• 0
Sign in to follow this  
Tom Lasswell

Groovy - Ignore SSL Issue


To all those out there doing groovy scripting. Looking for a way to ignore the SSL errors for self signed certificates where it doesn't match the hostname. I found some code snippets but the LM collector doesn't appear to like it too much by disabling SSL verification in a groovy script. Anyone out there run into this and have an idea on how to get around it? 


[02-21 11:13:19.608 EST] [MSG] [WARN] [script-running-2::script.running:Task:232203255:{url removed}:Viptela General_:script:1:7] [GroovyScriptExecutor.execute:79] Failed to execute the script with Invocation exception, CONTEXT=, EXCEPTION=CertificateException: No name matching {url removed} found
com.logicmonitor.common.sse.utils.exception.ScriptExecutingFailedException: CertificateException: No name matching {url removed} found
	at com.logicmonitor.common.sse.utils.GroovyScriptHelper.execute(GroovyScriptHelper.java:186)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at com.logicmonitor.common.sse.executor.impl.GroovyScriptHelperWrapper.execute(GroovyScriptHelperWrapper.java:88)
	at com.logicmonitor.common.sse.executor.GroovyScriptExecutor.execute(GroovyScriptExecutor.java:70)
	at com.logicmonitor.common.sse.SSEScriptExecutor$ScriptExecutingTask.call(SSEScriptExecutor.java:263)
	at com.logicmonitor.common.sse.SSEScriptExecutor$ScriptExecutingTask.call(SSEScriptExecutor.java:242)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:748)
Caused by: java.security.cert.CertificateException: No name matching {url removed} found
	at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:221)
	at sun.security.util.HostnameChecker.match(HostnameChecker.java:95)
	at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
	at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:200)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)


Share this post

Link to post
Share on other sites

3 answers to this question

Recommended Posts

  • 2

Hey @Tom Lasswell, the built-in Groovy Http library should work against hosts with self-signed certs:


If you're using the Apache HTTP libraries, it is possible to skip/customize hostname verification, but if you just need to do some simple GETs and POSTs, the LM-provided one is the way to go.

Share this post

Link to post
Share on other sites
  • 1

Alright, disregard that old code, whoooo, that's a lot harder to do than what you pointed me at @Michael Rodrigues, i can't believe I missed that in the support documentation. :S

Anyways, got it working this way. Thanks! 

import com.santaba.agent.groovyapi.http.*;
import groovy.json.JsonSlurper;

def hostName = hostProps.get("system.hostname");
def user = hostProps.get("viptela.user");
def pass = hostProps.get("viptela.pass");

slurper  = new JsonSlurper()
// instantiate an http client object for the target system
httpClient = HTTP.open(hostName, 443);

// use an authentication API call to initiate a session
// specify the url to which we want to post
url = "https://"+hostName+"/j_security_check";
def payload = 'j_username=' + user + '&j_password=' + pass;
// do the post
def postResponse = httpClient.post(url, payload,["Content-Type":"application/x-www-form-urlencoded"]);
// does the response indicate a successful authentication?
if ( !(httpClient.getStatusCode() =~ /200/) ) 
    // no -- report an error, and return a non-zero exit code
    println "authentication failure";
// we are now authenticated. Subsequent GETs with the httpClient will pass in the session cookie 
def getResponse=httpClient.get(url);
// print some data
//println httpClient.getResponseBody();

arrayLines = slurper.parseText(httpClient.getResponseBody());
println "count:" + arrayLines.data.count[0]; 
println "cleared_count:" + arrayLines.data.cleared_count[0];


Share this post

Link to post
Share on other sites
  • 0

@Michael Rodrigues to give you an example, I copied the PURE datasource groovy script (as I have to cache a cookie). It's the hostname verification that seems to be the issue and Viptela is a little weird in their self signed certs, having one of our engineers look at it and trying to figure out if we can sign it with the fqdn for the friendly name. It looks like the link you provided has an easier way to get the cookie data, so i'll look and rewrite this code below to follow those examples. 

import groovy.json.JsonSlurper;
hostName = hostProps.get("system.hostname");
user = hostProps.get("viptela.user");
pass = hostProps.get("viptela.pass");

// init some stuff
base_url = "https://" + hostName;
slurper  = new JsonSlurper()
cookie   = getSession();

// now run a command to get info from the server

api_commmand = "/dataservice/alarms/count";
api_url      = new URL(base_url + api_commmand);
connection   = api_url.openConnection();
connection.setRequestProperty("Content-Type", "application/json");
connection.setRequestProperty("Cookie", cookie);

arrayLines = slurper.parseText(connection.content.text);
println "count:" + arrayLines.data.count[0]; 
println "cleared_count:" + arrayLines.data.cleared_count[0];


 * getSession - get session cookie
 * @return string cookie
def getSession()
    def cookie;
    api_commmand = "/j_security_check";
    api_url      = new URL(base_url + api_commmand);
    connection   = api_url.openConnection();
    connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");

    // write out apitoken as a HTTP POST
    def out = new OutputStreamWriter(connection.getOutputStream());
    out.write('j_username=' + user + '&j_password=' + pass);

    // loop through http header fields
    for (int i = 1; (headerName = connection.getHeaderFieldKey(i)) != null; i++)
        // is this the cookie field?
        if (headerName.equals("Set-Cookie"))
            // yes. get the cookie data
            cookie = connection.getHeaderField(i);


Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this