martin-booxi / google-apis-explorer

Automatically exported from code.google.com/p/google-apis-explorer
Apache License 2.0
0 stars 0 forks source link

Certificate subject issue trying to authenticate via auth2 #301

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1.Use Spring Social 1.1.0 and Spring Social Google 1.0.0
2.Try to login on my custom web app using Google+ account
3.Confirm permissions to custom web application

What is the expected output? What do you see instead?
An exception is thrown instead of successful login

What version of the product are you using? On what operating system?
Spring Social 1.1.0 and Spring Social Google 1.0.0

Please provide any additional information below.

[25 apr 2015 11:30:43,244] DEBUG - SocialAuthenticationFilter - Request is to 
process authentication
[25 apr 2015 11:30:43,273] DEBUG - RestTemplate               - Created POST 
request for "https://accounts.google.com/o/oauth2/token"
[25 apr 2015 11:30:43,300] DEBUG - RestTemplate               - Setting request 
Accept header to [application/x-www-form-urlencoded, multipart/form-data, 
application/json, application/*+json]
[25 apr 2015 11:30:43,300] DEBUG - RestTemplate               - Writing 
[{client_id=[615830623569-itqm9cnfer8cs24ahj7ovq20uba92k2o.apps.googleuserconten
t.com], client_secret=[uC-twqfGnaM5JPMdYnh8PrYR], 
code=[4/7Oc2FzlTso3QmTX3Oc7bIj2u9huvCjPZ4BbO-EJE-xk.MsYrdHT2hTQdyjz_MlCJoi3ITdTf
mQI], redirect_uri=[http://localhost:8181/YouTouristBE/auth/google], 
grant_type=[authorization_code]}] as "application/x-www-form-urlencoded" using 
[org.springframework.http.converter.FormHttpMessageConverter@15f4c581]
[25 apr 2015 11:30:43,672] DEBUG - RestTemplate               - POST request 
for "https://accounts.google.com/o/oauth2/token" resulted in 200 (OK)
[25 apr 2015 11:30:43,674] DEBUG - RestTemplate               - Reading 
[interface java.util.Map] as "application/json;charset=utf-8" using 
[org.springframework.http.converter.json.MappingJackson2HttpMessageConverter@490
b4af7]
[25 apr 2015 11:30:43,746] DEBUG - RestTemplate               - Created GET 
request for "https://www.googleapis.com/plus/v1/people/me"
[25 apr 2015 11:30:43,811] DEBUG - RestTemplate               - Setting request 
Accept header to [application/json, application/*+json]
[25 apr 2015 11:30:43,965] DEBUG - Auth2AuthenticationService - failed to 
exchange for access
org.springframework.web.client.ResourceAccessException: I/O error on GET 
request for "https://www.googleapis.com/plus/v1/people/me":Host name 
'www.googleapis.com' does not match the certificate subject provided by the 
peer (CN=*.storage.googleapis.com, O=Google Inc, L=Mountain View, 
ST=California, C=US); nested exception is 
javax.net.ssl.SSLPeerUnverifiedException: Host name 'www.googleapis.com' does 
not match the certificate subject provided by the peer 
(CN=*.storage.googleapis.com, O=Google Inc, L=Mountain View, ST=California, 
C=US)
    at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:557)
    at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:502)
    at org.springframework.web.client.RestTemplate.getForObject(RestTemplate.java:239)
    at org.springframework.social.google.api.impl.AbstractGoogleApiOperations.getEntity(AbstractGoogleApiOperations.java:50)
    at org.springframework.social.google.api.plus.impl.PlusTemplate.getPerson(PlusTemplate.java:105)
    at org.springframework.social.google.api.plus.impl.PlusTemplate.getGoogleProfile(PlusTemplate.java:110)
    at org.springframework.social.google.connect.GoogleAdapter.fetchUserProfile(GoogleAdapter.java:51)
    at org.springframework.social.google.connect.GoogleAdapter.fetchUserProfile(GoogleAdapter.java:31)
    at org.springframework.social.google.connect.GoogleConnectionFactory.extractProviderUserId(GoogleConnectionFactory.java:37)
    at org.springframework.social.connect.support.OAuth2ConnectionFactory.createConnection(OAuth2ConnectionFactory.java:91)
    at org.springframework.social.security.provider.OAuth2AuthenticationService.getAuthToken(OAuth2AuthenticationService.java:99)
    at org.springframework.social.security.SocialAuthenticationFilter.attemptAuthService(SocialAuthenticationFilter.java:239)
    at org.springframework.social.security.SocialAuthenticationFilter.attemptAuthentication(SocialAuthenticationFilter.java:157)
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:211)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:108)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:315)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLPeerUnverifiedException: Host name 
'www.googleapis.com' does not match the certificate subject provided by the 
peer (CN=*.storage.googleapis.com, O=Google Inc, L=Mountain View, 
ST=California, C=US)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:465)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:395)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353)
    at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134)
    at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
    at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
    at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
    at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
    at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
    at org.springframework.http.client.HttpComponentsClientHttpRequest.executeInternal(HttpComponentsClientHttpRequest.java:84)
    at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:46)
    at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:52)
    at org.springframework.http.client.InterceptingClientHttpRequest$RequestExecution.execute(InterceptingClientHttpRequest.java:94)
    at org.springframework.social.oauth2.OAuth2RequestInterceptor.intercept(OAuth2RequestInterceptor.java:45)
    at org.springframework.http.client.InterceptingClientHttpRequest$RequestExecution.execute(InterceptingClientHttpRequest.java:84)
    at org.springframework.http.client.InterceptingClientHttpRequest.executeInternal(InterceptingClientHttpRequest.java:69)
    at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:46)
    at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:52)
    at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:541)
    ... 41 more
[25 apr 2015 11:30:43,967] DEBUG - SocialAuthenticationFilter - Authentication 
request failed: 
org.springframework.security.authentication.AuthenticationServiceException: 
authentication failed

Original issue reported on code.google.com by marcuss...@gmail.com on 26 Apr 2015 at 8:10

GoogleCodeExporter commented 8 years ago
We are experiencing this issue since about 1 week ago.
It looks like the hostname is different from CN name in the certificate, 
released on 08/04/2015 and then later published

Original comment by marcuss...@gmail.com on 26 Apr 2015 at 8:30

GoogleCodeExporter commented 8 years ago
There is already an issue filed - Issue 300: Host verification failing due to 
Google certificate
https://code.google.com/p/google-apis-explorer/issues/detail?id=300

Original comment by androidd...@gmail.com on 28 Apr 2015 at 12:23