• 0
Sign in to follow this  
Tom Lasswell

Groovy - Ignore SSL Issue

Question

To all those out there doing groovy scripting. Looking for a way to ignore the SSL errors for self signed certificates where it doesn't match the hostname. I found some code snippets but the LM collector doesn't appear to like it too much by disabling SSL verification in a groovy script. Anyone out there run into this and have an idea on how to get around it? 

 

[02-21 11:13:19.608 EST] [MSG] [WARN] [script-running-2::script.running:Task:232203255:{url removed}:Viptela General_:script:1:7] [GroovyScriptExecutor.execute:79] Failed to execute the script with Invocation exception, CONTEXT=, EXCEPTION=CertificateException: No name matching {url removed} found
com.logicmonitor.common.sse.utils.exception.ScriptExecutingFailedException: CertificateException: No name matching {url removed} found
	at com.logicmonitor.common.sse.utils.GroovyScriptHelper.execute(GroovyScriptHelper.java:186)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at com.logicmonitor.common.sse.executor.impl.GroovyScriptHelperWrapper.execute(GroovyScriptHelperWrapper.java:88)
	at com.logicmonitor.common.sse.executor.GroovyScriptExecutor.execute(GroovyScriptExecutor.java:70)
	at com.logicmonitor.common.sse.SSEScriptExecutor$ScriptExecutingTask.call(SSEScriptExecutor.java:263)
	at com.logicmonitor.common.sse.SSEScriptExecutor$ScriptExecutingTask.call(SSEScriptExecutor.java:242)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:748)
Caused by: java.security.cert.CertificateException: No name matching {url removed} found
	at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:221)
	at sun.security.util.HostnameChecker.match(HostnameChecker.java:95)
	at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
	at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:200)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)

 

Share this post


Link to post
Share on other sites

3 answers to this question

Recommended Posts

  • 2

Hey @Tom Lasswell, the built-in Groovy Http library should work against hosts with self-signed certs:

https://www.logicmonitor.com/support/terminology-syntax/scripting-support/access-a-website-from-groovy/

If you're using the Apache HTTP libraries, it is possible to skip/customize hostname verification, but if you just need to do some simple GETs and POSTs, the LM-provided one is the way to go.

Share this post


Link to post
Share on other sites
  • 1

Alright, disregard that old code, whoooo, that's a lot harder to do than what you pointed me at @Michael Rodrigues, i can't believe I missed that in the support documentation. :S

Anyways, got it working this way. Thanks! 

import com.santaba.agent.groovyapi.http.*;
import groovy.json.JsonSlurper;

def hostName = hostProps.get("system.hostname");
def user = hostProps.get("viptela.user");
def pass = hostProps.get("viptela.pass");

slurper  = new JsonSlurper()
// instantiate an http client object for the target system
httpClient = HTTP.open(hostName, 443);

// use an authentication API call to initiate a session
// specify the url to which we want to post
url = "https://"+hostName+"/j_security_check";
def payload = 'j_username=' + user + '&j_password=' + pass;
 
// do the post
def postResponse = httpClient.post(url, payload,["Content-Type":"application/x-www-form-urlencoded"]);
// does the response indicate a successful authentication?
if ( !(httpClient.getStatusCode() =~ /200/) ) 
{
    // no -- report an error, and return a non-zero exit code
    println "authentication failure";
    return(1);
}
// we are now authenticated. Subsequent GETs with the httpClient will pass in the session cookie 
url="https://"+hostName+"/dataservice/alarms/count";
def getResponse=httpClient.get(url);
// print some data
//println httpClient.getResponseBody();

arrayLines = slurper.parseText(httpClient.getResponseBody());
println "count:" + arrayLines.data.count[0]; 
println "cleared_count:" + arrayLines.data.cleared_count[0];

 

Share this post


Link to post
Share on other sites
  • 0

@Michael Rodrigues to give you an example, I copied the PURE datasource groovy script (as I have to cache a cookie). It's the hostname verification that seems to be the issue and Viptela is a little weird in their self signed certs, having one of our engineers look at it and trying to figure out if we can sign it with the fqdn for the friendly name. It looks like the link you provided has an easier way to get the cookie data, so i'll look and rewrite this code below to follow those examples. 

import groovy.json.JsonSlurper;
hostName = hostProps.get("system.hostname");
user = hostProps.get("viptela.user");
pass = hostProps.get("viptela.pass");

// init some stuff
base_url = "https://" + hostName;
slurper  = new JsonSlurper()
cookie   = getSession();

// now run a command to get info from the server

api_commmand = "/dataservice/alarms/count";
api_url      = new URL(base_url + api_commmand);
connection   = api_url.openConnection();
connection.setRequestMethod("GET");
connection.setDoOutput(true);
connection.setRequestProperty("Content-Type", "application/json");
connection.setRequestProperty("Cookie", cookie);

arrayLines = slurper.parseText(connection.content.text);
println "count:" + arrayLines.data.count[0]; 
println "cleared_count:" + arrayLines.data.cleared_count[0];

return(0);

/*
 * getSession - get session cookie
 *
 * @return string cookie
 */
def getSession()
{
    def cookie;
    api_commmand = "/j_security_check";
    api_url      = new URL(base_url + api_commmand);
    connection   = api_url.openConnection();
    connection.setRequestMethod("POST");
    connection.setDoOutput(true);
    connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");

    // write out apitoken as a HTTP POST
    def out = new OutputStreamWriter(connection.getOutputStream());
    out.write('j_username=' + user + '&j_password=' + pass);
    out.close();

    // loop through http header fields
    for (int i = 1; (headerName = connection.getHeaderFieldKey(i)) != null; i++)
    {
        // is this the cookie field?
        if (headerName.equals("Set-Cookie"))
        {
            // yes. get the cookie data
            cookie = connection.getHeaderField(i);
        }
    }
    return(cookie);
}

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this