Hi, This log is not from clamp, it’s from policy right ? I guess the issue is the expiration of the https message-router server certificate (NotAfter: Mon May 04 00:36:24 GMT 2020), meaning its down since a while ☹
Seb From: Vivekanandan Muthukrishnan <[email protected]> Sent: 19 February 2021 07:51 To: Determe, Sebastien <[email protected]> Cc: [email protected] Subject: Re: [onap-discuss] CLAMP org.onap.clamp.p12 certifcate expired Hi Sebastien, It seems like the issue is coming from Policy drools. Here are the exceptions while communicating with the message router. [2021-02-19T06:49:54.677+00:00|INFO|CambriaSimplerBatchPublisher|pool-4-thread-1] sending 3 msgs to /events/POLICY-PDP-PAP. Oldest: 262654 ms [2021-02-19T06:49:54.677+00:00|WARN|HostSelector|pool-4-thread-1] All hosts were blacklisted; reverting to full set of hosts. [2021-02-19T06:49:54.677+00:00|INFO|HttpClient|pool-4-thread-1] POST https://message-router:3905/events/POLICY-PDP-PAP<https://urldefense.com/v3/__https:/message-router:3905/events/POLICY-PDP-PAP__;!!BhdT!3QOBrhycbaHf03o5M_bOu01osfXYRJBllreWDwuYVNh9M8fOh41pqiFwK0vnOYsQEli52VE$> (anonymous) ... [2021-02-19T06:49:54.686+00:00|WARN|HttpClient|pool-4-thread-1] Error executing HTTP request. sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed; blacklisting for 2 minutes [2021-02-19T06:49:54.687+00:00|WARN|CambriaSimplerBatchPublisher|pool-4-thread-1] sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037) at sun.security.ssl.Handshaker.process_record(Handshaker.java:965) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:373) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) at com.att.nsa.apiClient.http.HttpClient.runCall(HttpClient.java:708) at com.att.nsa.apiClient.http.HttpClient.post<https://urldefense.com/v3/__http:/com.att.nsa.apiClient.http.HttpClient.post__;!!BhdT!3QOBrhycbaHf03o5M_bOu01osfXYRJBllreWDwuYVNh9M8fOh41pqiFwK0vnOYsQE0K9elo$>(HttpClient.java:456) at com.att.nsa.cambria.client.impl.CambriaSimplerBatchPublisher.sendBatch(CambriaSimplerBatchPublisher.java:342) at com.att.nsa.cambria.client.impl.CambriaSimplerBatchPublisher.send(CambriaSimplerBatchPublisher.java:251) at com.att.nsa.cambria.client.impl.CambriaSimplerBatchPublisher.access$100(CambriaSimplerBatchPublisher.java:31) at com.att.nsa.cambria.client.impl.CambriaSimplerBatchPublisher$1.run(CambriaSimplerBatchPublisher.java:411) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:362) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:270) at sun.security.validator.Validator.validate(Validator.java:262) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621) ... 31 common frames omitted Caused by: java.security.cert.CertPathValidatorException: validity check failed at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135) at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:233) at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:141) at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:80) at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292) at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:357) ... 37 common frames omitted Caused by: java.security.cert.CertificateExpiredException: NotAfter: Mon May 04 00:36:24 GMT 2020 at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:274) at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:629) at sun.security.provider.certpath.BasicChecker.verifyValidity(BasicChecker.java:190) at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:144) at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125) ... 42 common frames omitted [2021-02-19T06:49:54.687+00:00|WARN|CambriaSimplerBatchPublisher|pool-4-thread-1] Send failed, 3 message to send. [2021-02-19T06:49:54.687+00:00|ERROR|CambriaSimplerBatchPublisher|pool-4-thread-1] PUB_CHRONIC_FAILURE: Send failure count is 251, above threshold 10. [2021-02-19T06:49:55.727+00:00|INFO|CambriaSimplerBatchPublisher|pool-4-thread-1] sending 3 msgs to /events/POLICY-PDP-PAP. Oldest: 263704 ms [2021-02-19T06:49:55.727+00:00|WARN|HostSelector|pool-4-thread-1] All hosts were blacklisted; reverting to full set of hosts. [2021-02-19T06:49:55.727+00:00|INFO|HttpClient|pool-4-thread-1] POST https://message-router:3905/events/POLICY-PDP-PAP<https://urldefense.com/v3/__https:/message-router:3905/events/POLICY-PDP-PAP__;!!BhdT!3QOBrhycbaHf03o5M_bOu01osfXYRJBllreWDwuYVNh9M8fOh41pqiFwK0vnOYsQEli52VE$> (anonymous) ... [2021-02-19T06:49:55.734+00:00|WARN|HttpClient|pool-4-thread-1] Error executing HTTP request. sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed; blacklisting for 2 minutes [2021-02-19T06:49:55.735+00:00|WARN|CambriaSimplerBatchPublisher|pool-4-thread-1] sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037) at sun.security.ssl.Handshaker.process_record(Handshaker.java:965) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:373) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) at com.att.nsa.apiClient.http.HttpClient.runCall(HttpClient.java:708) at com.att.nsa.apiClient.http.HttpClient.post<https://urldefense.com/v3/__http:/com.att.nsa.apiClient.http.HttpClient.post__;!!BhdT!3QOBrhycbaHf03o5M_bOu01osfXYRJBllreWDwuYVNh9M8fOh41pqiFwK0vnOYsQE0K9elo$>(HttpClient.java:456) at com.att.nsa.cambria.client.impl.CambriaSimplerBatchPublisher.sendBatch(CambriaSimplerBatchPublisher.java:342) at com.att.nsa.cambria.client.impl.CambriaSimplerBatchPublisher.send(CambriaSimplerBatchPublisher.java:251) at com.att.nsa.cambria.client.impl.CambriaSimplerBatchPublisher.access$100(CambriaSimplerBatchPublisher.java:31) at com.att.nsa.cambria.client.impl.CambriaSimplerBatchPublisher$1.run(CambriaSimplerBatchPublisher.java:411) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:362) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:270) at sun.security.validator.Validator.validate(Validator.java:262) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621) ... 31 common frames omitted Caused by: java.security.cert.CertPathValidatorException: validity check failed at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135) at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:233) at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:141) at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:80) On Thu, Feb 18, 2021 at 8:43 PM Determe, Sebastien <[email protected]<mailto:[email protected]>> wrote: Hi Could you attach the clamp backend log may be ? Thanks, Seb From: Vivekanandan Muthukrishnan <[email protected]<mailto:[email protected]>> Sent: 18 February 2021 14:45 To: Determe, Sebastien <[email protected]<mailto:[email protected]>> Cc: [email protected]<mailto:[email protected]> Subject: Re: [onap-discuss] CLAMP org.onap.clamp.p12 certifcate expired Hi Sebastien, Thank you for your quick response. Kindly note that we have been using Dublin and we have to support it till the end of this year. We get the below exceptions while submitting a CLAMP design we get the following exception in the UI. We are not sure if this is related to the CLAMP certificate? Are there any workarounds for this issue ? We would appreciate any help in this regard. CLAMP UI Exception PDP Group removal, Error reported: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed - : CLAMP UI Screenshot [image.png] Thanks & Regards Vivek On Thu, Feb 18, 2021 at 6:13 PM Determe, Sebastien <[email protected]<mailto:[email protected]>> wrote: Hi, We do not provide a new certificate as it is generated automatically since Guilin by AAF during OOM installation. You can even use the basic auth and use the demo user (pass: demo123456!), this one has the right AAF permission now. If you really need a certificate then you will need to re-generate one in the AAF GUI If you can’t move to Guilin, you can probably disable the AAF authentication mechanism in CLAMP OOM, we use spring profiles, you can change that in the application.properties(/SPRING_APPLICATION_JSON env var) Normally the default one is spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,default-dictionary-elements “clamp-aaf-authentication” must be replaced by “clamp-default-user” Regards, Seb From: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> On Behalf Of Vivekanandan Muthukrishnan Sent: 18 February 2021 12:55 To: [email protected]<mailto:[email protected]> Subject: [onap-discuss] CLAMP org.onap.clamp.p12 certifcate expired Dear Clamp team, It seems like the below CLAMP certificate has expired on Feb/04/2021. Can you please point us to the latest one? We would appreciate any help in this regard. ttps://gerrit.onap.org/r/gitweb?p=clamp.git;a=blob;f=src/main/resources/clds/aaf/org.onap.clamp.p12;h=268aa1a3ce56e01448f8043cc0b05b5fceb5a47d;hb=HEAD<https://urldefense.com/v3/__https:/gerrit.onap.org/r/gitweb?p=clamp.git;a=blob;f=src*main*resources*clds*aaf*org.onap.clamp.p12;h=268aa1a3ce56e01448f8043cc0b05b5fceb5a47d;hb=HEAD__;Ly8vLy8!!BhdT!3q_dLKMrqDBRjETtnp1pYpuaqes9xqLZNU82HTE59v0jSPFlz7BnW1Z2QPfNC3OElfuqUFQ$> -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#22881): https://lists.onap.org/g/onap-discuss/message/22881 Mute This Topic: https://lists.onap.org/mt/80727245/21656 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
