//Accept all certificates
Properties props = new Properties();
props.put(Constants.PROPERTY_TRUST_ALL_CERTS, "true");
props.put(Constants.PROPERTY_RELAX_HOSTNAME, "true");
Iterable<Module> modules = ImmutableSet.<Module> of(new
SLF4JLoggingModule());
LOG.debug("Available models=" + modules);
return
ContextBuilder.newBuilder(this.getProvider()).endpoint(this.getEndpoint())
.credentials(route.getIdentity(),route.getCredential()).modules(modules).overrides(props).buildApi(KeystoneApi.class);
-----Original Message-----
From: Ignasi Barrera [mailto:[email protected]]
Sent: 01 July 2015 15:02
To: [email protected]
Subject: Re: jClouds with https
It is a SSL validation error. could you share how you have configured jclouds
to deal with SSL?
On 1 July 2015 at 15:59, Higginbottom Mark <[email protected]>
wrote:
> Thanks for the help. I have had partial success:
>
> I have two endpoints I have to access:
>
> https://xxx.xxx.xxx.xxx:5000/v2.0 with a provider of openstack-nova to list
> servers, flavors, start stop instances etc. This now works perfectly.
>
> However, the other endpoint I have to access is:
>
> https://xxx.xxx.xxx.xxx:35357/v2.0 with a provider of openstack-keystone to
> list tenants etc. This endpoint attempts the connection a numer of times
> before failing with the following error:
>
> 2015-07-01 14:11:42,975 DEBUG [main]
> org.jclouds.http.internal.JavaUrlHttpComman
> dExecutorService - Sending request 637739138: POST
> https://xxx.xxx.xxx.xxx:35357/v2 .0/tokens HTTP/1.1
> 2015-07-01 14:11:42,975 DEBUG [main] jclouds.wire - >>
> "{"auth":{"passwordCrede
> ntials":{"username":"testuser","password":"Xxxxx"},"tenantName":"TENAN
> T1
> "}}"
> 2015-07-01 14:11:42,975 DEBUG [main] jclouds.headers - >> POST
> https://10.108.6 .12:35357/v2.0/tokens HTTP/1.1
> 2015-07-01 14:11:42,975 DEBUG [main] jclouds.headers - >> Accept:
> application/j son
> 2015-07-01 14:11:42,975 DEBUG [main] jclouds.headers - >>
> Content-Type: applica tion/json
> 2015-07-01 14:11:42,975 DEBUG [main] jclouds.headers - >>
> Content-Length: 106
> 2015-07-01 14:11:42,991 ERROR [main]
> org.jclouds.http.handlers.BackoffLimitedRet
> ryHandler - Cannot retry after server error, command has exceeded
> retry limit 5
> : [method=org.jclouds.openstack.keystone.v2_0.AuthenticationApi.public
> abstract org.jclouds.openstack.keystone.v2_0.domain.Access
> org.jclouds.openstack.keystone
> .v2_0.AuthenticationApi.authenticateWithTenantNameAndCredentials(java.
> lang.Strin
> g,org.jclouds.openstack.keystone.v2_0.domain.PasswordCredentials)[TENA
> NT1, Password Credentials{username=testuser, password=*****}],
> request=POST https://xxx.xxx.xxx.xxx :35357/v2.0/tokens HTTP/1.1]
> Exception in thread "main" org.jclouds.http.HttpResponseException:
> sun.security.
> validator.ValidatorException: PKIX path building failed:
> sun.security.provider.c
> ertpath.SunCertPathBuilderException: unable to find valid
> certification path to requested target connecting to POST
> https://xxx.xxx.xxx.xxx:35357/v2.0/tokens HTTP/1
> .1
> at
> org.jclouds.http.internal.BaseHttpCommandExecutorService.invoke(BaseH
> ttpCommandExecutorService.java:113)
> at
> org.jclouds.rest.internal.InvokeHttpMethod.invoke(InvokeHttpMethod.ja
> va:90)
> at
> org.jclouds.rest.internal.InvokeHttpMethod.apply(InvokeHttpMethod.jav
> a:73)
> at
> org.jclouds.rest.internal.InvokeHttpMethod.apply(InvokeHttpMethod.jav
> a:44)
> at
> org.jclouds.rest.internal.DelegatesToInvocationFunction.handle(Delega
> tesToInvocationFunction.java:156)
> at
> org.jclouds.rest.internal.DelegatesToInvocationFunction.invoke(Delega
> tesToInvocationFunction.java:123)
> at
> com.sun.proxy.$Proxy55.authenticateWithTenantNameAndCredentials(Unkno
> wn Source)
> at
> org.jclouds.openstack.keystone.v2_0.functions.AuthenticatePasswordCre
> dentials.authenticateWithTenantName(AuthenticatePasswordCredentials.java:43)
> at
> org.jclouds.openstack.keystone.v2_0.functions.AuthenticatePasswordCre
> dentials.authenticateWithTenantName(AuthenticatePasswordCredentials.java:31)
> at
> org.jclouds.openstack.keystone.v2_0.functions.internal.BaseAuthentica
> tor.apply(BaseAuthenticator.java:79)
> at
> org.jclouds.openstack.keystone.v2_0.functions.internal.BaseAuthentica
> tor.apply(BaseAuthenticator.java:36)
> at
> com.google.common.cache.CacheLoader$FunctionToCacheLoader.load(CacheL
> oader.java:148)
> at
> com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(L
> ocalCache.java:3524)
> at
> com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2
> 317)
> at
> com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache
> .java:2280)
> at
> com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2195)
> at com.google.common.cache.LocalCache.get(LocalCache.java:3934)
> at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3938)
> at
> com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.j
> ava:4821)
> at
> com.google.common.cache.LocalCache$LocalLoadingCache.getUnchecked(Loc
> alCache.java:4827)
> at
> org.jclouds.openstack.keystone.v2_0.config.KeystoneAuthenticationModu
> le$2.get(KeystoneAuthenticationModule.java:234)
> at
> org.jclouds.openstack.keystone.v2_0.config.KeystoneAuthenticationModu
> le$2.get(KeystoneAuthenticationModule.java:231)
> at
> org.jclouds.openstack.keystone.v2_0.suppliers.LocationIdToURIFromAcce
> ssForTypeAndVersion.get(LocationIdToURIFromAccessForTypeAndVersion.java:94)
> at
> org.jclouds.openstack.keystone.v2_0.suppliers.LocationIdToURIFromAcce
> ssForTypeAndVersion.get(LocationIdToURIFromAccessForTypeAndVersion.java:54)
> at org.jclouds.util.Suppliers2$1.get(Suppliers2.java:35)
> at org.jclouds.util.Suppliers2$5.get(Suppliers2.java:110)
> at org.jclouds.util.Suppliers2$4.get(Suppliers2.java:86)
> at
> org.jclouds.rest.internal.RestAnnotationProcessor.getEndpointFor(Rest
> AnnotationProcessor.java:529)
> at
> org.jclouds.rest.internal.RestAnnotationProcessor.findEndpoint(RestAn
> notationProcessor.java:370)
> at
> org.jclouds.rest.internal.RestAnnotationProcessor.apply(RestAnnotatio
> nProcessor.java:192)
> at
> org.jclouds.rest.internal.RestAnnotationProcessor.apply(RestAnnotatio
> nProcessor.java:129)
> at
> org.jclouds.rest.internal.InvokeHttpMethod.toCommand(InvokeHttpMethod
> .java:188)
> at
> org.jclouds.rest.internal.InvokeHttpMethod.invoke(InvokeHttpMethod.ja
> va:84)
> at
> org.jclouds.rest.internal.InvokeHttpMethod.apply(InvokeHttpMethod.jav
> a:73)
> at
> org.jclouds.rest.internal.InvokeHttpMethod.apply(InvokeHttpMethod.jav
> a:44)
> at
> org.jclouds.reflect.FunctionalReflection$FunctionalInvocationHandler.
> handleInvocation(FunctionalReflection.java:117)
> at
> com.google.common.reflect.AbstractInvocationHandler.invoke(AbstractIn
> vocationHandler.java:87)
> at com.sun.proxy.$Proxy83.list(Unknown Source)
> at
> com.fujitsu.fs.mh.genericharness.actions.ListTenantsAction.listTenant
> s(ListTenantsAction.java:140)
> at
> com.fujitsu.fs.mh.genericharness.actions.ListTenantsAction.execute(Li
> stTenantsAction.java:113)
> at
> com.fujitsu.fs.mh.genericharness.GenericHarnessProcess.executeProcess
> (GenericHarnessProcess.java:51)
> at
> com.fujitsu.fs.mh.genericharness.GenericHarness.start(GenericHarness.
> java:169)
> at
> com.fujitsu.fs.mh.genericharness.GenericHarness.main(GenericHarness.j
> ava:90)
> Caused by: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.Validator
> Exception: PKIX path building failed:
> sun.security.provider.certpath.SunCertPath
> BuilderException: unable to find valid certification path to requested target
> at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
> at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
> at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> at sun.security.ssl.Handshaker.process_record(Unknown Source)
> at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> at
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source
> )
> at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
> at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
> at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect
> (Unknown Source)
> at
> sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(Unknown
> Source)
> at
> sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown S
> ource)
> at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unk
> nown Source)
> at
> org.jclouds.http.internal.JavaUrlHttpCommandExecutorService.writePayl
> oadToConnection(JavaUrlHttpCommandExecutorService.java:294)
> at
> org.jclouds.http.internal.JavaUrlHttpCommandExecutorService.convert(J
> avaUrlHttpCommandExecutorService.java:170)
> at
> org.jclouds.http.internal.JavaUrlHttpCommandExecutorService.convert(J
> avaUrlHttpCommandExecutorService.java:64)
> at
> org.jclouds.http.internal.BaseHttpCommandExecutorService.invoke(BaseH
> ttpCommandExecutorService.java:91)
> ... 42 more
> Caused by: sun.security.validator.ValidatorException: PKIX path building
> failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find vali d certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
> at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
> at sun.security.validator.Validator.validate(Unknown Source)
> at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
> at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
> at
> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Sour
> ce)
> ... 59 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target
> at
> sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Sourc
> e)
> at
> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
> Source)
> at java.security.cert.CertPathBuilder.build(Unknown Source)
> ... 65 more
>
>
> Is this a certificate error or a user permission error (or something else
> entirely)?
>
>
> Thanks
>
> Mark.
>
>
>
> -----Original Message-----
> From: Ignasi Barrera [mailto:[email protected]]
> Sent: 29 June 2015 22:00
> To: [email protected]
> Subject: Re: jClouds with https
>
> You can also provide a custom SSLContext supplier if you have the
> certificates and don't want to blindly trust them all. Take a look at this
> comment:
> https://issues.apache.org/jira/browse/JCLOUDS-816?focusedCommentId=142
> 96666
>
> On 29 June 2015 at 21:08, Rashid Rashidov <[email protected]> wrote:
>> Hi Mark,
>>
>>
>>
>> Here is the problem that I had with https endpoints:
>>
>>
>>
>> I am using jClouds 1.8.1 against OpenStack Juno. My nova endpoint URL
>> is setup on HTTPS and I don't have server certificate installed.
>>
>>
>>
>> The native OpenStack clients can not connect to the HTTPS endpoint.
>> However, the native client has an "--insecure" parameter which let's
>> me workaround the problem. Unfortunately, I was not able to find such
>> an option in jclouds. Do you know any workaround of this problem?
>>
>>
>>
>> And here is the solution provided by Ignasi Barrera:
>>
>>
>>
>> Try configuring the following properties when creating the context:
>>
>>
>>
>> Properties overrides = new Properties();
>>
>> overrides.setProperty(Constants.PROPERTY_RELAX_HOSTNAME, "true");
>>
>> overrides.setProperty(Constants.PROPERTY_TRUST_ALL_CERTS, "true");
>>
>>
>>
>> I hope it helps.
>>
>>
>>
>> Regards,
>>
>> Rashid
>>
>>
>>
>> From: Higginbottom Mark [mailto:[email protected]]
>> Sent: Monday, June 29, 2015 6:01 PM
>> To: [email protected]
>> Subject: jClouds with https
>>
>>
>>
>> Hi All,
>>
>>
>>
>> How does jClouds cope with https endpoints. Do I have to set up
>> anything in the client to make a https connection?
>>
>>
>>
>> Does anyone have any example code to share? I am trying to connect to
>> an OpenStack endpoint.
>>
>>
>>
>>
>>
>>
>>
>> Thanks for your help.
>>
>>
>>
>>
>>
>> Mark Higginbottom
>>
>>
>>
>>
>> Unless otherwise stated, this email has been sent from Fujitsu
>> Services Limited, from Fujitsu (FTS) Limited, or from Fujitsu
>> Telecommunications Europe Limited, together "Fujitsu".
>>
>> This email is only for the use of its intended recipient. Its
>> contents are subject to a duty of confidence and may be privileged.
>> Fujitsu does not guarantee that this email has not been intercepted
>> and amended or that it is virus-free.
>>
>> Fujitsu Services Limited, registered in England No 96056, registered
>> office
>> 22 Baker Street, London W1U 3BW.
>>
>> Fujitsu (FTS) Limited, registered in England No 03808613, registered
>> office
>> 22 Baker Street, London W1U 3BW.
>>
>> PFU Imaging Solutions Europe Limited, registered in England No
>> 1578652, registered office Hayes Park Central, Hayes End Road, Hayes,
>> Middlesex, UB4 8FE.
>>
>> Fujitsu Telecommunications Europe Limited, registered in England No
>> 2548187, registered office Solihull Parkway, Birmingham Business
>> Park, Birmingham,
>> B37 7YU.
>
> Unless otherwise stated, this email has been sent from Fujitsu Services
> Limited, from Fujitsu (FTS) Limited, or from Fujitsu Telecommunications
> Europe Limited, together "Fujitsu".
>
> This email is only for the use of its intended recipient. Its contents are
> subject to a duty of confidence and may be privileged. Fujitsu does not
> guarantee that this email has not been intercepted and amended or that it is
> virus-free.
>
> Fujitsu Services Limited, registered in England No 96056, registered office
> 22 Baker Street, London W1U 3BW.
>
> Fujitsu (FTS) Limited, registered in England No 03808613, registered office
> 22 Baker Street, London W1U 3BW.
>
> PFU Imaging Solutions Europe Limited, registered in England No 1578652,
> registered office Hayes Park Central, Hayes End Road, Hayes, Middlesex, UB4
> 8FE.
>
> Fujitsu Telecommunications Europe Limited, registered in England No 2548187,
> registered office Solihull Parkway, Birmingham Business Park, Birmingham, B37
> 7YU.
Unless otherwise stated, this email has been sent from Fujitsu Services
Limited, from Fujitsu (FTS) Limited, or from Fujitsu Telecommunications Europe
Limited, together "Fujitsu".
This email is only for the use of its intended recipient. Its contents are
subject to a duty of confidence and may be privileged. Fujitsu does not
guarantee that this email has not been intercepted and amended or that it is
virus-free.
Fujitsu Services Limited, registered in England No 96056, registered office 22
Baker Street, London W1U 3BW.
Fujitsu (FTS) Limited, registered in England No 03808613, registered office 22
Baker Street, London W1U 3BW.
PFU Imaging Solutions Europe Limited, registered in England No 1578652,
registered office Hayes Park Central, Hayes End Road, Hayes, Middlesex, UB4 8FE.
Fujitsu Telecommunications Europe Limited, registered in England No 2548187,
registered office Solihull Parkway, Birmingham Business Park, Birmingham, B37
7YU.
