jclouds-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ignasi Barrera <n...@apache.org>
Subject Re: JClouds TLS SNI support?
Date Mon, 12 Sep 2016 19:04:34 GMT
Hi!

jclouds supports several HTTP drivers. By default it relies on the java
HttpUrlConection, but you can also configure it to use the Apache Http
client or OkHttp [1]. Using those drivers is as simple as adding the
corresponding Guice module when creating the context (have a look at the
OkHttp driver readme for an example [2]) so feel free to use the one that
is better for your use case.

If you need more control on how the http client is configured, you can take
the jclouds Docker api as an example. It configures the OkHttp to support
TLS connections. You can have a look at its docker http module [3] and
create a similar module that initializes the OkHtttpClient as needed, and
then pass it to the ContextBuilder when creating the jclouds context.

HTH!

I.

[1] https://github.com/jclouds/jclouds/tree/master/drivers
[2] https://github.com/jclouds/jclouds/blob/master/drivers/okhttp/README.md
[3]
https://github.com/jclouds/jclouds/blob/master/apis/docker/src/main/java/org/jclouds/docker/config/DockerHttpApiModule.java

El 12 sept. 2016 7:02 p. m., "cen" <imbacen@gmail.com> escribió:

> Hi
>
> We have a FakeS3 instance behind a reverse proxy which handles several
> subdomains over a single IP. We use let's encrypt certificate to sign the
> subdomains. We have the latest Java 8 installed which has the let's encrypt
> root in it's truststore. However, JClouds fails to connect to our FakeS3
> instance over https (http works). We believe it is because TLS SNI is not
> supported in JClouds since this is the most common problem we found other
> people having when googling around. I browsed around org.jclouds.http
> package but I was unable to determine what HTTP client does JClouds use
> behind the scenes or if it's a custom implementation. Could I get some
> feedback whether my assumptions are correct and how hard would it be to fix
> this? This is the stacktrace:
>
>
> PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target connecting to
> HEAD https://s3.demo.mydomain.com/productname HTTP/1.1
>     at org.jclouds.http.internal.BaseHttpCommandExecutorService.invoke(
> BaseHttpCommandExecutorService.java:121)
>     at org.jclouds.rest.internal.InvokeHttpMethod.invoke(
> InvokeHttpMethod.java:90)
>     at org.jclouds.rest.internal.InvokeHttpMethod.apply(
> InvokeHttpMethod.java:73)
>     at org.jclouds.rest.internal.InvokeHttpMethod.apply(
> InvokeHttpMethod.java:44)
>     at org.jclouds.rest.internal.DelegatesToInvocationFunction.handle(
> DelegatesToInvocationFunction.java:156)
>     at org.jclouds.rest.internal.DelegatesToInvocationFunction.invoke(
> DelegatesToInvocationFunction.java:123)
>     at com.sun.proxy.$Proxy146.bucketExists(Unknown Source)
>     at org.jclouds.s3.blobstore.S3BlobStore.containerExists(
> S3BlobStore.java:131)
>     at com.redacted.util.storage.S3Storage.saveBlob(S3Storage.java:42)
>     at com.redacted.util.storage.BlobStorageImpl.saveBlob(
> BlobStorageImpl.java:19)
>     at com.redacted.api.rest.v1.resources.ImagesResourceImpl.createTenant(
> ImagesResourceImpl.java:90)
>     at com.redacted.api.rest.v1.resources.ImagesResourceImpl$
> Proxy$_$$_WeldSubclass.createTenant$$super(Unknown Source)
>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>     at sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:62)
>     at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
>     at java.lang.reflect.Method.invoke(Method.java:498)
>     at org.jboss.weld.interceptor.proxy.TerminalAroundInvokeInvocation
> Context.proceedInternal(TerminalAroundInvokeInvocationContext.java:49)
>     at org.jboss.weld.interceptor.proxy.AroundInvokeInvocationContext.
> proceed(AroundInvokeInvocationContext.java:77)
>     at com.redacted.api.rest.v1.interceptors.
> ValidatePermissionsInterceptor.checkOwnership(
> ValidatePermissionsInterceptor.java:63)
>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>     at sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:62)
>     at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
>     at java.lang.reflect.Method.invoke(Method.java:498)
>     at org.jboss.weld.interceptor.reader.SimpleInterceptorInvocation$
> SimpleMethodInvocation.invoke(SimpleInterceptorInvocation.java:74)
>     at org.jboss.weld.interceptor.proxy.NonTerminalAroundInvokeInvocat
> ionContext.proceedInternal(NonTerminalAroundInvokeInvocat
> ionContext.java:64)
>     at org.jboss.weld.interceptor.proxy.AroundInvokeInvocationContext.
> proceed(AroundInvokeInvocationContext.java:77)
>     at com.redacted.api.rest.v1.interceptors.TransactionalInterceptor.
> manageTransaction(TransactionalInterceptor.java:34)
>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>     at sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:62)
>     at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
>     at java.lang.reflect.Method.invoke(Method.java:498)
>     at org.jboss.weld.interceptor.reader.SimpleInterceptorInvocation$
> SimpleMethodInvocation.invoke(SimpleInterceptorInvocation.java:74)
>     at org.jboss.weld.interceptor.proxy.InterceptorMethodHandler.
> executeAroundInvoke(InterceptorMethodHandler.java:84)
>     at org.jboss.weld.interceptor.proxy.InterceptorMethodHandler.
> executeInterception(InterceptorMethodHandler.java:72)
>     at org.jboss.weld.interceptor.proxy.InterceptorMethodHandler.invoke(
> InterceptorMethodHandler.java:56)
>     at org.jboss.weld.bean.proxy.CombinedInterceptorAndDecorato
> rStackMethodHandler.invoke(CombinedInterceptorAndDecorato
> rStackMethodHandler.java:79)
>     at org.jboss.weld.bean.proxy.CombinedInterceptorAndDecorato
> rStackMethodHandler.invoke(CombinedInterceptorAndDecorato
> rStackMethodHandler.java:68)
>     at com.redacted.api.rest.v1.resources.ImagesResourceImpl$
> Proxy$_$$_WeldSubclass.createTenant(Unknown Source)
>     at com.redacted.api.rest.v1.resources.ImagesResourceImpl$
> Proxy$_$$_WeldClientProxy.createTenant(Unknown Source)
>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>     at sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:62)
>     at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
>     at java.lang.reflect.Method.invoke(Method.java:498)
>     at org.glassfish.jersey.server.model.internal.
> ResourceMethodInvocationHandlerFactory$1.invoke(
> ResourceMethodInvocationHandlerFactory.java:81)
>     at org.glassfish.jersey.server.model.internal.
> AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDisp
> atcher.java:164)
>     at org.glassfish.jersey.server.model.internal.
> AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDisp
> atcher.java:181)
>     at org.glassfish.jersey.server.model.internal.
> JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(
> JavaResourceMethodDispatcherProvider.java:158)
>     at org.glassfish.jersey.server.model.internal.
> AbstractJavaResourceMethodDispatcher.dispatch(
> AbstractJavaResourceMethodDispatcher.java:101)
>     at org.glassfish.jersey.server.model.ResourceMethodInvoker.
> invoke(ResourceMethodInvoker.java:389)
>     at org.glassfish.jersey.server.model.ResourceMethodInvoker.
> apply(ResourceMethodInvoker.java:347)
>     at org.glassfish.jersey.server.model.ResourceMethodInvoker.
> apply(ResourceMethodInvoker.java:102)
>     at org.glassfish.jersey.server.ServerRuntime$2.run(
> ServerRuntime.java:305)
>     at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)
>     at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)
>     at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
>     at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
>     at org.glassfish.jersey.internal.Errors.process(Errors.java:267)
>     at org.glassfish.jersey.process.internal.RequestScope.
> runInScope(RequestScope.java:317)
>     at org.glassfish.jersey.server.ServerRuntime.process(
> ServerRuntime.java:288)
>     at org.glassfish.jersey.server.ApplicationHandler.handle(
> ApplicationHandler.java:1110)
>     at org.glassfish.jersey.servlet.WebComponent.service(
> WebComponent.java:401)
>     at org.glassfish.jersey.servlet.ServletContainer.service(
> ServletContainer.java:386)
>     at org.glassfish.jersey.servlet.ServletContainer.service(
> ServletContainer.java:335)
>     at org.glassfish.jersey.servlet.ServletContainer.service(
> ServletContainer.java:222)
>     at org.eclipse.jetty.servlet.ServletHolder.handle(
> ServletHolder.java:835)
>     at org.eclipse.jetty.servlet.ServletHandler$CachedChain.
> doFilter(ServletHandler.java:1685)
>     at com.thetransactioncompany.cors.CORSFilter.doFilter(
> CORSFilter.java:209)
>     at com.thetransactioncompany.cors.CORSFilter.doFilter(
> CORSFilter.java:244)
>     at org.eclipse.jetty.servlet.ServletHandler$CachedChain.
> doFilter(ServletHandler.java:1668)
>     at org.eclipse.jetty.servlet.ServletHandler.doHandle(
> ServletHandler.java:581)
>     at org.eclipse.jetty.server.handler.ScopedHandler.handle(
> ScopedHandler.java:143)
>     at org.eclipse.jetty.security.SecurityHandler.handle(
> SecurityHandler.java:513)
>     at org.eclipse.jetty.server.session.SessionHandler.
> doHandle(SessionHandler.java:226)
>     at org.eclipse.jetty.server.handler.ContextHandler.
> doHandle(ContextHandler.java:1158)
>     at org.eclipse.jetty.servlet.ServletHandler.doScope(
> ServletHandler.java:511)
>     at org.eclipse.jetty.server.session.SessionHandler.
> doScope(SessionHandler.java:185)
>     at org.eclipse.jetty.server.handler.ContextHandler.
> doScope(ContextHandler.java:1090)
>     at org.eclipse.jetty.server.handler.ScopedHandler.handle(
> ScopedHandler.java:141)
>     at org.eclipse.jetty.server.handler.HandlerWrapper.handle(
> HandlerWrapper.java:119)
>     at org.eclipse.jetty.server.Server.handle(Server.java:517)
>     at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:308)
>     at org.eclipse.jetty.server.HttpConnection.onFillable(
> HttpConnection.java:242)
>     at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(
> AbstractConnection.java:273)
>     at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
>     at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(
> SelectChannelEndPoint.java:75)
>     at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.
> produceAndRun(ExecuteProduceConsume.java:213)
>     at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(
> ExecuteProduceConsume.java:147)
>     at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(
> QueuedThreadPool.java:654)
>     at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(
> QueuedThreadPool.java:572)
>     at java.lang.Thread.run(Thread.java:745)
> Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
> PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target
>     at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
> Method)
>     at sun.reflect.NativeConstructorAccessorImpl.newInstance(
> NativeConstructorAccessorImpl.java:62)
>     at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(
> DelegatingConstructorAccessorImpl.java:45)
>     at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
>     at sun.net.www.protocol.http.HttpURLConnection$10.run(
> HttpURLConnection.java:1890)
>     at sun.net.www.protocol.http.HttpURLConnection$10.run(
> HttpURLConnection.java:1885)
>     at java.security.AccessController.doPrivileged(Native Method)
>     at sun.net.www.protocol.http.HttpURLConnection.getChainedException(
> HttpURLConnection.java:1884)
>     at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(
> HttpURLConnection.java:1457)
>     at sun.net.www.protocol.http.HttpURLConnection.getInputStream(
> HttpURLConnection.java:1441)
>     at java.net.HttpURLConnection.getResponseCode(
> HttpURLConnection.java:480)
>     at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(
> HttpsURLConnectionImpl.java:338)
>     at org.jclouds.http.internal.JavaUrlHttpCommandExecutorService.invoke(
> JavaUrlHttpCommandExecutorService.java:105)
>     at org.jclouds.http.internal.JavaUrlHttpCommandExecutorService.invoke(
> JavaUrlHttpCommandExecutorService.java:65)
>     at org.jclouds.http.internal.BaseHttpCommandExecutorService.invoke(
> BaseHttpCommandExecutorService.java:99)
>     ... 89 more
> Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
> PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target
>     at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>     at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
>     at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
>     at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
>     at sun.security.ssl.ClientHandshaker.serverCertificate(
> ClientHandshaker.java:1509)
>     at sun.security.ssl.ClientHandshaker.processMessage(
> ClientHandshaker.java:216)
>     at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
>     at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
>     at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
>     at sun.security.ssl.SSLSocketImpl.performInitialHandshake(
> SSLSocketImpl.java:1375)
>     at sun.security.ssl.SSLSocketImpl.startHandshake(
> SSLSocketImpl.java:1403)
>     at sun.security.ssl.SSLSocketImpl.startHandshake(
> SSLSocketImpl.java:1387)
>     at sun.net.www.protocol.https.HttpsClient.afterConnect(
> HttpsClient.java:559)
>     at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnec
> tion.connect(AbstractDelegateHttpsURLConnection.java:185)
>     at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(
> HttpURLConnection.java:1513)
>     at sun.net.www.protocol.http.HttpURLConnection.getInputStream(
> HttpURLConnection.java:1441)
>     at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(
> HttpsURLConnectionImpl.java:254)
>     at org.jclouds.http.internal.JavaUrlHttpCommandExecutorService.invoke(
> JavaUrlHttpCommandExecutorService.java:97)
>     ... 91 more
> Caused by: sun.security.validator.ValidatorException: PKIX path building
> failed: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target
>     at sun.security.validator.PKIXValidator.doBuild(
> PKIXValidator.java:387)
>     at sun.security.validator.PKIXValidator.engineValidate(
> PKIXValidator.java:292)
>     at sun.security.validator.Validator.validate(Validator.java:260)
>     at sun.security.ssl.X509TrustManagerImpl.validate(
> X509TrustManagerImpl.java:324)
>     at sun.security.ssl.X509TrustManagerImpl.checkTrusted(
> X509TrustManagerImpl.java:229)
>     at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(
> X509TrustManagerImpl.java:124)
>     at sun.security.ssl.ClientHandshaker.serverCertificate(
> ClientHandshaker.java:1491)
>     ... 104 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target
>     at sun.security.provider.certpath.SunCertPathBuilder.
> build(SunCertPathBuilder.java:141)
>     at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(
> SunCertPathBuilder.java:126)
>     at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
>     at sun.security.validator.PKIXValidator.doBuild(
> PKIXValidator.java:382)
>     ... 110 more
>

Mime
View raw message