Uploaded image for project: 'Pentaho Data Integration - Kettle'
  1. Pentaho Data Integration - Kettle
  2. PDI-15531

Add option to REST Client to accept self-signed or expired SSL certs

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Open
    • Severity: Unknown
    • Resolution: Unresolved
    • Affects Version/s: 6.1.0.3 GA
    • Fix Version/s: Backlog
    • Component/s: Step
    • Labels:
    • PDI Sub-component:
    • Notice:
      When an issue is open, the "Fix Version/s" field conveys a target, not necessarily a commitment. When an issue is closed, the "Fix Version/s" field conveys the version that the issue was fixed in.

      Description

      Currently the REST client builder does not allow self-signed SSL certs. Would like a checkbox so that we do not have to create a keystore with all valid certs in it. Here is an example exception. I verified that the URL works with "curl --insecure https://theurl".

      2016/07/23 07:22:05 - REST Client.0 - ERROR (version 6.1.0.1-196, build 1 from 2016-04-07 12.08.49 by buildguy) : Because of an error, this step can't continue:
      2016/07/23 07:22:05 - REST Client.0 - Can not result from https://localhost:8443/BabysDigest-1.0/rest/v1/bd-user/find/mike
      2016/07/23 07:22:05 - REST Client.0 - javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      2016/07/23 07:22:05 - REST Client.0 - ERROR (version 6.1.0.1-196, build 1 from 2016-04-07 12.08.49 by buildguy) : org.pentaho.di.core.exception.KettleException:
      2016/07/23 07:22:05 - REST Client.0 - Can not result from https://localhost:8443/BabysDigest-1.0/rest/v1/bd-user/find/mike
      2016/07/23 07:22:05 - REST Client.0 - javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      2016/07/23 07:22:05 - REST Client.0 -
      2016/07/23 07:22:05 - REST Client.0 - at org.pentaho.di.trans.steps.rest.Rest.callRest(Rest.java:229)
      2016/07/23 07:22:05 - REST Client.0 - at org.pentaho.di.trans.steps.rest.Rest.processRow(Rest.java:449)
      2016/07/23 07:22:05 - REST Client.0 - at org.pentaho.di.trans.step.RunThread.run(RunThread.java:62)
      2016/07/23 07:22:05 - REST Client.0 - at java.lang.Thread.run(Thread.java:745)
      2016/07/23 07:22:05 - REST Client.0 - Caused by: com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      2016/07/23 07:22:05 - REST Client.0 - at com.sun.jersey.client.apache.DefaultApacheHttpMethodExecutor.executeMethod(DefaultApacheHttpMethodExecutor.java:213)
      2016/07/23 07:22:05 - REST Client.0 - at com.sun.jersey.client.apache.ApacheHttpClientHandler.handle(ApacheHttpClientHandler.java:175)
      2016/07/23 07:22:05 - REST Client.0 - at com.sun.jersey.api.client.filter.HTTPBasicAuthFilter.handle(HTTPBasicAuthFilter.java:104)
      2016/07/23 07:22:05 - REST Client.0 - at com.sun.jersey.api.client.Client.handle(Client.java:648)
      2016/07/23 07:22:05 - REST Client.0 - at com.sun.jersey.api.client.WebResource.handle(WebResource.java:680)
      2016/07/23 07:22:05 - REST Client.0 - at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
      2016/07/23 07:22:05 - REST Client.0 - at com.sun.jersey.api.client.WebResource$Builder.get(WebResource.java:507)
      2016/07/23 07:22:05 - REST Client.0 - at org.pentaho.di.trans.steps.rest.Rest.callRest(Rest.java:171)
      2016/07/23 07:22:05 - REST Client.0 - ... 3 more
      2016/07/23 07:22:05 - REST Client.0 - Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      2016/07/23 07:22:05 - REST Client.0 - at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
      2016/07/23 07:22:05 - REST Client.0 - at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
      2016/07/23 07:22:05 - REST Client.0 - at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
      2016/07/23 07:22:05 - REST Client.0 - at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
      2016/07/23 07:22:05 - REST Client.0 - at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
      2016/07/23 07:22:05 - REST Client.0 - at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
      2016/07/23 07:22:05 - REST Client.0 - at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
      2016/07/23 07:22:05 - REST Client.0 - at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
      2016/07/23 07:22:05 - REST Client.0 - at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
      2016/07/23 07:22:05 - REST Client.0 - at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
      2016/07/23 07:22:05 - REST Client.0 - at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
      2016/07/23 07:22:05 - REST Client.0 - at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
      2016/07/23 07:22:05 - REST Client.0 - at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
      2016/07/23 07:22:05 - REST Client.0 - at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
      2016/07/23 07:22:05 - REST Client.0 - at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
      2016/07/23 07:22:05 - REST Client.0 - at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.flushRequestOutputStream(MultiThreadedHttpConnectionManager.java:1565)
      2016/07/23 07:22:05 - REST Client.0 - at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
      2016/07/23 07:22:05 - REST Client.0 - at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
      2016/07/23 07:22:05 - REST Client.0 - at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
      2016/07/23 07:22:05 - REST Client.0 - at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
      2016/07/23 07:22:05 - REST Client.0 - at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
      2016/07/23 07:22:05 - REST Client.0 - at com.sun.jersey.client.apache.DefaultApacheHttpMethodExecutor.executeMethod(DefaultApacheHttpMethodExecutor.java:210)
      2016/07/23 07:22:05 - REST Client.0 - ... 10 more
      2016/07/23 07:22:05 - REST Client.0 - Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      2016/07/23 07:22:05 - REST Client.0 - at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
      2016/07/23 07:22:05 - REST Client.0 - at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
      2016/07/23 07:22:05 - REST Client.0 - at sun.security.validator.Validator.validate(Validator.java:260)
      2016/07/23 07:22:05 - REST Client.0 - at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
      2016/07/23 07:22:05 - REST Client.0 - at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
      2016/07/23 07:22:05 - REST Client.0 - at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
      2016/07/23 07:22:05 - REST Client.0 - at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
      2016/07/23 07:22:05 - REST Client.0 - ... 27 more
      2016/07/23 07:22:05 - REST Client.0 - Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      2016/07/23 07:22:05 - REST Client.0 - at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146)
      2016/07/23 07:22:05 - REST Client.0 - at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
      2016/07/23 07:22:05 - REST Client.0 - at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
      2016/07/23 07:22:05 - REST Client.0 - at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
      2016/07/23 07:22:05 - REST Client.0 - ... 33 more

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              mbaranski Mike Baranski
              Votes:
              5 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated: