[Bug]: /openapi/api/v1/agent/register failed, Exception: javax.net.ssl.SSLHandshakeException:

[onesecurity]

Preflight Checklist

• [X] I agree to follow the Code of Conduct that this project adheres to.
• [X] I have searched the issue tracker for an issue that matches the one I want to file, without success.
• [X] I am not looking for support or already pursued the available support channels without success.

Version

1.7.9

Installation Type

Official Kubernetes

Service Name

DongTai-agent-java

Describe the details of the bug and the steps to reproduce it

新版本Agent注册失败，v1.7.7 Agent运行正常，服务端均为最新版本 1.8.7。

错误日志如下：

2022-10-31 18:30:52 [io.dongtai.iast.agent] [INFO] DongTai Config: /tmp/dongtai-root/v1.7.9/iast.properties 2022-10-31 18:30:52 [io.dongtai.iast.agent] [DEBUG] DongTai will install for Servlet Service 2022-10-31 18:30:54 [io.dongtai.iast.agent] [ERROR] request https://xx/openapi/api/v1/agent/register failed, Exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetjavax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) at sun.security.ssl.TransportContext.fatal(TransportContext.java:353) at sun.security.ssl.TransportContext.fatal(TransportContext.java:296) at sun.security.ssl.TransportContext.fatal(TransportContext.java:291) at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:652) at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:471) at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:367) at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:376) at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422) at sun.security.ssl.TransportContext.dispatch(TransportContext.java:183) at sun.security.ssl.SSLTransport.decode(SSLTransport.java:154) at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1279) at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1188) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:401) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:373) at io.dongtai.iast.thirdparty.org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436) at io.dongtai.iast.thirdparty.org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384) at io.dongtai.iast.thirdparty.org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) at io.dongtai.iast.thirdparty.org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376) at io.dongtai.iast.thirdparty.org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393) at io.dongtai.iast.thirdparty.org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) at io.dongtai.iast.thirdparty.org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186) at io.dongtai.iast.thirdparty.org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) at io.dongtai.iast.thirdparty.org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) at io.dongtai.iast.thirdparty.org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) at io.dongtai.iast.thirdparty.org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108) at io.dongtai.iast.common.utils.AbstractHttpClientUtils.sendRequestInternal(AbstractHttpClientUtils.java:123) at io.dongtai.iast.common.utils.AbstractHttpClientUtils.sendRequest(AbstractHttpClientUtils.java:64) at io.dongtai.iast.common.utils.AbstractHttpClientUtils.sendRequest(AbstractHttpClientUtils.java:35) at io.dongtai.iast.agent.util.HttpClientUtils.sendPost(HttpClientUtils.java:48) at io.dongtai.iast.agent.report.AgentRegisterReport.register(AgentRegisterReport.java:223) at io.dongtai.iast.agent.report.AgentRegisterReport.send(AgentRegisterReport.java:238) at io.dongtai.iast.agent.AgentLauncher.install(AgentLauncher.java:112) at io.dongtai.iast.agent.AgentLauncher.premain(AgentLauncher.java:48) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at sun.instrument.InstrumentationImpl.loadClassAndStartAgent(InstrumentationImpl.java:386) at sun.instrument.InstrumentationImpl.loadClassAndCallPremain(InstrumentationImpl.java:401) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) at sun.security.validator.Validator.validate(Validator.java:271) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:312) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:221) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:128) at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:636) ... 36 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ... 42 more

2022-10-31 18:30:54 [io.dongtai.iast.agent] [ERROR] Parse https://xxx/openapi register response failed: io.dongtai.iast.thirdparty.org.json.JSONException: A JSONObject text must begin with '{' at 1 [character 2 line 1] 2022-10-31 18:30:54 [io.dongtai.iast.agent] [ERROR] Agent registered failed. Start without DongTai IAST.

Additional Information

No response

Logs

No response

[lostsnow]

https://stackoverflow.com/questions/9619030/resolving-javax-net-ssl-sslhandshakeexception-sun-security-validator-validatore try this?

[onesecurity]

https://github.com/HXSecurity/DongTai-agent-java/releases/tag/v1.7.7 - Request OK https://github.com/HXSecurity/DongTai-agent-java/releases/tag/v1.7.9 - Request Fail

No system configuration has been updated

[lostsnow]

We have reimplemented the http client in version 1.7.8, which currently does not support invalid SSL certificates

[onesecurity]

Supplemental certificate chain solved the issue.Alibaba Cloud Certificate Service does not package the root certificate in the certificate file.