Spring-cloud-netflix: Eureka client ignores truststore
I麓m using Eureka in a PCF-environment, with self signed certificates.
In this way I麓m trying to connect to the registry.
This ends up with:
com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.jersey.client.apache4.ApacheHttpClient4Handler.handle(ApacheHttpClient4Handler.java:187) ~[jersey-apache-client4-1.19.1.jar:1.19.1]
at com.sun.jersey.api.client.filter.GZIPContentEncodingFilter.handle(GZIPContentEncodingFilter.java:123) ~[jersey-client-1.19.1.jar:1.19.1]
at com.netflix.discovery.EurekaIdentityHeaderFilter.handle(EurekaIdentityHeaderFilter.java:27) ~[eureka-client-1.4.12.jar:1.4.12]
at com.sun.jersey.api.client.Client.handle(Client.java:652) ~[jersey-client-1.19.1.jar:1.19.1]
at com.sun.jersey.api.client.WebResource.handle(WebResource.java:682) ~[jersey-client-1.19.1.jar:1.19.1]
at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74) ~[jersey-client-1.19.1.jar:1.19.1]
at com.sun.jersey.api.client.WebResource$Builder.get(WebResource.java:509) ~[jersey-client-1.19.1.jar:1.19.1]
at com.netflix.discovery.shared.transport.jersey.AbstractJerseyEurekaHttpClient.getApplicationsInternal(AbstractJerseyEurekaHttpClient.java:194) ~[eureka-client-1.4.12.jar:1.4.12]
at com.netflix.discovery.shared.transport.jersey.AbstractJerseyEurekaHttpClient.getApplications(AbstractJerseyEurekaHttpClient.java:165) ~[eureka-client-1.4.12.jar:1.4.12]
at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator$6.execute(EurekaHttpClientDecorator.java:137) [eureka-client-1.4.12.jar:1.4.12]
at com.netflix.discovery.shared.transport.decorator.MetricsCollectingEurekaHttpClient.execute(MetricsCollectingEurekaHttpClient.java:73) ~[eureka-client-1.4.12.jar:1.4.12]
at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator.getApplications(EurekaHttpClientDecorator.java:134) [eureka-client-1.4.12.jar:1.4.12]
at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator$6.execute(EurekaHttpClientDecorator.java:137) [eureka-client-1.4.12.jar:1.4.12]
at com.netflix.discovery.shared.transport.decorator.RedirectingEurekaHttpClient.executeOnNewServer(RedirectingEurekaHttpClient.java:118) ~[eureka-client-1.4.12.jar:1.4.12]
at com.netflix.discovery.shared.transport.decorator.RedirectingEurekaHttpClient.execute(RedirectingEurekaHttpClient.java:79) ~[eureka-client-1.4.12.jar:1.4.12]
at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator.getApplications(EurekaHttpClientDecorator.java:134) [eureka-client-1.4.12.jar:1.4.12]
at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator$6.execute(EurekaHttpClientDecorator.java:137) [eureka-client-1.4.12.jar:1.4.12]
at com.netflix.discovery.shared.transport.decorator.RetryableEurekaHttpClient.execute(RetryableEurekaHttpClient.java:119) [eureka-client-1.4.12.jar:1.4.12]
at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator.getApplications(EurekaHttpClientDecorator.java:134) [eureka-client-1.4.12.jar:1.4.12]
at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator$6.execute(EurekaHttpClientDecorator.java:137) [eureka-client-1.4.12.jar:1.4.12]
at com.netflix.discovery.shared.transport.decorator.SessionedEurekaHttpClient.execute(SessionedEurekaHttpClient.java:77) [eureka-client-1.4.12.jar:1.4.12]
at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator.getApplications(EurekaHttpClientDecorator.java:134) [eureka-client-1.4.12.jar:1.4.12]
at com.netflix.discovery.DiscoveryClient.getAndStoreFullRegistry(DiscoveryClient.java:1030) [eureka-client-1.4.12.jar:1.4.12]
at com.netflix.discovery.DiscoveryClient.fetchRegistry(DiscoveryClient.java:944) [eureka-client-1.4.12.jar:1.4.12]
at com.netflix.discovery.DiscoveryClient.<init>(DiscoveryClient.java:444) [eureka-client-1.4.12.jar:1.4.12]
at com.netflix.discovery.DiscoveryClient.<init>(DiscoveryClient.java:304) [eureka-client-1.4.12.jar:1.4.12]
at org.springframework.cloud.netflix.eureka.CloudEurekaClient.<init>(CloudEurekaClient.java:51) [spring-cloud-netflix-eureka-client-1.2.4.RELEASE.jar:1.2.4.RELEASE]
at org.springframework.cloud.netflix.eureka.EurekaClientAutoConfiguration$RefreshableEurekaClientConfiguration.eurekaClient(EurekaClientAutoConfiguration.java:192) [spring-cloud-netflix-eureka-client-1.2.4.RELEASE.jar:1.2.4.RELEASE]
at org.springframework.cloud.netflix.eureka.EurekaClientAutoConfiguration$RefreshableEurekaClientConfiguration$$EnhancerBySpringCGLIB$$3e59e8d3.CGLIB$eurekaClient$1(<generated>) [spring-cloud-netflix-eureka-client-1.2.4.RELEASE.jar:1.2.4.RELEASE]
at org.springframework.cloud.netflix.eureka.EurekaClientAutoConfiguration$RefreshableEurekaClientConfiguration$$EnhancerBySpringCGLIB$$3e59e8d3$$FastClassBySpringCGLIB$$791187fa.invoke(<generated>) [spring-cloud-netflix-eureka-client-1.2.4.RELEASE.jar:1.2.4.RELEASE]
at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228) [spring-core-4.3.6.RELEASE.jar:4.3.6.RELEASE]
at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:356) [spring-context-4.3.6.RELEASE.jar:4.3.6.RELEASE]
at org.springframework.cloud.netflix.eureka.EurekaClientAutoConfiguration$RefreshableEurekaClientConfiguration$$EnhancerBySpringCGLIB$$3e59e8d3.eurekaClient(<generated>) [spring-cloud-netflix-eureka-client-1.2.4.RELEASE.jar:1.2.4.RELEASE]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_121]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_121]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_121]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_121]
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:162) [spring-beans-4.3.6.RELEASE.jar:4.3.6.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:588) [spring-beans-4.3.6.RELEASE.jar:4.3.6.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1173) [spring-beans-4.3.6.RELEASE.jar:4.3.6.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1067) [spring-beans-4.3.6.RELEASE.jar:4.3.6.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:513) [spring-beans-4.3.6.RELEASE.jar:4.3.6.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:483) [spring-beans-4.3.6.RELEASE.jar:4.3.6.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory$2.getObject(AbstractBeanFactory.java:345) [spring-beans-4.3.6.RELEASE.jar:4.3.6.RELEASE]
at org.springframework.cloud.context.scope.GenericScope$BeanLifecycleWrapper.getBean(GenericScope.java:359) [spring-cloud-context-1.1.7.RELEASE.jar:1.1.7.RELEASE]
at org.springframework.cloud.context.scope.GenericScope.get(GenericScope.java:176) [spring-cloud-context-1.1.7.RELEASE.jar:1.1.7.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:340) [spring-beans-4.3.6.RELEASE.jar:4.3.6.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) [spring-beans-4.3.6.RELEASE.jar:4.3.6.RELEASE]
at org.springframework.aop.target.SimpleBeanTargetSource.getTarget(SimpleBeanTargetSource.java:35) [spring-aop-4.3.6.RELEASE.jar:4.3.6.RELEASE]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:192) [spring-aop-4.3.6.RELEASE.jar:4.3.6.RELEASE]
at com.sun.proxy.$Proxy122.getApplications(Unknown Source) [na:na]
at org.springframework.cloud.netflix.eureka.EurekaDiscoveryClient.getServices(EurekaDiscoveryClient.java:150) [spring-cloud-netflix-eureka-client-1.2.4.RELEASE.jar:1.2.4.RELEASE]
at org.springframework.cloud.netflix.zuul.filters.discovery.DiscoveryClientRouteLocator.locateRoutes(DiscoveryClientRouteLocator.java:105) [spring-cloud-netflix-core-1.2.4.RELEASE.jar:1.2.4.RELEASE]
at org.springframework.cloud.netflix.zuul.filters.discovery.DiscoveryClientRouteLocator.locateRoutes(DiscoveryClientRouteLocator.java:43) [spring-cloud-netflix-core-1.2.4.RELEASE.jar:1.2.4.RELEASE]
at org.springframework.cloud.netflix.zuul.filters.SimpleRouteLocator.doRefresh(SimpleRouteLocator.java:152) [spring-cloud-netflix-core-1.2.4.RELEASE.jar:1.2.4.RELEASE]
at org.springframework.cloud.netflix.zuul.filters.discovery.DiscoveryClientRouteLocator.refresh(DiscoveryClientRouteLocator.java:155) [spring-cloud-netflix-core-1.2.4.RELEASE.jar:1.2.4.RELEASE]
at org.springframework.cloud.netflix.zuul.web.ZuulHandlerMapping.setDirty(ZuulHandlerMapping.java:73) [spring-cloud-netflix-core-1.2.4.RELEASE.jar:1.2.4.RELEASE]
at org.springframework.cloud.netflix.zuul.ZuulConfiguration$ZuulRefreshListener.onApplicationEvent(ZuulConfiguration.java:180) [spring-cloud-netflix-core-1.2.4.RELEASE.jar:1.2.4.RELEASE]
at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:167) [spring-context-4.3.6.RELEASE.jar:4.3.6.RELEASE]
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139) [spring-context-4.3.6.RELEASE.jar:4.3.6.RELEASE]
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:122) [spring-context-4.3.6.RELEASE.jar:4.3.6.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.registerListeners(AbstractApplicationContext.java:824) [spring-context-4.3.6.RELEASE.jar:4.3.6.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:539) [spring-context-4.3.6.RELEASE.jar:4.3.6.RELEASE]
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122) [spring-boot-1.4.4.RELEASE.jar:1.4.4.RELEASE]
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:762) [spring-boot-1.4.4.RELEASE.jar:1.4.4.RELEASE]
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:372) [spring-boot-1.4.4.RELEASE.jar:1.4.4.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:316) [spring-boot-1.4.4.RELEASE.jar:1.4.4.RELEASE]
at org.springframework.boot.test.context.SpringBootContextLoader.loadContext(SpringBootContextLoader.java:111) [spring-boot-test-1.4.4.RELEASE.jar:1.4.4.RELEASE]
at org.springframework.test.context.cache.DefaultCacheAwareContextLoaderDelegate.loadContextInternal(DefaultCacheAwareContextLoaderDelegate.java:98) [spring-test-4.3.6.RELEASE.jar:4.3.6.RELEASE]
at org.springframework.test.context.cache.DefaultCacheAwareContextLoaderDelegate.loadContext(DefaultCacheAwareContextLoaderDelegate.java:116) [spring-test-4.3.6.RELEASE.jar:4.3.6.RELEASE]
at org.springframework.test.context.support.DefaultTestContext.getApplicationContext(DefaultTestContext.java:83) [spring-test-4.3.6.RELEASE.jar:4.3.6.RELEASE]
at org.springframework.test.context.support.DependencyInjectionTestExecutionListener.injectDependencies(DependencyInjectionTestExecutionListener.java:117) [spring-test-4.3.6.RELEASE.jar:4.3.6.RELEASE]
at org.springframework.test.context.support.DependencyInjectionTestExecutionListener.prepareTestInstance(DependencyInjectionTestExecutionListener.java:83) [spring-test-4.3.6.RELEASE.jar:4.3.6.RELEASE]
at org.springframework.boot.test.autoconfigure.SpringBootDependencyInjectionTestExecutionListener.prepareTestInstance(SpringBootDependencyInjectionTestExecutionListener.java:44) [spring-boot-test-autoconfigure-1.4.4.RELEASE.jar:1.4.4.RELEASE]
at org.springframework.test.context.TestContextManager.prepareTestInstance(TestContextManager.java:230) [spring-test-4.3.6.RELEASE.jar:4.3.6.RELEASE]
at org.spockframework.spring.SpringTestContextManager.prepareTestInstance(SpringTestContextManager.java:50) [spock-spring-1.1-groovy-2.4-rc-3.jar:na]
at org.spockframework.spring.SpringInterceptor.interceptSetupMethod(SpringInterceptor.java:42) [spock-spring-1.1-groovy-2.4-rc-3.jar:na]
at org.spockframework.runtime.extension.AbstractMethodInterceptor.intercept(AbstractMethodInterceptor.java:28) [spock-core-1.1-groovy-2.4-rc-3.jar:na]
at org.spockframework.runtime.extension.MethodInvocation.proceed(MethodInvocation.java:87) [spock-core-1.1-groovy-2.4-rc-3.jar:na]
at org.spockframework.runtime.BaseSpecRunner.invoke(BaseSpecRunner.java:472) [spock-core-1.1-groovy-2.4-rc-3.jar:na]
at org.spockframework.runtime.BaseSpecRunner.runSetup(BaseSpecRunner.java:375) [spock-core-1.1-groovy-2.4-rc-3.jar:na]
at org.spockframework.runtime.BaseSpecRunner.runSetup(BaseSpecRunner.java:370) [spock-core-1.1-groovy-2.4-rc-3.jar:na]
at org.spockframework.runtime.BaseSpecRunner.doRunIteration(BaseSpecRunner.java:323) [spock-core-1.1-groovy-2.4-rc-3.jar:na]
at org.spockframework.runtime.BaseSpecRunner$6.invoke(BaseSpecRunner.java:309) [spock-core-1.1-groovy-2.4-rc-3.jar:na]
at org.spockframework.runtime.BaseSpecRunner.invokeRaw(BaseSpecRunner.java:481) [spock-core-1.1-groovy-2.4-rc-3.jar:na]
at org.spockframework.runtime.BaseSpecRunner.invoke(BaseSpecRunner.java:464) [spock-core-1.1-groovy-2.4-rc-3.jar:na]
at org.spockframework.runtime.BaseSpecRunner.runIteration(BaseSpecRunner.java:288) [spock-core-1.1-groovy-2.4-rc-3.jar:na]
at org.spockframework.runtime.BaseSpecRunner.initializeAndRunIteration(BaseSpecRunner.java:278) [spock-core-1.1-groovy-2.4-rc-3.jar:na]
at org.spockframework.runtime.BaseSpecRunner.runSimpleFeature(BaseSpecRunner.java:269) [spock-core-1.1-groovy-2.4-rc-3.jar:na]
at org.spockframework.runtime.BaseSpecRunner.doRunFeature(BaseSpecRunner.java:263) [spock-core-1.1-groovy-2.4-rc-3.jar:na]
at org.spockframework.runtime.BaseSpecRunner$5.invoke(BaseSpecRunner.java:246) [spock-core-1.1-groovy-2.4-rc-3.jar:na]
at org.spockframework.runtime.BaseSpecRunner.invokeRaw(BaseSpecRunner.java:481) [spock-core-1.1-groovy-2.4-rc-3.jar:na]
at org.spockframework.runtime.BaseSpecRunner.invoke(BaseSpecRunner.java:464) [spock-core-1.1-groovy-2.4-rc-3.jar:na]
at org.spockframework.runtime.BaseSpecRunner.runFeature(BaseSpecRunner.java:238) [spock-core-1.1-groovy-2.4-rc-3.jar:na]
at org.spockframework.runtime.BaseSpecRunner.runFeatures(BaseSpecRunner.java:188) [spock-core-1.1-groovy-2.4-rc-3.jar:na]
at org.spockframework.runtime.BaseSpecRunner.doRunSpec(BaseSpecRunner.java:98) [spock-core-1.1-groovy-2.4-rc-3.jar:na]
at org.spockframework.runtime.BaseSpecRunner$1.invoke(BaseSpecRunner.java:84) [spock-core-1.1-groovy-2.4-rc-3.jar:na]
at org.spockframework.runtime.BaseSpecRunner.invokeRaw(BaseSpecRunner.java:481) [spock-core-1.1-groovy-2.4-rc-3.jar:na]
at org.spockframework.runtime.BaseSpecRunner.invoke(BaseSpecRunner.java:464) [spock-core-1.1-groovy-2.4-rc-3.jar:na]
at org.spockframework.runtime.BaseSpecRunner.runSpec(BaseSpecRunner.java:76) [spock-core-1.1-groovy-2.4-rc-3.jar:na]
at org.spockframework.runtime.BaseSpecRunner.run(BaseSpecRunner.java:67) [spock-core-1.1-groovy-2.4-rc-3.jar:na]
at org.spockframework.runtime.Sputnik.run(Sputnik.java:63) [spock-core-1.1-groovy-2.4-rc-3.jar:na]
at org.junit.runners.Suite.runChild(Suite.java:128) [junit-4.12.jar:4.12]
at org.junit.runners.Suite.runChild(Suite.java:27) [junit-4.12.jar:4.12]
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) [junit-4.12.jar:4.12]
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) [junit-4.12.jar:4.12]
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) [junit-4.12.jar:4.12]
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) [junit-4.12.jar:4.12]
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) [junit-4.12.jar:4.12]
at org.junit.runners.ParentRunner.run(ParentRunner.java:363) [junit-4.12.jar:4.12]
at org.junit.runner.JUnitCore.run(JUnitCore.java:137) [junit-4.12.jar:4.12]
at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:68) [junit-rt.jar:na]
at com.intellij.rt.execution.junit.IdeaTestRunner$Repeater.startRunnerWithArgs(IdeaTestRunner.java:51) [junit-rt.jar:na]
at com.intellij.rt.execution.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:237) [junit-rt.jar:na]
at com.intellij.rt.execution.junit.JUnitStarter.main(JUnitStarter.java:70) [junit-rt.jar:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_121]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_121]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_121]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_121]
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:147) [idea_rt.jar:na]
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.8.0_121]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) ~[na:1.8.0_121]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) ~[na:1.8.0_121]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) ~[na:1.8.0_121]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514) ~[na:1.8.0_121]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[na:1.8.0_121]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) ~[na:1.8.0_121]
at sun.security.ssl.Handshaker.process_record(Handshaker.java:961) ~[na:1.8.0_121]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) ~[na:1.8.0_121]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[na:1.8.0_121]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) ~[na:1.8.0_121]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) ~[na:1.8.0_121]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394) ~[httpclient-4.5.jar:4.5]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353) ~[httpclient-4.5.jar:4.5]
at com.netflix.discovery.shared.transport.jersey.SSLSocketFactoryAdapter.connectSocket(SSLSocketFactoryAdapter.java:53) ~[eureka-client-1.4.12.jar:1.4.12]
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:409) ~[httpclient-4.5.jar:4.5]
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177) ~[httpclient-4.5.jar:4.5]
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144) ~[httpclient-4.5.jar:4.5]
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:131) ~[httpclient-4.5.jar:4.5]
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611) ~[httpclient-4.5.jar:4.5]
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446) ~[httpclient-4.5.jar:4.5]
at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882) ~[httpclient-4.5.jar:4.5]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:117) ~[httpclient-4.5.jar:4.5]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55) ~[httpclient-4.5.jar:4.5]
at com.sun.jersey.client.apache4.ApacheHttpClient4Handler.handle(ApacheHttpClient4Handler.java:173) ~[jersey-apache-client4-1.19.1.jar:1.19.1]
... 119 common frames omitted
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) ~[na:1.8.0_121]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[na:1.8.0_121]
at sun.security.validator.Validator.validate(Validator.java:260) ~[na:1.8.0_121]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[na:1.8.0_121]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) ~[na:1.8.0_121]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) ~[na:1.8.0_121]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496) ~[na:1.8.0_121]
... 139 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[na:1.8.0_121]
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[na:1.8.0_121]
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[na:1.8.0_121]
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) ~[na:1.8.0_121]
... 145 common frames omitted
In this way I configured the truststore, to contain this path (including a wildcard-certificate).
@PostConstruct
public void configureTruststore() throws Exception {
final KeyStore trustStore = KeyStore.getInstance(trustStoreType);
trustStore.load(new ClassPathResource(trustStorePath).getInputStream(), trustStorePassword.toCharArray());
final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
final SSLContext sslContext = SSLContext.getInstance(sslContextType);
sslContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
}
This didn't changed the upper error at all.
When I test the same connection, using RestTemplate, there is no error after configuration of the truststore.
Now we step into the interesting part: When I configure the truststore by system-variable, it works.
In this way I assume, that HttpsURLConnection might not be used in eureka, but I can find the apache client in the stacktrace.
Running in PCF the system variables wouldn't be a solution for me, as this would require absolute file-path in cloud. Is there any other way?
Is there any other way?
question
elgohr
All 10 comments
Where are you placing the above code?
ryanjbaxter
on 18 Feb 2017
In a @Configuration-class.
elgohr
on 18 Feb 2017
@elgohr eureka uses jersey and therefore ignores your configuration. See #1703. You have to provide a custom EurekaJerseyClient via a DiscoveryClientOptionalArgs bean.
spencergibb
on 20 Feb 2017
👍2
@spencergibb something we should document?
ryanjbaxter
on 20 Feb 2017
Introduced the EurekaJerseyClient as
@Bean
public DiscoveryClient.DiscoveryClientOptionalArgs getTrustStoredEurekaClient() throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, KeyManagementException {
DiscoveryClient.DiscoveryClientOptionalArgs clientOptionalArgs = new DiscoveryClient.DiscoveryClientOptionalArgs();
final KeyStore trustStore = KeyStore.getInstance(trustStoreType);
trustStore.load(new ClassPathResource(trustStorePath).getInputStream(), trustStorePassword.toCharArray());
final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
final SSLContext sslContext = SSLContext.getInstance(sslContextType);
sslContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());
clientOptionalArgs.setEurekaJerseyClient(new EurekaJerseyClient() {
@Override
public ApacheHttpClient4 getClient() {
try {
HttpClient client = HttpClients
.custom()
.setSSLContext(sslContext)
.build();
return new ApacheHttpClient4(
new ApacheHttpClient4Handler(client, new BasicCookieStore(), false));
} catch (Exception e) {
e.printStackTrace();
}
return new ApacheHttpClient4();
}
@Override
public void destroyResources() {
}
});
return clientOptionalArgs;
}
in a configuration-file.
This ends up with
2017-02-23 12:52:38.714 INFO [App,,,] 1700 --- [ main] com.netflix.discovery.DiscoveryClient : Getting all instance registry info from the eureka server
2017-02-23 12:52:39.989 ERROR [App,,,] 1700 --- [ main] c.sun.jersey.api.client.ClientResponse : A message body reader for Java class com.netflix.discovery.shared.Applications, and Java type class com.netflix.discovery.shared.Applications, and MIME media type application/json was not found
2017-02-23 12:52:39.989 ERROR [App,,,] 1700 --- [ main] c.sun.jersey.api.client.ClientResponse : The registered message body readers compatible with the MIME media type are:
/ ->
com.sun.jersey.core.impl.provider.entity.FormProvider
com.sun.jersey.core.impl.provider.entity.StringProvider
com.sun.jersey.core.impl.provider.entity.ByteArrayProvider
com.sun.jersey.core.impl.provider.entity.FileProvider
com.sun.jersey.core.impl.provider.entity.InputStreamProvider
com.sun.jersey.core.impl.provider.entity.DataSourceProvider
com.sun.jersey.core.impl.provider.entity.XMLJAXBElementProvider$General
com.sun.jersey.core.impl.provider.entity.ReaderProvider
com.sun.jersey.core.impl.provider.entity.DocumentProvider
com.sun.jersey.core.impl.provider.entity.SourceProvider$StreamSourceReader
com.sun.jersey.core.impl.provider.entity.SourceProvider$SAXSourceReader
com.sun.jersey.core.impl.provider.entity.SourceProvider$DOMSourceReader
com.sun.jersey.core.impl.provider.entity.XMLRootElementProvider$General
com.sun.jersey.core.impl.provider.entity.XMLListElementProvider$General
com.sun.jersey.core.impl.provider.entity.XMLRootObjectProvider$General
com.sun.jersey.core.impl.provider.entity.EntityHolderReader
When I try to stick to EurekaJerseyClientImpl like
@Bean
public DiscoveryClient.DiscoveryClientOptionalArgs getTrustStoredEurekaClient() throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, KeyManagementException {
DiscoveryClient.DiscoveryClientOptionalArgs clientOptionalArgs = new DiscoveryClient.DiscoveryClientOptionalArgs();
final KeyStore trustStore = KeyStore.getInstance(trustStoreType);
trustStore.load(new ClassPathResource(trustStorePath).getInputStream(), trustStorePassword.toCharArray());
final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
final SSLContext sslContext = SSLContext.getInstance(sslContextType);
sslContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());
ClientConfig clientConfig = new DefaultClientConfig();
clientConfig.getProperties().put(com.sun.jersey.client.urlconnection.HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, new HTTPSProperties((hostname, sslSession) -> true, sslContext));
clientOptionalArgs.setEurekaJerseyClient(new EurekaJerseyClientImpl(3000, 1500, 1000, clientConfig));
return clientOptionalArgs;
}
the truststore is ignored again.
Any ideas?
elgohr
on 23 Feb 2017
This SO post from @AereXu has a solution in it http://stackoverflow.com/questions/42289196/how-to-override-spring-cloud-eureka-default-discovery-client-default-ssl-context.
ryanjbaxter
on 23 Feb 2017
👍1
I tried the SO post already.
I upgraded to Camden.SR5 & implemented the CustomEurekaJerseyClientBuilder (as shown, including adjustments). This still leads to
com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Changed the SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER from the SO post to NoopHostnameVerifier, to set a breakpoint. The verify is never called.
elgohr
on 24 Feb 2017
After some debugging I managed to get a connection via EurekaJerseyClientImpl.
This is almost the configuration from createSystemSslCM (see SO post), but I needed to change the SSLContext, to use the trustmaterial.
@Bean
public DiscoveryClient.DiscoveryClientOptionalArgs getTrustStoredEurekaClient() throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, KeyManagementException, UnrecoverableKeyException {
final KeyStore trustStore = KeyStore.getInstance(trustStoreType);
trustStore.load(new ClassPathResource(trustStorePath).getInputStream(), trustStorePassword.toCharArray());
SSLConnectionSocketFactory systemSocketFactory = new SSLConnectionSocketFactory(
SSLContexts.custom()
.loadTrustMaterial(trustStore, new TrustSelfSignedStrategy())
.build(),
new NoopHostnameVerifier());
SchemeRegistry sslSchemeRegistry = new SchemeRegistry();
sslSchemeRegistry.register(new Scheme(
"https",
443,
new SSLSocketFactoryAdapter(systemSocketFactory)));
MonitoredConnectionManager cm = new MonitoredConnectionManager("Test-Client", sslSchemeRegistry);
ClientConfig clientConfig = new DefaultClientConfig();
clientConfig.getProperties().put(ApacheHttpClient4Config.PROPERTY_CONNECTION_MANAGER, cm);
DiscoveryClient.DiscoveryClientOptionalArgs clientOptionalArgs = new DiscoveryClient.DiscoveryClientOptionalArgs();
clientOptionalArgs.setEurekaJerseyClient(new EurekaJerseyClientImpl(
config.getEurekaServerConnectTimeoutSeconds() * 1000,
config.getEurekaServerReadTimeoutSeconds() * 1000,
config.getEurekaConnectionIdleTimeoutSeconds() * 1000,
clientConfig));
return clientOptionalArgs;
}
Nevertheless I end up with
2017-02-24 16:50:55.095 INFO [App,,,] 4636 --- [ main] com.netflix.discovery.DiscoveryClient : Getting all instance registry info from the eureka server
2017-02-24 16:51:35.536 ERROR [App,,,] 4636 --- [ main] c.sun.jersey.api.client.ClientResponse : A message body reader for Java class com.netflix.discovery.shared.Applications, and Java type class com.netflix.discovery.shared.Applications, and MIME media type application/json was not found
2017-02-24 16:51:35.536 ERROR [App,,,] 4636 --- [ main] c.sun.jersey.api.client.ClientResponse : The registered message body readers compatible with the MIME media type are:
/ ->
com.sun.jersey.core.impl.provider.entity.FormProvider
com.sun.jersey.core.impl.provider.entity.StringProvider
com.sun.jersey.core.impl.provider.entity.ByteArrayProvider
com.sun.jersey.core.impl.provider.entity.FileProvider
com.sun.jersey.core.impl.provider.entity.InputStreamProvider
com.sun.jersey.core.impl.provider.entity.DataSourceProvider
com.sun.jersey.core.impl.provider.entity.XMLJAXBElementProvider$General
com.sun.jersey.core.impl.provider.entity.ReaderProvider
com.sun.jersey.core.impl.provider.entity.DocumentProvider
com.sun.jersey.core.impl.provider.entity.SourceProvider$StreamSourceReader
com.sun.jersey.core.impl.provider.entity.SourceProvider$SAXSourceReader
com.sun.jersey.core.impl.provider.entity.SourceProvider$DOMSourceReader
com.sun.jersey.core.impl.provider.entity.XMLRootElementProvider$General
com.sun.jersey.core.impl.provider.entity.XMLListElementProvider$General
com.sun.jersey.core.impl.provider.entity.XMLRootObjectProvider$General
com.sun.jersey.core.impl.provider.entity.EntityHolderReader
elgohr
on 24 Feb 2017
There we go, finally works.
Thank you for you麓re help and patience.
import com.netflix.discovery.DiscoveryClient;
import com.netflix.discovery.EurekaClientConfig;
import com.netflix.discovery.converters.wrappers.CodecWrappers;
import com.netflix.discovery.provider.DiscoveryJerseyProvider;
import com.netflix.discovery.shared.MonitoredConnectionManager;
import com.netflix.discovery.shared.transport.jersey.EurekaJerseyClientImpl;
import com.netflix.discovery.shared.transport.jersey.SSLSocketFactoryAdapter;
import com.sun.jersey.api.client.config.ClientConfig;
import com.sun.jersey.api.client.config.DefaultClientConfig;
import com.sun.jersey.client.apache4.config.ApacheHttpClient4Config;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.ssl.SSLContexts;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.ClassPathResource;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
@Configuration
public class TrustEurekaConfiguration {
@Value("${service.security.trustStorePath}")
private String trustStorePath;
@Value("${service.security.trustStorePassword}")
private String trustStorePassword;
@Value("${service.security.trustStoreType}")
private String trustStoreType;
@Autowired
private EurekaClientConfig config;
@Bean
public DiscoveryClient.DiscoveryClientOptionalArgs getTrustStoredEurekaClient()
throws KeyStoreException, IOException, CertificateException,
NoSuchAlgorithmException, KeyManagementException, UnrecoverableKeyException {
final KeyStore trustStore = KeyStore.getInstance(trustStoreType);
trustStore.load(new ClassPathResource(trustStorePath).getInputStream(), trustStorePassword.toCharArray());
SSLConnectionSocketFactory systemSocketFactory = new SSLConnectionSocketFactory(
SSLContexts
.custom()
.loadTrustMaterial(trustStore, new TrustSelfSignedStrategy())
.build(),
new NoopHostnameVerifier());
SchemeRegistry sslSchemeRegistry = new SchemeRegistry();
Scheme schema = new Scheme("https", 443, new SSLSocketFactoryAdapter(systemSocketFactory));
sslSchemeRegistry.register(schema);
String name = "Custom-Discovery-Client";
MonitoredConnectionManager connectionManager = new MonitoredConnectionManager(name, sslSchemeRegistry);
ClientConfig clientConfig = new DefaultClientConfig();
clientConfig.getProperties().put(ApacheHttpClient4Config.PROPERTY_CONNECTION_MANAGER, connectionManager);
DiscoveryJerseyProvider discoveryJerseyProvider = new DiscoveryJerseyProvider(
CodecWrappers.getEncoder(config.getEncoderName()),
CodecWrappers.resolveDecoder(config.getDecoderName(), config.getClientDataAccept()));
clientConfig.getSingletons().add(discoveryJerseyProvider);
DiscoveryClient.DiscoveryClientOptionalArgs clientOptionalArgs = new DiscoveryClient.DiscoveryClientOptionalArgs();
clientOptionalArgs.setEurekaJerseyClient(new EurekaJerseyClientImpl(
config.getEurekaServerConnectTimeoutSeconds() * 1000,
config.getEurekaServerReadTimeoutSeconds() * 1000,
config.getEurekaConnectionIdleTimeoutSeconds() * 1000,
clientConfig));
return clientOptionalArgs;
}
}
I managed to inject ssl-context to the eureka client in Finchley.M9 spring cloud as following:
import java.io.File;
import javax.net.ssl.SSLContext;
import org.apache.http.ssl.SSLContextBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import com.netflix.discovery.DiscoveryClient;
@Configuration
public class SslConfiguration {
private static final Logger logger = LoggerFactory.getLogger(LoggerConfiguration.class);
@Value("${http.client.ssl.trust-store}")
private File trustStore;
@Value("${http.client.ssl.trust-store-password}")
private String trustStorePassword;
@Bean
public DiscoveryClient.DiscoveryClientOptionalArgs getTrustStoredEurekaClient(SSLContext sslContext) {
DiscoveryClient.DiscoveryClientOptionalArgs args = new DiscoveryClient.DiscoveryClientOptionalArgs();
args.setSSLContext(sslContext);
return args;
}
@Bean
public SSLContext sslContext() throws Exception {
logger.info("initialize ssl context bean with keystore {} ", trustStore);
return new SSLContextBuilder()
.loadTrustMaterial(
trustStore,
trustStorePassword.toCharArray()
).build();
}
}
estarter
on 23 Apr 2018
Was this page helpful?
0 / 5 - 0 ratings
Related issues
raseshdesaiexp
路
4Comments
mekhaba
路
4Comments
todd-wang-in-BJ
路
3Comments
hotblac
路
3Comments
jabrena
路
4Comments
Most helpful comment
@elgohr eureka uses jersey and therefore ignores your configuration. See #1703. You have to provide a custom
EurekaJerseyClientvia aDiscoveryClientOptionalArgsbean.