I recently upgraded to finagle-core 22.4.0 from 21.4.0 and see this while loading integration tests in the application. I use wiremock-standalone version 2.27.2. Netty version is 4.1.73.Final. How can I fix this issue? I am assuming it is related to some version. But where to start debugging?
09:41:03.529 WARN finagle/netty4-2-1 io.netty.channel.ChannelInitializer [] [] [] [] [] [] [] [] [] [] [] Failed to initialize a channel. Closing: [id: 0x6e98560c]
com.twitter.finagle.ssl.SslConfigurationException: java.lang.IllegalArgumentException: ApplicationProtocols.Supported is not supported at this time for SslContextClientEngineFactory. Remote Info: Not Available
at com.twitter.finagle.ssl.SslConfigurationException$.notSupported(SslConfigurationException.scala:18)
at com.twitter.finagle.ssl.SslConfigurations$.checkApplicationProtocolsNotSupported(SslConfigurations.scala:246)
at com.twitter.finagle.ssl.client.SslContextClientEngineFactory.apply(SslContextClientEngineFactory.scala:37)
A similar issue has been reported here: https://github.com/twitter/finagle/issues/913
You're getting an "Application protocol not supported" exception from finagle during a setup of a secure socket (SSL/TLS) connection.
The github issue links to the following piece of code showing the supported application protocols:
https://github.com/twitter/finagle/blob/develop/finagle-core/src/main/scala/com/twitter/finagle/ssl/ApplicationProtocols.scala#L19-L31
private val alpnProtocolIds: Set[String] = Set(
"http/1.1",
"spdy/1",
"spdy/2",
"spdy/3",
"stun.turn",
"stun.nat-discovery",
"h2",
"h2c",
"webrtc",
"c-webrtc",
"ftp"
)
This could mean that for example your test is now trying to communicate with HTTP2, which is not supported. You might have to configure that back to HTTP1.1
If that doesn't help you can try to debug the full SSL communication with the following vm option:
-Djavax.net.debug=all
See for more information:
https://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/ReadDebug.html
How can I get debug messages from Java's SSL handshake?
limiting java ssl debug logging
Related
I am testing the Quarkus capabilities for Travel Applications and I found a weird behaviour when I try to establish an URLConnection running in a GraalVM application
based on Quarkus. If I run a Native application:
./target/getting-started-1.0.0-SNAPSHOT-runner
and I Call the REST endpoint:
curl 'http://localhost:8080/api/v1/covid-restrictions'
then I receive the following error:
2022-06-01 17:38:43,844 ERROR [io.qua.ver.htt.run.QuarkusErrorHandler] (executor-thread-0) HTTP Request to /api/v1/covid-restrictions failed, error id: f6130b71-c9fb-4a67-a996-c58fba695117-1: com.amadeus.exceptions.NetworkException: [---]
But when I run the same application as a Jar, everything is fine.
java -jar target/quarkus-app/quarkus-run.jar
One example to see the error here:
https://github.com/jabrena/quarkus-amadeus-sdk-demo
Do I need to configure the Quarkus app in some way for GraalVM?
I share the whole StackTrace if it could help:
2022-06-01 17:38:43,844 ERROR [io.qua.ver.htt.run.QuarkusErrorHandler] (executor-thread-0) HTTP Request to /api/v1/covid-restrictions failed, error id: f6130b71-c9fb-4a67-a996-c58fba695117-1: com.amadeus.exceptions.NetworkException: [---]
at com.amadeus.HTTPClient.fetch(HTTPClient.java:372)
at com.amadeus.HTTPClient.execute(HTTPClient.java:358)
at com.amadeus.HTTPClient.unauthenticatedRequest(HTTPClient.java:253)
at com.amadeus.client.AccessToken.fetchAccessToken(AccessToken.java:67)
at com.amadeus.client.AccessToken.updateAccessToken(AccessToken.java:53)
at com.amadeus.client.AccessToken.lazyUpdateAccessToken(AccessToken.java:47)
at com.amadeus.client.AccessToken.getBearerToken(AccessToken.java:39)
at com.amadeus.HTTPClient.request(HTTPClient.java:339)
at com.amadeus.HTTPClient.get(HTTPClient.java:67)
at com.amadeus.dutyOfCare.diseases.Covid19AreaReport.get(Covid19AreaReport.java:51)
at org.acme.CovidResource.hello(CovidResource.java:27)
at org.acme.CovidResource$quarkusrestinvoker$hello_a2fbfead069e804ef1bb0315d16c4dc5e7951978.invoke(Unknown Source)
at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29)
at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:7)
at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:141)
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:548)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2449)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1478)
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.lang.Thread.run(Thread.java:833)
at com.oracle.svm.core.thread.PlatformThreads.threadStartRoutine(PlatformThreads.java:704)
at com.oracle.svm.core.posix.thread.PosixPlatformThreads.pthreadStartRoutine(PosixPlatformThreads.java:202)
Many thanks in advance.
Juan Antonio
As most APIs nowadays are, the Amadeus library is HTTPS only.
For Quarkus in native mode, you need to explicitly enable SSL in src/main/resources/application.properties (except for certain extensions, see the link below).
quarkus.ssl.native=true
See https://quarkus.io/guides/native-and-ssl
After adding this property you will get a different runtime error:
2022-06-02 00:45:25,381 ERROR [io.qua.ver.htt.run.QuarkusErrorHandler] (executor-thread-0) HTTP Request to /api/v1/covid-restrictions failed, error id: 6d821ce1-23fd-4d88-8f63-992b6453830a-1: com.oracle.svm.core.jdk.UnsupportedFeatureError: Code that was considered unreachable by closed-world analysis was reached.
Try to register the following reflection classes (DiseaseAreaReport and all inner classes) as Amadeus will use GSON and therefore also Java reflection to apply the JSON String data to the DiseaseAreaReport POJO.
https://quarkus.io/guides/writing-native-applications-tips#registering-for-reflection
package org.acme;
import io.quarkus.runtime.annotations.RegisterForReflection;
#RegisterForReflection(targets = {
com.amadeus.Amadeus.class,
com.amadeus.HTTPClient.class,
com.amadeus.Params.class,
com.amadeus.Response.class,
com.amadeus.client.AccessToken.class,
com.amadeus.dutyOfCare.diseases.Covid19AreaReport.class,
com.amadeus.exceptions.ResponseException.class,
// com.amadeus.resources.DiseaseAreaReport and all inner classes
com.amadeus.resources.DiseaseAreaReport.class,
com.amadeus.resources.DiseaseAreaReport.Area.class,
com.amadeus.resources.DiseaseAreaReport.AreaAccessRestriction.class,
com.amadeus.resources.DiseaseAreaReport.AreaPolicy.class,
com.amadeus.resources.DiseaseAreaReport.AreaRestriction.class,
com.amadeus.resources.DiseaseAreaReport.AreaVaccinated.class,
com.amadeus.resources.DiseaseAreaReport.Border.class,
com.amadeus.resources.DiseaseAreaReport.DatedInformation.class,
com.amadeus.resources.DiseaseAreaReport.DatedQuarantineRestriction.class,
com.amadeus.resources.DiseaseAreaReport.DatedTracingApplicationRestriction.class,
com.amadeus.resources.DiseaseAreaReport.DeclarationDocuments.class,
com.amadeus.resources.DiseaseAreaReport.DiseaseCase.class,
com.amadeus.resources.DiseaseAreaReport.DiseaseInfection.class,
com.amadeus.resources.DiseaseAreaReport.DiseaseTestingRestriction.class,
com.amadeus.resources.DiseaseAreaReport.DiseaseVaccination.class,
com.amadeus.resources.DiseaseAreaReport.EntryRestriction.class,
com.amadeus.resources.DiseaseAreaReport.ExitRestriction.class,
com.amadeus.resources.DiseaseAreaReport.GeoCode.class,
com.amadeus.resources.DiseaseAreaReport.Link.class,
com.amadeus.resources.DiseaseAreaReport.MaskRestriction.class,
com.amadeus.resources.DiseaseAreaReport.Sources.class,
com.amadeus.resources.DiseaseAreaReport.Transportation.class,
com.amadeus.resources.DiseaseAreaReport.ValidityPeriod.class,
com.amadeus.resources.Resource.class
})
public class AmadeusReflection {
}
I hope this fixes this issue, if not dig deeper which classes or inner classes are missing to be registered for reflection with a debugger or following the stack trace.
P.S. your test shows the following warnings:
[WARNING] [io.quarkus.resteasy.reactive.server.deployment.QuarkusServerEndpointIndexer] Quarkus detected the use of JSON in JAX-RS method 'org.acme.CovidResource#hello' but no JSON extension has been added. Consider adding 'quarkus-resteasy-reactive-jackson' or 'quarkus-resteasy-reactive-jsonb'.
[WARNING] [io.quarkus.resteasy.reactive.server.deployment.QuarkusServerEndpointIndexer] Quarkus detected the use of JSON in JAX-RS method 'org.acme.ConfigResource#hello' but no JSON extension has been added. Consider adding 'quarkus-resteasy-reactive-jackson' or 'quarkus-resteasy-reactive-jsonb'.
Consider to add the RESTEasy Reactive Jackson extension in the pom.xml:
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-resteasy-reactive-jackson</artifactId>
</dependency>
Scenerio:
Upgraded Spinnaker to 1.12.0. No other config changes that would impact this integration (we had to modify an s3 IAM because it quit working). Okta integration stopped working. Public key was reissued during install process for the ingress, may be relevant?
SAML-TRACE shows payload getting to okta and back
Spinnaker throws two different errors depending on browser and how I get there.
Direct link to deck url: (500) No IDP was configured, please update included metadata with at least one IDP (seen in browser and gate)
Okta "chicklet" in okta dashboard: (401) Authentication Failed: Incoming SAML message is invalid
Config details (again none of this changed):
Downloading metadata directly
JKS is being leveraged and is valid
service url is confirmed
alias for JKS is confirmed
I had this issue as well when upgrading from 1.10.13 to 1.12.2. I found lots of these error messages in Gate's logs:
2019-02-19 05:31:30.421 ERROR 1 --- [.0-8084-exec-10] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw e
xception [org.opensaml.saml2.metadata.provider.MetadataProviderException: No IDP was configured, please update included metadata with at least one IDP] with root cause
org.opensaml.saml2.metadata.provider.MetadataProviderException: No IDP was configured, please update included metadata with at least one IDP
at org.springframework.security.saml.metadata.MetadataManager.getDefaultIDP(MetadataManager.java:795) ~[spring-security-saml2-core-1.0.2.RELEASE.jar:1.0.2.RELEASE]
at org.springframework.security.saml.context.SAMLContextProviderImpl.populatePeerEntityId(SAMLContextProviderImpl.java:157) ~[spring-security-saml2-core-1.0.2.RELEASE.jar
:1.0.2.RELEASE]
at org.springframework.security.saml.context.SAMLContextProviderImpl.getLocalAndPeerEntity(SAMLContextProviderImpl.java:127) ~[spring-security-saml2-core-1.0.2.RELEASE.ja
r:1.0.2.RELEASE]
at org.springframework.security.saml.SAMLEntryPoint.commence(SAMLEntryPoint.java:146) ~[spring-security-saml2-core-1.0.2.RELEASE.jar:1.0.2.RELEASE]
at org.springframework.security.web.access.ExceptionTranslationFilter.sendStartAuthentication(ExceptionTranslationFilter.java:203) ~[spring-security-web-4.2.9.RELEASE.jar
:4.2.9.RELEASE]
...
After downgrading back to 1.10.13, I upgraded to the next version, 1.11.0, and found that's when the issue started. Eventually, I looked at Gate's logs from the launch of the Container and found:
2019-02-20 22:31:40.132 ERROR 1 --- [0.0-8084-exec-3] o.o.s.m.provider.HTTPMetadataProvider : Error retrieving metadata from https://000000000000.okta.com/app/00000000000000000/sso/saml/metadata
javax.net.ssl.SSLException: Error in hostname verification
at org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory.verifyHostname(TLSProtocolSocketFactory.java:241) ~[openws-1.5.4.jar:na]
at org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory.createSocket(TLSProtocolSocketFactory.java:186) ~[openws-1.5.4.jar:na]
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707) ~[commons-httpclient-3.1.jar:na]
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387) ~[commons-httpclient-3.1.jar:na]
...
This lead me to realize that the TLS Certificate was being rejected by Gate. Not sure why it suddenly started failing the check. Up to this point, I had it configured as:
$ hal config security authn saml edit --metadata https://000000000000.okta.com/app/00000000000000000/sso/saml/metadata
I ended up downloading the metadata file and redeploying with halyard.
$ wget https://000000000000.okta.com/app/00000000000000000/sso/saml/metadata
$ hal config security authn saml edit --metadata "${PWD}/metadata"
$ hal config version edit --version 1.12.2
$ hal deploy apply
Opened up a private browser window as suggested by the Spinnaker documentation and Gate started redirecting to Okta correctly again.
Issue filed, https://github.com/spinnaker/spinnaker/issues/4017.
So I ended up finding the answer. The tomcat config changed apparently in spinnaker in later versions for gate.
I created this snippet in ~/.hal/default/profiles/gate-local.yml
server:
tomcat:
protocolHeader: X-Forwarded-Proto
remoteIpHeader: X-Forwarded-For
internalProxies: .*
Deployed spinnaker and it was back to working.
I have upgraded a SonarQube server from 6.0 to 6.7.2. Everything is fine, except that, after logging in as user "admin" and navigating to tab Administration, clicking on subtab System yields an error message
An error has occurred: please contact your administrator.
In file web.log:
2018.03.06 11:38:24 ERROR web[AWH6436/ICo3FeIjAAAz][o.s.s.w.WebServiceEngine] Fail to process request http://<HOST NAME>:20295/sonarqube/api/system/info
java.lang.IllegalStateException: Failed to call HTTP server of process [key='ce', ipcIndex=3, logFilenamePrefix=ce]
at org.sonar.ce.http.CeHttpClientImpl.call(CeHttpClientImpl.java:171)
at org.sonar.ce.http.CeHttpClientImpl.retrieveSystemInfo(CeHttpClientImpl.java:60)
at org.sonar.server.platform.ws.StandaloneSystemInfoWriter.write(StandaloneSystemInfoWriter.java:53)
at org.sonar.server.platform.ws.InfoAction.handle(InfoAction.java:64)
at org.sonar.server.ws.WebServiceEngine.execute(WebServiceEngine.java:103)
at org.sonar.server.ws.WebServiceFilter.doFilter(WebServiceFilter.java:86)
at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:126)
...
Caused by: java.io.IOException: Server returned HTTP response code: 503 for URL: http://10.145.61.55
The IP address is that of the server. There is no mention of any port in the error message, I don't know if this has any relation with the error.
It seems that the Web component cannot access the Compute Engine component. However nothing particular was found in file ce.log which ends with a trace Compute Engine is operational.
I followed the short migration guide in https://docs.sonarqube.org/display/SONAR/Upgrading.
Environment: Linux, JDK 8, Oracle DB
Does anyone as a clue? Many thanks in advance.
For whoever who might stumble on the same issue: it was an error in my proxy configuration. Increasing the logging level by setting sonar.log.level=DEBUG in file sonar.properties yielded the following new traces in file web.log:
2018.03.07 11:52:04 DEBUG web[AWIAFTpArQRjrTzMAAAg][s.n.w.p.h.HttpURLConnection] sun.net.www.MessageHeader#668ee27b5 pairs: {GET http://127.0.0.1:40413/systemInfo HTTP/1.1: null}{User-Agent: SonarQube 6.7.2.37468 # AWHmcYEU8aGLjZ5sPfjj Java/1.8.0_60}{Host: 127.0.0.1:40413}{Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2}{Proxy-Connection: keep-alive}
2018.03.07 11:52:04 DEBUG web[AWIAFTpArQRjrTzMAAAg][s.n.w.p.h.HttpURLConnection] sun.net.www.MessageHeader#527214044 pairs: {null: HTTP/1.1 301 Moved Permanently}{Server: BlueCoat-Security-Appliance}{Location: http://10.145.61.55}{Connection: Close}
2018.03.07 11:52:04 DEBUG web[AWIAFTpArQRjrTzMAAAg][s.n.w.p.h.HttpURLConnection] Redirected from http://127.0.0.1:40413/systemInfo to http://10.145.61.55
2018.03.07 11:52:04 ERROR web[AWIAFTpArQRjrTzMAAAg][o.s.s.w.WebServiceEngine] Fail to process request http://<HOST NAME>:20295/sonarqube/api/system/info
The proxy was redirecting the Compute engine URL http://127.0.0.1:40413/systemInfo to http://10.145.61.55.
The solution was to add 127.0.0.1 to http.nonProxyHosts in file sonar.properties.
Using the update center behind a proxy with an associated context gives me this known error:
Fail to download the plugin (css, version 3.1) from https://github.com/racodond/sonar-css-plugin/releases/download/3.1/sonar-css-plugin-3.1.jar
Error is : Fail to download: https://github.com/racodond/sonar-css-plugin/releases/download/3.1/sonar-css-plugin-3.1.jar (no proxy)
I've seen I must provide http.proxyHost/Port in the sonar.properties configuration file, but I've got problems with web context (assigned by sonar.web.context=/mycontext).
Two cases:
http.proxyHost=myhost/mycontext => fails because tries connection with myhost/mycontext:port
Fail to download the plugin (css, version 3.1) from https://github.com/racodond/sonar-css-plugin/releases/download/3.1/sonar-css-plugin-3.1.jar
Error is : Fail to download: https://github.com/racodond/sonar-css-plugin/releases/download/3.1/sonar-css-plugin-3.1.jar (HTTP proxy: <myhost>/<mycontext>:443)
http.proxyHost=myhost => fails and sonarqube don't show any plugin
Note: Ports are 80 y 443 (standard), https uses same host.
Any help is much appreciated.
I have created a simple Xamarin.Forms(Portable) project and included UI Test project in it. But when i am trying to run the test in physical device it giving me below mentioned exception.
Test Name: AppLaunches
Test Outcome: Failed
Result Message:
SetUp : System.Net.Http.HttpRequestException : An error occurred while sending the request.
----> System.Net.WebException : The underlying connection was closed: The connection was closed unexpectedly.
Result StandardOutput: Full log file: C:\Users\Admin\AppData\Local\Temp\uitest\log-2016-10-22_11-04-53-698.txt
Skipping IDE integration as important properties are configured. To force IDE integration, add .PreferIdeSettings() to ConfigureApp.
Android test running Xamarin.UITest version: 2.0.0.1534
Initializing Android app on device ZX1D63GCCL with installed app: co.veloxcore.UITestSample2
Signing apk with Xamarin keystore.
Skipping installation: Already installed.
Here is the link to my project: XamarinUITest
Log File : Error Log
Are you using using ModernHttpClient?
Also you can use Polly if you want to handle network exceptions.
For example:
conferences = await Policy
.Handle<WebException>()
.WaitAndRetry
(
retryCount:5,
sleepDurationProvider: retryAttempt => TimeSpan.FromSeconds(Math.Pow(2, retryAttempt))
)
.ExecuteAsync(async () => await getConferencesTask);
Also AsyncErrorHandler is great tool to handle async exceptions