-
Bug
-
Resolution: Not a Bug
-
High
-
None
My instance of the distribution client cannot fully run with the SDC instance in the integration environment (Pod25) due to a cert validation failure. I think the distribution client should not be doing any cert validation because I have validation configured to be turned off.
Here are the logs:
17-10-27 14:56:54 35957190f2cd INFO [org.openecomp.sdc.impl.DistributionClientImpl:229] - DistributionClient - init 17-10-27 14:56:54 35957190f2cd DEBUG [org.openecomp.sdc.impl.DistributionClientImpl:322] - get cluster server list from ASDC 17-10-27 14:56:54 35957190f2cd DEBUG [org.openecomp.sdc.http.AsdcConnectorClient:142] - about to perform getServerList. requestId= f394fb44-aa99-453a-9f1a-6a8414046159 url= /sdc/v1/distributionUebCluster 17-10-27 14:56:54 35957190f2cd DEBUG [org.openecomp.sdc.http.HttpAsdcClient:267] - url to send https://10.0.3.1:8443/sdc/v1/distributionUebCluster 17-10-27 14:56:54 35957190f2cd DEBUG [org.openecomp.sdc.http.HttpAsdcClient:280] - GET Response Status 200 17-10-27 14:56:54 35957190f2cd DEBUG [org.openecomp.sdc.http.AsdcConnectorClient:142] - about to perform getServerList. requestId= 555182cd-ef7d-433e-a454-a131588d80bf url= /sdc/v1/artifactTypes 17-10-27 14:56:54 35957190f2cd DEBUG [org.openecomp.sdc.http.HttpAsdcClient:267] - url to send https://10.0.3.1:8443/sdc/v1/artifactTypes 17-10-27 14:56:54 35957190f2cd DEBUG [org.openecomp.sdc.http.HttpAsdcClient:280] - GET Response Status 200 17-10-27 14:56:54 35957190f2cd DEBUG [org.openecomp.sdc.impl.DistributionClientImpl:316] - Artifact types: [DCAE_TOSCA, DCAE_JSON, DCAE_POLICY, DCAE_DOC, DCAE_EVENT, DCAE_INVENTORY_TOSCA, DCAE_INVENTORY_JSO N, DCAE_INVENTORY_POLICY, DCAE_INVENTORY_DOC, DCAE_INVENTORY_BLUEPRINT, DCAE_INVENTORY_EVENT] were validated with ASDC server 17-10-27 14:56:54 35957190f2cd DEBUG [org.openecomp.sdc.impl.DistributionClientImpl:289] - create keys 17-10-27 14:56:54 35957190f2cd INFO [com.att.nsa.apiClient.http.HttpClient:595] - POST https://10.0.11.1:3905/apiKeys/create (anonymous) ... 17-10-27 14:56:54 35957190f2cd WARN [com.att.nsa.apiClient.http.HttpClient:750] - Error executing HTTP request. sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.ce rtpath.SunCertPathBuilderException: unable to find valid certification path to requested target; blacklisting for 2 minutes 17-10-27 14:56:54 35957190f2cd ERROR [org.openecomp.sdc.impl.DistributionClientImpl:439] - DistributionClientResultImpl [responseStatus=UEB_KEYS_CREATION_FAILED, responseMessage=failed to create keys: sun.s ecurity.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target] 17-10-27 14:56:54 35957190f2cd ERROR [sch.core:167] - DistributionClientResultImpl [responseStatus=UEB_KEYS_CREATION_FAILED, responseMessage=failed to create keys: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
Here is essentially the configuration information I pass into the distribution client:
{ "environmentName": "ONAP-AMDOCS", "asdcAddress": "10.0.3.1:8443", "keyStorePassword": null, "pollingInterval": 20, "consumerGroup": "dcae", "asdcUri": "https://10.0.3.1:8443", "consumerId": "dcae-sch", "pollingTimeout": 20, "user": XXXX, "keyStorePath": null, "password": XXXX, "isFilterInEmptyResources": false, "activateServerTLSAuth": false }
Note that I set activateServerTLSAuth to false and yet the distribution client still tries to do cert validation.
Here is the version of distribution client I am using:
<dependency> <groupId>org.openecomp.sdc.sdc-distribution-client</groupId> <artifactId>sdc-distribution-client</artifactId> <version>1.1.50</version> </dependency>