search

IBM / java-sdk-core

Core functionality required by Java code generated by the IBM Cloud OpenAPI SDK Generator (openapi-sdkgen)
https://ibm.github.io/java-sdk-core/
Apache License 2.0
20 stars 21 forks source link

SSL certificate verification error for basic authentication type #179

Closed PratikshaFegade050698 closed 2 years ago

PratikshaFegade050698 commented 2 years ago

Hello All,

Is there any way to disable ssl verification for basic authentication type?

Problem Description:

  1. While calling REST API hosted on CPD instance, we are getting ssl certification error. As we are using AUTH_TYPE= Basic, there is no provision to disable ssl verification. Can we add a provision to disable the SSL certificate verification for basic auth type ?

  2. We tried to install valid certificate on local machine, after installing certificate, getting error for hostname not verified.

Stack trace for above points:

  1. SSL certification error: WARNING: The connection failed because the SSL certificate is not valid. To use a self-signed certificate, set the disableSslVerification parameter in HttpConfigOptions. Exception in thread "main" java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: unable to find valid certification path to requested target at com.ibm.cloud.sdk.core.service.BaseService$IBMCloudSDKServiceCall.execute(BaseService.java:579) at com.pf.MainClass.main(MainClass.java:44) Caused by: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: unable to find valid certification path to requested target

  2. Hostname unverified exception: Exception in thread "main" java.lang.RuntimeException: javax.net.ssl.SSLPeerUnverifiedException: Hostname cpd-cpd-instance.productmaster-88d730e9314ff984c930e51ffa50442f-0000.che01.containers.appdomain.cloud not verified: certificate: sha256/Q3JP/nWeYb6j6oLVLA51eR5OVdVcXsM52m+YvSD7rag= DN: CN=Dummy-Self-signed-Cert, EMAILADDRESS=dummy@example.dum, OU=For-Zenrock, O=IBM Zen, L=Home-Town, ST=XX, C=YY subjectAltNames: [internal-nginx-svc, .svc.cluster.local, api-svc, .api, ibm-nginx-svc, zen-core-api] at com.ibm.cloud.sdk.core.service.BaseService$IBMCloudSDKServiceCall.execute(BaseService.java:579) at com.pf.MainClass.main(MainClass.java:44) Caused by: javax.net.ssl.SSLPeerUnverifiedException: Hostname cpd-cpd-instance.productmaster-88d730e9314ff984c930e51ffa50442f-0000.che01.containers.appdomain.cloud not verified: certificate: sha256/Q3JP/nWeYb6j6oLVLA51eR5OVdVcXsM52m+YvSD7rag= DN: CN=Dummy-Self-signed-Cert, EMAILADDRESS=dummy@example.dum, OU=For-Zenrock, O=IBM Zen, L=Home-Town, ST=XX, C=YY subjectAltNames: [internal-nginx-svc, .svc.cluster.local, api-svc, .api, ibm-nginx-svc, zen-core-api] at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:389) at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:337) at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:209) at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:226) at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:106) at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:74) at okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:255) at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201) at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154) at com.ibm.cloud.sdk.core.service.BaseService$IBMCloudSDKServiceCall.execute(BaseService.java:572)

padamstx commented 2 years ago

Hi, you can disable ssl verification for the service client instance itself (irrespective of the authenticator) by using a block of code like this:

      HttpConfigOptions options = new HttpConfigOptions.Builder()
          .disableSslVerification(true)
          .build();
      myService.configureClient(options);
padamstx commented 2 years ago

No response on the above, so closing this out...