Reply
Explorer
Posts: 18
Registered: ‎03-19-2019

How to invoke Cloudera Manager REST API Web services for Impala from Java client. Server is kerbros

[ Edited ]

Hi Friends,
I am trying to invoke Cloudera Manager Rest Web services from Java client. My cluster/server is kerbrised and SSL enabled i.e. HTTPS. Cloudera Manager required user/pass to login.
now I am trying to invoke rest (web services) api from Java client. But It is asking for certificate. 

Below is the Java client code - 

private static Subject getSubject() throws LoginException {
LoginContext loginContext = new LoginContext("", null, new PasswordCallbackHandler("passwordKerberos"),
new KerberosConfiguration("Test@Test.com"));
loginContext.login();
return loginContext.getSubject();
}

public void testWS() throws Exception {

Subject subject = getSubject();
HttpsURLConnection connection = null;
boolean isSecured = true;


final URL url = new URL("https://host:7183/api/v15/clusters/Cluster 1/services/impala/impalaQueries?from=2018-04-02");
{


connection = (HttpsURLConnection) Subject.doAs(subject, new PrivilegedExceptionAction<HttpsURLConnection>() {

@Override
public HttpsURLConnection run() throws Exception {
AuthenticatedURL.Token token = new AuthenticatedURL.Token();

return (HttpsURLConnection) new AuthenticatedURL().openConnection(url, token);
}

});
}
/*connection.setDoOutput(true);
connection.setDoInput(true);
String encoding = DatatypeConverter.printBase64Binary("userName:pass".getBytes("UTF-8"));
connection.setRequestProperty("Authorization: Basic ",encoding);
*/ connection.setRequestProperty(ACCEPT, APPLICATION_XML);
connection.setRequestMethod(GET);

int responseCode = connection.getResponseCode();
if (responseCode == 200) {
String result = getString(connection.getInputStream());
connection.disconnect();
System.out.println(result);

}

}


But I am getting below error - 


Exception in thread "main" java.security.PrivilegedActionException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at com.cloudera.example.Test1.testWS(Test1.java:153)
at com.cloudera.example.Test1.main(Test1.java:131)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.jav...)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
at org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:186)
at org.apache.hadoop.security.authentication.client.AuthenticatedURL.openConnection(AuthenticatedURL.java:232)
at com.cloudera.example.Test1$2.run(Test1.java:159)
at com.cloudera.example.Test1$2.run(Test1.java:1)
... 4 more
Caused by: java.security.cert.CertificateException: No subject alternative names present
at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:144)
at sun.security.util.HostnameChecker.match(HostnameChecker.java:93)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:200)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
... 18 more

What is the problem. Do I need to generate the certificate on my machine(from where I am making REST call)?
How can I generate the certificate on my machine?

Is there any other way to invoke Cloudera Manager Rest API web services?

I want to consume stats of Impala Query in Java. 


 

Posts: 905
Kudos: 28
Solutions: 12
Registered: ‎05-27-2014

Re: How to invoke Cloudera Manager REST API Web services for Impala from Java client. Server is kerb

Hi @PranayMunshi ,

 

I did a quick research and found this thread in stackoverflow:

https://stackoverflow.com/questions/19540289/how-to-fix-the-java-security-cert-certificateexception-...

 

Hope this may help out in your situation.

 

Cheers,

Li

Li Wang, Technical Resolution Manager


Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

Learn more about the Cloudera Community:

Terms of Service

Community Guidelines

How to use the forum

Highlighted
Cloudera Employee
Posts: 217
Registered: ‎01-15-2015

Re: How to invoke Cloudera Manager REST API Web services for Impala from Java client. Server is kerb

Second lwang's answer, suggest to start your JVM with 

-Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true

see https://medium.com/@sajithekanayaka/solved-java-security-cert-certificateexception-no-subject-altern...

 

Alternatively recreate your CM server certificate with SAN extension using -ext san=... option, see shown in documenation

Announcements