Re: InvokeHTTP processor loses SSL Context after NiFi restart

Thu, 06 Aug 2015 07:28:51 -0700 

I believe this is it. Not sure how useful it is. If there's something else I 
should search the log for, please let me know.

2015-08-06 14:23:06,727 ERROR [Timer-Driven Process Thread-6] 
o.a.nifi.processors.standard.InvokeHTTP 
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: 
PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
valid certification path to requested target
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) 
~[na:1.8.0_45]
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937) 
~[na:1.8.0_45]
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) 
~[na:1.8.0_45]
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) 
~[na:1.8.0_45]
        at 
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1478) 
~[na:1.8.0_45]
        at 
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212) 
~[na:1.8.0_45]
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) 
~[na:1.8.0_45]
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) 
~[na:1.8.0_45]
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050) 
~[na:1.8.0_45]
        at 
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363) 
~[na:1.8.0_45]
        at 
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391) 
~[na:1.8.0_45]
        at 
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375) 
~[na:1.8.0_45]
        at 
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563) 
~[na:1.8.0_45]
        at 
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
 ~[na:1.8.0_45]
        at 
sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1282)
 ~[na:1.8.0_45]
        at 
sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1257)
 ~[na:1.8.0_45]
        at 
sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
 ~[na:1.8.0_45]
        at 
org.apache.nifi.processors.standard.InvokeHTTP$Transaction.sendRequest(InvokeHTTP.java:434)
 ~[nifi-standard-processors-0.1.0-incubating.jar:0.1.0-incubating]
        at 
org.apache.nifi.processors.standard.InvokeHTTP$Transaction.process(InvokeHTTP.java:356)
 ~[nifi-standard-processors-0.1.0-incubating.jar:0.1.0-incubating]
        at 
org.apache.nifi.processors.standard.InvokeHTTP.onTrigger(InvokeHTTP.java:148) 
[nifi-standard-processors-0.1.0-incubating.jar:0.1.0-incubating]
        at 
org.apache.nifi.processor.AbstractProcessor.onTrigger(AbstractProcessor.java:27)
 [nifi-api-0.1.0-incubating.jar:0.1.0-incubating]
        at 
org.apache.nifi.controller.StandardProcessorNode.onTrigger(StandardProcessorNode.java:1077)
 [nifi-framework-core-0.1.0-incubating.jar:0.1.0-incubating]
        at 
org.apache.nifi.controller.tasks.ContinuallyRunProcessorTask.call(ContinuallyRunProcessorTask.java:127)
 [nifi-framework-core-0.1.0-incubating.jar:0.1.0-incubating]
        at 
org.apache.nifi.controller.tasks.ContinuallyRunProcessorTask.call(ContinuallyRunProcessorTask.java:49)
 [nifi-framework-core-0.1.0-incubating.jar:0.1.0-incubating]
        at 
org.apache.nifi.controller.scheduling.TimerDrivenSchedulingAgent$1.run(TimerDrivenSchedulingAgent.java:119)
 [nifi-framework-core-0.1.0-incubating.jar:0.1.0-incubating]
        at 
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) 
[na:1.8.0_45]
        at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) 
[na:1.8.0_45]
        at 
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)
 [na:1.8.0_45]
        at 
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)
 [na:1.8.0_45]
        at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) 
[na:1.8.0_45]
        at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) 
[na:1.8.0_45]
        at java.lang.Thread.run(Thread.java:745) [na:1.8.0_45]
        at 
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)
 [na:1.8.0_45]
        at 
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)
 [na:1.8.0_45]
        at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) 
[na:1.8.0_45]
        at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) 
[na:1.8.0_45]
        at java.lang.Thread.run(Thread.java:745) [na:1.8.0_45]
Caused by: sun.security.validator.ValidatorException: PKIX path building 
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to 
find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) 
~[na:1.8.0_45]
        at 
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) 
~[na:1.8.0_45]
        at sun.security.validator.Validator.validate(Validator.java:260) 
~[na:1.8.0_45]
        at 
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) 
~[na:1.8.0_45]
        at 
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
 ~[na:1.8.0_45]
        at 
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
 ~[na:1.8.0_45]
        at 
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1460) 
~[na:1.8.0_45]
        ... 27 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable 
to find valid certification path to requested target
        at 
sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145)
 ~[na:1.8.0_45]
        at 
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
 ~[na:1.8.0_45]
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) 
~[na:1.8.0_45]
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) 
~[na:1.8.0_45]
        ... 33 common frames omitted


----- Original Message -----
From: "Adam Taft" <[email protected]>
To: [email protected]
Sent: Thursday, August 6, 2015 10:13:07 AM
Subject: Re: InvokeHTTP processor loses SSL Context after NiFi restart



This might be related to the "old" way of finding the SSLContext from the 
controller service. I believe InvokeHTTP doesn't use the updated 
asControllerService() style. Might be where this is breaking down. Definitely a 
stack trace would help. 


Adam 



On Thu, Aug 6, 2015 at 10:01 AM, Joe Witt < [email protected] > wrote: 




I would say not a known issue. Can you possibly provide the stack trace/logs? 

That sounds super annoying though. We def want to fix. 

Thanks 
Joe 


On Aug 6, 2015 9:51 AM, "John Titus" < [email protected] > wrote: 


Several of our flows use InvokeHTTP with a "SSL Context Service". If we need to 
restart NiFi, those processors start throwing errors. To fix it, we have to 
modify the config to have no SSL context, Apply the changes, then modify the 
config back to the correct SSL context. 

Is this a known issue, or do we perhaps some config wrong somewhere? 

John

Reply via email to