Probably it is that the local Docker daemon has a self-signed
certificate that Java does not recognize.
Taverna has the credential manager - which should normally pop up and
ask if you want to accept (and store) the certificate.
I'm not sure why that is not happening here.. perhaps because your
RESTUtil uses the Apache HTTPClient rather than the built-in URL
handling, then there is no link to the Credential Manager?
Could you try if it works to do a "dummy connection" first with
something like new URL("https://localhost:1239/";).openConnection()
(whatever the port is) -- this should trigger the certificate
handling in Java.
I must admit I could not find out how this is done in the REST activity..
https://github.com/apache/incubator-taverna-common-activities/blob/master/taverna-rest-activity/src/main/java/org/apache/taverna/activities/rest/RESTActivityCredentialsProvider.java
is used for username/password (e.g. http basic auth) through Credential Manager.
Does the REST activity today support https:// connections against
'unknown' SSL certificates? (e.g. triggering the pop-ups in Workbench)
This file CLAIMS to do it, but doesn't seem to:
https://github.com/apache/incubator-taverna-common-activities/blob/master/taverna-rest-activity/src/main/java/org/apache/taverna/activities/rest/HTTPRequestHandler.java#L116
// Register a protocol scheme for https that uses Taverna's
// SSLSocketFactory
but it uses the regular org.apache.http.conn.ssl.SSLSocketFactory
.. I would have thought it should use
CredentialManager.getTavernaSSLSocketFactory() from
https://github.com/apache/incubator-taverna-engine/blob/master/taverna-credential-manager-impl/src/main/java/org/apache/taverna/security/credentialmanager/impl/CredentialManagerImpl.java#L2004
Perhaps something similar to that HTTPRequestHandler code to
initialise org.apache.http would work?
On 17 June 2016 at 06:32, Nadeesh Dilanga <[email protected]> wrote:
> Still got stuck further on the SSL issue[1]. May be something to do with my
> setup. So I also implemented invoking simple HTTP(without SSL) in
> additional to HTTP SSL.
>
> Meanwhile I already started getting configuration thru that spring
> inject-able framework. Will commit those changes also(without just blocking
> on Http SSL issue) to my private repo from which I am planning to send
> pull request.
>
> [1]:
>
> avax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1902)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
> at
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1338)
> at
> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154)
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
> at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1032)
> at
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1328)
> at
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355)
> at
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
> at
> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:543)
> at
> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:409)
> at
> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:479)
> at
> org.apache.http.conn.scheme.SchemeSocketFactoryAdaptor.connectSocket(SchemeSocketFactoryAdaptor.java:66)
> at
> org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
> at
> org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144)
> at
> org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:131)
> at
> org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
> at
> org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
> at
> org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882)
> at
> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
> at
> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
> at
> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
> at
> org.apache.taverna.activities.docker.RESTUtil.doPost(RESTUtil.java:125)
> at
> org.apache.taverna.activities.docker.RESTUtil.createContainer(RESTUtil.java:90)
> at
> org.apache.taverna.activities.docker.test.TestCreateContainer.testCreateContainer(TestCreateContainer.java:40)
> at
> org.apache.taverna.activities.docker.test.TestCreateContainer.main(TestCreateContainer.java:32)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:601)
> at com.intellij.rt.execution.application.AppMain.main(AppMain.java:134)
> Caused by: sun.security.validator.ValidatorException: PKIX path building
> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
> to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
> at
> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
> at sun.security.validator.Validator.validate(Validator.java:260)
> at
> sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
> at
> sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
> at
> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
> at
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1320)
> ... 29 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target
> at
> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
> ... 35 more
>
>
> On Wed, Jun 15, 2016 at 6:17 PM, Nadeesh Dilanga <[email protected]>
> wrote:
>
>> It is the container host and I am invoking the remote API. Will do more
>> troubleshooting and get back.
>>
>> On Wed, Jun 15, 2016 at 7:05 AM, Alan Williams <[email protected]>
>> wrote:
>>
>>> On 15-Jun-16 09:02, Nadeesh Dilanga wrote:
>>>
>>>> Hi Alan,
>>>> Thank you very much for the pointer. I went through and understood how
>>>> works.
>>>> 1. Implement docker factory class to return an activity configuration.
>>>> 2. Accept the configuration in the DockerActivity constructor.
>>>>
>>>> Please correct me if I missed something.
>>>>
>>>
>>> I need a picture of what is being proposed :)
>>>
>>> Also I am working on the implementation and commiting my code to my forked
>>>> repo at [1]. I will send pull requests once following TODOs finishes.
>>>> 1. Test HTTPS invocation(right now I am having a SSL handshake issue and
>>>> working on it)
>>>>
>>>> I am using SSLContext.getDefault() and gives me
>>>> javax.net.ssl.SSLHandshakeException:
>>>> sun.security.validator.ValidatorException: PKIX path building failed:
>>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to
>>>> find
>>>> valid certification path to requested target
>>>>
>>>> I have a unit test to test this. I also tried setting system properties
>>>> javax.net.ssl.keyStore, javax.net.ssl.trustStore,
>>>> javax.net.ssl.keyStorePassword. But no luck.
>>>>
>>>
>>> What is the target of the HTTPS ? Does it have a valid certificate?
>>>
>>> 2. Enhance the activity class to read configuration injected by Spring.
>>>>
>>>>
>>>> [1] -
>>>>
>>>> https://github.com/NadeeshDilanga/incubator-taverna-common-activities/commits/docker
>>>>
>>>
>>> Great.
>>>
>>> Alan
>>>
>>>
>>>
>>
--
Stian Soiland-Reyes
Apache Taverna (incubating), Apache Commons
http://orcid.org/0000-0001-9842-9718
