405 Method Not Allowed - when calling readZoneConfiguration with 0.9.1 and 0.9.2

[kai83]

I am running the following code based on your documentation.

When using the vcert version 0.9.0, then everything works fine. Using 0.9.1 and 0.9.2 is causing the following error:

Exception in thread "main" com.google.gson.JsonSyntaxException: java.lang.IllegalStateException: Expected BEGIN_OBJECT but was STRING at line 1 column 1 path $
    at com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter.read(ReflectiveTypeAdapterFactory.java:221)
    at com.google.gson.Gson.fromJson(Gson.java:861)
    at com.google.gson.Gson.fromJson(Gson.java:826)
    at com.google.gson.Gson.fromJson(Gson.java:775)
    at com.google.gson.Gson.fromJson(Gson.java:747)
    at com.venafi.vcert.sdk.VCertException.fromFeignException(VCertException.java:44)
    at com.venafi.vcert.sdk.VCertClient.readZoneConfiguration(VCertClient.java:172)

static String user = "username";
static String password = "password";
static String clientID = "cliendiD";
static String url = "https://sserverurl";
static String policy = "Venafi Client\\Client1";

final Authentication auth = Authentication.builder()
            .user(user)
            .password(password)
            .clientId(clientID)
            .build();

    final Config config = Config.builder()
            .connectorType(ConnectorType.TPP_TOKEN)
            .baseUrl(url)
            .build();

    final VCertTknClient client = new VCertTknClient(config);

    client.getAccessToken(auth);

    client.readZoneConfiguration(policy);
    `

Can you please let me know if something, on how to retrieve the ZoneConfiguration, has been changed?

[kai83]

I made some further tests: If using the VCertTknClient against a on Premise (TPP) System, then I receive the mentioned 405 error. If using the Cloud connector against Venafi as a Service with the following code, then all works fine:

`final Authentication auth = Authentication.builder() .apiKey("xxxxxxxxxxxxxx") .clientId(clientID) .build();

final Config config = Config.builder() .connectorType(ConnectorType.CLOUD) .build();

final VCertClient client = new VCertClient(config); client.authenticate(auth); ZoneConfiguration zone = client.readZoneConfiguration(policy);

System.out.println(zone);`

[tr1ck3r]

@kai83 almost nothing changed between v0.9.0 and v0.9.2 that applies to the TPP integration. Can you please review your TPP configuration to make sure that the parameters you are specifying are all still valid and that the required permissions have been granted to the API user? Can you confirm that v0.9.0 still works with the same TPP environment and settings?

[tr1ck3r]

@kai83 I have confirmed there is an issue in v0.9.0 and higher that has to do with handling of the URL. The 405 error is happening because the method URL is missing the /vedsdk portion but when you include the /vedsdk portion in the base URL the authentication portion fails because it uses /vedauth. The /vedsdk portion is supposed to be optional (i.e., we automatically add it if it is not present for non-auth calls, and automatically replace it with /vedauth if it is present). I've asked @marcos-albornoz to investigate getting it fixed.

[kai83]

Hi @tr1ck3r thank for your feedback and quick testing. In the meanwhile I found another issue, let me know if this is caused by the same or if you want me to open another ticket.

Calling client.ping() on venafi as a service (ConnectorType.CLOUD) is causing a 404 (so I guess URL issue as well).

[marcos-albornoz]

Hi @kai83 this issue is now fixed and is in the new release v.0.9.3. Also the issue that you mention related to the VCertClient.ping() method is also fixed; that was happening due the ping behaviour is not longer supported by VaaS, so we deprecated that method but you can still use it because now it will work always in this case.

Thanks a lot to detect these issues :-)

Talking about of the way you tried to create your client, let me tell you that starting on v0.9.0 it was added new behaviour that enable you to do the Authentication process when the VCertClient/VCertTknClient is created, avoiding you the need to use the VCertClient.authenticate() method or the VCertTknClient.getAccesToken() method. Please go to the "Or you can try the authentication in constructor way" section in the Readme documentation for more details.

[kai83]

@marcos-albornoz thank you for your quick fix and support. I modified my code to use the authentication through the constructor. It helps to reduce code, Thank you