jclouds-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ignasi Barrera <n...@apache.org>
Subject Re: Using JClouds without TLSv1.0
Date Thu, 10 Mar 2016 09:23:19 GMT
(Moving back the thread to the jclouds user list)

Looking at the code, it seems that the User, Token and Tenant apis
from keystone use the admin endpoint by default. You can try to change
the default behavior and let the public endpoint be picked instead of
the admin one. Add the following module to the list of modules you
pass to the context builder:

new AbstractModule() {
   @Override protected void configure() {
      bind(EndpointToSupplierAdminURI.class).to(PublicURLOrInternalIfNull.class).in(Scopes.SINGLETON);
   }
}

If you need to access the admin apis from outside the network, though,
you could consider configuring the endpoints in your OpenStack
installation to provide a public IP in the admin endpoint too.

Let's see if this works!

On 10 March 2016 at 08:53, Mop Sophia <mopsophia@gmail.com> wrote:
> Yes, it's what I checked. The login to Keystone is ok, the service catalog
> is returned, then jclouds uses the adminURL to send the request to check the
> token. When I search the endpoint used by jclouds in the message returned by
> Keystone, the only one occurence is the adminURL of Keystone.
> Maybe, the url used is depending of service used ? Maybe, the adminURL is
> used because I use the TokenApi ?
>
> Here is the log :
> [DEBUG] org.jclouds.rest.internal.InvokeHttpMethod - >> invoking
> AuthenticationApi.authenticateWithTenantNameAndCredentials
> [DEBUG] org.jclouds.http.okhttp.OkHttpCommandExecutorService - Sending
> request -1336091735: POST https://ow:5000/v2.0/tokens HTTP/1.1
> [DEBUG] jclouds.wire - >>
> "{"auth":{"passwordCredentials":{"username":"uuu","password":"ppp"},"tenantName":"ttt"}}"
> [DEBUG] jclouds.headers - >> POST https://ow:5000/v2.0/tokens HTTP/1.1
> [DEBUG] jclouds.headers - >> Accept: application/json
> [DEBUG] jclouds.headers - >> Content-Type: application/json
> [DEBUG] jclouds.headers - >> Content-Length: 136
> Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
> Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
> Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
> Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
> Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
> Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
> Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
> Allow unsafe renegotiation: false
> Allow legacy hello messages: true
> Is initial handshake: true
> Is secure renegotiation: false
> Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
> Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
> Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
> Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
> Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
> Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
> Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA
> Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA
> Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
> Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256
> Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
> Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
> Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
> Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
> Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
> Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
> Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
> %% No cached client session
> *** ClientHello, TLSv1.2
> RandomCookie:  GMT: 1440818357 bytes = { 59, 197, 208, 174, 148, 240, 177,
> 206, 212, 36, 163, 98, 134, 77, 180, 86, 73, 55, 27, 102, 106, 53, 243, 123,
> 176, 198, 201, 122 }
> Session ID:  {}
> Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
> TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
> SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA,
> SSL_RSA_WITH_RC4_128_MD5]
> Compression Methods:  { 0 }
> Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2,
> secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1,
> sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1,
> secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1,
> secp256k1}
> Extension ec_point_formats, formats: [uncompressed]
> Extension signature_algorithms, signature_algorithms: SHA512withECDSA,
> SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA,
> SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA,
> SHA1withDSA, MD5withRSA
> Extension server_name, server_name: [host_name: ow]
> Extension renegotiation_info, renegotiated_connection: <empty>
> ***
> http-nio-8080-exec-1, WRITE: TLSv1.2 Handshake, length = 196
> http-nio-8080-exec-1, READ: TLSv1.2 Handshake, length = 93
> *** ServerHello, TLSv1.2
> RandomCookie:  GMT: -1498731260 bytes = { 36, 130, 85, 225, 52, 40, 183, 55,
> 238, 240, 157, 87, 252, 21, 231, 146, 26, 167, 138, 91, 189, 67, 208, 146,
> 100, 81, 124, 106 }
> Session ID:  {219, 89, 152, 145, 34, 24, 219, 54, 199, 192, 105, 7, 101,
> 241, 211, 116, 251, 121, 255, 194, 154, 200, 188, 82, 125, 10, 236, 71, 46,
> 113, 96, 213}
> Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
> Compression Method: 0
> Extension server_name, server_name:
> Extension renegotiation_info, renegotiated_connection: <empty>
> Extension ec_point_formats, formats: [uncompressed,
> ansiX962_compressed_prime, ansiX962_compressed_char2]
> ***
> %% Initialized:  [Session-2, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
> ** TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
> http-nio-8080-exec-1, READ: TLSv1.2 Handshake, length = 3609
> *** Certificate chain
> chain [0] = [
> [
>   Version: V3
>   Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
>
>   Key:  Sun RSA public key, 2048 bits
>   modulus:
> 25015677480233065115847705961537942328512906736523652040527214566334593760131991200007641517574573756638073813993956203955656090966992935527885460342760718442268834316539108111219239333535286158459627349321592221974045616157104240596491280436044585191692733482406516597279548947420554790523366789823859571513219254531027169992128148970368141689347218477960688488889381043306928478910654055670871860758285321000785892204770722832957125300871731189115474070149436990913613122865741184425057017856746673956219936305142006669188089901611219645212580134720558432607779045770307629659662092678063020282100778863738618794053
>   public exponent: 65537
>   Validity: [From: Mon Dec 21 09:36:25 CET 2015,
>                To: Sat Dec 19 09:36:25 CET 2020]
>   SerialNumber: [    02874dbe e0acbeed fed6661c a64c1a5a 7afacab3]
>
> Certificate Extensions: 8
> [1]: ObjectId: 2.5.29.14 Criticality=false
> SubjectKeyIdentifier [
> KeyIdentifier [
> 0000: F9 9F 92 03 40 70 37 E1   21 03 40 B7 CF 92 66 1E  ....@p7.!.@...f.
> 0010: 40 BB 62 3D                                        @.b=
> ]
> ]
>
> [2]: ObjectId: 2.5.29.35 Criticality=false
> AuthorityKeyIdentifier [
> KeyIdentifier [
> 0000: 3E 02 D3 0E 09 89 66 80   D6 CE 3D BD B3 E8 6B 06  >.....f...=...k.
> 0010: 4D FB 1F E8                                        M...
> ]
> ]
>
>
>
> [5]: ObjectId: 2.5.29.32 Criticality=false
> CertificatePolicies [
>   [CertificatePolicyId: [1.2.250.1.16.12.2.10]
> [PolicyQualifierInfo: [
>   qualifierID: 1.3.6.1.5.5.7.2.1
>
> ]]  ]
> ]
>
> [6]: ObjectId: 2.5.29.37 Criticality=true
> ExtendedKeyUsages [
>   serverAuth
>   clientAuth
> ]
>
> [7]: ObjectId: 2.5.29.15 Criticality=true
> KeyUsage [
>   DigitalSignature
>   Key_Encipherment
> ]
>
> [8]: ObjectId: 2.5.29.19 Criticality=false
> BasicConstraints:[
>   CA:false
>   PathLen: undefined
> ]
>
> ]
>   Algorithm: [SHA1withRSA]
>   Signature:
> 0000: 3E C7 16 01 08 07 A9 5D   DB B4 75 49 69 08 31 7C  >......]..uIi.1.
> 0010: C1 D6 BA FF D8 C1 D8 A6   57 63 A1 81 0D A2 6A 34  ........Wc....j4
> 0020: E6 87 FE 90 B6 0F 26 A0   42 33 3D ED DD 70 26 66  ......&.B3=..p&f
> 0030: 17 B1 17 EA EF 09 66 62   3A 11 D3 25 EE 89 6D 31  ......fb:..%..m1
> 0040: 6C A4 B8 91 80 1C 79 91   73 EE 56 34 8C 37 55 2D  l.....y.s.V4.7U-
> 0050: 8D 2D 81 85 08 FB 30 23   5B 13 F1 80 1F 94 01 C6  .-....0#[.......
> 0060: 06 54 18 0D 23 5C 81 DD   E9 49 B8 2F 92 4E F6 7D  .T..#\...I./.N..
> 0070: 1C 40 3C BC 9C 49 4A 8D   E4 6D AE E3 54 AB 37 41  .@<..IJ..m..T.7A
> 0080: 32 6B FB 3E AF E6 F2 E0   D2 A3 13 FE 3A 22 CD 96  2k.>........:"..
> 0090: 1C 57 5E 6D D1 9A 6F FB   E5 D0 4B 78 03 9B 9B 72  .W^m..o...Kx...r
> 00A0: D6 3D C0 9B C6 1F BE 5F   BE D5 2A BC 00 8D 1E 13  .=....._..*.....
> 00B0: 36 4C 44 34 3E DC 91 C4   67 52 F1 99 7D 89 E5 C5  6LD4>...gR......
> 00C0: 5D 79 5B 42 7B 7A B2 A0   2F B2 E2 E2 99 3F 4E 04  ]y[B.z../....?N.
> 00D0: 5A B6 A4 3C AE 87 56 9C   FE 5B 3F ED FF F2 BE 08  Z..<..V..[?.....
> 00E0: 41 58 DA B4 D6 4F 07 32   88 D4 D6 6A 04 1C B2 19  AX...O.2...j....
> 00F0: F0 81 30 AC E2 5E 2C 0E   0F 74 6A C0 BC FB 69 DB  ..0..^,..tj...i.
>
> ]
> chain [1] = [
> [
>   Version: V3
>   Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
>
>   Key:  Sun RSA public key, 2048 bits
>   modulus:
> 23685449346636254113318482276084164413142659128854840768942299321394737954429404041178982324865695117167644018417883581908233203579929203355300083199684335004614938545242569388045531266139551139698752265906641239103053753508150098341066869942096076637302674285245424370887581365416303221958867497942591863181826678560003462060721438125193410845079392111581138356698326573169063018854406482435149809422648652665032866828788516533912173295765680040317214661126351524350664638926446785305292195063434557398232762659224147517738967351528085297919255392228217167623372168681060913024661959907781707469719652431729393063281
>   public exponent: 65537
>   Validity: [From: Tue Sep 05 14:54:01 CEST 2006,
>                To: Sat Sep 05 14:54:01 CEST 2026]
>   SerialNumber: [    02]
>
> Certificate Extensions: 6
> [1]: ObjectId: 2.5.29.14 Criticality=false
> SubjectKeyIdentifier [
> KeyIdentifier [
> 0000: 3E 02 D3 0E 09 89 66 80   D6 CE 3D BD B3 E8 6B 06  >.....f...=...k.
> 0010: 4D FB 1F E8                                        M...
> ]
> ]
>
> [2]: ObjectId: 2.5.29.35 Criticality=false
> AuthorityKeyIdentifier [
> KeyIdentifier [
> 0000: 1A 92 53 C8 CF 33 1B B6   F2 A5 60 7D E2 AF 24 12  ..S..3....`...$.
> 0010: 41 B0 9A 60                                        A..`
> ]
> SerialNumber: [    00]
> ]
>
> [3]: ObjectId: 2.5.29.31 Criticality=false
> CRLDistributionPoints [
>   [DistributionPoint:
> , DistributionPoint:
> ]]
>
> [4]: ObjectId: 2.5.29.32 Criticality=false
> CertificatePolicies [
>   [CertificatePolicyId: [1.2.250.1.16.12]
> []  ]
> ]
>
> [5]: ObjectId: 2.5.29.15 Criticality=true
> KeyUsage [
>   Key_CertSign
>   Crl_Sign
> ]
>
> [6]: ObjectId: 2.5.29.19 Criticality=true
> BasicConstraints:[
>   CA:true
>   PathLen:2147483647
> ]
>
> ]
>   Algorithm: [SHA1withRSA]
>   Signature:
> 0000: 3C 67 21 20 61 BE AE 2D   FF F5 1B CD 11 BB 59 EB  <g! a..-......Y.
> 0010: 45 A2 08 C2 EC E6 5C 09   C7 64 D5 A7 A1 70 5C 7F  E.....\..d...p\.
> 0020: 04 11 7F DF C1 F3 51 DE   B9 4F 0D 70 BB F5 EA FD  ......Q..O.p....
> 0030: C4 50 51 D5 3A 9B 15 50   F9 F8 D0 37 B9 44 51 A8  .PQ.:..P...7.DQ.
> 0040: 7E D8 E2 C2 AB C9 21 88   5D B9 18 65 A5 D4 9B CD  ......!.]..e....
> 0050: AB E9 C9 93 89 61 96 D8   4B 1C D9 7D FD 30 5A 78  .....a..K....0Zx
> 0060: 2E B5 91 5E BA 39 27 0A   18 92 BD 39 4A 8E 65 73  ...^.9'....9J.es
> 0070: F8 0E 06 F0 52 66 D3 09   BA D0 94 3D 20 70 CA 94  ....Rf.....= p..
> 0080: B2 E9 E6 A9 12 31 DD 41   94 5C DE F5 CD 9E 3C 62  .....1.A.\....<b
> 0090: 4E 40 CE B5 82 02 A2 A5   A5 C9 BE 06 FE 6D 30 8B  N@...........m0.
> 00A0: 16 62 B7 05 F9 1D FA 73   6C AC 3F D9 EC EB 20 59  .b.....sl.?... Y
> 00B0: DF CE 5A 82 B8 A5 4F C2   03 58 1A CB 35 98 23 D4  ..Z...O..X..5.#.
> 00C0: 99 D1 D0 81 B1 14 C8 D3   DE E0 7A 73 75 68 37 C5  ..........zsuh7.
> 00D0: 35 D5 85 A1 E0 4F CB E0   58 73 2E 41 09 CA 78 C2  5....O..Xs.A..x.
> 00E0: AB 8E B6 47 D7 40 61 3A   8C 4E E2 A8 CB 96 69 73  ...G.@a:.N....is
> 00F0: 99 1E 43 A5 38 26 A3 5E   D9 78 5B 6F C6 B5 82 4D  ..C.8&.^.x[o...M
>
> ]
> chain [2] = [
> [
>   Version: V3
>   Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
>
>   Key:  Sun RSA public key, 2048 bits
>   modulus:
> 22730338784357731088235141180073007236874069855027657431822718680660623728201654654164114619832400514153780125739988781893743587466249379265671653538535573734335247591284140150677069330432768954634595887439793988767531901825776673765978129048121101449477434181587805952586921587129053300510415556884016650154851331836045323120976608670411166944125184043955587823348992637812379494139041430401045487015317539734292873877949155262125328474609840418150077877943215369744783079540426109850783788767568661560895345677216761496676639780835537794338582360145380017192777189913636450903958093243308046107268155241898183491513
>   public exponent: 65537
>   Validity: [From: Mon Nov 14 13:34:06 CET 2005,
>                To: Wed Nov 14 13:34:06 CET 2035]
>   SerialNumber: [    00]
>
> Certificate Extensions: 5
> [1]: ObjectId: 2.5.29.14 Criticality=false
> SubjectKeyIdentifier [
> KeyIdentifier [
> 0000: 1A 92 53 C8 CF 33 1B B6   F2 A5 60 7D E2 AF 24 12  ..S..3....`...$.
> 0010: 41 B0 9A 60                                        A..`
> ]
> ]
>
> [2]: ObjectId: 2.5.29.35 Criticality=false
> AuthorityKeyIdentifier [
> KeyIdentifier [
> 0000: 1A 92 53 C8 CF 33 1B B6   F2 A5 60 7D E2 AF 24 12  ..S..3....`...$.
> 0010: 41 B0 9A 60                                        A..`
> ]
> ]
>
> [3]: ObjectId: 2.5.29.32 Criticality=false
> CertificatePolicies [
>   [CertificatePolicyId: [1.2.250.1.16.12]
> []  ]
> ]
>
> [4]: ObjectId: 2.5.29.15 Criticality=true
> KeyUsage [
>   Key_CertSign
>   Crl_Sign
> ]
>
> [5]: ObjectId: 2.5.29.19 Criticality=true
> BasicConstraints:[
>   CA:true
>   PathLen:2147483647
> ]
>
> ]
>   Algorithm: [SHA1withRSA]
>   Signature:
> 0000: 83 11 CE 19 0C 81 5E 69   00 13 15 CF 03 3A 2B A7  ......^i.....:+.
> 0010: 87 EF 3D 92 12 F3 71 60   AB 57 FE FB 13 7C C6 A4  ..=...q`.W......
> 0020: D2 C8 87 E8 27 B3 9A D2   7D 69 7C A6 51 9D 9F 2D  ....'....i..Q..-
> 0030: E6 56 F3 27 EF 90 07 E7   FF 43 2E 0F B9 DB B1 55  .V.'.....C.....U
> 0040: B7 C4 64 B8 E7 0F BF 49   6C 25 A4 F0 C2 BF 5C D3  ..d....Il%....\.
> 0050: B4 56 D7 DE D6 1F 01 4C   90 4A 09 3B 93 BD 32 D1  .V.....L.J.;..2.
> 0060: 7C D2 40 AA 9B DE 83 72   21 27 02 DF 0B 46 50 BA  ..@....r!'...FP.
> 0070: 33 64 D7 1B 98 5E AA D3   B1 A6 CF 0A AB 21 E9 0E  3d...^.......!..
> 0080: 3B 6F D9 21 76 0D 04 8C   B5 57 D7 12 EA CF 64 56  ;o.!v....W....dV
> 0090: C4 B4 46 9E CB 7E B8 B6   9C 4A DE 6D 85 80 0D 92  ..F......J.m....
> 00A0: 45 96 3C E7 6E 08 B3 C1   68 9D 29 A0 EA 54 B0 F3  E.<.n...h.)..T..
> 00B0: 06 3F 3F 42 D5 C2 B3 B4   AE 92 42 4F 28 BC 04 9B  .??B......BO(...
> 00C0: 99 E4 27 71 7F 98 94 CA   CC D4 70 33 C9 68 10 D3  ..'q......p3.h..
> 00D0: 9F 0F E9 ED 51 CE 95 2E   D7 5A 53 41 9A 21 56 C0  ....Q....ZSA.!V.
> 00E0: 18 65 6D 9B B5 01 AF A3   A6 14 49 AD C2 7F 7F CC  .em.......I.....
> 00F0: 14 0F B7 57 F3 C7 72 CE   C4 6C 55 AB 3B 70 7D DC  ...W..r..lU.;p..
>
> ]
> ***
> http-nio-8080-exec-1, READ: TLSv1.2 Handshake, length = 333
> *** ECDH ServerKeyExchange
> Signature Algorithm SHA512withRSA
> Server key: Sun EC public key, 256 bits
>   public x coord:
> 109065528231066402822798953331530470954068422219178140278606586409764400154881
>   public y coord:
> 72659084421294274894543740718930276936577534240977171668665811399977128870348
>   parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
> http-nio-8080-exec-1, READ: TLSv1.2 Handshake, length = 4
> *** ServerHelloDone
> *** ECDHClientKeyExchange
> ECDH Public value:  { 4, 45, 30, 196, 92, 215, 53, 22, 24, 182, 220, 113,
> 219, 29, 121, 134, 147, 243, 90, 90, 199, 4, 204, 186, 216, 133, 239, 192,
> 176, 7, 46, 156, 37, 32, 96, 32, 147, 70, 54, 56, 143, 243, 192, 170, 181,
> 162, 28, 117, 198, 150, 50, 126, 11, 39, 150, 233, 129, 19, 163, 138, 190,
> 33, 72, 39, 43 }
> http-nio-8080-exec-1, WRITE: TLSv1.2 Handshake, length = 70
> SESSION KEYGEN:
> PreMaster Secret:
> 0000: FB A8 75 2D 13 31 9A 4B   29 89 58 6D A2 FC 9D 25  ..u-.1.K).Xm...%
> 0010: CE E7 79 AD FA 4F 80 60   4B C7 E6 11 18 24 0C F2  ..y..O.`K....$..
> CONNECTION KEYGEN:
> Client Nonce:
> 0000: 56 E1 25 B5 3B C5 D0 AE   94 F0 B1 CE D4 24 A3 62  V.%.;........$.b
> 0010: 86 4D B4 56 49 37 1B 66   6A 35 F3 7B B0 C6 C9 7A  .M.VI7.fj5.....z
> Server Nonce:
> 0000: A7 AB 2D 04 24 82 55 E1   34 28 B7 37 EE F0 9D 57  ..-.$.U.4(.7...W
> 0010: FC 15 E7 92 1A A7 8A 5B   BD 43 D0 92 64 51 7C 6A  .......[.C..dQ.j
> Master Secret:
> 0000: 87 88 54 F9 82 C7 2E 21   02 2C A7 17 BB 8D F2 23  ..T....!.,.....#
> 0010: 2F 2F AA D4 F3 2C CF A9   E9 E7 82 2D 72 4F 1A 66  //...,.....-rO.f
> 0020: CD 53 34 7A C2 F0 0E FD   90 15 C0 2E 39 8D 37 0C  .S4z........9.7.
> Client MAC write Secret:
> 0000: 9A 4F EC BA 07 33 75 54   F2 D2 6D 10 60 AD FF AC  .O...3uT..m.`...
> 0010: 1C BA 28 73                                        ..(s
> Server MAC write Secret:
> 0000: E7 3F 23 3E 79 D7 CE AF   82 79 25 4A 22 8D 35 4D  .?#>y....y%J".5M
> 0010: 95 64 DD 98                                        .d..
> Client write key:
> 0000: E9 BC F3 81 59 6F 67 6C   39 28 DC A6 E3 2F F0 1F  ....Yogl9(.../..
> Server write key:
> 0000: A4 4E 43 29 2F D7 93 1C   6B 8A 67 F3 8D 09 F3 B7  .NC)/...k.g.....
> ... no IV derived for this protocol
> http-nio-8080-exec-1, WRITE: TLSv1.2 Change Cipher Spec, length = 1
> *** Finished
> verify_data:  { 218, 194, 148, 38, 172, 247, 142, 98, 219, 2, 196, 158 }
> ***
> http-nio-8080-exec-1, WRITE: TLSv1.2 Handshake, length = 64
> http-nio-8080-exec-1, READ: TLSv1.2 Change Cipher Spec, length = 1
> http-nio-8080-exec-1, READ: TLSv1.2 Handshake, length = 64
> *** Finished
> verify_data:  { 116, 137, 85, 218, 196, 105, 218, 92, 137, 68, 37, 197 }
> ***
> %% Cached client session: [Session-2, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
> http-nio-8080-exec-1, setSoTimeout(60000) called
> http-nio-8080-exec-1, WRITE: TLSv1.2 Application Data, length = 432
> http-nio-8080-exec-1, READ: TLSv1.2 Application Data, length = 5984
> [DEBUG] org.jclouds.http.okhttp.OkHttpCommandExecutorService - Receiving
> response -1336091735: HTTP/1.1 200 OK
> [DEBUG] jclouds.headers - << HTTP/1.1 200 OK
> [DEBUG] jclouds.headers - << Connection: close
> [DEBUG] jclouds.headers - << Date: Thu, 10 Mar 2016 07:43:47 GMT
> [DEBUG] jclouds.headers - << OkHttp-Received-Millis: 1457595830286
> [DEBUG] jclouds.headers - << OkHttp-Selected-Protocol: http/1.1
> [DEBUG] jclouds.headers - << OkHttp-Sent-Millis: 1457595830114
> [DEBUG] jclouds.headers - << Vary: X-Auth-Token
> [DEBUG] jclouds.headers - << Content-Type: application/json
> [DEBUG] jclouds.headers - << Content-Length: 5784
> http-nio-8080-exec-1, called close()
> http-nio-8080-exec-1, called closeInternal(true)
> http-nio-8080-exec-1, SEND TLSv1.2 ALERT:  warning, description =
> close_notify
> http-nio-8080-exec-1, WRITE: TLSv1.2 Alert, length = 48
> http-nio-8080-exec-1, called closeSocket(selfInitiated)
> [DEBUG] jclouds.wire - << "{"access": {"token": {"issued_at":
> "2016-03-10T07:43:47.213903", "expires": "2016-03-10T08:43:47Z", "id":
> "a9c5ec9805ca463db7f52c115a4c5fca", "tenant": {"id":
> "0acf5d5461eb42beb3dc5fca655b3974", "enabled": true, "name": "ttt",
> "description": "Project"}, "audit_ids": ["dIMM3o4WQlCGfOSPSXUw2w"]},
> "serviceCatalog": [{"endpoints": [{"adminURL":
> "http://192.168.10.2:8774/v2/0acf5d5461eb42beb3dc5fca655b3974", "region":
> "RegionOne", "internalURL":
> "http://192.168.10.2:8774/v2/0acf5d5461eb42beb3dc5fca655b3974", "id":
> "a733ca310f044dbe8a11af9da9e41aea", "publicURL":
> "https://ow:8774/v2/0acf5d5461eb42beb3dc5fca655b3974"}], "endpoints_links":
> [], "type": "compute", "name": "nova"}, {"endpoints": [{"adminURL":
> "http://192.168.10.2:9696/", "region": "RegionOne", "internalURL":
> "http://192.168.10.2:9696/", "id": "116d516a5c234ee0a40a28fe7458dc21",
> "publicURL": "https://ow:9696/"}], "endpoints_links": [], "type": "network",
> "name": "neutron"}, {"endpoints": [{"adminURL":
> "http://192.168.10.2:8776/v2/0acf5d5461eb42beb3dc5fca655b3974", "region":
> "RegionOne", "internalURL":
> "http://192.168.10.2:8776/v2/0acf5d5461eb42beb3dc5fca655b3974", "id":
> "558ab7970ebd48d89b4ee7116f9812ba", "publicURL":
> "https://ow:8776/v2/0acf5d5461eb42beb3dc5fca655b3974"}], "endpoints_links":
> [], "type": "volumev2", "name": "cinderv2"}, {"endpoints": [{"adminURL":
> "http://192.168.10.2:9292", "region": "RegionOne", "internalURL":
> "http://192.168.10.2:9292", "id": "0775aefe089744fc89044ab90f0b8d61",
> "publicURL": "https://ow:9292"}], "endpoints_links": [], "type": "image",
> "name": "glance"}, {"endpoints": [{"adminURL": "http://192.168.10.2:8777",
> "region": "RegionOne", "internalURL": "http://192.168.10.2:8777", "id":
> "181a3c63d76d4ecebc63669f3cd92a57", "publicURL": "https://ow:8777"}],
> "endpoints_links": [], "type": "metering", "name": "ceilometer"},
> {"endpoints": [{"adminURL": "http://192.168.10.2:8000/v1/", "region":
> "RegionOne", "internalURL": "http://192.168.10.2:8000/v1/", "id":
> "0d1b7106b6864a3fa1f8524f890bfa54", "publicURL": "https://ow:8000/v1/"}],
> "endpoints_links": [], "type": "cloudformation", "name": "heat-cfn"},
> {"endpoints": [{"adminURL":
> "http://192.168.10.2:8776/v1/0acf5d5461eb42beb3dc5fca655b3974", "region":
> "RegionOne", "internalURL":
> "http://192.168.10.2:8776/v1/0acf5d5461eb42beb3dc5fca655b3974", "id":
> "13b643d4d41a4b9698d4b5e6dd05a438", "publicURL":
> "https://ow:8776/v1/0acf5d5461eb42beb3dc5fca655b3974"}], "endpoints_links":
> [], "type": "volume", "name": "cinder"}, {"endpoints": [{"adminURL":
> "http://192.168.10.2:12347/graphix/api/v1.0", "region": "RegionOne",
> "internalURL": "http://192.168.10.2:12347/graphix/api/v1.0", "id":
> "0c8b8fc298e24942814c4997426e1230", "publicURL":
> "https://ow:12347/graphix/api/v1.0"}], "endpoints_links": [], "type":
> "graphix", "name": "graphix"}, {"endpoints": [{"adminURL":
> "http://owl:8080/render", "region": "RegionOne", "internalURL":
> "http://owl:8080/render", "id": "0953e3b523614af0ad9c18d4f948b9e0",
> "publicURL": "https://owl:8080/render"}], "endpoints_links": [], "type":
> "metering-graph", "name": "metering-graph"}, {"endpoints": [{"adminURL":
> "http://192.168.10.2:8773/services/Admin", "region": "RegionOne",
> "internalURL": "http://192.168.10.2:8773/services/Cloud", "id":
> "93a96fa3cf7845608fcf642258f66d95", "publicURL":
> "https://ow:8773/services/Cloud"}], "endpoints_links": [], "type": "ec2",
> "name": "nova_ec2"}, {"endpoints": [{"adminURL":
> "http://192.168.10.2:8004/v1/0acf5d5461eb42beb3dc5fca655b3974", "region":
> "RegionOne", "internalURL":
> "http://192.168.10.2:8004/v1/0acf5d5461eb42beb3dc5fca655b3974", "id":
> "4f7b25b00a6244fd8e29ef83959e62f1", "publicURL":
> "https://ow:8004/v1/0acf5d5461eb42beb3dc5fca655b3974"}], "endpoints_links":
> [], "type": "orchestration", "name": "heat"}, {"endpoints": [{"adminURL":
> "http://192.168.10.2:23456/rules-engine/api/v1.0", "region": "RegionOne",
> "internalURL": "http://192.168.10.2:23456/rules-engine/api/v1.0", "id":
> "5bf5bd405fcf4f438411ea391ba129ab", "publicURL":
> "https://ow:23456/rules-engine/api/v1.0"}], "endpoints_links": [], "type":
> "rules-engine", "name": "rules-engine"}, {"endpoints": [{"adminURL":
> "http://192.168.10.2:8080/swift/v1", "region": "RegionOne", "internalURL":
> "http://192.168.10.2:8080/swift/v1", "id":
> "64c562a05ad5486aa1580a260fa7241c", "publicURL":
> "https://ow:8080/swift/v1"}], "endpoints_links": [], "type": "object-store",
> "name": "swift"}, {"endpoints": [{"adminURL":
> "http://192.168.10.2:12345/ow-module/api/v1.0", "region": "RegionOne",
> "internalURL": "http://10.226.204.6:12345/ow-module/api/v1.0", "id":
> "72394ca4518d4f2099dd77ef53170766", "publicURL":
> "https://ow:12345/ow-module/api/v1.0"}], "endpoints_links": [], "type":
> "ow", "name": "ow"}, {"endpoints": [{"adminURL":
> "http://192.168.10.2:35357/v2.0", "region": "RegionOne", "internalURL":
> "http://192.168.10.2:5000/v2.0", "id": "286f7cc2ee5349308e4624498f6f7125",
> "publicURL": "https://ow:5000/v2.0"}], "endpoints_links": [], "type":
> "identity", "name": "keystone"}], "user": {"username": "uuu", "roles_links":
> [], "id": "b723bf3c38f248fcbb7ea98d81cb1b61", "roles": [{"name":
> "heat_stack_owner"}, {"name": "_member_"}], "name": "uuu"}, "metadata":
> {"is_admin": 0, "roles": ["2c5cb4420a61422d8073e7cecb8d3833",
> "9fe2ff9ee4384b1894a90878d3e92bab"]}}}"
> [DEBUG]
> org.jclouds.openstack.keystone.v2_0.suppliers.RegionIdToAdminURIFromAccessForTypeAndVersion
> - endpoints for apiType identity and version 2.0:
> {RegionOne=[Endpoint{id=286f7cc2ee5349308e4624498f6f7125, region=RegionOne,
> publicURL=https://ow:5000/v2.0, internalURL=http://192.168.10.2:5000/v2.0,
> adminURL=http://192.168.10.2:35357/v2.0}]}
> [DEBUG] com.google.inject.internal.BytecodeGen - Loading class
> org.jclouds.openstack.keystone.v2_0.filters.AuthenticateRequest FastClass
> with sun.misc.Launcher$AppClassLoader@7b7072
> [DEBUG] com.google.inject.internal.BytecodeGen - Loading class
> org.jclouds.Fallbacks$NullOnNotFoundOr404 FastClass with
> sun.misc.Launcher$AppClassLoader@7b7072
> [DEBUG] org.jclouds.rest.internal.InvokeHttpMethod - >> invoking token:get
> [DEBUG] org.jclouds.http.okhttp.OkHttpCommandExecutorService - Sending
> request 1787367588: GET
> http://192.168.10.2:35357/v2.0/tokens/5003cfd56e8e425e8134e572aebaafc6
> HTTP/1.1
> [DEBUG] jclouds.headers - >> GET
> http://192.168.10.2:35357/v2.0/tokens/5003cfd56e8e425e8134e572aebaafc6
> HTTP/1.1
> [DEBUG] jclouds.headers - >> Accept: application/json
> [DEBUG] jclouds.headers - >> X-Auth-Token: a9c5ec9805ca463db7f52c115a4c5fca
> [DEBUG] org.jclouds.http.okhttp.OkHttpCommandExecutorService - Receiving
> response 1787367588: HTTP/1.1 503 Service Unavailable
> [DEBUG] jclouds.headers - << HTTP/1.1 503 Service Unavailable
>
>
> 2016-03-09 22:25 GMT+01:00 Ignasi Barrera <nacx@apache.org>:
>>
>> Could you enable the "jclouds.wire" logger [1] to see the response
>> you're getting from Keystone? By default jclouds should pick the
>> publicURL, so let's double check how keystone is returning the
>> endpoints.
>>
>>
>> [1] http://jclouds.apache.org/reference/logging/
>>
>> On 9 March 2016 at 19:17, Mop Sophia <mopsophia@gmail.com> wrote:
>> > Here are the modules used :
>> >
>> >         Module tlsModule = new AbstractModule() {
>> >            @Override protected void configure() {
>> >
>> > bind(OkHttpClientSupplier.class).to(TLSOkHttpClientSupplier.class);
>> >            }
>> >         };
>> >
>> >
>> >         Iterable<Module> modules = ImmutableSet.<Module>of(new
>> > SLF4JLoggingModule(),tlsModule, new
>> > OkHttpCommandExecutorServiceModule());
>> >
>> >
>> > 2016-03-09 18:47 GMT+01:00 Ignasi Barrera <nacx@apache.org>:
>> >>
>> >> Yes there is, but if I'm not wrong the jclouds default is to use the
>> >> public url and fallback to the internal one. Do you have any special
>> >> Guice
>> >> module configuration?
>> >>
>> >> El 9/3/2016 5:36 p. m., "Mop Sophia" <mopsophia@gmail.com> escribió:
>> >>>
>> >>> Thanks Ignasi, it's ok when using the proxy properties (it was the way
>> >>> I
>> >>> was using before going to okhttp)
>> >>>
>> >>> In fact, the issue is the connection to the service on this platform.
>> >>> The
>> >>> login using keystone is ok, but the use of service fails :(
>> >>> It seems JClouds uses the adminURL, I would like to use publicURL, I
>> >>> don't if there is something configure it...
>> >>>
>> >>> My case is to check a tenant witth this code :
>> >>>             keystoneApi = ContextBuilder.newBuilder(provider)
>> >>>                   .endpoint(endpoint)
>> >>>                   .credentials(identity, password)
>> >>>                   .modules(modules)
>> >>>                   .overrides(overrides)
>> >>>                   .buildApi(KeystoneApi.class);
>> >>>
>> >>>             // Request Openstack Keystone to validate the token
>> >>>             Token token =
>> >>> keystoneApi.getTokenApi().get().get(authToken);
>> >>>             // Fails because JClouds get the adminUrl of keystone to
>> >>> make
>> >>> the request
>> >>>
>> >>> Regards,
>> >>>
>> >>> Stéphane
>> >>>
>> >>>
>> >>>
>> >>> 2016-03-09 13:32 GMT+01:00 Ignasi Barrera <nacx@apache.org>:
>> >>>>
>> >>>> Don't configure the proxy in the client supplier. Just configure
it
>> >>>> the "standard jclouds way", by configuring the proxy properties
as
>> >>>> "overrides" when creating the context:
>> >>>>
>> >>>>
>> >>>> http://jclouds-javadocs.elasticbeanstalk.com/constant-values.html#org.jclouds.Constants.PROPERTY_PROXY_HOST
>> >>>>
>> >>>> On 9 March 2016 at 13:18, Mop Sophia <mopsophia@gmail.com>
wrote:
>> >>>> > Hi,
>> >>>> >
>> >>>> > Thanks for this code Ignasi, but it seems the client configuration
>> >>>> > is
>> >>>> > not
>> >>>> > used, because the client tries a direct connection without
proxy :(
>> >>>> > Here is my code :
>> >>>> >
>> >>>> >     public static class TLSOkHttpClientSupplier implements
>> >>>> > OkHttpClientSupplier {
>> >>>> >        @Override public OkHttpClient get() {
>> >>>> >           OkHttpClient client = new OkHttpClient();
>> >>>> >           ConnectionSpec tlsSpec =
>> >>>> >               new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
>> >>>> >              .tlsVersions(TlsVersion.TLS_1_1, TlsVersion.TLS_1_2)
>> >>>> >              .build();
>> >>>> >           ConnectionSpec cleartextSpec =
>> >>>> >              new
>> >>>> > ConnectionSpec.Builder(ConnectionSpec.CLEARTEXT).build();
>> >>>> >           client.setConnectionSpecs(ImmutableList.of(tlsSpec,
>> >>>> > cleartextSpec));
>> >>>> >           client.setProxy(new Proxy(Proxy.Type.HTTP, new
>> >>>> > InetSocketAddress("10.182.110.12", 8080)));
>> >>>> >           return client;
>> >>>> >        }
>> >>>> >     }
>> >>>> >
>> >>>> >
>> >>>> >         Module tlsModule = new AbstractModule() {
>> >>>> >            @Override protected void configure() {
>> >>>> >
>> >>>> > bind(OkHttpClientSupplier.class).to(TLSOkHttpClientSupplier.class);
>> >>>> >            }
>> >>>> >         };
>> >>>> >
>> >>>> >
>> >>>> >         Iterable<Module> modules = ImmutableSet.<Module>of(new
>> >>>> > SLF4JLoggingModule(),tlsModule, new
>> >>>> > OkHttpCommandExecutorServiceModule());
>> >>>> >
>> >>>> >             Properties overrides = new Properties();
>> >>>> >
>> >>>> >
>> >>>> >
>> >>>> > overrides.setProperty(Constants.PROPERTY_LOGGER_WIRE_LOG_SENSITIVE_INFO,
>> >>>> > true + "");
>> >>>> >
>> >>>> >             keystoneApi = ContextBuilder.newBuilder(provider)
>> >>>> >                   .endpoint(endpoint)
>> >>>> >                   .credentials(identity, password)
>> >>>> >                   .modules(modules)
>> >>>> >                   .overrides(overrides)
>> >>>> >                   .buildApi(KeystoneApi.class);
>> >>>> >
>> >>>> >
>> >>>> > Any idea of my mistake ?
>> >>>> >
>> >>>> > Regards,
>> >>>> >
>> >>>> > Stéphane
>> >>>> >
>> >>>> >
>> >>>> > 2016-03-05 1:28 GMT+01:00 Ignasi Barrera <nacx@apache.org>:
>> >>>> >>
>> >>>> >> Hi!
>> >>>> >>
>> >>>> >> Andrew's link will provide you the context you need.
>> >>>> >>
>> >>>> >> I don't know if there is a proper way of configuring this
using
>> >>>> >> the
>> >>>> >> default HTTP driver, but here is a specific example using
the
>> >>>> >> OkHttp
>> >>>> >> one:
>> >>>> >>
>> >>>> >> First you will need to create an OkHttpClientSupplier that
creates
>> >>>> >> the
>> >>>> >> http client with the desired connection configuration:
>> >>>> >>
>> >>>> >> public class TLSOkHttpClientSupplier implements
>> >>>> >> OkHttpClientSupplier
>> >>>> >> {
>> >>>> >>    @Override public OkHttpClient get() {
>> >>>> >>       OkHttpClient client = new OkHttpClient();
>> >>>> >>       ConnectionSpec tlsSpec =
>> >>>> >>           new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
>> >>>> >>          .tlsVersions(TlsVersion.TLS_1_1, TlsVersion.TLS_1_2)
>> >>>> >>          .build();
>> >>>> >>       ConnectionSpec cleartextSpec =
>> >>>> >>          new
>> >>>> >> ConnectionSpec.Builder(ConnectionSpec.CLEARTEXT).build();
>> >>>> >>       client.setConnectionSpecs(ImmutableList.of(tlsSpec,
>> >>>> >> cleartextSpec));
>> >>>> >>       return client;
>> >>>> >>    }
>> >>>> >> }
>> >>>> >>
>> >>>> >> Once you have the class that will create the OkHttpClient
you just
>> >>>> >> have to inject it in the Guice context and configure the
OkHttp
>> >>>> >> driver
>> >>>> >> to be used to manage the HTTP connections. Both things
are
>> >>>> >> achieved
>> >>>> >> by
>> >>>> >> providing additional modules when creating the context:
>> >>>> >>
>> >>>> >> // Create a Guice module that will bind your supplier
>> >>>> >> implementation
>> >>>> >> // to the injection context
>> >>>> >> Module tlsModule = new AbstractModule() {
>> >>>> >>    @Override protected void configure() {
>> >>>> >>
>> >>>> >>
>> >>>> >> bind(OkHttpClientSupplier.class).to(TLSOkHttpClientSupplier.class);
>> >>>> >>    }
>> >>>> >> };
>> >>>> >>
>> >>>> >> // Create the context loading the OkHttpDriver and your
custom
>> >>>> >> module
>> >>>> >> ContextBuilder.newBuilder("provider")
>> >>>> >>    .modules(ImmutableSet.of(tlsModule,
>> >>>> >>       new OkHttpCommandExecutorServiceModule()))
>> >>>> >>    .build()
>> >>>> >>
>> >>>> >> Note than in order to use the OkHttp driver you'll have
to add the
>> >>>> >> "org.apache.jclouds.driver/jclouds-okhttp" dependency to
your
>> >>>> >> pom.xml.
>> >>>> >>
>> >>>> >>
>> >>>> >> HTH!
>> >>>> >>
>> >>>> >> I.
>> >>>> >>
>> >>>> >> On 4 March 2016 at 22:23, Andrew Phillips <andrewp@apache.org>
>> >>>> >> wrote:
>> >>>> >> > Hi Stéphane
>> >>>> >> >
>> >>>> >> >> Any idea of code to configure my http client with
TLSv1.1 or
>> >>>> >> >> TLSv1.2
>> >>>> >> >> instead of TLSv1.0, please ?
>> >>>> >> >
>> >>>> >> >
>> >>>> >> > The following blog post doesn't provide a step-by-step
solution,
>> >>>> >> > but
>> >>>> >> > should
>> >>>> >> > hopefully help:
>> >>>> >> >
>> >>>> >> > https://jclouds.apache.org/blog/2014/10/25/poodle-and-jclouds/
>> >>>> >> >
>> >>>> >> > Regards
>> >>>> >> >
>> >>>> >> > ap
>> >>>> >
>> >>>> >
>> >>>
>> >>>
>> >
>
>

Mime
View raw message