more information to view our commitment towards data privacy under GDPR, please visit the privacy policy on our website www.Ltts.com<https://urldefense.com/v3/__http:/www.Ltts.com__;!!BhdT!zLwe2oMj9y6QnGEL9S37ZcLqlyvpix3Q3yewgl4qWnYq_ii_ZkPP-bBvpoZe0SI$>. This Email may contain confidential or privileged information for the intended recipient (s). If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. L&T Technology Services Ltd www.LTTS.com<https://urldefense.com/v3/__http:/www.LTTS.com__;!!BhdT!zLwe2oMj9y6QnGEL9S37ZcLqlyvpix3Q3yewgl4qWnYq_ii_ZkPP-bBvErBgpgU$> L&T Technology Services Limited (LTTS) is committed to safeguard your data privacy. For more information to view our commitment towards data privacy under GDPR, please visit the privacy policy on our website www.Ltts.com<https://urldefense.com/v3/__http:/www.Ltts.com__;!!BhdT!zLwe2oMj9y6QnGEL9S37ZcLqlyvpix3Q3yewgl4qWnYq_ii_ZkPP-bBvpoZe0SI$>. This Email may contain confidential or privileged information for the intended recipient (s). If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#22679): https://lists.onap.org/g/onap-discuss/message/22679 Mute This Topic: https://lists.onap.org/mt/73330751/21656 Mute #ves:https://lists.onap.org/g/onap-discuss/mutehashtag/ves Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
