search

cardano-community / koios-java-client

koios-java-client
https://www.koios.rest/
Apache License 2.0
18 stars 3 forks source link

SSLPeerUnverifiedException: Hostname api.koios.rest not verified (no certificates) #44

Closed kunalransing closed 2 years ago

kunalransing commented 2 years ago

Jar version -

io.github.cardano-community koios-java-client **1.10**

Java Version - jdk-11.0.2

What operating system are you using, and which version?

Steps to Reproduce

  1. when we call addressService.getAddressTransactions(addresses, options) then sometime give error as SSLPeerUnverifiedException: Hostname api.koios.rest not verified (no certificates)

Expected Behavior

It should not give error - SSLPeerUnverifiedException: Hostname api.koios.rest not verified (no certificates)

Actual Behavior

Sometime service gives below error

rest.koios.client.backend.api.base.exception.ApiException: Hostname api.koios.rest not verified (no certificates)
    at rest.koios.client.backend.api.address.impl.AddressServiceImpl.getAddressTransactions(AddressServiceImpl.java:81) ~[koios-java-client-1.10.jar!/:na]
    at rest.koios.client.backend.api.address.impl.AddressServiceImpl.getAddressTransactions(AddressServiceImpl.java:65) ~[koios-java-client-1.10.jar!/:na]
    at com.eno.adawallet.blockchain.KoiosBlockHelperService.getAddressesTxs(KoiosBlockHelperService.java:74) ~[classes!/:1.0.0]
    at com.eno.adawallet.ADAWalletBean.processReceive(ADAWalletBean.java:451) ~[classes!/:1.0.0]
    at com.eno.adawallet.ADAWalletBean$$FastClassBySpringCGLIB$$fb418adb.invoke(<generated>) ~[classes!/:1.0.0]
    at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) ~[spring-core-5.3.18.jar!/:5.3.18]
    at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:689) ~[spring-aop-5.3.18.jar!/:5.3.18]
    at com.eno.adawallet.ADAWalletBean$$EnhancerBySpringCGLIB$$a8235744.processReceive(<generated>) ~[classes!/:1.0.0]
    at com.eno.adawallet.timer.ADATimer.processReceiveTxTimer(ADATimer.java:94) ~[classes!/:1.0.0]
    at com.eno.adawallet.timer.ADATimer$$FastClassBySpringCGLIB$$11df0ffc.invoke(<generated>) ~[classes!/:1.0.0]
    at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) ~[spring-core-5.3.18.jar!/:5.3.18]
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:783) ~[spring-aop-5.3.18.jar!/:5.3.18]
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) ~[spring-aop-5.3.18.jar!/:5.3.18]
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753) ~[spring-aop-5.3.18.jar!/:5.3.18]
    at org.springframework.aop.interceptor.AsyncExecutionInterceptor.lambda$invoke$0(AsyncExecutionInterceptor.java:115) ~[spring-aop-5.3.18.jar!/:5.3.18]
    at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[na:na]
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[na:na]
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[na:na]
    at java.base/java.lang.Thread.run(Thread.java:834) ~[na:na]
Caused by: javax.net.ssl.SSLPeerUnverifiedException: Hostname api.koios.rest not verified (no certificates)
    at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:396) ~[okhttp-4.9.0.jar!/:na]
    at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:337) ~[okhttp-4.9.0.jar!/:na]
    at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:209) ~[okhttp-4.9.0.jar!/:na]
    at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:226) ~[okhttp-4.9.0.jar!/:na]
    at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:106) ~[okhttp-4.9.0.jar!/:na]
    at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:74) ~[okhttp-4.9.0.jar!/:na]
    at okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:255) ~[okhttp-4.9.0.jar!/:na]
    at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32) ~[okhttp-4.9.0.jar!/:na]
    at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) ~[okhttp-4.9.0.jar!/:na]
    at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95) ~[okhttp-4.9.0.jar!/:na]
    at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) ~[okhttp-4.9.0.jar!/:na]
    at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83) ~[okhttp-4.9.0.jar!/:na]
    at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) ~[okhttp-4.9.0.jar!/:na]
    at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76) ~[okhttp-4.9.0.jar!/:na]
    at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) ~[okhttp-4.9.0.jar!/:na]
    at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201) ~[okhttp-4.9.0.jar!/:na]
    at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154) ~[okhttp-4.9.0.jar!/:na]
    at retrofit2.OkHttpCall.execute(OkHttpCall.java:204) ~[retrofit-2.9.0.jar!/:na]
    at rest.koios.client.backend.api.base.BaseService.execute(BaseService.java:97) ~[koios-java-client-1.10.jar!/:na]
    at rest.koios.client.backend.api.address.impl.AddressServiceImpl.getAddressTransactions(AddressServiceImpl.java:78) ~[koios-java-client-1.10.jar!/:na]
rdlrt commented 2 years ago

The certificate is letsencrypt signed. If you have troubles, it's possible you may not have recent enough CA certs on your Java truststore (alternatively, you can always add cert to your trust store)

kunalransing commented 2 years ago

I have downloaded base64 certificate chain like below image

Imported downloaded cer using below java command $/opt/jdk-11.0.2/bin/keytool -import -alias ca -file api.koios.rest.cer -keystore cacerts -storepass xxx

but still im getting same error. Can you help me to fix it, please ? @rdlrt

rdlrt commented 2 years ago

I have downloaded base64 certificate chain like below image

Imported downloaded cer using below java command $/opt/jdk-11.0.2/bin/keytool -import -alias ca -file api.koios.rest.cer -keystore cacerts -storepass xxx

but still im getting same error. Can you help me to fix it, please ? @rdlrt

When importing certs to trust store, it's always better to extract root/Intermedia certificates instead of server certificate, you can extract those using openssl

kunalransing commented 2 years ago

@rdlrt I have tried using below way also still same error $ echo "" | openssl s_client -connect api.koios.rest:443 -showcerts 2>/dev/null | openssl x509 -out certfile.txt Then imported certfile.txt to java truststore. Any idea what is wrong?

rdlrt commented 2 years ago

You're getting server certificate, not the issuers. You might wanna read this blog and checkout examples here

kunalransing commented 2 years ago

Thanks for your help. I have tried root & CA certificates but didn't worked. https://letsencrypt.org/certificates/ Now using plain java HTTP code & working fine.