We have a test installation of Pivotal Cloud Foundry.
It has a self-signed certificate, so I have not been able to use the cloud foundry maven plugin to perform uploads. Instead, I have been trying to use cloudfoundry-client-lib java client.
cloudfoundry-client-lib has a setting to ignore self-signed certificates, so I am able to log in to our PCF installation with it and perform passive operations, such as listing applications. However, uploads are failing.
I'm trying to upload a 23M zipped Spring Boot app jar. (Also tried it as a jar.) The same application itself has successfully been pushed previously to our PCF installation via 'cf push' . Installing cf-cli is not an option from our Jenkins box.
Uploads result either in a "connection reset by peer" or a broken pipe error.
Has anybody been able to upload or push to a PCF installation that's using a self-signed certificate ?
Code below:
public static void main(String[] args) {
String target = "api.sys.dev.##.##.##.com";
String user = "me";
String password = "secret";
String uploadFilePath = "./myapp.zip";
CloudCredentials credentials = new CloudCredentials(user, password);
java.net.URL URL = new java.net.URL(target);
CloudFoundryClient client = new CloudFoundryClient(credentials, URL, true);
File archiveFile = new File(uploadFilePath);
client.uploadApplication("myappname", uploadFilePath, new FileInputStream(archiveFile),
new uploadCallback(logger) );
client.logout();
}
dependency section from pom:
<dependency>
<groupId>org.cloudfoundry</groupId>
<artifactId>cloudfoundry-client-lib</artifactId>
<version>RELEASE</version>
</dependency>
Related
I have an Amazon AWS environment running a spring boot server app with https endpoints. (https://www.myapp.com:8443) A real (not self signed) certificate for www.myapp.com has been installed on the server.
When connecting from an Android release app on a real device (installed via OTA email) I see the exception :
Exception: javax.net.ssl.SSLHandshakeException -
java.security.cert.CertPathValidatorException: Trust anchor for
certification path not found.
javax.net.ssl.SSLHandshakeException:
java.security.cert.CertPathValidatorException: Trust anchor for
certification path not found.
In the Simulator I have added my real site certificate to my IntelliJ java cacerts file and that works fine. From within the simulator all my https calls to the AWS box work fine.
When building the Android app I added the real cert to the keystore and specified that keystore via the CN1 Preferences for the Android settings. This built fine but generated the above exception when run on a real device.
Using a self signed cert via CN1 and deployed on a real device also failed in the same manner.
What am I missing here ?
The keystore in Android builds is used for signing so adding certificates to it is irrelevant as once the APK is signed it won't change anything. If the certificate isn't available to Android or Apple then it's not a great certificate to use. If you open the native browser on Android and the site loads correctly then it should work with the app as well.
I created a web service and hosted it on IIS server.
Web service has to invoke a batch file ( which in turn invokes an exe ) taking an Xml input.
Batch file and exe to be invoked by batch file are placed in the Web service folder. I'm using an already present xml as input for the batch file.
This code works on the local machine but not after the webservice is hosted on IIS server and I invoke it from the browser.
public string InvokeDACS()
{
System.Diagnostics.ProcessStartInfo pInfo = new System.Diagnostics.ProcessStartInfo(Server.MapPath("~/SRSApplication/Application/SRS_TCNX.bat"));
System.Diagnostics.Process p = new System.Diagnostics.Process();
string path = Server.MapPath("~/SRS Application/Input/98765433.xml");
pInfo.Arguments = path;
System.Diagnostics.Process.Start(pInfo);
return "s";
}
Please help in figuring out a way for invoking a batch file from web service.
I have a piece of code that runs inside Spark Streaming and tries to get some data from a RESTful web service. The code snippet in question is:
Client client = ClientBuilder.newClient();
WebTarget target = client.target("http://localhost:2222/rest");
target = target.path("annotate")
.queryParam("text", UrlEscapers.urlFragmentEscaper().escape(spotlightSubmission))
.queryParam("confidence", "0.3");
logger.warn("!!! DEBUG !!! target: {}", target.getUri().toString());
String response = target.request().accept(MediaType.APPLICATION_JSON_TYPE).get(String.class);
logger.warn("!!! DEBUG !!! Spotlight response: {}", response);
When run inside a unit test as follows:
mvn clean test -Dtest=SpotlightTest#testCountWords
it contacts the RESTful web service and retrieves some data as expected. But when the same code is run as part of the application that is submitted to Spark, using spark-submit script, I receive the following error:
java.lang.NoSuchMethodError: javax.ws.rs.core.MultivaluedMap.addAll(Ljava/lang/Object;[Ljava/lang/Object;)V
as soon as it tries to run:
String response = target.request().accept(MediaType.APPLICATION_JSON_TYPE).get(String.class);
I'm using Spark 1.1.0 and for consuming the web service I'm using Jersey in my project's pom.xml:
<dependency>
<groupId>org.glassfish.jersey.containers</groupId>
<artifactId>jersey-container-servlet-core</artifactId>
<version>2.14</version>
</dependency>
So I suspect that when the application is submitted to Spark, somehow there's a different JAR in the environment that uses a different version of Jersey / javax.ws.rs.*
Does anybody know which version of Jersey / javax.ws.rs.* is used in the Spark environment, or how to solve this conflict?
Disclaimer: I'm not a Spark user
But doing a quick search I found the yarn module depends on Jersey 1.9.
I need to write a web service and host it in Azure. This service in turn consumes another service from an external site. Therefore, my azure-hosted service is a client to this externally-hosted service. When I make a request of the other service, I need to include a client-side certificate in my request.
Has anybody successfully done this? Is it possible to install a certificate in a web instance in azure? Would it survive the instance restarting? If so, pointers would be appreciated.
I have never worked with client-side certificates (even on a "real" client) so please forgive me if this is a newbee question.
The certificates that are uploaded in the cloud service (see the certificates tab under that cloud service in azure portal), which will host your webrole, will be available in the VM of that webrole. So you can access it from the certificate store and use it while making the external web service call.
A sample is given in this stackoverflow post.
Accessing a web service and a HTTP interface using certificate authentication
You can either add certificate via azure management portal, and azure will add it to machine certificate store once it deploy your application on the VM, or you can keep it with your application, for example as embedded resource and load it manually and use with your webservice call. Like this :
private X509Certificate2 GetAuthCertificate()
{
var assembly = Assembly.GetExecutingAssembly();
Stream stream = null;
var resources = assembly.GetManifestResourceNames();
foreach (var resource in resources)
{
if (resource.EndsWith(certificateFilename))
{
stream = assembly.GetManifestResourceStream(resource);
break;
}
}
if (stream == null)
throw new Exception("Certificate not found in embedded rersources");
using (var ms = new MemoryStream())
{
stream.CopyTo(ms);
var result = new X509Certificate2(ms.ToArray(), "password", X509KeyStorageFlags.Exportable);
return result;
}
}
I apologize in advance if the question is ridiculous.
I have an asmx service running in Azure (HTTP - no SSL).
I have a WPF app that loads a X509Certificate2 and adds it to the request by doing the following:
X509Certificate2 cert = new X509Certificate2("...");
webRequest.ClientCertificates.Add(cert);
In the web service I get the certificate by
new X509Certificate2(this.Context.Request.ClientCertificate.Certificate)
And then I load a cert (that I have both uploaded to the Azure control panel and added to my service definition file) by using the following sample:
var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindBySubjectName, certName, true);
And then I validate by doing the following:
clientCert.Thumbprint == certs[0].Thumbprint
Now unfortunately I get an exception (System.Security.Cryptography.CryptographicException: m_safeCertContext is an invalid handle) as soon as I do
Request.ClientCertificate.Certificate
So I have a few questions. How do I avoid the exception. This answer states I need to modify an IIS setting, but how can I do that in Azure?
In any case is this even the proper way to do certificate authentication?
Thanks!
You can use command scripts to modify IIS, in combination with appcmd.exe.
For a quick example (disabling timeout in an application pool), take a look at this sample by Steve Marx.
In this example, you'd call DisableTimeout.cmd as a startup task. For more info on creating startup tasks, you can watch this episode of Cloud Cover Show. There should be a lab on startup tasks in the Platform Training Kit as well.
Just remember that any type of IIS configuration change should be made via an automated task at startup. If you manually change IIS via RDP, those changes won't propagate to all of your instances, and won't remain persistent in the event of hardware failure or OS update.
You can remote into your azure instances to manage IIS. As for a way to do it globally for all instances at once, I'm not sure. That would be an interesting side project though.
http://learn.iis.net/page.aspx/979/managing-iis-on-windows-azure-via-remote-desktop/