Uploaded image for project: 'Pentaho Data Integration - Kettle'
  1. Pentaho Data Integration - Kettle
  2. PDI-14723

HTTP client stopped work with client certificate

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Severity: High
    • Resolution: Fixed
    • Affects Version/s: 5.4.0 GA, 6.0.0 GA
    • Fix Version/s: 7.0.0 GA
    • Component/s: Step
    • Labels:
    • Story Points:
      0
    • PDI Sub-component:
    • Notice:
      When an issue is open, the "Fix Version/s" field conveys a target, not necessarily a commitment. When an issue is closed, the "Fix Version/s" field conveys the version that the issue was fixed in.
    • Operating System/s:
      Windows 7

      Description

      In 5.3 HTTPClient nice work when do request to server with secure.
      My paramenters to run spoon:
      "-Djavax.net.ssl.trustStore=trusted.cacerts" "-Djavax.net.ssl.keyStore=trusted.clientcerts" "-Djavax.net.ssl.keyStorePassword=****"

      where in trusted.cacerts - CA sertificate our organization,
      in trusted.clientcerts - my own sertificate, which signed by CA.
      When run transformation in PDI 5.3 in debug mode logged:

      keyStore is : trusted.clientcerts
      keyStore type is : jks
      keyStore provider is :
      init keystore
      init keymanager of type SunX509
      ***
      found key for : clientauthcert384725732668859195
      ..... (description of sertificate contents)
      ***

      trustStore is: trusted.cacerts
      trustStore type is : jks
      trustStore provider is :
      init truststore
      adding as trusted cert:

      But in PDI 5.4 logged:
      trustStore is: trusted.cacerts
      trustStore type is : jks
      trustStore provider is :
      init truststore
      adding as trusted cert:

      This is all. KeyStore not loaded,

      In PDI 6.0 in karaf i configured org.ops4j.pax.web.cfg:
      org.osgi.service.http.secure.enabled=true
      org.ops4j.pax.web.ssl.keystore=trusted.clientcerts
      org.ops4j.pax.web.ssl.password=****
      org.ops4j.pax.web.ssl.keypassword=****

      and logged (when spoon started):
      ***
      found key for : clientauthcert384725732668859195
      .... (description)
      ***
      adding as trusted cert:
      .... (description)
      trigger seeding of SecureRandom
      done seeding SecureRandom
      Using SSLEngineImpl.

      Note: "adding as trusted cert"!

      Anywфн, when started transformation my https request in step "HTTP Client" returned with error:

          • - HTTP Client, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
            Because my own certificate not loaded in keyStore or loaded in trustStore.

      I trying replace step HTTPClient on RestClient (in SSL tab telling trusted.clientcerts), but it loaded my own certifcate into trustStore again.

      Small analis of components PDI on difference between 5.3 and 5.4:
      in kettle-core-*.jar
      SlaveConnectionManager.java not fill KeyManager.

        Attachments

          Activity

            People

            Assignee:
            AKarneichyk Alena Karneichyk (Inactive)
            Reporter:
            Kronic Nick Shadrin
            Votes:
            1 Vote for this issue
            Watchers:
            7 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: