search

ContainX / openstack4j

A Fluent OpenStack SDK / Client Library for Java
http://openstack4j.com
Other
290 stars 367 forks source link

ConnectionException{message=peer not authenticated, status=0} with Self Signed Certificate in openstack4j 3.0.2 #822

Open vinayvivekananda opened 8 years ago

vinayvivekananda commented 8 years ago

I'm using below code to perform authentication with openstack which has self signed certificate, but getting peer not authentication error with below stack trace in openstack4j 3.0.2, Where as in 2.20 version it worked fine..

Any workaround would be highly appreciated as i'm on some tight deadline..

Config config = Config.DEFAULT.withSSLVerificationDisabled(); OSClientV2 os = OSFactory.builderV2().endpoint("https://:5000/v2.0") .credentials("username", "password").withConfig(config).authenticate(); for (Tenant obj : os.identity().tenants().list()) { System.out.println(obj); }

Stack trace:

ConnectionException{message=peer not authenticated, status=0} at org.openstack4j.connectors.resteasy.HttpExecutorServiceImpl.invoke(HttpExecutorServiceImpl.java:56) at org.openstack4j.connectors.resteasy.HttpExecutorServiceImpl.execute(HttpExecutorServiceImpl.java:30) at org.openstack4j.core.transport.internal.HttpExecutor.execute(HttpExecutor.java:51) at org.openstack4j.openstack.internal.OSAuthenticator.authenticateV2(OSAuthenticator.java:122) at org.openstack4j.openstack.internal.OSAuthenticator.invoke(OSAuthenticator.java:52) at org.openstack4j.openstack.client.OSClientBuilder$ClientV2.authenticate(OSClientBuilder.java:117) at org.openstack4j.openstack.client.OSClientBuilder$ClientV2.authenticate(OSClientBuilder.java:79) at com.vv.openstack4jTest.App.main(App.java:29) Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148) at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149) at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:573) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754) at org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor.execute(ApacheHttpClient4Executor.java:182) at org.jboss.resteasy.client.ClientRequest.execute(ClientRequest.java:438) at org.jboss.resteasy.client.ClientRequest.httpMethod(ClientRequest.java:688) at org.jboss.resteasy.client.ClientRequest.httpMethod(ClientRequest.java:694) at org.openstack4j.connectors.resteasy.HttpCommand.execute(HttpCommand.java:65) at org.openstack4j.connectors.resteasy.HttpExecutorServiceImpl.invokeRequest(HttpExecutorServiceImpl.java:61) at org.openstack4j.connectors.resteasy.HttpExecutorServiceImpl.invoke(HttpExecutorServiceImpl.java:54) ... 7 more

huifan commented 8 years ago

I also met this problem....

vinodborole commented 8 years ago

@tovinayv you might want to use withSSLContext method of config. NOTE: withSSLVerificationDisabled property used to be known as "useNonStrictSSL" in previous releases

refer #506 for more info

huifan commented 8 years ago

@vinodborole @gondor 

 OSClientV3 osc3 = OSFactory.builderV3()
                .endpoint("https://xxx/identity/v2.0/")
                .withConfig(Config.newConfig().withSSLVerificationDisabled())
                .credentials("xxx", "xxx")
                .authenticate();

        OSClientV3 osc3 = OSFactory.builderV3()
                .endpoint("https://xxx/identity/v2.0/")
                .withConfig(Config.newConfig().withSSLContext(UntrustedSSL.getSSLContext()))
                .credentials("xxx", "xxx")
                .authenticate();

both of them doesn't work,the exception is : Exception in thread "main" ConnectionException{message=peer not authenticated, status=0} at org.openstack4j.connectors.resteasy.HttpExecutorServiceImpl.invoke(HttpExecutorServiceImpl.java:56) at org.openstack4j.connectors.resteasy.HttpExecutorServiceImpl.execute(HttpExecutorServiceImpl.java:30) at org.openstack4j.core.transport.internal.HttpExecutor.execute(HttpExecutor.java:51) at org.openstack4j.openstack.internal.OSAuthenticator.authenticateV3(OSAuthenticator.java:154) at org.openstack4j.openstack.internal.OSAuthenticator.invoke(OSAuthenticator.java:70) at org.openstack4j.openstack.client.OSClientBuilder$ClientV3.authenticate(OSClientBuilder.java:165) at org.openstack4j.openstack.client.OSClientBuilder$ClientV3.authenticate(OSClientBuilder.java:128) at com.powerrich.platforminspect.Test1.main(Test1.java:22) Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148) at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149) at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:573) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754) at org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor.execute(ApacheHttpClient4Executor.java:182) at org.jboss.resteasy.client.ClientRequest.execute(ClientRequest.java:438) at org.jboss.resteasy.client.ClientRequest.httpMethod(ClientRequest.java:688) at org.jboss.resteasy.client.ClientRequest.httpMethod(ClientRequest.java:694) at org.openstack4j.connectors.resteasy.HttpCommand.execute(HttpCommand.java:65) at org.openstack4j.connectors.resteasy.HttpExecutorServiceImpl.invokeRequest(HttpExecutorServiceImpl.java:61) at org.openstack4j.connectors.resteasy.HttpExecutorServiceImpl.invoke(HttpExecutorServiceImpl.java:54) ... 7 more

huifan commented 8 years ago

@vinodborole @gondor this code works well:

Config config = Config.DEFAULT.withSSLVerificationDisabled();
OSClient osClient = OSFactory.builder().endpoint("https://xxx/identity/v2.0")
                .credentials("xxx", "xxx").withConfig(config).tenantName("xxx").authenticate();
ScottMaclure commented 8 years ago

I'm trying something similar with Keystone v3, getting:

ConnectionException{message=sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
, status=0}
    at org.openstack4j.connectors.resteasy.HttpExecutorServiceImpl.invoke(HttpExecutorServiceImpl.java:56)
    at org.openstack4j.connectors.resteasy.HttpExecutorServiceImpl.execute(HttpExecutorServiceImpl.java:30)
    at org.openstack4j.core.transport.internal.HttpExecutor.execute(HttpExecutor.java:51)
    at org.openstack4j.openstack.internal.OSAuthenticator.authenticateV3(OSAuthenticator.java:154)
    at org.openstack4j.openstack.internal.OSAuthenticator.invoke(OSAuthenticator.java:70)
    at org.openstack4j.openstack.client.OSClientBuilder$ClientV3.authenticate(OSClientBuilder.java:165)
    at org.openstack4j.openstack.client.OSClientBuilder$ClientV3.authenticate(OSClientBuilder.java:128)

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Goal: environment config flag to ignore self-signed certs (in lower environments).

Edit: Tried above code without success:

Config config = Config.DEFAULT.withSSLVerificationDisabled();
zhoutiekui commented 8 years ago

I have encountered the same problem when i use version 3.0.2 and keystone v3, but when i use 3.0.0, it is normal.

OpenStacksh commented 7 years ago

@tovinayv Hi, I have the same problem just like you when i use version 3.0.2. do you have solve the problem?can you give me some advise. Thanks

Urban123 commented 6 years ago

Hi, is there any fix for this? We tried 3.0.0. but there are couple of issue that are solved in later versions, so not working with self-signed certificates is quite a limitation right now.