Unable to find valid certification path to requested target

[SamuelePilleri]

I'm trying to add an OData source. I believe this is done by adding a RemoteDatabase. My data source is experimental and I don't have HTTPS certificates. I get the following error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. In the logs I see the following:

2024-06-06 13:53:23,628 INFO  [io.quarkus] (main) Installed features: [cdi, jdbc-db2, jdbc-h2, jdbc-mssql, jdbc-postgresql, jgit, jsch, reactive-routes, rest-client, rest-client-jackson, resteasy, resteasy-jackson, resteasy-multipart, security, security-properties-file, smallrye-context-propagation, smallrye-jwt, smallrye-openapi, swagger-ui, vertx]
2024-06-06 13:53:32,272 INFO  [com.das.lau.LocalAuthManager] (executor-thread-1) Loading /deployments/djusers.properties
2024-06-06 13:53:32,273 INFO  [com.das.lau.LocalAuthManager] (executor-thread-1) Loading /deployments/djroles.properties
2024-06-06 13:54:41,831 INFO  [org.das.ser.CredentialManager] (executor-thread-1) Using SID file: /deployments/model/.secrets.id
2024-06-06 13:54:41,832 INFO  [org.das.ser.CredentialManager] (executor-thread-1) New system - creating /deployments/model/.secrets.id
2024-06-06 13:54:42,402 WARNING [org.das.ser.PojoDatabase] (executor-thread-1) Ignoring metadata collection error: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I think this problem can be easily solved adding a flag to skip certificate validation.

[aeberhart]

From the log, it looks like the platform cannot connect to the remote system. This might be caused by the remote system using a self-signed certificate ("unable to find valid certification path to requested target"). The platform runs Quarkus and you could import the certificate into the Quarkus keystore or disable SSL validation alltogether (https://quarkus.io/guides/resteasy-client#disabling-ssl-verifications - not recommended in production!!!)

Not sure you are using the RemoteDatabase correctly. It serves the following purpose: Some database clients have a large set of dependencies. If we want to connect to all kinds of different DBs, we try to avoid packing them all into one JVM as this often leads to version conflicts.

Instead, you can expose a DB implementation to org.dashjoin.sdk.DatabaseService and run the client in its own JVM / container. The RemoteDatabase then connects the main platform with this service. An example is the RDF4J connector (https://github.com/dashjoin/platform/tree/master/dashjoin-rdf4j).

We have an experimental odata driver here: https://github.com/dashjoin/platform/tree/master/dashjoin-odata. It is not part of the binaries. You could uncomment the dependency in pom.xml (https://github.com/dashjoin/platform/blob/master/pom.xml) and build locally. This driver allows connecting an ODATA endpoint and have the platform treat it like a "normal" database.

There's also the other way around: exposing some DB via ODATA. This feature is active: https://dashjoin.github.io/platform/latest/api/#odata