You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@jclouds.apache.org by Pratheesh <pr...@teknowmics.com> on 2018/04/13 12:39:45 UTC
Upgrading to TLSv1.2 in Jcloud...
We are using JClouds 1.9.1 to upload files to Softlayer. Recently softlayer
upgraded to TLSv1.2. So our existing code is failing.
What we have to change in Jclouds to support TLSv1.2, so that it can upload
files to Softlayer.
Regards
Pratheesh
Re: Upgrading to TLSv1.2 in Jcloud...
Posted by Ignasi Barrera <na...@apache.org>.
So then the issue is with the certificate itself and the validation chain.
If you trust the certificate, instead of configuring those properties you
could just install the certificate in the trust store of your JVM. This way
you just tell Java you trust it and avoid having to configure jclouds to
"globally" trust any SSL certificate.
I.
On 17 April 2018 at 09:21, Pratheesh <pr...@teknowmics.com> wrote:
> Hi Ignasi,
>
>
>
> I am using - 1.8.0_51
>
> I already put these properties(enabled PROPERTY_TRUST_ALL_CERTS to true)
> and working.
>
>
>
> Regards
>
> Pratheesh
>
>
>
> *From:* Ignasi Barrera [mailto:nacx@apache.org]
> *Sent:* Tuesday, April 17, 2018 12:11 PM
>
> *To:* user@jclouds.apache.org
> *Subject:* Re: Upgrading to TLSv1.2 in Jcloud...
>
>
>
> I'd say the config is OK (without having seen the implementation of your
> TLSOkHttpClientSupplier).
>
>
>
> The error you get is a common error when the certificate is not trusted.
> Could that be possible? Which concrete version of Java 8 are you using?
>
>
>
> Just to discard a certificate trust issue, could you try setting the
> following properties?
>
>
>
> Properties overrides = new Properties();
>
> overrides.put(Constants.PROPERTY_TRUST_ALL_CERTS, "true");
>
> overrides.put(Constants.PROPERTY_RELAX_HOSTNAME, "true");
>
>
>
> Then pass these override properties to the ContextBuilder.
>
>
>
>
>
> I.
>
>
>
> On 16 April 2018 at 13:11, Pratheesh <pr...@teknowmics.com> wrote:
>
> I will try..
>
> I am using JDK 8
>
>
>
> Regards
>
> Pratheesh
>
>
>
> *From:* Andrea Turli (apache.org) [mailto:andreaturli@apache.org]
> *Sent:* Friday, April 13, 2018 9:03 PM
>
>
> *To:* user@jclouds.apache.org
> *Subject:* Re: Upgrading to TLSv1.2 in Jcloud...
>
>
>
> I think you may want to extend SoftLayerHttpApiModule to configure `
> OkHttpClientSupplier` similarly to [1] which uses [2] and inject it in
> your BlobStoreContext
>
> [1]: https://github.com/jclouds/jclouds/blob/master/
> apis/docker/src/main/java/org/jclouds/docker/config/
> DockerHttpApiModule.java#L44
>
> [2]: https://github.com/jclouds/jclouds/blob/master/
> apis/docker/src/main/java/org/jclouds/docker/config/
> DockerOkHttpClientSupplier.java
>
> I couldn't test the solution but I'd start from there
>
>
>
> Please let us know, as eventually we may need to improve softlayer to
> support natively TLSv1.2
>
>
>
> BTW, which java version are you using?
>
>
>
> Andrea
>
>
>
> On Fri, Apr 13, 2018 at 4:03 PM Pratheesh <pr...@teknowmics.com>
> wrote:
>
> Hi Andrea,
>
>
>
> Please let me know any location or sample URL that I can see a sample.
>
>
>
> However I already tried with following sample code..
>
>
>
> System.setProperty("https.protocols", "TLSv1.2");
>
> System.setProperty("jdk.tls.client.protocols",
> "TLSv1,TLSv1.1,TLSv1.2");
>
> Module tlsModule = new AbstractModule() {
>
> @Override
>
> protected void configure() {
>
> bind(OkHttpClientSupplier.class).to(
> TLSOkHttpClientSupplier.class);
>
> }
>
> };
>
> Iterable<Module> modules1 = ImmutableSet.of(tlsModule, new
> OkHttpCommandExecutorServiceModule());
>
> BlobStoreContext context = ContextBuilder.newBuilder("swift")
>
> .modules(modules1)
>
> .endpoint("https://tok02.objectstorage.softlayer.net/auth/
> ")
>
> .credentials("userId", "pwd")
>
> .buildView(BlobStoreContext.class);
>
>
>
>
>
> This gives me following error:
>
>
>
> Exception in thread "main" org.jclouds.http.HttpResponseException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target connecting to GET
> https://tok02.objectstorage.softlayer.net/auth/v1.0 HTTP/1.1
>
> at org.jclouds.http.internal.
> BaseHttpCommandExecutorService.invoke(BaseHttpCommandExecutorService
> .java:117)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:57)
>
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
>
> at java.lang.reflect.Method.invoke(Method.java:491)
>
> at com.google.inject.internal.DelegatingInvocationHandler.
> invoke(DelegatingInvocationHandler.java:37)
>
> at com.sun.proxy.$Proxy47.invoke(Unknown Source)
>
> ….
>
> ….
>
> Exception in thread "main" org.jclouds.http.HttpResponseException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target connecting to GET
> https://tok02.objectstorage.softlayer.net/auth/v1.0 HTTP/1.1
>
> at org.jclouds.http.internal.
> BaseHttpCommandExecutorService.invoke(BaseHttpCommandExecutorService
> .java:117)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:57)
>
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
>
> at java.lang.reflect.Method.invoke(Method.java:491)
>
> at com.google.inject.internal.DelegatingInvocationHandler.
> invoke(DelegatingInvocationHandler.java:37)
>
> at com.sun.proxy.$Proxy47.invoke(Unknown Source)
>
> …
>
>
>
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target
>
> at sun.security.provider.certpath.SunCertPathBuilder.
> build(SunCertPathBuilder.java:144)
>
> at sun.security.provider.certpath.SunCertPathBuilder.
> engineBuild(SunCertPathBuilder.java:130)
>
> at java.security.cert.CertPathBuilder.build(
> CertPathBuilder.java:280)
>
> at sun.security.validator.PKIXValidator.doBuild(
> PKIXValidator.java:382)
>
>
>
> *From:* Andrea Turli [mailto:andrea.turli@gmail.com]
> *Sent:* Friday, April 13, 2018 6:27 PM
> *To:* user@jclouds.apache.org
> *Subject:* Re: Upgrading to TLSv1.2 in Jcloud...
>
>
>
> Hi,
>
>
>
> Pretty sure that jclouds can support your scenario by injecting
> OkHttpClientDriver in the context.
>
> See Docker provider for an example
>
>
>
> HTH,
>
> Andrea
>
>
>
> Il ven 13 apr 2018, 14:41 Pratheesh <pr...@teknowmics.com> ha
> scritto:
>
> We are using JClouds 1.9.1 to upload files to Softlayer. Recently
> softlayer upgraded to TLSv1.2. So our existing code is failing.
>
>
>
> What we have to change in Jclouds to support TLSv1.2, so that it can
> upload files to Softlayer.
>
>
>
> Regards
>
> Pratheesh
>
>
>
RE: Upgrading to TLSv1.2 in Jcloud...
Posted by Pratheesh <pr...@teknowmics.com>.
Hi Ignasi,
I am using - 1.8.0_51
I already put these properties(enabled PROPERTY_TRUST_ALL_CERTS to true) and working.
Regards
Pratheesh
From: Ignasi Barrera [mailto:nacx@apache.org]
Sent: Tuesday, April 17, 2018 12:11 PM
To: user@jclouds.apache.org
Subject: Re: Upgrading to TLSv1.2 in Jcloud...
I'd say the config is OK (without having seen the implementation of your TLSOkHttpClientSupplier).
The error you get is a common error when the certificate is not trusted. Could that be possible? Which concrete version of Java 8 are you using?
Just to discard a certificate trust issue, could you try setting the following properties?
Properties overrides = new Properties();
overrides.put(Constants.PROPERTY_TRUST_ALL_CERTS, "true");
overrides.put(Constants.PROPERTY_RELAX_HOSTNAME, "true");
Then pass these override properties to the ContextBuilder.
I.
On 16 April 2018 at 13:11, Pratheesh <pr...@teknowmics.com> wrote:
I will try..
I am using JDK 8
Regards
Pratheesh
From: Andrea Turli (apache.org) [mailto:andreaturli@apache.org]
Sent: Friday, April 13, 2018 9:03 PM
To: user@jclouds.apache.org
Subject: Re: Upgrading to TLSv1.2 in Jcloud...
I think you may want to extend SoftLayerHttpApiModule to configure `OkHttpClientSupplier` similarly to [1] which uses [2] and inject it in your BlobStoreContext
[1]: https://github.com/jclouds/jclouds/blob/master/apis/docker/src/main/java/org/jclouds/docker/config/DockerHttpApiModule.java#L44
[2]: https://github.com/jclouds/jclouds/blob/master/apis/docker/src/main/java/org/jclouds/docker/config/DockerOkHttpClientSupplier.java
I couldn't test the solution but I'd start from there
Please let us know, as eventually we may need to improve softlayer to support natively TLSv1.2
BTW, which java version are you using?
Andrea
On Fri, Apr 13, 2018 at 4:03 PM Pratheesh <pr...@teknowmics.com> wrote:
Hi Andrea,
Please let me know any location or sample URL that I can see a sample.
However I already tried with following sample code..
System.setProperty("https.protocols", "TLSv1.2");
System.setProperty("jdk.tls.client.protocols", "TLSv1,TLSv1.1,TLSv1.2");
Module tlsModule = new AbstractModule() {
@Override
protected void configure() {
bind(OkHttpClientSupplier.class).to(TLSOkHttpClientSupplier.class);
}
};
Iterable<Module> modules1 = ImmutableSet.of(tlsModule, new OkHttpCommandExecutorServiceModule());
BlobStoreContext context = ContextBuilder.newBuilder("swift")
.modules(modules1)
.endpoint("https://tok02.objectstorage.softlayer.net/auth/")
.credentials("userId", "pwd")
.buildView(BlobStoreContext.class);
This gives me following error:
Exception in thread "main" org.jclouds.http.HttpResponseException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target connecting to GET https://tok02.objectstorage.softlayer.net/auth/v1.0 HTTP/1.1
at org.jclouds.http.internal.BaseHttpCommandExecutorService.invoke(BaseHttpCommandExecutorService.java:117)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:491)
at com.google.inject.internal.DelegatingInvocationHandler.invoke(DelegatingInvocationHandler.java:37)
at com.sun.proxy.$Proxy47.invoke(Unknown Source)
….
….
Exception in thread "main" org.jclouds.http.HttpResponseException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target connecting to GET https://tok02.objectstorage.softlayer.net/auth/v1.0 HTTP/1.1
at org.jclouds.http.internal.BaseHttpCommandExecutorService.invoke(BaseHttpCommandExecutorService.java:117)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:491)
at com.google.inject.internal.DelegatingInvocationHandler.invoke(DelegatingInvocationHandler.java:37)
at com.sun.proxy.$Proxy47.invoke(Unknown Source)
…
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:144)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:130)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
From: Andrea Turli [mailto:andrea.turli@gmail.com]
Sent: Friday, April 13, 2018 6:27 PM
To: user@jclouds.apache.org
Subject: Re: Upgrading to TLSv1.2 in Jcloud...
Hi,
Pretty sure that jclouds can support your scenario by injecting OkHttpClientDriver in the context.
See Docker provider for an example
HTH,
Andrea
Il ven 13 apr 2018, 14:41 Pratheesh <pr...@teknowmics.com> ha scritto:
We are using JClouds 1.9.1 to upload files to Softlayer. Recently softlayer upgraded to TLSv1.2. So our existing code is failing.
What we have to change in Jclouds to support TLSv1.2, so that it can upload files to Softlayer.
Regards
Pratheesh
Re: Upgrading to TLSv1.2 in Jcloud...
Posted by Ignasi Barrera <na...@apache.org>.
I'd say the config is OK (without having seen the implementation of your
TLSOkHttpClientSupplier).
The error you get is a common error when the certificate is not trusted.
Could that be possible? Which concrete version of Java 8 are you using?
Just to discard a certificate trust issue, could you try setting the
following properties?
Properties overrides = new Properties();
overrides.put(Constants.PROPERTY_TRUST_ALL_CERTS, "true");
overrides.put(Constants.PROPERTY_RELAX_HOSTNAME, "true");
Then pass these override properties to the ContextBuilder.
I.
On 16 April 2018 at 13:11, Pratheesh <pr...@teknowmics.com> wrote:
> I will try..
>
> I am using JDK 8
>
>
>
> Regards
>
> Pratheesh
>
>
>
> *From:* Andrea Turli (apache.org) [mailto:andreaturli@apache.org]
> *Sent:* Friday, April 13, 2018 9:03 PM
>
> *To:* user@jclouds.apache.org
> *Subject:* Re: Upgrading to TLSv1.2 in Jcloud...
>
>
>
> I think you may want to extend SoftLayerHttpApiModule to configure `
> OkHttpClientSupplier` similarly to [1] which uses [2] and inject it in
> your BlobStoreContext
>
> [1]: https://github.com/jclouds/jclouds/blob/master/
> apis/docker/src/main/java/org/jclouds/docker/config/
> DockerHttpApiModule.java#L44
>
> [2]: https://github.com/jclouds/jclouds/blob/master/
> apis/docker/src/main/java/org/jclouds/docker/config/
> DockerOkHttpClientSupplier.java
>
> I couldn't test the solution but I'd start from there
>
>
>
> Please let us know, as eventually we may need to improve softlayer to
> support natively TLSv1.2
>
>
>
> BTW, which java version are you using?
>
>
>
> Andrea
>
>
>
> On Fri, Apr 13, 2018 at 4:03 PM Pratheesh <pr...@teknowmics.com>
> wrote:
>
> Hi Andrea,
>
>
>
> Please let me know any location or sample URL that I can see a sample.
>
>
>
> However I already tried with following sample code..
>
>
>
> System.setProperty("https.protocols", "TLSv1.2");
>
> System.setProperty("jdk.tls.client.protocols",
> "TLSv1,TLSv1.1,TLSv1.2");
>
> Module tlsModule = new AbstractModule() {
>
> @Override
>
> protected void configure() {
>
> bind(OkHttpClientSupplier.class).to(
> TLSOkHttpClientSupplier.class);
>
> }
>
> };
>
> Iterable<Module> modules1 = ImmutableSet.of(tlsModule, new
> OkHttpCommandExecutorServiceModule());
>
> BlobStoreContext context = ContextBuilder.newBuilder("swift")
>
> .modules(modules1)
>
> .endpoint("https://tok02.objectstorage.softlayer.net/auth/
> ")
>
> .credentials("userId", "pwd")
>
> .buildView(BlobStoreContext.class);
>
>
>
>
>
> This gives me following error:
>
>
>
> Exception in thread "main" org.jclouds.http.HttpResponseException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target connecting to GET
> https://tok02.objectstorage.softlayer.net/auth/v1.0 HTTP/1.1
>
> at org.jclouds.http.internal.
> BaseHttpCommandExecutorService.invoke(BaseHttpCommandExecutorService
> .java:117)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:57)
>
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
>
> at java.lang.reflect.Method.invoke(Method.java:491)
>
> at com.google.inject.internal.DelegatingInvocationHandler.
> invoke(DelegatingInvocationHandler.java:37)
>
> at com.sun.proxy.$Proxy47.invoke(Unknown Source)
>
> ….
>
> ….
>
> Exception in thread "main" org.jclouds.http.HttpResponseException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target connecting to GET
> https://tok02.objectstorage.softlayer.net/auth/v1.0 HTTP/1.1
>
> at org.jclouds.http.internal.
> BaseHttpCommandExecutorService.invoke(BaseHttpCommandExecutorService
> .java:117)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:57)
>
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
>
> at java.lang.reflect.Method.invoke(Method.java:491)
>
> at com.google.inject.internal.DelegatingInvocationHandler.
> invoke(DelegatingInvocationHandler.java:37)
>
> at com.sun.proxy.$Proxy47.invoke(Unknown Source)
>
> …
>
>
>
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target
>
> at sun.security.provider.certpath.SunCertPathBuilder.
> build(SunCertPathBuilder.java:144)
>
> at sun.security.provider.certpath.SunCertPathBuilder.
> engineBuild(SunCertPathBuilder.java:130)
>
> at java.security.cert.CertPathBuilder.build(
> CertPathBuilder.java:280)
>
> at sun.security.validator.PKIXValidator.doBuild(
> PKIXValidator.java:382)
>
>
>
> *From:* Andrea Turli [mailto:andrea.turli@gmail.com]
> *Sent:* Friday, April 13, 2018 6:27 PM
> *To:* user@jclouds.apache.org
> *Subject:* Re: Upgrading to TLSv1.2 in Jcloud...
>
>
>
> Hi,
>
>
>
> Pretty sure that jclouds can support your scenario by injecting
> OkHttpClientDriver in the context.
>
> See Docker provider for an example
>
>
>
> HTH,
>
> Andrea
>
>
>
> Il ven 13 apr 2018, 14:41 Pratheesh <pr...@teknowmics.com> ha
> scritto:
>
> We are using JClouds 1.9.1 to upload files to Softlayer. Recently
> softlayer upgraded to TLSv1.2. So our existing code is failing.
>
>
>
> What we have to change in Jclouds to support TLSv1.2, so that it can
> upload files to Softlayer.
>
>
>
> Regards
>
> Pratheesh
>
>
RE: Upgrading to TLSv1.2 in Jcloud...
Posted by Pratheesh <pr...@teknowmics.com>.
I will try..
I am using JDK 8
Regards
Pratheesh
From: Andrea Turli (apache.org) [mailto:andreaturli@apache.org]
Sent: Friday, April 13, 2018 9:03 PM
To: user@jclouds.apache.org
Subject: Re: Upgrading to TLSv1.2 in Jcloud...
I think you may want to extend SoftLayerHttpApiModule to configure `OkHttpClientSupplier` similarly to [1] which uses [2] and inject it in your BlobStoreContext
[1]: https://github.com/jclouds/jclouds/blob/master/apis/docker/src/main/java/org/jclouds/docker/config/DockerHttpApiModule.java#L44
[2]: https://github.com/jclouds/jclouds/blob/master/apis/docker/src/main/java/org/jclouds/docker/config/DockerOkHttpClientSupplier.java
I couldn't test the solution but I'd start from there
Please let us know, as eventually we may need to improve softlayer to support natively TLSv1.2
BTW, which java version are you using?
Andrea
On Fri, Apr 13, 2018 at 4:03 PM Pratheesh <pr...@teknowmics.com> wrote:
Hi Andrea,
Please let me know any location or sample URL that I can see a sample.
However I already tried with following sample code..
System.setProperty("https.protocols", "TLSv1.2");
System.setProperty("jdk.tls.client.protocols", "TLSv1,TLSv1.1,TLSv1.2");
Module tlsModule = new AbstractModule() {
@Override
protected void configure() {
bind(OkHttpClientSupplier.class).to(TLSOkHttpClientSupplier.class);
}
};
Iterable<Module> modules1 = ImmutableSet.of(tlsModule, new OkHttpCommandExecutorServiceModule());
BlobStoreContext context = ContextBuilder.newBuilder("swift")
.modules(modules1)
.endpoint("https://tok02.objectstorage.softlayer.net/auth/")
.credentials("userId", "pwd")
.buildView(BlobStoreContext.class);
This gives me following error:
Exception in thread "main" org.jclouds.http.HttpResponseException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target connecting to GET https://tok02.objectstorage.softlayer.net/auth/v1.0 HTTP/1.1
at org.jclouds.http.internal.BaseHttpCommandExecutorService.invoke(BaseHttpCommandExecutorService.java:117)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:491)
at com.google.inject.internal.DelegatingInvocationHandler.invoke(DelegatingInvocationHandler.java:37)
at com.sun.proxy.$Proxy47.invoke(Unknown Source)
….
….
Exception in thread "main" org.jclouds.http.HttpResponseException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target connecting to GET https://tok02.objectstorage.softlayer.net/auth/v1.0 HTTP/1.1
at org.jclouds.http.internal.BaseHttpCommandExecutorService.invoke(BaseHttpCommandExecutorService.java:117)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:491)
at com.google.inject.internal.DelegatingInvocationHandler.invoke(DelegatingInvocationHandler.java:37)
at com.sun.proxy.$Proxy47.invoke(Unknown Source)
…
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:144)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:130)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
From: Andrea Turli [mailto:andrea.turli@gmail.com]
Sent: Friday, April 13, 2018 6:27 PM
To: user@jclouds.apache.org
Subject: Re: Upgrading to TLSv1.2 in Jcloud...
Hi,
Pretty sure that jclouds can support your scenario by injecting OkHttpClientDriver in the context.
See Docker provider for an example
HTH,
Andrea
Il ven 13 apr 2018, 14:41 Pratheesh <pr...@teknowmics.com> ha scritto:
We are using JClouds 1.9.1 to upload files to Softlayer. Recently softlayer upgraded to TLSv1.2. So our existing code is failing.
What we have to change in Jclouds to support TLSv1.2, so that it can upload files to Softlayer.
Regards
Pratheesh
Re: Upgrading to TLSv1.2 in Jcloud...
Posted by "Andrea Turli (apache.org)" <an...@apache.org>.
I think you may want to extend SoftLayerHttpApiModule to
configure `OkHttpClientSupplier` similarly to [1] which uses [2] and inject
it in your BlobStoreContext
[1]:
https://github.com/jclouds/jclouds/blob/master/apis/docker/src/main/java/org/jclouds/docker/config/DockerHttpApiModule.java#L44
[2]:
https://github.com/jclouds/jclouds/blob/master/apis/docker/src/main/java/org/jclouds/docker/config/DockerOkHttpClientSupplier.java
I couldn't test the solution but I'd start from there
Please let us know, as eventually we may need to improve softlayer to
support natively TLSv1.2
BTW, which java version are you using?
Andrea
On Fri, Apr 13, 2018 at 4:03 PM Pratheesh <pr...@teknowmics.com>
wrote:
> Hi Andrea,
>
>
>
> Please let me know any location or sample URL that I can see a sample.
>
>
>
> However I already tried with following sample code..
>
>
>
> System.setProperty("https.protocols", "TLSv1.2");
>
> System.setProperty("jdk.tls.client.protocols",
> "TLSv1,TLSv1.1,TLSv1.2");
>
> Module tlsModule = new AbstractModule() {
>
> @Override
>
> protected void configure() {
>
>
> bind(OkHttpClientSupplier.class).to(TLSOkHttpClientSupplier.class);
>
> }
>
> };
>
> Iterable<Module> modules1 = ImmutableSet.of(tlsModule, new
> OkHttpCommandExecutorServiceModule());
>
> BlobStoreContext context = ContextBuilder.newBuilder("swift")
>
> .modules(modules1)
>
> .endpoint("https://tok02.objectstorage.softlayer.net/auth/
> ")
>
> .credentials("userId", "pwd")
>
> .buildView(BlobStoreContext.class);
>
>
>
>
>
> This gives me following error:
>
>
>
> Exception in thread "main" org.jclouds.http.HttpResponseException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target connecting to GET
> https://tok02.objectstorage.softlayer.net/auth/v1.0 HTTP/1.1
>
> at
> org.jclouds.http.internal.BaseHttpCommandExecutorService.invoke(BaseHttpCommandExecutorService.java:117)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
> at java.lang.reflect.Method.invoke(Method.java:491)
>
> at
> com.google.inject.internal.DelegatingInvocationHandler.invoke(DelegatingInvocationHandler.java:37)
>
> at com.sun.proxy.$Proxy47.invoke(Unknown Source)
>
> ….
>
> ….
>
> Exception in thread "main" org.jclouds.http.HttpResponseException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target connecting to GET
> https://tok02.objectstorage.softlayer.net/auth/v1.0 HTTP/1.1
>
> at
> org.jclouds.http.internal.BaseHttpCommandExecutorService.invoke(BaseHttpCommandExecutorService.java:117)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
> at java.lang.reflect.Method.invoke(Method.java:491)
>
> at
> com.google.inject.internal.DelegatingInvocationHandler.invoke(DelegatingInvocationHandler.java:37)
>
> at com.sun.proxy.$Proxy47.invoke(Unknown Source)
>
> …
>
>
>
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target
>
> at
> sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:144)
>
> at
> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:130)
>
> at
> java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
>
> at
> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
>
>
>
> *From:* Andrea Turli [mailto:andrea.turli@gmail.com]
> *Sent:* Friday, April 13, 2018 6:27 PM
> *To:* user@jclouds.apache.org
> *Subject:* Re: Upgrading to TLSv1.2 in Jcloud...
>
>
>
> Hi,
>
>
>
> Pretty sure that jclouds can support your scenario by injecting
> OkHttpClientDriver in the context.
>
> See Docker provider for an example
>
>
>
> HTH,
>
> Andrea
>
>
>
> Il ven 13 apr 2018, 14:41 Pratheesh <pr...@teknowmics.com> ha
> scritto:
>
> We are using JClouds 1.9.1 to upload files to Softlayer. Recently
> softlayer upgraded to TLSv1.2. So our existing code is failing.
>
>
>
> What we have to change in Jclouds to support TLSv1.2, so that it can
> upload files to Softlayer.
>
>
>
> Regards
>
> Pratheesh
>
>
RE: Upgrading to TLSv1.2 in Jcloud...
Posted by Pratheesh <pr...@teknowmics.com>.
Hi Andrea,
Please let me know any location or sample URL that I can see a sample.
However I already tried with following sample code..
System.setProperty("https.protocols", "TLSv1.2");
System.setProperty("jdk.tls.client.protocols", "TLSv1,TLSv1.1,TLSv1.2");
Module tlsModule = new AbstractModule() {
@Override
protected void configure() {
bind(OkHttpClientSupplier.class).to(TLSOkHttpClientSupplier.class);
}
};
Iterable<Module> modules1 = ImmutableSet.of(tlsModule, new OkHttpCommandExecutorServiceModule());
BlobStoreContext context = ContextBuilder.newBuilder("swift")
.modules(modules1)
.endpoint("https://tok02.objectstorage.softlayer.net/auth/")
.credentials("userId", "pwd")
.buildView(BlobStoreContext.class);
This gives me following error:
Exception in thread "main" org.jclouds.http.HttpResponseException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target connecting to GET https://tok02.objectstorage.softlayer.net/auth/v1.0 HTTP/1.1
at org.jclouds.http.internal.BaseHttpCommandExecutorService.invoke(BaseHttpCommandExecutorService.java:117)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:491)
at com.google.inject.internal.DelegatingInvocationHandler.invoke(DelegatingInvocationHandler.java:37)
at com.sun.proxy.$Proxy47.invoke(Unknown Source)
….
….
Exception in thread "main" org.jclouds.http.HttpResponseException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target connecting to GET https://tok02.objectstorage.softlayer.net/auth/v1.0 HTTP/1.1
at org.jclouds.http.internal.BaseHttpCommandExecutorService.invoke(BaseHttpCommandExecutorService.java:117)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:491)
at com.google.inject.internal.DelegatingInvocationHandler.invoke(DelegatingInvocationHandler.java:37)
at com.sun.proxy.$Proxy47.invoke(Unknown Source)
…
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:144)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:130)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
From: Andrea Turli [mailto:andrea.turli@gmail.com]
Sent: Friday, April 13, 2018 6:27 PM
To: user@jclouds.apache.org
Subject: Re: Upgrading to TLSv1.2 in Jcloud...
Hi,
Pretty sure that jclouds can support your scenario by injecting OkHttpClientDriver in the context.
See Docker provider for an example
HTH,
Andrea
Il ven 13 apr 2018, 14:41 Pratheesh <pr...@teknowmics.com> ha scritto:
We are using JClouds 1.9.1 to upload files to Softlayer. Recently softlayer upgraded to TLSv1.2. So our existing code is failing.
What we have to change in Jclouds to support TLSv1.2, so that it can upload files to Softlayer.
Regards
Pratheesh
Re: Upgrading to TLSv1.2 in Jcloud...
Posted by Andrea Turli <an...@gmail.com>.
Hi,
Pretty sure that jclouds can support your scenario by injecting
OkHttpClientDriver in the context.
See Docker provider for an example
HTH,
Andrea
Il ven 13 apr 2018, 14:41 Pratheesh <pr...@teknowmics.com> ha
scritto:
> We are using JClouds 1.9.1 to upload files to Softlayer. Recently
> softlayer upgraded to TLSv1.2. So our existing code is failing.
>
>
>
> What we have to change in Jclouds to support TLSv1.2, so that it can
> upload files to Softlayer.
>
>
>
> Regards
>
> Pratheesh
>