Cannot Access : https://localhost:8643/authorization/v1/authorize

rqualis-altamiracorp commented 5 years ago

Performed the following steps, as instructed in the README.md file (I am using a clone and not the zip):

cd sample_configuration for f in *.yml.example; do cp ${f} ${f%.example} done

cd datawave/services/build-parent mvn -Pexec clean install

cd datawave/services java -jar config-service/target/config-service*-exec.jar --spring.profiles.active=dev,nomessaging,native,open_actuator --spring.cloud.config.server.native.searchLocations=file://$PWD/sample_configuration

cd datawave/services java -jar authorization-service/target/authorization-service*-exec.jar --spring.profiles.active=dev,nomessaging,mock

All services are seem to be running ok,

SAMPLE_CONFIGURATION 2019-02-12 11:18:41.880 INFO 1748 --- [ main] o.s.c.s.DefaultLifecycleProcessor : Starting beans in phase 0 2019-02-12 11:18:41.881 INFO 1748 --- [ main] o.s.c.c.m.FileMonitorConfiguration : Monitoring for local config changes: [/Users/richard.qualis/dev_workspace/datawave/services/sample_configuration] 2019-02-12 11:18:41.895 INFO 1748 --- [ main] o.s.i.e.EventDrivenConsumer : Adding {logging-channel-adapter:_org.springframework.integration.errorLogger} as a subscriber to the 'errorChannel' channel 2019-02-12 11:18:41.895 INFO 1748 --- [ main] o.s.i.c.PublishSubscribeChannel : Channel 'configserver-1.errorChannel' has 1 subscriber(s). 2019-02-12 11:18:41.896 INFO 1748 --- [ main] o.s.i.e.EventDrivenConsumer : started _org.springframework.integration.errorLogger 2019-02-12 11:18:41.897 INFO 1748 --- [ main] o.s.c.s.DefaultLifecycleProcessor : Starting beans in phase 2147483647 2019-02-12 11:18:41.939 INFO 1748 --- [ main] o.xnio : XNIO version 3.3.8.Final 2019-02-12 11:18:41.963 INFO 1748 --- [ main] o.x.nio : XNIO NIO Implementation Version 3.3.8.Final 2019-02-12 11:18:42.083 INFO 1748 --- [ main] o.s.b.w.e.u.UndertowServletWebServer : Undertow started on port(s) 8888 (http) with context path '/configserver' 2019-02-12 11:18:42.086 INFO 1748 --- [ main] d.m.c.s.ConfigServerApplication : Started ConfigServerApplication in 6.093 seconds (JVM running for 6.968) 2019-02-12 11:19:28.346 INFO 1748 --- [ XNIO-1 task-1] i.u.servlet : Initializing Spring FrameworkServlet 'dispatcherServlet' 2019-02-12 11:19:28.346 INFO 1748 --- [ XNIO-1 task-1] o.s.w.s.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization started 2019-02-12 11:19:28.367 INFO 1748 --- [ XNIO-1 task-1] o.s.w.s.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization completed in 21 ms 2019-02-12 11:19:28.471 INFO 1748 --- [ XNIO-1 task-1] o.s.b.SpringApplication : Starting application on MacBook-Pro with PID 1748 (/Users/richard.qualis/dev_workspace/datawave/services/config-service/target/config-service-1.3-SNAPSHOT-exec.jar started by richard.qualis in /Users/richard.qualis/dev_workspace/datawave/services) 2019-02-12 11:19:28.471 INFO 1748 --- [ XNIO-1 task-1] o.s.b.SpringApplication : The following profiles are active: dev,nomessaging,mock 2019-02-12 11:19:28.474 INFO 1748 --- [ XNIO-1 task-1] s.c.a.AnnotationConfigApplicationContext : Refreshing org.springframework.context.annotation.AnnotationConfigApplicationContext@481ca12c: startup date [Tue Feb 12 11:19:28 EST 2019]; root of context hierarchy 2019-02-12 11:19:28.516 INFO 1748 --- [ XNIO-1 task-1] o.s.b.SpringApplication : Started application in 0.08 seconds (JVM running for 53.398) 2019-02-12 11:19:28.518 INFO 1748 --- [ XNIO-1 task-1] o.s.c.c.s.e.NativeEnvironmentRepository : Adding property source: file:///Users/richard.qualis/dev_workspace/datawave/services/sample_configuration/authorization-mock.yml 2019-02-12 11:19:28.518 INFO 1748 --- [ XNIO-1 task-1] o.s.c.c.s.e.NativeEnvironmentRepository : Adding property source: file:///Users/richard.qualis/dev_workspace/datawave/services/sample_configuration/application-nomessaging.yml 2019-02-12 11:19:28.519 INFO 1748 --- [ XNIO-1 task-1] o.s.c.c.s.e.NativeEnvironmentRepository : Adding property source: file:///Users/richard.qualis/dev_workspace/datawave/services/sample_configuration/authorization-dev.yml 2019-02-12 11:19:28.519 INFO 1748 --- [ XNIO-1 task-1] o.s.c.c.s.e.NativeEnvironmentRepository : Adding property source: file:///Users/richard.qualis/dev_workspace/datawave/services/sample_configuration/application-dev.yml 2019-02-12 11:19:28.519 INFO 1748 --- [ XNIO-1 task-1] o.s.c.c.s.e.NativeEnvironmentRepository : Adding property source: file:///Users/richard.qualis/dev_workspace/datawave/services/sample_configuration/authorization.yml 2019-02-12 11:19:28.519 INFO 1748 --- [ XNIO-1 task-1] o.s.c.c.s.e.NativeEnvironmentRepository : Adding property source: file:///Users/richard.qualis/dev_workspace/datawave/services/sample_configuration/application.yml 2019-02-12 11:19:28.520 INFO 1748 --- [ XNIO-1 task-1] s.c.a.AnnotationConfigApplicationContext : Closing org.springframework.context.annotation.AnnotationConfigApplicationContext@481ca12c: startup date [Tue Feb 12 11:19:28 EST 2019]; root of context hierarchy

AUTHORIZATION SERVICE [ main] o.s.i.m.IntegrationMBeanExporter : Registering beans for JMX exposure on startup 2019-02-12 11:19:35.664 INFO 1776 --- [ main] o.s.i.m.IntegrationMBeanExporter : Registering MessageChannel nullChannel 2019-02-12 11:19:35.668 INFO 1776 --- [ main] o.s.i.m.IntegrationMBeanExporter : Located managed bean 'org.springframework.integration:type=MessageChannel,name=nullChannel': registering with JMX server as MBean [org.springframework.integration:type=MessageChannel,name=nullChannel] 2019-02-12 11:19:35.678 INFO 1776 --- [ main] o.s.i.m.IntegrationMBeanExporter : Registering MessageChannel errorChannel 2019-02-12 11:19:35.680 INFO 1776 --- [ main] o.s.i.m.IntegrationMBeanExporter : Located managed bean 'org.springframework.integration:type=MessageChannel,name=errorChannel': registering with JMX server as MBean [org.springframework.integration:type=MessageChannel,name=errorChannel] 2019-02-12 11:19:35.757 INFO 1776 --- [ main] o.s.i.m.IntegrationMBeanExporter : Registering MessageHandler errorLogger 2019-02-12 11:19:35.760 INFO 1776 --- [ main] o.s.i.m.IntegrationMBeanExporter : Located managed bean 'org.springframework.integration:type=MessageHandler,name=errorLogger,bean=internal': registering with JMX server as MBean [org.springframework.integration:type=MessageHandler,name=errorLogger,bean=internal] 2019-02-12 11:19:35.803 INFO 1776 --- [ main] o.s.c.s.DefaultLifecycleProcessor : Starting beans in phase 0 2019-02-12 11:19:35.803 INFO 1776 --- [ main] o.s.i.e.EventDrivenConsumer : Adding {logging-channel-adapter:_org.springframework.integration.errorLogger} as a subscriber to the 'errorChannel' channel 2019-02-12 11:19:35.804 INFO 1776 --- [ main] o.s.i.c.PublishSubscribeChannel : Channel 'authorization-1.errorChannel' has 1 subscriber(s). 2019-02-12 11:19:35.804 INFO 1776 --- [ main] o.s.i.e.EventDrivenConsumer : started _org.springframework.integration.errorLogger 2019-02-12 11:19:35.804 INFO 1776 --- [ main] o.s.c.s.DefaultLifecycleProcessor : Starting beans in phase 2147483647 2019-02-12 11:19:35.955 INFO 1776 --- [ main] o.s.b.w.e.u.UndertowServletWebServer : Undertow started on port(s) 8643 (https) with context path '/authorization' 2019-02-12 11:19:35.958 INFO 1776 --- [ main] d.m.a.AuthorizationService : Started AuthorizationService in 9.185 seconds (JVM running for 10.193)

I should be able to hit the following URLs, but got error Failed to open page because cannot establish secure connection to the server “localhost” : https://localhost:8643/authorization/v1/authorize

I am able to ssh to localhost without a password. I tried from different browsers.

Any suggestions ?

Thanks

rqualis-altamiracorp commented 5 years ago

Tried Firefox. See below for the error:

localhost:8643 uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER

When I try to add it via advance option:

Secure Connection Failed

An error occurred during a connection to localhost:8643. SSL peer cannot verify your certificate. Error code: SSL_ERROR_BAD_CERT_ALERT

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

Learn more…

https://localhost:8643/authorization/v1/authorize

Peer’s Certificate issuer is not recognized.

HTTP Strict Transport Security: false HTTP Public Key Pinning: false

Certificate chain:

rqualis-altamiracorp commented 5 years ago

I did additional debugging to resolve this issue and still no luck. I manually loaded the following and still no luck:

datawave/web-services/deploy/application/src/main/wildfly/overlay/standalone/configuration/certificates/testUser.p12

Any suggestion?

keith-ratcliffe commented 5 years ago

If you're running the microservices with the provided config examples, you should be able use the test PKI materials located here: /path/to/datawave/services/spring-boot-starter-datawave/src/main/resources

Password for all should be ChangeIt

Currently, the quickstart isn't configured to use the microservices, and it leverages a different set of PKI materials. But we'll likely be consolidating those in an upcoming release to make things easier

rqualis-altamiracorp commented 5 years ago

Keith, Thank you very much for the info, it resolved the issue for the most part - 2 URLs "failed". See below. I did the following:

Removed the old key
Clear the browser cached info.
Re-launched the configuration and authorization services
Followed the rest of the steps in the README file

The results for each of the URL:

https://localhost:8643/authorization/v1/authorize returned eyJhbGciOiJSUzUxMiIsInppcCI6IkdaSVAifQ.H...........more info
https://localhost:8643/authorization/v1/whoami returned the JSON-encoded version of the DatawaveUser corresponding to the client certificate {"proxiedUsers":[{"dn":{"subjectDN":"cn=test a. user, ou=example developers, o=example corp, c=us","issuerDN":"cn=example corp ca, o=example corp, c=us"},"userType":"USER","auths":["JBOSS_ADMIN","AUTH_USER"],"roles":["JBossAdministrator","AuthorizedUser"],"roleToAuthMapping":{"JBossAdministrator":["JBOSS_ADMIN"],"AuthorizedUser":["AUTH_USER"]},"creationTime":1550085844156,"expirationTime":-1,"name":"cn=test a. user, ou=example developers, o=example corp, c=us<cn=example corp ca, o=example corp, c=us>"}],"creationTime":1550085844156}
https://localhost:8643/authorization/swagger-ui.html Returned : Not Found
https://localhost:8643/authorization/mgmt/docs/ Returned : Not Found

3 and 4 are not correct.

For item 3, swagger-ui,I checked the logs: authorization_access.log shows 0:0:0:0:0:0:0:1 - - [13/Feb/2019:14:41:28 -0500] "GET /authorization/swagger-ui.html HTTP/1.1" 404 68 12

authorization-service.log 2019-02-13 14:44:18.590 DEBUG 1087 --- [ XNIO-2 task-26] d.m.a.p.ProxiedEntityX509Filter : Checking secure context token: null. <-- Should this be null? 2019-02-13 14:44:18.591 DEBUG 1087 --- [ XNIO-2 task-26] d.m.a.p.ProxiedEntityX509Filter : X.509 client authorization certificate: [ [ Version: V3 Subject: CN=Test A. User, OU=Example Developers, O=Example Corp, C=US Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

Key: Sun RSA public key, 2048 bits modulus: 29693310397350683340154352951690417143453283761782464784111959779898461927631145040408363932677308332853795974513230535238765011893697562295591649906272212579888016519503573181099580045143351170795651053732631199886504818306055666864107398667643166838083330198025322251891302670569150584887153906273473166908672736169726869913278339998938625463260806398408491329537607089045335843354057502003125067308241429255967124060549481667214960661803432678754184746177036180093147065643936088465464515204445387575661485660803318755335242447144012072792010509328162338791829056505154848152716527137628638009019665891344442965779 public exponent: 65537 Validity: [From: Fri Feb 02 12:22:00 EST 2018, To: Wed Feb 01 12:22:00 EST 2023] Issuer: CN=EXAMPLE CORP CA, O=Example Corp, C=US SerialNumber: [ 34866f38 cc8f237b 78d7e270 dc6aaf70 ae7a2797]

Certificate Extensions: 5 [1]: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 9D 58 40 49 88 8F 56 03 F4 56 89 5E AF 1C 50 CC .X@I..V..V.^..P. 0010: C0 7B FC 0C .... ] ]

[2]: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:false PathLen: undefined ]

[3]: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ clientAuth ]

[4]: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_Encipherment ]

[5]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 70 00 40 3C 41 AB 2F 00 17 11 99 02 CC 36 9A 1B p.@<A./......6.. 0010: 95 45 A4 D5 .E.. ] ]

] Algorithm: [SHA256withRSA] Signature: 0000: 39 E7 C7 B5 73 C8 DA EB 1A C9 F5 C0 F3 6D 8D A2 9...s........m.. 0010: 0C ED 38 E9 F5 7A 90 5F 9A A1 36 62 57 FE 69 9E ..8..z...6bW.i. 0020: 5D E6 CA CB 5C DD 26 5F C1 4F 84 B0 98 87 F0 6C ]....&.O.....l 0030: 21 DA 1D 28 67 40 97 14 96 F3 DD E7 65 E9 53 0E !..(g@......e.S. 0040: EC 2C 6D 1F 8F EE 7B A5 8B 8B 9B 4E F9 E3 C8 FB .,m........N.... 0050: 87 4E CC F9 E9 C5 E1 48 01 A4 53 F9 55 67 B1 54 .N.....H..S.Ug.T 0060: E5 2C 43 AC 40 F1 AA 17 89 B3 C0 11 1D 9B 39 10 .,C.@.........9. 0070: 5F 40 27 A9 39 80 2F B9 50 8B 5C DC 85 20 ED 12 @'.9./.P... .. 0080: 94 23 17 FA 03 D7 0F 66 F5 9D 4E B2 62 D9 36 0E .#.....f..N.b.6. 0090: 4B EE 81 B1 0A EE 13 0F 74 4B 4A 29 67 BE 00 C3 K.......tKJ)g... 00A0: 5F 0E E2 19 E7 CF 83 9C 3F 95 0C 34 59 BA 06 D8 .......?..4Y... 00B0: ED 5A 92 1D C0 A4 6B 37 FB 71 70 B7 B2 E4 4F C5 .Z....k7.qp...O. 00C0: 34 F7 30 CF C6 4A 85 56 5B 96 0F 21 4E C6 E2 28 4.0..J.V[..!N..( 00D0: 1B 9A BC 76 57 29 9F D8 82 01 83 54 B4 06 71 C0 ...vW).....T..q. 00E0: 71 A8 63 34 F0 F8 E6 50 34 02 12 B6 00 7B 57 6B q.c4...P4.....Wk 00F0: C6 34 73 F0 80 11 45 93 A1 33 5F 76 F8 A9 80 49 .4s...E..3_v...I

] 2019-02-13 14:44:18.592 DEBUG 1087 --- [ XNIO-2 task-26] d.m.a.p.ProxiedEntityX509Filter : X.509 client authorization certificate: [ [ Version: V3 Subject: CN=Test A. User, OU=Example Developers, O=Example Corp, C=US Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

Key: Sun RSA public key, 2048 bits modulus: 29693310397350683340154352951690417143453283761782464784111959779898461927631145040408363932677308332853795974513230535238765011893697562295591649906272212579888016519503573181099580045143351170795651053732631199886504818306055666864107398667643166838083330198025322251891302670569150584887153906273473166908672736169726869913278339998938625463260806398408491329537607089045335843354057502003125067308241429255967124060549481667214960661803432678754184746177036180093147065643936088465464515204445387575661485660803318755335242447144012072792010509328162338791829056505154848152716527137628638009019665891344442965779 public exponent: 65537 Validity: [From: Fri Feb 02 12:22:00 EST 2018, To: Wed Feb 01 12:22:00 EST 2023] Issuer: CN=EXAMPLE CORP CA, O=Example Corp, C=US SerialNumber: [ 34866f38 cc8f237b 78d7e270 dc6aaf70 ae7a2797]

Certificate Extensions: 5 [1]: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 9D 58 40 49 88 8F 56 03 F4 56 89 5E AF 1C 50 CC .X@I..V..V.^..P. 0010: C0 7B FC 0C .... ] ]

[2]: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:false PathLen: undefined ]

[3]: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ clientAuth ]

[4]: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_Encipherment ]

[5]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 70 00 40 3C 41 AB 2F 00 17 11 99 02 CC 36 9A 1B p.@<A./......6.. 0010: 95 45 A4 D5 .E.. ] ]

] Algorithm: [SHA256withRSA] Signature: 0000: 39 E7 C7 B5 73 C8 DA EB 1A C9 F5 C0 F3 6D 8D A2 9...s........m.. 0010: 0C ED 38 E9 F5 7A 90 5F 9A A1 36 62 57 FE 69 9E ..8..z...6bW.i. 0020: 5D E6 CA CB 5C DD 26 5F C1 4F 84 B0 98 87 F0 6C ]....&.O.....l 0030: 21 DA 1D 28 67 40 97 14 96 F3 DD E7 65 E9 53 0E !..(g@......e.S. 0040: EC 2C 6D 1F 8F EE 7B A5 8B 8B 9B 4E F9 E3 C8 FB .,m........N.... 0050: 87 4E CC F9 E9 C5 E1 48 01 A4 53 F9 55 67 B1 54 .N.....H..S.Ug.T 0060: E5 2C 43 AC 40 F1 AA 17 89 B3 C0 11 1D 9B 39 10 .,C.@.........9. 0070: 5F 40 27 A9 39 80 2F B9 50 8B 5C DC 85 20 ED 12 @'.9./.P... .. 0080: 94 23 17 FA 03 D7 0F 66 F5 9D 4E B2 62 D9 36 0E .#.....f..N.b.6. 0090: 4B EE 81 B1 0A EE 13 0F 74 4B 4A 29 67 BE 00 C3 K.......tKJ)g... 00A0: 5F 0E E2 19 E7 CF 83 9C 3F 95 0C 34 59 BA 06 D8 .......?..4Y... 00B0: ED 5A 92 1D C0 A4 6B 37 FB 71 70 B7 B2 E4 4F C5 .Z....k7.qp...O. 00C0: 34 F7 30 CF C6 4A 85 56 5B 96 0F 21 4E C6 E2 28 4.0..J.V[..!N..( 00D0: 1B 9A BC 76 57 29 9F D8 82 01 83 54 B4 06 71 C0 ...vW).....T..q. 00E0: 71 A8 63 34 F0 F8 E6 50 34 02 12 B6 00 7B 57 6B q.c4...P4.....Wk 00F0: C6 34 73 F0 80 11 45 93 A1 33 5F 76 F8 A9 80 49 .4s...E..3_v...I

] 2019-02-13 14:44:18.592 DEBUG 1087 --- [ XNIO-2 task-26] d.m.a.p.ProxiedEntityX509Filter : preAuthenticatedPrincipal = ProxiedEntityPreauthPrincipal{callerPrincipal=cn=test a. user, ou=example developers, o=example corp, c=us<cn=example corp ca, o=example corp, c=us>, proxiedEntities=[cn=test a. user, ou=example developers, o=example corp, c=us<cn=example corp ca, o=example corp, c=us>]}, trying to authenticate 2019-02-13 14:44:18.593 DEBUG 1087 --- [ XNIO-2 task-26] d.m.a.u.ProxiedEntityUserDetailsService : Authenticating org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken@2f360597: Principal: ProxiedEntityPreauthPrincipal{callerPrincipal=cn=test a. user, ou=example developers, o=example corp, c=us<cn=example corp ca, o=example corp, c=us>, proxiedEntities=[cn=test a. user, ou=example developers, o=example corp, c=us<cn=example corp ca, o=example corp, c=us>]}; Credentials: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Not granted any authorities 2019-02-13 14:44:18.594 DEBUG 1087 --- [ XNIO-2 task-26] d.m.a.p.ProxiedEntityX509Filter : Authentication success: org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken@a09b52ee: Principal: ProxiedUserDetails{username='cn=test a. user, ou=example developers, o=example corp, c=us<cn=example corp ca, o=example corp, c=us>', proxiedUsers=[DatawaveUser{name='cn=test a. user, ou=example developers, o=example corp, c=us<cn=example corp ca, o=example corp, c=us>', userType=USER, auths=[JBOSS_ADMIN, AUTH_USER], roles=[JBossAdministrator, AuthorizedUser], creationTime=1550085844156}]}; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: JBossAdministrator, AuthorizedUser

NationalSecurityAgency / datawave

Cannot Access : https://localhost:8643/authorization/v1/authorize #334