jclouds-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cen <imba...@gmail.com>
Subject JClouds TLS SNI support?
Date Mon, 12 Sep 2016 17:02:38 GMT
Hi

We have a FakeS3 instance behind a reverse proxy which handles several 
subdomains over a single IP. We use let's encrypt certificate to sign 
the subdomains. We have the latest Java 8 installed which has the let's 
encrypt root in it's truststore. However, JClouds fails to connect to 
our FakeS3 instance over https (http works). We believe it is because 
TLS SNI is not supported in JClouds since this is the most common 
problem we found other people having when googling around. I browsed 
around org.jclouds.http package but I was unable to determine what HTTP 
client does JClouds use behind the scenes or if it's a custom 
implementation. Could I get some feedback whether my assumptions are 
correct and how hard would it be to fix this? This is the stacktrace:


PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to 
find valid certification path to requested target connecting to HEAD 
https://s3.demo.mydomain.com/productname HTTP/1.1
     at 
org.jclouds.http.internal.BaseHttpCommandExecutorService.invoke(BaseHttpCommandExecutorService.java:121)
     at 
org.jclouds.rest.internal.InvokeHttpMethod.invoke(InvokeHttpMethod.java:90)
     at 
org.jclouds.rest.internal.InvokeHttpMethod.apply(InvokeHttpMethod.java:73)
     at 
org.jclouds.rest.internal.InvokeHttpMethod.apply(InvokeHttpMethod.java:44)
     at 
org.jclouds.rest.internal.DelegatesToInvocationFunction.handle(DelegatesToInvocationFunction.java:156)
     at 
org.jclouds.rest.internal.DelegatesToInvocationFunction.invoke(DelegatesToInvocationFunction.java:123)
     at com.sun.proxy.$Proxy146.bucketExists(Unknown Source)
     at 
org.jclouds.s3.blobstore.S3BlobStore.containerExists(S3BlobStore.java:131)
     at com.redacted.util.storage.S3Storage.saveBlob(S3Storage.java:42)
     at 
com.redacted.util.storage.BlobStorageImpl.saveBlob(BlobStorageImpl.java:19)
     at 
com.redacted.api.rest.v1.resources.ImagesResourceImpl.createTenant(ImagesResourceImpl.java:90)
     at 
com.redacted.api.rest.v1.resources.ImagesResourceImpl$Proxy$_$$_WeldSubclass.createTenant$$super(Unknown

Source)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
     at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
     at java.lang.reflect.Method.invoke(Method.java:498)
     at 
org.jboss.weld.interceptor.proxy.TerminalAroundInvokeInvocationContext.proceedInternal(TerminalAroundInvokeInvocationContext.java:49)
     at 
org.jboss.weld.interceptor.proxy.AroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:77)
     at 
com.redacted.api.rest.v1.interceptors.ValidatePermissionsInterceptor.checkOwnership(ValidatePermissionsInterceptor.java:63)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
     at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
     at java.lang.reflect.Method.invoke(Method.java:498)
     at 
org.jboss.weld.interceptor.reader.SimpleInterceptorInvocation$SimpleMethodInvocation.invoke(SimpleInterceptorInvocation.java:74)
     at 
org.jboss.weld.interceptor.proxy.NonTerminalAroundInvokeInvocationContext.proceedInternal(NonTerminalAroundInvokeInvocationContext.java:64)
     at 
org.jboss.weld.interceptor.proxy.AroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:77)
     at 
com.redacted.api.rest.v1.interceptors.TransactionalInterceptor.manageTransaction(TransactionalInterceptor.java:34)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
     at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
     at java.lang.reflect.Method.invoke(Method.java:498)
     at 
org.jboss.weld.interceptor.reader.SimpleInterceptorInvocation$SimpleMethodInvocation.invoke(SimpleInterceptorInvocation.java:74)
     at 
org.jboss.weld.interceptor.proxy.InterceptorMethodHandler.executeAroundInvoke(InterceptorMethodHandler.java:84)
     at 
org.jboss.weld.interceptor.proxy.InterceptorMethodHandler.executeInterception(InterceptorMethodHandler.java:72)
     at 
org.jboss.weld.interceptor.proxy.InterceptorMethodHandler.invoke(InterceptorMethodHandler.java:56)
     at 
org.jboss.weld.bean.proxy.CombinedInterceptorAndDecoratorStackMethodHandler.invoke(CombinedInterceptorAndDecoratorStackMethodHandler.java:79)
     at 
org.jboss.weld.bean.proxy.CombinedInterceptorAndDecoratorStackMethodHandler.invoke(CombinedInterceptorAndDecoratorStackMethodHandler.java:68)
     at 
com.redacted.api.rest.v1.resources.ImagesResourceImpl$Proxy$_$$_WeldSubclass.createTenant(Unknown

Source)
     at 
com.redacted.api.rest.v1.resources.ImagesResourceImpl$Proxy$_$$_WeldClientProxy.createTenant(Unknown

Source)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
     at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
     at java.lang.reflect.Method.invoke(Method.java:498)
     at 
org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81)
     at 
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:164)
     at 
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:181)
     at 
org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:158)
     at 
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:101)
     at 
org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:389)
     at 
org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:347)
     at 
org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:102)
     at 
org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:305)
     at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)
     at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)
     at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
     at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
     at org.glassfish.jersey.internal.Errors.process(Errors.java:267)
     at 
org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317)
     at 
org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:288)
     at 
org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1110)
     at 
org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:401)
     at 
org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:386)
     at 
org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:335)
     at 
org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:222)
     at 
org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:835)
     at 
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1685)
     at 
com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:209)
     at 
com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:244)
     at 
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
     at 
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:581)
     at 
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
     at 
org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:513)
     at 
org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)
     at 
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1158)
     at 
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:511)
     at 
org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
     at 
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1090)
     at 
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
     at 
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:119)
     at org.eclipse.jetty.server.Server.handle(Server.java:517)
     at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:308)
     at 
org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:242)
     at 
org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:273)
     at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
     at 
org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:75)
     at 
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceAndRun(ExecuteProduceConsume.java:213)
     at 
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:147)
     at 
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:654)
     at 
org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:572)
     at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException: 
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to 
find valid certification path to requested target
     at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native 
Method)
     at 
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
     at 
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
     at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
     at 
sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLConnection.java:1890)
     at 
sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLConnection.java:1885)
     at java.security.AccessController.doPrivileged(Native Method)
     at 
sun.net.www.protocol.http.HttpURLConnection.getChainedException(HttpURLConnection.java:1884)
     at 
sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1457)
     at 
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
     at 
java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
     at 
sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
     at 
org.jclouds.http.internal.JavaUrlHttpCommandExecutorService.invoke(JavaUrlHttpCommandExecutorService.java:105)
     at 
org.jclouds.http.internal.JavaUrlHttpCommandExecutorService.invoke(JavaUrlHttpCommandExecutorService.java:65)
     at 
org.jclouds.http.internal.BaseHttpCommandExecutorService.invoke(BaseHttpCommandExecutorService.java:99)
     ... 89 more
Caused by: javax.net.ssl.SSLHandshakeException: 
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to 
find valid certification path to requested target
     at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
     at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
     at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
     at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
     at 
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
     at 
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
     at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
     at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
     at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
     at 
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
     at 
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
     at 
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
     at 
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
     at 
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
     at 
sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1513)
     at 
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
     at 
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
     at 
org.jclouds.http.internal.JavaUrlHttpCommandExecutorService.invoke(JavaUrlHttpCommandExecutorService.java:97)
     ... 91 more
Caused by: sun.security.validator.ValidatorException: PKIX path building 
failed: sun.security.provider.certpath.SunCertPathBuilderException: 
unable to find valid certification path to requested target
     at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
     at 
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
     at sun.security.validator.Validator.validate(Validator.java:260)
     at 
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
     at 
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
     at 
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
     at 
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
     ... 104 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: 
unable to find valid certification path to requested target
     at 
sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
     at 
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
     at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
     at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
     ... 110 more


Mime
View raw message