jclouds-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ignasi Barrera <n...@apache.org>
Subject Re: Using JClouds without TLSv1.0
Date Thu, 10 Mar 2016 14:53:11 GMT
Great to see it worked in the end! :)

On 10 March 2016 at 15:17, Mop Sophia <mopsophia@gmail.com> wrote:
> Nice ! It works fine !
>
> Thank you very much Ignasi ;)
>
> 2016-03-10 15:10 GMT+01:00 Ignasi Barrera <nacx@apache.org>:
>>
>> OK, then try this. Create a class like this one [1], that implements
>> the EndpointToSupplierAdminURI, and just returns the public url
>> instead of the admin one. Then, bind the EndpointToSupplierAdminURI to
>> your class, and that should work fine.
>>
>>
>> [1]
>> https://github.com/jclouds/jclouds/blob/master/apis/openstack-keystone/src/main/java/org/jclouds/openstack/keystone/v2_0/functions/AdminURL.java
>>
>> On 10 March 2016 at 11:22, Mop Sophia <mopsophia@gmail.com> wrote:
>> > It seems that I'm not able to put PublicURLOrInternalIfNull.class as a
>> > parameter of to() method because PublicURLOrInternalIfNull does not
>> > inherit
>> > from EndpointToSupplierAdminURI...
>> >
>> > The method to(Class<? extends EndpointToSupplierAdminURI>) in the type
>> > LinkedBindingBuilder<EndpointToSupplierAdminURI> is not applicable for
>> > the
>> > arguments (Class<PublicURLOrInternalIfNull>)
>> >
>> >
>> > 2016-03-10 10:23 GMT+01:00 Ignasi Barrera <nacx@apache.org>:
>> >>
>> >> (Moving back the thread to the jclouds user list)
>> >>
>> >> Looking at the code, it seems that the User, Token and Tenant apis
>> >> from keystone use the admin endpoint by default. You can try to change
>> >> the default behavior and let the public endpoint be picked instead of
>> >> the admin one. Add the following module to the list of modules you
>> >> pass to the context builder:
>> >>
>> >> new AbstractModule() {
>> >>    @Override protected void configure() {
>> >>
>> >>
>> >> bind(EndpointToSupplierAdminURI.class).to(PublicURLOrInternalIfNull.class).in(Scopes.SINGLETON);
>> >>    }
>> >> }
>> >>
>> >> If you need to access the admin apis from outside the network, though,
>> >> you could consider configuring the endpoints in your OpenStack
>> >> installation to provide a public IP in the admin endpoint too.
>> >>
>> >> Let's see if this works!
>> >>
>> >> On 10 March 2016 at 08:53, Mop Sophia <mopsophia@gmail.com> wrote:
>> >> > Yes, it's what I checked. The login to Keystone is ok, the service
>> >> > catalog
>> >> > is returned, then jclouds uses the adminURL to send the request to
>> >> > check
>> >> > the
>> >> > token. When I search the endpoint used by jclouds in the message
>> >> > returned by
>> >> > Keystone, the only one occurence is the adminURL of Keystone.
>> >> > Maybe, the url used is depending of service used ? Maybe, the
>> >> > adminURL
>> >> > is
>> >> > used because I use the TokenApi ?
>> >> >
>> >> > Here is the log :
>> >> > [DEBUG] org.jclouds.rest.internal.InvokeHttpMethod - >> invoking
>> >> > AuthenticationApi.authenticateWithTenantNameAndCredentials
>> >> > [DEBUG] org.jclouds.http.okhttp.OkHttpCommandExecutorService -
>> >> > Sending
>> >> > request -1336091735: POST https://ow:5000/v2.0/tokens HTTP/1.1
>> >> > [DEBUG] jclouds.wire - >>
>> >> >
>> >> >
>> >> > "{"auth":{"passwordCredentials":{"username":"uuu","password":"ppp"},"tenantName":"ttt"}}"
>> >> > [DEBUG] jclouds.headers - >> POST https://ow:5000/v2.0/tokens
>> >> > HTTP/1.1
>> >> > [DEBUG] jclouds.headers - >> Accept: application/json
>> >> > [DEBUG] jclouds.headers - >> Content-Type: application/json
>> >> > [DEBUG] jclouds.headers - >> Content-Length: 136
>> >> > Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
>> >> > Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
>> >> > Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
>> >> > Ignoring unsupported cipher suite:
>> >> > TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
>> >> > Ignoring unsupported cipher suite:
>> >> > TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
>> >> > Ignoring unsupported cipher suite:
>> >> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
>> >> > Ignoring unsupported cipher suite:
>> >> > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
>> >> > Ignoring unsupported cipher suite:
>> >> > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
>> >> > Ignoring unsupported cipher suite:
>> >> > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
>> >> > Ignoring unsupported cipher suite:
>> >> > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
>> >> > Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
>> >> > Ignoring unavailable cipher suite:
>> >> > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
>> >> > Ignoring unsupported cipher suite:
>> >> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
>> >> > Ignoring unsupported cipher suite:
>> >> > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
>> >> > Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
>> >> > Ignoring unsupported cipher suite:
>> >> > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
>> >> > Ignoring unsupported cipher suite:
>> >> > TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
>> >> > Ignoring unsupported cipher suite:
>> >> > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
>> >> > Ignoring unavailable cipher suite:
>> >> > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
>> >> > Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
>> >> > Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
>> >> > Allow unsafe renegotiation: false
>> >> > Allow legacy hello messages: true
>> >> > Is initial handshake: true
>> >> > Is secure renegotiation: false
>> >> > Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
>> >> > Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
>> >> > Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
>> >> > Ignoring unavailable cipher suite:
>> >> > TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
>> >> > Ignoring unavailable cipher suite:
>> >> > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
>> >> > Ignoring unavailable cipher suite:
>> >> > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
>> >> > Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA
>> >> > Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA
>> >> > Ignoring unavailable cipher suite:
>> >> > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
>> >> > Ignoring unavailable cipher suite:
>> >> > TLS_DH_anon_WITH_AES_256_CBC_SHA256
>> >> > Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
>> >> > Ignoring unavailable cipher suite:
>> >> > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
>> >> > Ignoring unavailable cipher suite:
>> >> > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
>> >> > Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
>> >> > Ignoring unavailable cipher suite:
>> >> > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
>> >> > Ignoring unavailable cipher suite:
>> >> > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
>> >> > Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
>> >> > %% No cached client session
>> >> > *** ClientHello, TLSv1.2
>> >> > RandomCookie:  GMT: 1440818357 bytes = { 59, 197, 208, 174, 148, 240,
>> >> > 177,
>> >> > 206, 212, 36, 163, 98, 134, 77, 180, 86, 73, 55, 27, 102, 106, 53,
>> >> > 243,
>> >> > 123,
>> >> > 176, 198, 201, 122 }
>> >> > Session ID:  {}
>> >> > Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
>> >> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
>> >> > TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
>> >> > TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
>> >> > SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA,
>> >> > SSL_RSA_WITH_RC4_128_MD5]
>> >> > Compression Methods:  { 0 }
>> >> > Extension elliptic_curves, curve names: {secp256r1, sect163k1,
>> >> > sect163r2,
>> >> > secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1,
>> >> > secp384r1,
>> >> > sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1,
>> >> > secp160r1,
>> >> > secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1,
>> >> > sect239k1,
>> >> > secp256k1}
>> >> > Extension ec_point_formats, formats: [uncompressed]
>> >> > Extension signature_algorithms, signature_algorithms:
>> >> > SHA512withECDSA,
>> >> > SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA,
>> >> > SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA,
>> >> > SHA1withRSA,
>> >> > SHA1withDSA, MD5withRSA
>> >> > Extension server_name, server_name: [host_name: ow]
>> >> > Extension renegotiation_info, renegotiated_connection: <empty>
>> >> > ***
>> >> > http-nio-8080-exec-1, WRITE: TLSv1.2 Handshake, length = 196
>> >> > http-nio-8080-exec-1, READ: TLSv1.2 Handshake, length = 93
>> >> > *** ServerHello, TLSv1.2
>> >> > RandomCookie:  GMT: -1498731260 bytes = { 36, 130, 85, 225, 52, 40,
>> >> > 183,
>> >> > 55,
>> >> > 238, 240, 157, 87, 252, 21, 231, 146, 26, 167, 138, 91, 189, 67, 208,
>> >> > 146,
>> >> > 100, 81, 124, 106 }
>> >> > Session ID:  {219, 89, 152, 145, 34, 24, 219, 54, 199, 192, 105, 7,
>> >> > 101,
>> >> > 241, 211, 116, 251, 121, 255, 194, 154, 200, 188, 82, 125, 10, 236,
>> >> > 71,
>> >> > 46,
>> >> > 113, 96, 213}
>> >> > Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
>> >> > Compression Method: 0
>> >> > Extension server_name, server_name:
>> >> > Extension renegotiation_info, renegotiated_connection: <empty>
>> >> > Extension ec_point_formats, formats: [uncompressed,
>> >> > ansiX962_compressed_prime, ansiX962_compressed_char2]
>> >> > ***
>> >> > %% Initialized:  [Session-2, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
>> >> > ** TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
>> >> > http-nio-8080-exec-1, READ: TLSv1.2 Handshake, length = 3609
>> >> > *** Certificate chain
>> >> > chain [0] = [
>> >> > [
>> >> >   Version: V3
>> >> >   Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
>> >> >
>> >> >   Key:  Sun RSA public key, 2048 bits
>> >> >   modulus:
>> >> >
>> >> >
>> >> > 25015677480233065115847705961537942328512906736523652040527214566334593760131991200007641517574573756638073813993956203955656090966992935527885460342760718442268834316539108111219239333535286158459627349321592221974045616157104240596491280436044585191692733482406516597279548947420554790523366789823859571513219254531027169992128148970368141689347218477960688488889381043306928478910654055670871860758285321000785892204770722832957125300871731189115474070149436990913613122865741184425057017856746673956219936305142006669188089901611219645212580134720558432607779045770307629659662092678063020282100778863738618794053
>> >> >   public exponent: 65537
>> >> >   Validity: [From: Mon Dec 21 09:36:25 CET 2015,
>> >> >                To: Sat Dec 19 09:36:25 CET 2020]
>> >> >   SerialNumber: [    02874dbe e0acbeed fed6661c a64c1a5a 7afacab3]
>> >> >
>> >> > Certificate Extensions: 8
>> >> > [1]: ObjectId: 2.5.29.14 Criticality=false
>> >> > SubjectKeyIdentifier [
>> >> > KeyIdentifier [
>> >> > 0000: F9 9F 92 03 40 70 37 E1   21 03 40 B7 CF 92 66 1E
>> >> > ....@p7.!.@...f.
>> >> > 0010: 40 BB 62 3D                                        @.b=
>> >> > ]
>> >> > ]
>> >> >
>> >> > [2]: ObjectId: 2.5.29.35 Criticality=false
>> >> > AuthorityKeyIdentifier [
>> >> > KeyIdentifier [
>> >> > 0000: 3E 02 D3 0E 09 89 66 80   D6 CE 3D BD B3 E8 6B 06
>> >> > >.....f...=...k.
>> >> > 0010: 4D FB 1F E8                                        M...
>> >> > ]
>> >> > ]
>> >> >
>> >> >
>> >> >
>> >> > [5]: ObjectId: 2.5.29.32 Criticality=false
>> >> > CertificatePolicies [
>> >> >   [CertificatePolicyId: [1.2.250.1.16.12.2.10]
>> >> > [PolicyQualifierInfo: [
>> >> >   qualifierID: 1.3.6.1.5.5.7.2.1
>> >> >
>> >> > ]]  ]
>> >> > ]
>> >> >
>> >> > [6]: ObjectId: 2.5.29.37 Criticality=true
>> >> > ExtendedKeyUsages [
>> >> >   serverAuth
>> >> >   clientAuth
>> >> > ]
>> >> >
>> >> > [7]: ObjectId: 2.5.29.15 Criticality=true
>> >> > KeyUsage [
>> >> >   DigitalSignature
>> >> >   Key_Encipherment
>> >> > ]
>> >> >
>> >> > [8]: ObjectId: 2.5.29.19 Criticality=false
>> >> > BasicConstraints:[
>> >> >   CA:false
>> >> >   PathLen: undefined
>> >> > ]
>> >> >
>> >> > ]
>> >> >   Algorithm: [SHA1withRSA]
>> >> >   Signature:
>> >> > 0000: 3E C7 16 01 08 07 A9 5D   DB B4 75 49 69 08 31 7C
>> >> > >......]..uIi.1.
>> >> > 0010: C1 D6 BA FF D8 C1 D8 A6   57 63 A1 81 0D A2 6A 34
>> >> > ........Wc....j4
>> >> > 0020: E6 87 FE 90 B6 0F 26 A0   42 33 3D ED DD 70 26 66
>> >> > ......&.B3=..p&f
>> >> > 0030: 17 B1 17 EA EF 09 66 62   3A 11 D3 25 EE 89 6D 31
>> >> > ......fb:..%..m1
>> >> > 0040: 6C A4 B8 91 80 1C 79 91   73 EE 56 34 8C 37 55 2D
>> >> > l.....y.s.V4.7U-
>> >> > 0050: 8D 2D 81 85 08 FB 30 23   5B 13 F1 80 1F 94 01 C6
>> >> > .-....0#[.......
>> >> > 0060: 06 54 18 0D 23 5C 81 DD   E9 49 B8 2F 92 4E F6 7D
>> >> > .T..#\...I./.N..
>> >> > 0070: 1C 40 3C BC 9C 49 4A 8D   E4 6D AE E3 54 AB 37 41
>> >> > .@<..IJ..m..T.7A
>> >> > 0080: 32 6B FB 3E AF E6 F2 E0   D2 A3 13 FE 3A 22 CD 96
>> >> > 2k.>........:"..
>> >> > 0090: 1C 57 5E 6D D1 9A 6F FB   E5 D0 4B 78 03 9B 9B 72
>> >> > .W^m..o...Kx...r
>> >> > 00A0: D6 3D C0 9B C6 1F BE 5F   BE D5 2A BC 00 8D 1E 13
>> >> > .=....._..*.....
>> >> > 00B0: 36 4C 44 34 3E DC 91 C4   67 52 F1 99 7D 89 E5 C5
>> >> > 6LD4>...gR......
>> >> > 00C0: 5D 79 5B 42 7B 7A B2 A0   2F B2 E2 E2 99 3F 4E 04
>> >> > ]y[B.z../....?N.
>> >> > 00D0: 5A B6 A4 3C AE 87 56 9C   FE 5B 3F ED FF F2 BE 08
>> >> > Z..<..V..[?.....
>> >> > 00E0: 41 58 DA B4 D6 4F 07 32   88 D4 D6 6A 04 1C B2 19
>> >> > AX...O.2...j....
>> >> > 00F0: F0 81 30 AC E2 5E 2C 0E   0F 74 6A C0 BC FB 69 DB
>> >> > ..0..^,..tj...i.
>> >> >
>> >> > ]
>> >> > chain [1] = [
>> >> > [
>> >> >   Version: V3
>> >> >   Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
>> >> >
>> >> >   Key:  Sun RSA public key, 2048 bits
>> >> >   modulus:
>> >> >
>> >> >
>> >> > 23685449346636254113318482276084164413142659128854840768942299321394737954429404041178982324865695117167644018417883581908233203579929203355300083199684335004614938545242569388045531266139551139698752265906641239103053753508150098341066869942096076637302674285245424370887581365416303221958867497942591863181826678560003462060721438125193410845079392111581138356698326573169063018854406482435149809422648652665032866828788516533912173295765680040317214661126351524350664638926446785305292195063434557398232762659224147517738967351528085297919255392228217167623372168681060913024661959907781707469719652431729393063281
>> >> >   public exponent: 65537
>> >> >   Validity: [From: Tue Sep 05 14:54:01 CEST 2006,
>> >> >                To: Sat Sep 05 14:54:01 CEST 2026]
>> >> >   SerialNumber: [    02]
>> >> >
>> >> > Certificate Extensions: 6
>> >> > [1]: ObjectId: 2.5.29.14 Criticality=false
>> >> > SubjectKeyIdentifier [
>> >> > KeyIdentifier [
>> >> > 0000: 3E 02 D3 0E 09 89 66 80   D6 CE 3D BD B3 E8 6B 06
>> >> > >.....f...=...k.
>> >> > 0010: 4D FB 1F E8                                        M...
>> >> > ]
>> >> > ]
>> >> >
>> >> > [2]: ObjectId: 2.5.29.35 Criticality=false
>> >> > AuthorityKeyIdentifier [
>> >> > KeyIdentifier [
>> >> > 0000: 1A 92 53 C8 CF 33 1B B6   F2 A5 60 7D E2 AF 24 12
>> >> > ..S..3....`...$.
>> >> > 0010: 41 B0 9A 60                                        A..`
>> >> > ]
>> >> > SerialNumber: [    00]
>> >> > ]
>> >> >
>> >> > [3]: ObjectId: 2.5.29.31 Criticality=false
>> >> > CRLDistributionPoints [
>> >> >   [DistributionPoint:
>> >> > , DistributionPoint:
>> >> > ]]
>> >> >
>> >> > [4]: ObjectId: 2.5.29.32 Criticality=false
>> >> > CertificatePolicies [
>> >> >   [CertificatePolicyId: [1.2.250.1.16.12]
>> >> > []  ]
>> >> > ]
>> >> >
>> >> > [5]: ObjectId: 2.5.29.15 Criticality=true
>> >> > KeyUsage [
>> >> >   Key_CertSign
>> >> >   Crl_Sign
>> >> > ]
>> >> >
>> >> > [6]: ObjectId: 2.5.29.19 Criticality=true
>> >> > BasicConstraints:[
>> >> >   CA:true
>> >> >   PathLen:2147483647
>> >> > ]
>> >> >
>> >> > ]
>> >> >   Algorithm: [SHA1withRSA]
>> >> >   Signature:
>> >> > 0000: 3C 67 21 20 61 BE AE 2D   FF F5 1B CD 11 BB 59 EB  <g!
>> >> > a..-......Y.
>> >> > 0010: 45 A2 08 C2 EC E6 5C 09   C7 64 D5 A7 A1 70 5C 7F
>> >> > E.....\..d...p\.
>> >> > 0020: 04 11 7F DF C1 F3 51 DE   B9 4F 0D 70 BB F5 EA FD
>> >> > ......Q..O.p....
>> >> > 0030: C4 50 51 D5 3A 9B 15 50   F9 F8 D0 37 B9 44 51 A8
>> >> > .PQ.:..P...7.DQ.
>> >> > 0040: 7E D8 E2 C2 AB C9 21 88   5D B9 18 65 A5 D4 9B CD
>> >> > ......!.]..e....
>> >> > 0050: AB E9 C9 93 89 61 96 D8   4B 1C D9 7D FD 30 5A 78
>> >> > .....a..K....0Zx
>> >> > 0060: 2E B5 91 5E BA 39 27 0A   18 92 BD 39 4A 8E 65 73
>> >> > ...^.9'....9J.es
>> >> > 0070: F8 0E 06 F0 52 66 D3 09   BA D0 94 3D 20 70 CA 94  ....Rf.....=
>> >> > p..
>> >> > 0080: B2 E9 E6 A9 12 31 DD 41   94 5C DE F5 CD 9E 3C 62
>> >> > .....1.A.\....<b
>> >> > 0090: 4E 40 CE B5 82 02 A2 A5   A5 C9 BE 06 FE 6D 30 8B
>> >> > N@...........m0.
>> >> > 00A0: 16 62 B7 05 F9 1D FA 73   6C AC 3F D9 EC EB 20 59
>> >> > .b.....sl.?...
>> >> > Y
>> >> > 00B0: DF CE 5A 82 B8 A5 4F C2   03 58 1A CB 35 98 23 D4
>> >> > ..Z...O..X..5.#.
>> >> > 00C0: 99 D1 D0 81 B1 14 C8 D3   DE E0 7A 73 75 68 37 C5
>> >> > ..........zsuh7.
>> >> > 00D0: 35 D5 85 A1 E0 4F CB E0   58 73 2E 41 09 CA 78 C2
>> >> > 5....O..Xs.A..x.
>> >> > 00E0: AB 8E B6 47 D7 40 61 3A   8C 4E E2 A8 CB 96 69 73
>> >> > ...G.@a:.N....is
>> >> > 00F0: 99 1E 43 A5 38 26 A3 5E   D9 78 5B 6F C6 B5 82 4D
>> >> > ..C.8&.^.x[o...M
>> >> >
>> >> > ]
>> >> > chain [2] = [
>> >> > [
>> >> >   Version: V3
>> >> >   Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
>> >> >
>> >> >   Key:  Sun RSA public key, 2048 bits
>> >> >   modulus:
>> >> >
>> >> >
>> >> > 22730338784357731088235141180073007236874069855027657431822718680660623728201654654164114619832400514153780125739988781893743587466249379265671653538535573734335247591284140150677069330432768954634595887439793988767531901825776673765978129048121101449477434181587805952586921587129053300510415556884016650154851331836045323120976608670411166944125184043955587823348992637812379494139041430401045487015317539734292873877949155262125328474609840418150077877943215369744783079540426109850783788767568661560895345677216761496676639780835537794338582360145380017192777189913636450903958093243308046107268155241898183491513
>> >> >   public exponent: 65537
>> >> >   Validity: [From: Mon Nov 14 13:34:06 CET 2005,
>> >> >                To: Wed Nov 14 13:34:06 CET 2035]
>> >> >   SerialNumber: [    00]
>> >> >
>> >> > Certificate Extensions: 5
>> >> > [1]: ObjectId: 2.5.29.14 Criticality=false
>> >> > SubjectKeyIdentifier [
>> >> > KeyIdentifier [
>> >> > 0000: 1A 92 53 C8 CF 33 1B B6   F2 A5 60 7D E2 AF 24 12
>> >> > ..S..3....`...$.
>> >> > 0010: 41 B0 9A 60                                        A..`
>> >> > ]
>> >> > ]
>> >> >
>> >> > [2]: ObjectId: 2.5.29.35 Criticality=false
>> >> > AuthorityKeyIdentifier [
>> >> > KeyIdentifier [
>> >> > 0000: 1A 92 53 C8 CF 33 1B B6   F2 A5 60 7D E2 AF 24 12
>> >> > ..S..3....`...$.
>> >> > 0010: 41 B0 9A 60                                        A..`
>> >> > ]
>> >> > ]
>> >> >
>> >> > [3]: ObjectId: 2.5.29.32 Criticality=false
>> >> > CertificatePolicies [
>> >> >   [CertificatePolicyId: [1.2.250.1.16.12]
>> >> > []  ]
>> >> > ]
>> >> >
>> >> > [4]: ObjectId: 2.5.29.15 Criticality=true
>> >> > KeyUsage [
>> >> >   Key_CertSign
>> >> >   Crl_Sign
>> >> > ]
>> >> >
>> >> > [5]: ObjectId: 2.5.29.19 Criticality=true
>> >> > BasicConstraints:[
>> >> >   CA:true
>> >> >   PathLen:2147483647
>> >> > ]
>> >> >
>> >> > ]
>> >> >   Algorithm: [SHA1withRSA]
>> >> >   Signature:
>> >> > 0000: 83 11 CE 19 0C 81 5E 69   00 13 15 CF 03 3A 2B A7
>> >> > ......^i.....:+.
>> >> > 0010: 87 EF 3D 92 12 F3 71 60   AB 57 FE FB 13 7C C6 A4
>> >> > ..=...q`.W......
>> >> > 0020: D2 C8 87 E8 27 B3 9A D2   7D 69 7C A6 51 9D 9F 2D
>> >> > ....'....i..Q..-
>> >> > 0030: E6 56 F3 27 EF 90 07 E7   FF 43 2E 0F B9 DB B1 55
>> >> > .V.'.....C.....U
>> >> > 0040: B7 C4 64 B8 E7 0F BF 49   6C 25 A4 F0 C2 BF 5C D3
>> >> > ..d....Il%....\.
>> >> > 0050: B4 56 D7 DE D6 1F 01 4C   90 4A 09 3B 93 BD 32 D1
>> >> > .V.....L.J.;..2.
>> >> > 0060: 7C D2 40 AA 9B DE 83 72   21 27 02 DF 0B 46 50 BA
>> >> > ..@....r!'...FP.
>> >> > 0070: 33 64 D7 1B 98 5E AA D3   B1 A6 CF 0A AB 21 E9 0E
>> >> > 3d...^.......!..
>> >> > 0080: 3B 6F D9 21 76 0D 04 8C   B5 57 D7 12 EA CF 64 56
>> >> > ;o.!v....W....dV
>> >> > 0090: C4 B4 46 9E CB 7E B8 B6   9C 4A DE 6D 85 80 0D 92
>> >> > ..F......J.m....
>> >> > 00A0: 45 96 3C E7 6E 08 B3 C1   68 9D 29 A0 EA 54 B0 F3
>> >> > E.<.n...h.)..T..
>> >> > 00B0: 06 3F 3F 42 D5 C2 B3 B4   AE 92 42 4F 28 BC 04 9B
>> >> > .??B......BO(...
>> >> > 00C0: 99 E4 27 71 7F 98 94 CA   CC D4 70 33 C9 68 10 D3
>> >> > ..'q......p3.h..
>> >> > 00D0: 9F 0F E9 ED 51 CE 95 2E   D7 5A 53 41 9A 21 56 C0
>> >> > ....Q....ZSA.!V.
>> >> > 00E0: 18 65 6D 9B B5 01 AF A3   A6 14 49 AD C2 7F 7F CC
>> >> > .em.......I.....
>> >> > 00F0: 14 0F B7 57 F3 C7 72 CE   C4 6C 55 AB 3B 70 7D DC
>> >> > ...W..r..lU.;p..
>> >> >
>> >> > ]
>> >> > ***
>> >> > http-nio-8080-exec-1, READ: TLSv1.2 Handshake, length = 333
>> >> > *** ECDH ServerKeyExchange
>> >> > Signature Algorithm SHA512withRSA
>> >> > Server key: Sun EC public key, 256 bits
>> >> >   public x coord:
>> >> >
>> >> >
>> >> > 109065528231066402822798953331530470954068422219178140278606586409764400154881
>> >> >   public y coord:
>> >> >
>> >> >
>> >> > 72659084421294274894543740718930276936577534240977171668665811399977128870348
>> >> >   parameters: secp256r1 [NIST P-256, X9.62 prime256v1]
>> >> > (1.2.840.10045.3.1.7)
>> >> > http-nio-8080-exec-1, READ: TLSv1.2 Handshake, length = 4
>> >> > *** ServerHelloDone
>> >> > *** ECDHClientKeyExchange
>> >> > ECDH Public value:  { 4, 45, 30, 196, 92, 215, 53, 22, 24, 182, 220,
>> >> > 113,
>> >> > 219, 29, 121, 134, 147, 243, 90, 90, 199, 4, 204, 186, 216, 133, 239,
>> >> > 192,
>> >> > 176, 7, 46, 156, 37, 32, 96, 32, 147, 70, 54, 56, 143, 243, 192, 170,
>> >> > 181,
>> >> > 162, 28, 117, 198, 150, 50, 126, 11, 39, 150, 233, 129, 19, 163, 138,
>> >> > 190,
>> >> > 33, 72, 39, 43 }
>> >> > http-nio-8080-exec-1, WRITE: TLSv1.2 Handshake, length = 70
>> >> > SESSION KEYGEN:
>> >> > PreMaster Secret:
>> >> > 0000: FB A8 75 2D 13 31 9A 4B   29 89 58 6D A2 FC 9D 25
>> >> > ..u-.1.K).Xm...%
>> >> > 0010: CE E7 79 AD FA 4F 80 60   4B C7 E6 11 18 24 0C F2
>> >> > ..y..O.`K....$..
>> >> > CONNECTION KEYGEN:
>> >> > Client Nonce:
>> >> > 0000: 56 E1 25 B5 3B C5 D0 AE   94 F0 B1 CE D4 24 A3 62
>> >> > V.%.;........$.b
>> >> > 0010: 86 4D B4 56 49 37 1B 66   6A 35 F3 7B B0 C6 C9 7A
>> >> > .M.VI7.fj5.....z
>> >> > Server Nonce:
>> >> > 0000: A7 AB 2D 04 24 82 55 E1   34 28 B7 37 EE F0 9D 57
>> >> > ..-.$.U.4(.7...W
>> >> > 0010: FC 15 E7 92 1A A7 8A 5B   BD 43 D0 92 64 51 7C 6A
>> >> > .......[.C..dQ.j
>> >> > Master Secret:
>> >> > 0000: 87 88 54 F9 82 C7 2E 21   02 2C A7 17 BB 8D F2 23
>> >> > ..T....!.,.....#
>> >> > 0010: 2F 2F AA D4 F3 2C CF A9   E9 E7 82 2D 72 4F 1A 66
>> >> > //...,.....-rO.f
>> >> > 0020: CD 53 34 7A C2 F0 0E FD   90 15 C0 2E 39 8D 37 0C
>> >> > .S4z........9.7.
>> >> > Client MAC write Secret:
>> >> > 0000: 9A 4F EC BA 07 33 75 54   F2 D2 6D 10 60 AD FF AC
>> >> > .O...3uT..m.`...
>> >> > 0010: 1C BA 28 73                                        ..(s
>> >> > Server MAC write Secret:
>> >> > 0000: E7 3F 23 3E 79 D7 CE AF   82 79 25 4A 22 8D 35 4D
>> >> > .?#>y....y%J".5M
>> >> > 0010: 95 64 DD 98                                        .d..
>> >> > Client write key:
>> >> > 0000: E9 BC F3 81 59 6F 67 6C   39 28 DC A6 E3 2F F0 1F
>> >> > ....Yogl9(.../..
>> >> > Server write key:
>> >> > 0000: A4 4E 43 29 2F D7 93 1C   6B 8A 67 F3 8D 09 F3 B7
>> >> > .NC)/...k.g.....
>> >> > ... no IV derived for this protocol
>> >> > http-nio-8080-exec-1, WRITE: TLSv1.2 Change Cipher Spec, length = 1
>> >> > *** Finished
>> >> > verify_data:  { 218, 194, 148, 38, 172, 247, 142, 98, 219, 2, 196,
>> >> > 158 }
>> >> > ***
>> >> > http-nio-8080-exec-1, WRITE: TLSv1.2 Handshake, length = 64
>> >> > http-nio-8080-exec-1, READ: TLSv1.2 Change Cipher Spec, length = 1
>> >> > http-nio-8080-exec-1, READ: TLSv1.2 Handshake, length = 64
>> >> > *** Finished
>> >> > verify_data:  { 116, 137, 85, 218, 196, 105, 218, 92, 137, 68, 37,
>> >> > 197 }
>> >> > ***
>> >> > %% Cached client session: [Session-2,
>> >> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
>> >> > http-nio-8080-exec-1, setSoTimeout(60000) called
>> >> > http-nio-8080-exec-1, WRITE: TLSv1.2 Application Data, length = 432
>> >> > http-nio-8080-exec-1, READ: TLSv1.2 Application Data, length = 5984
>> >> > [DEBUG] org.jclouds.http.okhttp.OkHttpCommandExecutorService -
>> >> > Receiving
>> >> > response -1336091735: HTTP/1.1 200 OK
>> >> > [DEBUG] jclouds.headers - << HTTP/1.1 200 OK
>> >> > [DEBUG] jclouds.headers - << Connection: close
>> >> > [DEBUG] jclouds.headers - << Date: Thu, 10 Mar 2016 07:43:47 GMT
>> >> > [DEBUG] jclouds.headers - << OkHttp-Received-Millis: 1457595830286
>> >> > [DEBUG] jclouds.headers - << OkHttp-Selected-Protocol: http/1.1
>> >> > [DEBUG] jclouds.headers - << OkHttp-Sent-Millis: 1457595830114
>> >> > [DEBUG] jclouds.headers - << Vary: X-Auth-Token
>> >> > [DEBUG] jclouds.headers - << Content-Type: application/json
>> >> > [DEBUG] jclouds.headers - << Content-Length: 5784
>> >> > http-nio-8080-exec-1, called close()
>> >> > http-nio-8080-exec-1, called closeInternal(true)
>> >> > http-nio-8080-exec-1, SEND TLSv1.2 ALERT:  warning, description =
>> >> > close_notify
>> >> > http-nio-8080-exec-1, WRITE: TLSv1.2 Alert, length = 48
>> >> > http-nio-8080-exec-1, called closeSocket(selfInitiated)
>> >> > [DEBUG] jclouds.wire - << "{"access": {"token": {"issued_at":
>> >> > "2016-03-10T07:43:47.213903", "expires": "2016-03-10T08:43:47Z",
>> >> > "id":
>> >> > "a9c5ec9805ca463db7f52c115a4c5fca", "tenant": {"id":
>> >> > "0acf5d5461eb42beb3dc5fca655b3974", "enabled": true, "name": "ttt",
>> >> > "description": "Project"}, "audit_ids": ["dIMM3o4WQlCGfOSPSXUw2w"]},
>> >> > "serviceCatalog": [{"endpoints": [{"adminURL":
>> >> > "http://192.168.10.2:8774/v2/0acf5d5461eb42beb3dc5fca655b3974",
>> >> > "region":
>> >> > "RegionOne", "internalURL":
>> >> > "http://192.168.10.2:8774/v2/0acf5d5461eb42beb3dc5fca655b3974", "id":
>> >> > "a733ca310f044dbe8a11af9da9e41aea", "publicURL":
>> >> > "https://ow:8774/v2/0acf5d5461eb42beb3dc5fca655b3974"}],
>> >> > "endpoints_links":
>> >> > [], "type": "compute", "name": "nova"}, {"endpoints": [{"adminURL":
>> >> > "http://192.168.10.2:9696/", "region": "RegionOne", "internalURL":
>> >> > "http://192.168.10.2:9696/", "id":
>> >> > "116d516a5c234ee0a40a28fe7458dc21",
>> >> > "publicURL": "https://ow:9696/"}], "endpoints_links": [], "type":
>> >> > "network",
>> >> > "name": "neutron"}, {"endpoints": [{"adminURL":
>> >> > "http://192.168.10.2:8776/v2/0acf5d5461eb42beb3dc5fca655b3974",
>> >> > "region":
>> >> > "RegionOne", "internalURL":
>> >> > "http://192.168.10.2:8776/v2/0acf5d5461eb42beb3dc5fca655b3974", "id":
>> >> > "558ab7970ebd48d89b4ee7116f9812ba", "publicURL":
>> >> > "https://ow:8776/v2/0acf5d5461eb42beb3dc5fca655b3974"}],
>> >> > "endpoints_links":
>> >> > [], "type": "volumev2", "name": "cinderv2"}, {"endpoints":
>> >> > [{"adminURL":
>> >> > "http://192.168.10.2:9292", "region": "RegionOne", "internalURL":
>> >> > "http://192.168.10.2:9292", "id": "0775aefe089744fc89044ab90f0b8d61",
>> >> > "publicURL": "https://ow:9292"}], "endpoints_links": [], "type":
>> >> > "image",
>> >> > "name": "glance"}, {"endpoints": [{"adminURL":
>> >> > "http://192.168.10.2:8777",
>> >> > "region": "RegionOne", "internalURL": "http://192.168.10.2:8777",
>> >> > "id":
>> >> > "181a3c63d76d4ecebc63669f3cd92a57", "publicURL": "https://ow:8777"}],
>> >> > "endpoints_links": [], "type": "metering", "name": "ceilometer"},
>> >> > {"endpoints": [{"adminURL": "http://192.168.10.2:8000/v1/", "region":
>> >> > "RegionOne", "internalURL": "http://192.168.10.2:8000/v1/", "id":
>> >> > "0d1b7106b6864a3fa1f8524f890bfa54", "publicURL":
>> >> > "https://ow:8000/v1/"}],
>> >> > "endpoints_links": [], "type": "cloudformation", "name": "heat-cfn"},
>> >> > {"endpoints": [{"adminURL":
>> >> > "http://192.168.10.2:8776/v1/0acf5d5461eb42beb3dc5fca655b3974",
>> >> > "region":
>> >> > "RegionOne", "internalURL":
>> >> > "http://192.168.10.2:8776/v1/0acf5d5461eb42beb3dc5fca655b3974", "id":
>> >> > "13b643d4d41a4b9698d4b5e6dd05a438", "publicURL":
>> >> > "https://ow:8776/v1/0acf5d5461eb42beb3dc5fca655b3974"}],
>> >> > "endpoints_links":
>> >> > [], "type": "volume", "name": "cinder"}, {"endpoints": [{"adminURL":
>> >> > "http://192.168.10.2:12347/graphix/api/v1.0", "region": "RegionOne",
>> >> > "internalURL": "http://192.168.10.2:12347/graphix/api/v1.0", "id":
>> >> > "0c8b8fc298e24942814c4997426e1230", "publicURL":
>> >> > "https://ow:12347/graphix/api/v1.0"}], "endpoints_links": [], "type":
>> >> > "graphix", "name": "graphix"}, {"endpoints": [{"adminURL":
>> >> > "http://owl:8080/render", "region": "RegionOne", "internalURL":
>> >> > "http://owl:8080/render", "id": "0953e3b523614af0ad9c18d4f948b9e0",
>> >> > "publicURL": "https://owl:8080/render"}], "endpoints_links": [],
>> >> > "type":
>> >> > "metering-graph", "name": "metering-graph"}, {"endpoints":
>> >> > [{"adminURL":
>> >> > "http://192.168.10.2:8773/services/Admin", "region": "RegionOne",
>> >> > "internalURL": "http://192.168.10.2:8773/services/Cloud", "id":
>> >> > "93a96fa3cf7845608fcf642258f66d95", "publicURL":
>> >> > "https://ow:8773/services/Cloud"}], "endpoints_links": [], "type":
>> >> > "ec2",
>> >> > "name": "nova_ec2"}, {"endpoints": [{"adminURL":
>> >> > "http://192.168.10.2:8004/v1/0acf5d5461eb42beb3dc5fca655b3974",
>> >> > "region":
>> >> > "RegionOne", "internalURL":
>> >> > "http://192.168.10.2:8004/v1/0acf5d5461eb42beb3dc5fca655b3974", "id":
>> >> > "4f7b25b00a6244fd8e29ef83959e62f1", "publicURL":
>> >> > "https://ow:8004/v1/0acf5d5461eb42beb3dc5fca655b3974"}],
>> >> > "endpoints_links":
>> >> > [], "type": "orchestration", "name": "heat"}, {"endpoints":
>> >> > [{"adminURL":
>> >> > "http://192.168.10.2:23456/rules-engine/api/v1.0", "region":
>> >> > "RegionOne",
>> >> > "internalURL": "http://192.168.10.2:23456/rules-engine/api/v1.0",
>> >> > "id":
>> >> > "5bf5bd405fcf4f438411ea391ba129ab", "publicURL":
>> >> > "https://ow:23456/rules-engine/api/v1.0"}], "endpoints_links": [],
>> >> > "type":
>> >> > "rules-engine", "name": "rules-engine"}, {"endpoints": [{"adminURL":
>> >> > "http://192.168.10.2:8080/swift/v1", "region": "RegionOne",
>> >> > "internalURL":
>> >> > "http://192.168.10.2:8080/swift/v1", "id":
>> >> > "64c562a05ad5486aa1580a260fa7241c", "publicURL":
>> >> > "https://ow:8080/swift/v1"}], "endpoints_links": [], "type":
>> >> > "object-store",
>> >> > "name": "swift"}, {"endpoints": [{"adminURL":
>> >> > "http://192.168.10.2:12345/ow-module/api/v1.0", "region":
>> >> > "RegionOne",
>> >> > "internalURL": "http://10.226.204.6:12345/ow-module/api/v1.0", "id":
>> >> > "72394ca4518d4f2099dd77ef53170766", "publicURL":
>> >> > "https://ow:12345/ow-module/api/v1.0"}], "endpoints_links": [],
>> >> > "type":
>> >> > "ow", "name": "ow"}, {"endpoints": [{"adminURL":
>> >> > "http://192.168.10.2:35357/v2.0", "region": "RegionOne",
>> >> > "internalURL":
>> >> > "http://192.168.10.2:5000/v2.0", "id":
>> >> > "286f7cc2ee5349308e4624498f6f7125",
>> >> > "publicURL": "https://ow:5000/v2.0"}], "endpoints_links": [], "type":
>> >> > "identity", "name": "keystone"}], "user": {"username": "uuu",
>> >> > "roles_links":
>> >> > [], "id": "b723bf3c38f248fcbb7ea98d81cb1b61", "roles": [{"name":
>> >> > "heat_stack_owner"}, {"name": "_member_"}], "name": "uuu"},
>> >> > "metadata":
>> >> > {"is_admin": 0, "roles": ["2c5cb4420a61422d8073e7cecb8d3833",
>> >> > "9fe2ff9ee4384b1894a90878d3e92bab"]}}}"
>> >> > [DEBUG]
>> >> >
>> >> >
>> >> > org.jclouds.openstack.keystone.v2_0.suppliers.RegionIdToAdminURIFromAccessForTypeAndVersion
>> >> > - endpoints for apiType identity and version 2.0:
>> >> > {RegionOne=[Endpoint{id=286f7cc2ee5349308e4624498f6f7125,
>> >> > region=RegionOne,
>> >> > publicURL=https://ow:5000/v2.0,
>> >> > internalURL=http://192.168.10.2:5000/v2.0,
>> >> > adminURL=http://192.168.10.2:35357/v2.0}]}
>> >> > [DEBUG] com.google.inject.internal.BytecodeGen - Loading class
>> >> > org.jclouds.openstack.keystone.v2_0.filters.AuthenticateRequest
>> >> > FastClass
>> >> > with sun.misc.Launcher$AppClassLoader@7b7072
>> >> > [DEBUG] com.google.inject.internal.BytecodeGen - Loading class
>> >> > org.jclouds.Fallbacks$NullOnNotFoundOr404 FastClass with
>> >> > sun.misc.Launcher$AppClassLoader@7b7072
>> >> > [DEBUG] org.jclouds.rest.internal.InvokeHttpMethod - >> invoking
>> >> > token:get
>> >> > [DEBUG] org.jclouds.http.okhttp.OkHttpCommandExecutorService -
>> >> > Sending
>> >> > request 1787367588: GET
>> >> >
>> >> > http://192.168.10.2:35357/v2.0/tokens/5003cfd56e8e425e8134e572aebaafc6
>> >> > HTTP/1.1
>> >> > [DEBUG] jclouds.headers - >> GET
>> >> >
>> >> > http://192.168.10.2:35357/v2.0/tokens/5003cfd56e8e425e8134e572aebaafc6
>> >> > HTTP/1.1
>> >> > [DEBUG] jclouds.headers - >> Accept: application/json
>> >> > [DEBUG] jclouds.headers - >> X-Auth-Token:
>> >> > a9c5ec9805ca463db7f52c115a4c5fca
>> >> > [DEBUG] org.jclouds.http.okhttp.OkHttpCommandExecutorService -
>> >> > Receiving
>> >> > response 1787367588: HTTP/1.1 503 Service Unavailable
>> >> > [DEBUG] jclouds.headers - << HTTP/1.1 503 Service Unavailable
>> >> >
>> >> >
>> >> > 2016-03-09 22:25 GMT+01:00 Ignasi Barrera <nacx@apache.org>:
>> >> >>
>> >> >> Could you enable the "jclouds.wire" logger [1] to see the response
>> >> >> you're getting from Keystone? By default jclouds should pick the
>> >> >> publicURL, so let's double check how keystone is returning the
>> >> >> endpoints.
>> >> >>
>> >> >>
>> >> >> [1] http://jclouds.apache.org/reference/logging/
>> >> >>
>> >> >> On 9 March 2016 at 19:17, Mop Sophia <mopsophia@gmail.com> wrote:
>> >> >> > Here are the modules used :
>> >> >> >
>> >> >> >         Module tlsModule = new AbstractModule() {
>> >> >> >            @Override protected void configure() {
>> >> >> >
>> >> >> >
>> >> >> > bind(OkHttpClientSupplier.class).to(TLSOkHttpClientSupplier.class);
>> >> >> >            }
>> >> >> >         };
>> >> >> >
>> >> >> >
>> >> >> >         Iterable<Module> modules = ImmutableSet.<Module>of(new
>> >> >> > SLF4JLoggingModule(),tlsModule, new
>> >> >> > OkHttpCommandExecutorServiceModule());
>> >> >> >
>> >> >> >
>> >> >> > 2016-03-09 18:47 GMT+01:00 Ignasi Barrera <nacx@apache.org>:
>> >> >> >>
>> >> >> >> Yes there is, but if I'm not wrong the jclouds default is to use
>> >> >> >> the
>> >> >> >> public url and fallback to the internal one. Do you have any
>> >> >> >> special
>> >> >> >> Guice
>> >> >> >> module configuration?
>> >> >> >>
>> >> >> >> El 9/3/2016 5:36 p. m., "Mop Sophia" <mopsophia@gmail.com>
>> >> >> >> escribió:
>> >> >> >>>
>> >> >> >>> Thanks Ignasi, it's ok when using the proxy properties (it was
>> >> >> >>> the
>> >> >> >>> way
>> >> >> >>> I
>> >> >> >>> was using before going to okhttp)
>> >> >> >>>
>> >> >> >>> In fact, the issue is the connection to the service on this
>> >> >> >>> platform.
>> >> >> >>> The
>> >> >> >>> login using keystone is ok, but the use of service fails :(
>> >> >> >>> It seems JClouds uses the adminURL, I would like to use
>> >> >> >>> publicURL,
>> >> >> >>> I
>> >> >> >>> don't if there is something configure it...
>> >> >> >>>
>> >> >> >>> My case is to check a tenant witth this code :
>> >> >> >>>             keystoneApi = ContextBuilder.newBuilder(provider)
>> >> >> >>>                   .endpoint(endpoint)
>> >> >> >>>                   .credentials(identity, password)
>> >> >> >>>                   .modules(modules)
>> >> >> >>>                   .overrides(overrides)
>> >> >> >>>                   .buildApi(KeystoneApi.class);
>> >> >> >>>
>> >> >> >>>             // Request Openstack Keystone to validate the token
>> >> >> >>>             Token token =
>> >> >> >>> keystoneApi.getTokenApi().get().get(authToken);
>> >> >> >>>             // Fails because JClouds get the adminUrl of
>> >> >> >>> keystone
>> >> >> >>> to
>> >> >> >>> make
>> >> >> >>> the request
>> >> >> >>>
>> >> >> >>> Regards,
>> >> >> >>>
>> >> >> >>> Stéphane
>> >> >> >>>
>> >> >> >>>
>> >> >> >>>
>> >> >> >>> 2016-03-09 13:32 GMT+01:00 Ignasi Barrera <nacx@apache.org>:
>> >> >> >>>>
>> >> >> >>>> Don't configure the proxy in the client supplier. Just
>> >> >> >>>> configure
>> >> >> >>>> it
>> >> >> >>>> the "standard jclouds way", by configuring the proxy properties
>> >> >> >>>> as
>> >> >> >>>> "overrides" when creating the context:
>> >> >> >>>>
>> >> >> >>>>
>> >> >> >>>>
>> >> >> >>>>
>> >> >> >>>> http://jclouds-javadocs.elasticbeanstalk.com/constant-values.html#org.jclouds.Constants.PROPERTY_PROXY_HOST
>> >> >> >>>>
>> >> >> >>>> On 9 March 2016 at 13:18, Mop Sophia <mopsophia@gmail.com>
>> >> >> >>>> wrote:
>> >> >> >>>> > Hi,
>> >> >> >>>> >
>> >> >> >>>> > Thanks for this code Ignasi, but it seems the client
>> >> >> >>>> > configuration
>> >> >> >>>> > is
>> >> >> >>>> > not
>> >> >> >>>> > used, because the client tries a direct connection without
>> >> >> >>>> > proxy
>> >> >> >>>> > :(
>> >> >> >>>> > Here is my code :
>> >> >> >>>> >
>> >> >> >>>> >     public static class TLSOkHttpClientSupplier implements
>> >> >> >>>> > OkHttpClientSupplier {
>> >> >> >>>> >        @Override public OkHttpClient get() {
>> >> >> >>>> >           OkHttpClient client = new OkHttpClient();
>> >> >> >>>> >           ConnectionSpec tlsSpec =
>> >> >> >>>> >               new
>> >> >> >>>> > ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
>> >> >> >>>> >              .tlsVersions(TlsVersion.TLS_1_1,
>> >> >> >>>> > TlsVersion.TLS_1_2)
>> >> >> >>>> >              .build();
>> >> >> >>>> >           ConnectionSpec cleartextSpec =
>> >> >> >>>> >              new
>> >> >> >>>> > ConnectionSpec.Builder(ConnectionSpec.CLEARTEXT).build();
>> >> >> >>>> >           client.setConnectionSpecs(ImmutableList.of(tlsSpec,
>> >> >> >>>> > cleartextSpec));
>> >> >> >>>> >           client.setProxy(new Proxy(Proxy.Type.HTTP, new
>> >> >> >>>> > InetSocketAddress("10.182.110.12", 8080)));
>> >> >> >>>> >           return client;
>> >> >> >>>> >        }
>> >> >> >>>> >     }
>> >> >> >>>> >
>> >> >> >>>> >
>> >> >> >>>> >         Module tlsModule = new AbstractModule() {
>> >> >> >>>> >            @Override protected void configure() {
>> >> >> >>>> >
>> >> >> >>>> >
>> >> >> >>>> >
>> >> >> >>>> > bind(OkHttpClientSupplier.class).to(TLSOkHttpClientSupplier.class);
>> >> >> >>>> >            }
>> >> >> >>>> >         };
>> >> >> >>>> >
>> >> >> >>>> >
>> >> >> >>>> >         Iterable<Module> modules =
>> >> >> >>>> > ImmutableSet.<Module>of(new
>> >> >> >>>> > SLF4JLoggingModule(),tlsModule, new
>> >> >> >>>> > OkHttpCommandExecutorServiceModule());
>> >> >> >>>> >
>> >> >> >>>> >             Properties overrides = new Properties();
>> >> >> >>>> >
>> >> >> >>>> >
>> >> >> >>>> >
>> >> >> >>>> >
>> >> >> >>>> >
>> >> >> >>>> > overrides.setProperty(Constants.PROPERTY_LOGGER_WIRE_LOG_SENSITIVE_INFO,
>> >> >> >>>> > true + "");
>> >> >> >>>> >
>> >> >> >>>> >             keystoneApi = ContextBuilder.newBuilder(provider)
>> >> >> >>>> >                   .endpoint(endpoint)
>> >> >> >>>> >                   .credentials(identity, password)
>> >> >> >>>> >                   .modules(modules)
>> >> >> >>>> >                   .overrides(overrides)
>> >> >> >>>> >                   .buildApi(KeystoneApi.class);
>> >> >> >>>> >
>> >> >> >>>> >
>> >> >> >>>> > Any idea of my mistake ?
>> >> >> >>>> >
>> >> >> >>>> > Regards,
>> >> >> >>>> >
>> >> >> >>>> > Stéphane
>> >> >> >>>> >
>> >> >> >>>> >
>> >> >> >>>> > 2016-03-05 1:28 GMT+01:00 Ignasi Barrera <nacx@apache.org>:
>> >> >> >>>> >>
>> >> >> >>>> >> Hi!
>> >> >> >>>> >>
>> >> >> >>>> >> Andrew's link will provide you the context you need.
>> >> >> >>>> >>
>> >> >> >>>> >> I don't know if there is a proper way of configuring this
>> >> >> >>>> >> using
>> >> >> >>>> >> the
>> >> >> >>>> >> default HTTP driver, but here is a specific example using
>> >> >> >>>> >> the
>> >> >> >>>> >> OkHttp
>> >> >> >>>> >> one:
>> >> >> >>>> >>
>> >> >> >>>> >> First you will need to create an OkHttpClientSupplier that
>> >> >> >>>> >> creates
>> >> >> >>>> >> the
>> >> >> >>>> >> http client with the desired connection configuration:
>> >> >> >>>> >>
>> >> >> >>>> >> public class TLSOkHttpClientSupplier implements
>> >> >> >>>> >> OkHttpClientSupplier
>> >> >> >>>> >> {
>> >> >> >>>> >>    @Override public OkHttpClient get() {
>> >> >> >>>> >>       OkHttpClient client = new OkHttpClient();
>> >> >> >>>> >>       ConnectionSpec tlsSpec =
>> >> >> >>>> >>           new
>> >> >> >>>> >> ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
>> >> >> >>>> >>          .tlsVersions(TlsVersion.TLS_1_1,
>> >> >> >>>> >> TlsVersion.TLS_1_2)
>> >> >> >>>> >>          .build();
>> >> >> >>>> >>       ConnectionSpec cleartextSpec =
>> >> >> >>>> >>          new
>> >> >> >>>> >> ConnectionSpec.Builder(ConnectionSpec.CLEARTEXT).build();
>> >> >> >>>> >>       client.setConnectionSpecs(ImmutableList.of(tlsSpec,
>> >> >> >>>> >> cleartextSpec));
>> >> >> >>>> >>       return client;
>> >> >> >>>> >>    }
>> >> >> >>>> >> }
>> >> >> >>>> >>
>> >> >> >>>> >> Once you have the class that will create the OkHttpClient
>> >> >> >>>> >> you
>> >> >> >>>> >> just
>> >> >> >>>> >> have to inject it in the Guice context and configure the
>> >> >> >>>> >> OkHttp
>> >> >> >>>> >> driver
>> >> >> >>>> >> to be used to manage the HTTP connections. Both things are
>> >> >> >>>> >> achieved
>> >> >> >>>> >> by
>> >> >> >>>> >> providing additional modules when creating the context:
>> >> >> >>>> >>
>> >> >> >>>> >> // Create a Guice module that will bind your supplier
>> >> >> >>>> >> implementation
>> >> >> >>>> >> // to the injection context
>> >> >> >>>> >> Module tlsModule = new AbstractModule() {
>> >> >> >>>> >>    @Override protected void configure() {
>> >> >> >>>> >>
>> >> >> >>>> >>
>> >> >> >>>> >>
>> >> >> >>>> >>
>> >> >> >>>> >> bind(OkHttpClientSupplier.class).to(TLSOkHttpClientSupplier.class);
>> >> >> >>>> >>    }
>> >> >> >>>> >> };
>> >> >> >>>> >>
>> >> >> >>>> >> // Create the context loading the OkHttpDriver and your
>> >> >> >>>> >> custom
>> >> >> >>>> >> module
>> >> >> >>>> >> ContextBuilder.newBuilder("provider")
>> >> >> >>>> >>    .modules(ImmutableSet.of(tlsModule,
>> >> >> >>>> >>       new OkHttpCommandExecutorServiceModule()))
>> >> >> >>>> >>    .build()
>> >> >> >>>> >>
>> >> >> >>>> >> Note than in order to use the OkHttp driver you'll have to
>> >> >> >>>> >> add
>> >> >> >>>> >> the
>> >> >> >>>> >> "org.apache.jclouds.driver/jclouds-okhttp" dependency to
>> >> >> >>>> >> your
>> >> >> >>>> >> pom.xml.
>> >> >> >>>> >>
>> >> >> >>>> >>
>> >> >> >>>> >> HTH!
>> >> >> >>>> >>
>> >> >> >>>> >> I.
>> >> >> >>>> >>
>> >> >> >>>> >> On 4 March 2016 at 22:23, Andrew Phillips
>> >> >> >>>> >> <andrewp@apache.org>
>> >> >> >>>> >> wrote:
>> >> >> >>>> >> > Hi Stéphane
>> >> >> >>>> >> >
>> >> >> >>>> >> >> Any idea of code to configure my http client with TLSv1.1
>> >> >> >>>> >> >> or
>> >> >> >>>> >> >> TLSv1.2
>> >> >> >>>> >> >> instead of TLSv1.0, please ?
>> >> >> >>>> >> >
>> >> >> >>>> >> >
>> >> >> >>>> >> > The following blog post doesn't provide a step-by-step
>> >> >> >>>> >> > solution,
>> >> >> >>>> >> > but
>> >> >> >>>> >> > should
>> >> >> >>>> >> > hopefully help:
>> >> >> >>>> >> >
>> >> >> >>>> >> >
>> >> >> >>>> >> >
>> >> >> >>>> >> > https://jclouds.apache.org/blog/2014/10/25/poodle-and-jclouds/
>> >> >> >>>> >> >
>> >> >> >>>> >> > Regards
>> >> >> >>>> >> >
>> >> >> >>>> >> > ap
>> >> >> >>>> >
>> >> >> >>>> >
>> >> >> >>>
>> >> >> >>>
>> >> >> >
>> >> >
>> >> >
>> >
>> >
>
>

Mime
View raw message