[
https://issues.apache.org/jira/browse/KARAF-5754?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Xilai Dai updated KARAF-5754:
-----------------------------
Description:
Now the Decanter elasticsearch-jest appender is able to connect with plain ES,
but failed to connect with HTTPS/XPack enabled ES.
With configuration in the
org.apache.karaf.decanter.appender.elasticsearch.jest.cfg:
{code:java}
address=https://192.168.99.100:9200
# Basic username and password authentication
username=xxxx
password=xxxx{code}
Then the SSLHandshakeException will be thrown from the ElasticsearchAppender:
{code:java}
2018-05-15T11:11:10,666 | WARN | EventAdminThread #20 |
earch.jest.ElasticsearchAppender 120 | 315 -
org.apache.karaf.decanter.appender.elasticsearch.jest - 2.0.0 | Can't append
into Elasticsearch
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) [?:?]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959) [?:?]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328) [?:?]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322) [?:?]
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
[?:?]
at
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
[?:?]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) [?:?]
at sun.security.ssl.Handshaker.process_record(Handshaker.java:987) [?:?]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072) [?:?]
at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
[?:?]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
[?:?]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
[?:?]
at
org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394)
[315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
at
org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353)
[315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
at
org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:141)
[315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
at
org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
[315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
at
org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
[315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
at
org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
[315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
at
org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
[315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
[315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
at
org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
[315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
at
org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
[315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
[315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
[315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
at io.searchbox.client.http.JestHttpClient.execute(JestHttpClient.java:47)
[315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
at
org.apache.karaf.decanter.appender.elasticsearch.jest.ElasticsearchAppender.send(ElasticsearchAppender.java:128)
[315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
at
org.apache.karaf.decanter.appender.elasticsearch.jest.ElasticsearchAppender.handleEvent(ElasticsearchAppender.java:118)
[315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
at
org.apache.felix.eventadmin.impl.handler.EventHandlerProxy.sendEvent(EventHandlerProxy.java:415)
[3:org.apache.karaf.services.eventadmin:4.1.5]
at
org.apache.felix.eventadmin.impl.tasks.HandlerTask.run(HandlerTask.java:70)
[3:org.apache.karaf.services.eventadmin:4.1.5]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
[?:?]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:?]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
[?:?]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
[?:?]
at java.lang.Thread.run(Thread.java:748) [?:?]
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
~[?:?]
at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
~[?:?]
at sun.security.validator.Validator.validate(Validator.java:260) ~[?:?]
at
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
~[?:?]
at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
~[?:?]
at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
~[?:?]
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
~[?:?]
... 29 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
at
sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
~[?:?]
at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
~[?:?]
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[?:?]
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
~[?:?]
at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
~[?:?]
at sun.security.validator.Validator.validate(Validator.java:260) ~[?:?]
at
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
~[?:?]
at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
~[?:?]
at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
~[?:?]
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
~[?:?]
... 29 more{code}
Also, the elasticsearch-rest appender has the same problem with Secured/Xpacked
enabled ES.
{code}
2018-05-15T11:24:00,901 | WARN | Thread-6 |
earch.rest.ElasticsearchAppender 144 | 329 -
org.apache.karaf.decanter.appender.elasticsearch.rest - 2.0.0 | Can't append
into Elasticsearch
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1529) [?:?]
at
sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535) [?:?]
at
sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1214) [?:?]
at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1186) [?:?]
at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469) [?:?]
at
org.apache.http.nio.reactor.ssl.SSLIOSession.doWrap(SSLIOSession.java:265)
[329:org.apache.karaf.decanter.appender.elasticsearch.rest:2.0.0]
at
org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:305)
[329:org.apache.karaf.decanter.appender.elasticsearch.rest:2.0.0]
at
org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:509)
[329:org.apache.karaf.decanter.appender.elasticsearch.rest:2.0.0]
at
org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:120)
[329:org.apache.karaf.decanter.appender.elasticsearch.rest:2.0.0]
at
org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:162)
[329:org.apache.karaf.decanter.appender.elasticsearch.rest:2.0.0]
at
org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:337)
[329:org.apache.karaf.decanter.appender.elasticsearch.rest:2.0.0]
at
org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315)
[329:org.apache.karaf.decanter.appender.elasticsearch.rest:2.0.0]
at
org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276)
[329:org.apache.karaf.decanter.appender.elasticsearch.rest:2.0.0]
at
org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104)
[329:org.apache.karaf.decanter.appender.elasticsearch.rest:2.0.0]
at
org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:588)
[329:org.apache.karaf.decanter.appender.elasticsearch.rest:2.0.0]
at java.lang.Thread.run(Thread.java:748) [?:?]
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:?]
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728) ~[?:?]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:330) ~[?:?]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322) ~[?:?]
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
~[?:?]
at
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
~[?:?]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) ~[?:?]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:992) ~[?:?]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:989) ~[?:?]
at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1467)
~[?:?]
at
org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:283)
~[?:?]
at
org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:353)
~[?:?]
... 9 more
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
~[?:?]
at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
~[?:?]
at sun.security.validator.Validator.validate(Validator.java:260) ~[?:?]
at
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
~[?:?]
at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281)
~[?:?]
at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
~[?:?]
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1601)
~[?:?]
at
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
~[?:?]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) ~[?:?]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:992) ~[?:?]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:989) ~[?:?]
at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1467)
~[?:?]
at
org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:283)
~[?:?]
at
org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:353)
~[?:?]
... 9 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
at
sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
~[?:?]
at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
~[?:?]
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
~[?:?]
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
~[?:?]
at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
~[?:?]
at sun.security.validator.Validator.validate(Validator.java:260) ~[?:?]
at
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
~[?:?]
at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281)
~[?:?]
at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
~[?:?]
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1601)
~[?:?]
at
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
~[?:?]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) ~[?:?]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:992) ~[?:?]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:989) ~[?:?]
at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1467)
~[?:?]
at
org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:283)
~[?:?]
at
org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:353)
~[?:?]
... 9 more
{code}
The elasticsearch-jest/elasticsearch-rest appenders need to be enhanced to
support XPack secured ES.
was:
Now the Decanter elasticsearch-jest appender is able to connect with plain ES,
but failed to connect with HTTPS/XPack enabled ES.
With configuration in the
org.apache.karaf.decanter.appender.elasticsearch.jest.cfg:
{code:java}
address=https://192.168.99.100:9200
# Basic username and password authentication
username=xxxx
password=xxxx{code}
Then the SSLHandshakeException will be thrown from the ElasticsearchAppender:
{code:java}
2018-05-15T11:11:10,666 | WARN | EventAdminThread #20 |
earch.jest.ElasticsearchAppender 120 | 315 -
org.apache.karaf.decanter.appender.elasticsearch.jest - 2.0.0 | Can't append
into Elasticsearch
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) [?:?]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959) [?:?]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328) [?:?]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322) [?:?]
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
[?:?]
at
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
[?:?]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) [?:?]
at sun.security.ssl.Handshaker.process_record(Handshaker.java:987) [?:?]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072) [?:?]
at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
[?:?]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
[?:?]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
[?:?]
at
org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394)
[315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
at
org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353)
[315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
at
org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:141)
[315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
at
org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
[315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
at
org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
[315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
at
org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
[315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
at
org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
[315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
[315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
at
org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
[315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
at
org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
[315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
[315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
[315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
at io.searchbox.client.http.JestHttpClient.execute(JestHttpClient.java:47)
[315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
at
org.apache.karaf.decanter.appender.elasticsearch.jest.ElasticsearchAppender.send(ElasticsearchAppender.java:128)
[315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
at
org.apache.karaf.decanter.appender.elasticsearch.jest.ElasticsearchAppender.handleEvent(ElasticsearchAppender.java:118)
[315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
at
org.apache.felix.eventadmin.impl.handler.EventHandlerProxy.sendEvent(EventHandlerProxy.java:415)
[3:org.apache.karaf.services.eventadmin:4.1.5]
at
org.apache.felix.eventadmin.impl.tasks.HandlerTask.run(HandlerTask.java:70)
[3:org.apache.karaf.services.eventadmin:4.1.5]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
[?:?]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:?]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
[?:?]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
[?:?]
at java.lang.Thread.run(Thread.java:748) [?:?]
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
~[?:?]
at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
~[?:?]
at sun.security.validator.Validator.validate(Validator.java:260) ~[?:?]
at
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
~[?:?]
at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
~[?:?]
at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
~[?:?]
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
~[?:?]
... 29 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
at
sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
~[?:?]
at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
~[?:?]
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[?:?]
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
~[?:?]
at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
~[?:?]
at sun.security.validator.Validator.validate(Validator.java:260) ~[?:?]
at
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
~[?:?]
at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
~[?:?]
at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
~[?:?]
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
~[?:?]
... 29 more{code}
The ElasticsearchAppender need to be enhanced to support XPack secured ES.
> Make Decanter elasticsearch-jest/elasticsearch-rest appender support
> HTTPS/XPack enabled ES
> -------------------------------------------------------------------------------------------
>
> Key: KARAF-5754
> URL: https://issues.apache.org/jira/browse/KARAF-5754
> Project: Karaf
> Issue Type: Improvement
> Components: decanter
> Affects Versions: decanter-2.0.0
> Reporter: Xilai Dai
> Assignee: Jean-Baptiste Onofré
> Priority: Major
> Fix For: decanter-2.1.0
>
>
> Now the Decanter elasticsearch-jest appender is able to connect with plain
> ES, but failed to connect with HTTPS/XPack enabled ES.
> With configuration in the
> org.apache.karaf.decanter.appender.elasticsearch.jest.cfg:
> {code:java}
> address=https://192.168.99.100:9200
> # Basic username and password authentication
> username=xxxx
> password=xxxx{code}
> Then the SSLHandshakeException will be thrown from the ElasticsearchAppender:
> {code:java}
> 2018-05-15T11:11:10,666 | WARN | EventAdminThread #20 |
> earch.jest.ElasticsearchAppender 120 | 315 -
> org.apache.karaf.decanter.appender.elasticsearch.jest - 2.0.0 | Can't append
> into Elasticsearch
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) [?:?]
> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959) [?:?]
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328) [?:?]
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322) [?:?]
> at
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
> [?:?]
> at
> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
> [?:?]
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) [?:?]
> at sun.security.ssl.Handshaker.process_record(Handshaker.java:987) [?:?]
> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
> [?:?]
> at
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
> [?:?]
> at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
> [?:?]
> at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
> [?:?]
> at
> org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394)
> [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
> at
> org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353)
> [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
> at
> org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:141)
> [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
> at
> org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
> [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
> at
> org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
> [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
> at
> org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
> [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
> at
> org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
> [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
> at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
> [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
> at
> org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
> [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
> at
> org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
> [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
> at
> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
> [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
> at
> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
> [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
> at
> io.searchbox.client.http.JestHttpClient.execute(JestHttpClient.java:47)
> [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
> at
> org.apache.karaf.decanter.appender.elasticsearch.jest.ElasticsearchAppender.send(ElasticsearchAppender.java:128)
> [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
> at
> org.apache.karaf.decanter.appender.elasticsearch.jest.ElasticsearchAppender.handleEvent(ElasticsearchAppender.java:118)
> [315:org.apache.karaf.decanter.appender.elasticsearch.jest:2.0.0]
> at
> org.apache.felix.eventadmin.impl.handler.EventHandlerProxy.sendEvent(EventHandlerProxy.java:415)
> [3:org.apache.karaf.services.eventadmin:4.1.5]
> at
> org.apache.felix.eventadmin.impl.tasks.HandlerTask.run(HandlerTask.java:70)
> [3:org.apache.karaf.services.eventadmin:4.1.5]
> at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:?]
> at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:?]
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> [?:?]
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> [?:?]
> at java.lang.Thread.run(Thread.java:748) [?:?]
> Caused by: sun.security.validator.ValidatorException: PKIX path building
> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
> ~[?:?]
> at
> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
> ~[?:?]
> at sun.security.validator.Validator.validate(Validator.java:260) ~[?:?]
> at
> sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
> ~[?:?]
> at
> sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
> ~[?:?]
> at
> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
> ~[?:?]
> at
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
> ~[?:?]
> ... 29 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable
> to find valid certification path to requested target
> at
> sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
> ~[?:?]
> at
> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
> ~[?:?]
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
> ~[?:?]
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
> ~[?:?]
> at
> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
> ~[?:?]
> at sun.security.validator.Validator.validate(Validator.java:260) ~[?:?]
> at
> sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
> ~[?:?]
> at
> sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
> ~[?:?]
> at
> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
> ~[?:?]
> at
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
> ~[?:?]
> ... 29 more{code}
> Also, the elasticsearch-rest appender has the same problem with
> Secured/Xpacked enabled ES.
> {code}
> 2018-05-15T11:24:00,901 | WARN | Thread-6 |
> earch.rest.ElasticsearchAppender 144 | 329 -
> org.apache.karaf.decanter.appender.elasticsearch.rest - 2.0.0 | Can't append
> into Elasticsearch
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1529) [?:?]
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535) [?:?]
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1214) [?:?]
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1186) [?:?]
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469) [?:?]
> at
> org.apache.http.nio.reactor.ssl.SSLIOSession.doWrap(SSLIOSession.java:265)
> [329:org.apache.karaf.decanter.appender.elasticsearch.rest:2.0.0]
> at
> org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:305)
> [329:org.apache.karaf.decanter.appender.elasticsearch.rest:2.0.0]
> at
> org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:509)
> [329:org.apache.karaf.decanter.appender.elasticsearch.rest:2.0.0]
> at
> org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:120)
> [329:org.apache.karaf.decanter.appender.elasticsearch.rest:2.0.0]
> at
> org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:162)
> [329:org.apache.karaf.decanter.appender.elasticsearch.rest:2.0.0]
> at
> org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:337)
> [329:org.apache.karaf.decanter.appender.elasticsearch.rest:2.0.0]
> at
> org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315)
> [329:org.apache.karaf.decanter.appender.elasticsearch.rest:2.0.0]
> at
> org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276)
> [329:org.apache.karaf.decanter.appender.elasticsearch.rest:2.0.0]
> at
> org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104)
> [329:org.apache.karaf.decanter.appender.elasticsearch.rest:2.0.0]
> at
> org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:588)
> [329:org.apache.karaf.decanter.appender.elasticsearch.rest:2.0.0]
> at java.lang.Thread.run(Thread.java:748) [?:?]
> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:?]
> at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728) ~[?:?]
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:330) ~[?:?]
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322) ~[?:?]
> at
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
> ~[?:?]
> at
> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
> ~[?:?]
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) ~[?:?]
> at sun.security.ssl.Handshaker$1.run(Handshaker.java:992) ~[?:?]
> at sun.security.ssl.Handshaker$1.run(Handshaker.java:989) ~[?:?]
> at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
> at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1467)
> ~[?:?]
> at
> org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:283)
> ~[?:?]
> at
> org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:353)
> ~[?:?]
> ... 9 more
> Caused by: sun.security.validator.ValidatorException: PKIX path building
> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
> ~[?:?]
> at
> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
> ~[?:?]
> at sun.security.validator.Validator.validate(Validator.java:260) ~[?:?]
> at
> sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
> ~[?:?]
> at
> sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281)
> ~[?:?]
> at
> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
> ~[?:?]
> at
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1601)
> ~[?:?]
> at
> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
> ~[?:?]
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) ~[?:?]
> at sun.security.ssl.Handshaker$1.run(Handshaker.java:992) ~[?:?]
> at sun.security.ssl.Handshaker$1.run(Handshaker.java:989) ~[?:?]
> at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
> at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1467)
> ~[?:?]
> at
> org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:283)
> ~[?:?]
> at
> org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:353)
> ~[?:?]
> ... 9 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable
> to find valid certification path to requested target
> at
> sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
> ~[?:?]
> at
> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
> ~[?:?]
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
> ~[?:?]
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
> ~[?:?]
> at
> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
> ~[?:?]
> at sun.security.validator.Validator.validate(Validator.java:260) ~[?:?]
> at
> sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
> ~[?:?]
> at
> sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281)
> ~[?:?]
> at
> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
> ~[?:?]
> at
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1601)
> ~[?:?]
> at
> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
> ~[?:?]
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) ~[?:?]
> at sun.security.ssl.Handshaker$1.run(Handshaker.java:992) ~[?:?]
> at sun.security.ssl.Handshaker$1.run(Handshaker.java:989) ~[?:?]
> at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
> at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1467)
> ~[?:?]
> at
> org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:283)
> ~[?:?]
> at
> org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:353)
> ~[?:?]
> ... 9 more
> {code}
> The elasticsearch-jest/elasticsearch-rest appenders need to be enhanced to
> support XPack secured ES.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
