Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

mp-rest-client ignores SSL configuration #4692

Closed
olotenko opened this issue Jan 18, 2021 · 1 comment · Fixed by #4724
Closed

mp-rest-client ignores SSL configuration #4692

olotenko opened this issue Jan 18, 2021 · 1 comment · Fixed by #4724
Assignees
@Verdent

Comments

@olotenko
Copy link

bc67ee3#r46079691

When configuring MP REST Client:

book-service/mp-rest/url: https://127.0.0.1:8480
book-service/mp-rest/trustStore: classpath:keystore.p12
book-service/mp-rest/trustStoreType: PKCS12
book-service/mp-rest/trustStorePassword: password
book-service/mp-rest/hostnameVerifier: org.org.AcceptAnyHostname
book-service/mp-rest/providers:
   - org.glassfish.jersey.netty.connector.NettyConnectorProvider

The TLS configuration is totally ignored. This is caused by the routine that applies the configuration is in RestClientBuilderImpl.

This seems to be the correct way, and correct order:

diff --git a/ext/microprofile/mp-rest-client/src/main/java/org/glassfish/jersey/microprofile/restclient/RestClientBuilderImpl.java b/ext/microprofile/mp-rest-client/src/main/java/org/glassfish/jers
ey/microprofile/restclient/RestClientBuilderImpl.java
index 16abf1fae..c1e1e58d1 100644
--- a/ext/microprofile/mp-rest-client/src/main/java/org/glassfish/jersey/microprofile/restclient/RestClientBuilderImpl.java
+++ b/ext/microprofile/mp-rest-client/src/main/java/org/glassfish/jersey/microprofile/restclient/RestClientBuilderImpl.java
@@ -160,37 +160,52 @@ class RestClientBuilderImpl implements RestClientBuilder {
         //sort all AsyncInvocationInterceptorFactory by priority
         asyncInterceptorFactories.sort(Comparator.comparingInt(AsyncInvocationInterceptorFactoryPriorityWrapper::getPriority));
 
+        if (connector != null) {
+            ClientConfig config = new ClientConfig();
+            config.loadFrom(getConfiguration());
+            config.connectorProvider(connector);
+            clientBuilder = clientBuilder.withConfig(config); // apply config...
+        }
+       // override ClientConfig with values that have been set explicitly
         clientBuilder.executorService(new ExecutorServiceWrapper(executorService.get()));

         if (null != sslContext) {
             clientBuilder.sslContext(sslContext);
         }
 
         if (null != sslHostnameVerifier) {
             clientBuilder.hostnameVerifier(sslHostnameVerifier);
         }
 
         if (null != sslTrustStore) {
             clientBuilder.trustStore(sslTrustStore);
         }
 
         if (null != sslKeyStore) {
             clientBuilder.keyStore(sslKeyStore, sslKeyStorePassword);
         }
 
-        Client client;
-        if (connector == null) {
-            client = clientBuilder.build();
-        } else {
-            ClientConfig config = new ClientConfig();
-            config.loadFrom(getConfiguration());
-            config.connectorProvider(connector);
-            client = ClientBuilder.newClient(config);
-        }
+        Client client = clientBuilder.build();
 
         if (client instanceof Initializable) {
             ((Initializable) client).preInitialize();
         }
@Verdent Verdent mentioned this issue Feb 16, 2021
Merged
@jiaxiaguang
Copy link 

    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:198) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1967) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:331) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:325) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1688) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:226) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1082) at sun.security.ssl.Handshaker.process_record(Handshaker.java:1010) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1079) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1388) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1416) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1400) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1570) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1498) at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:352) at org.glassfish.jersey.client.internal.HttpUrlConnector.handleException(HttpUrlConnector.java:544) at org.glassfish.jersey.client.internal.HttpUrlConnector._apply(HttpUrlConnector.java:374) at org.glassfish.jersey.client.internal.HttpUrlConnector.apply(HttpUrlConnector.java:266) ... 45 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:450) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:317) at sun.security.validator.Validator.validate(Validator.java:262) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:330) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:237) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1670) ... 61 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:445) ... 67 more

After I upgraded the Jersey version from 2.32 to 2.34, the program ran for a period of time and reported the above error. Do you know why?

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@Verdent Verdent

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Rest client 2.0 updates Verdent/jersey
3 participants
@Verdent @jiaxiaguang @olotenko