PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path

Support
21

En simplifiant à l’extrême ça s’utilise comme ça (ici en POST):

HttpURLConnection h = HTTPTool.initConnectionSSL(url, "POST",  ...); // celui avec proxy
try (OutputStream out = h.getOutputStream()) {
  out.write(req.getBytes());
}
int code = h.getResponseCode();
byte[] res = Tool.readStreamToByteArray(h.getInputStream());
h.disconnect()

PS: A tester car c’est issu d’une simplification à la hache de Tool.readUrlAsByteArray j’ai peut être zappé des trucs…

22

Bonjour David,
je réveille ce post aussi : en fait, j’ai l’impression que le tool HTTPTool ne me permet pas de gérer à la fois la problématique du proxy et du mode TLS / certificat PKCS12.

Je regarde du côté du client Unirest que tu as suggéré.

23

Vu avec Unirest: tout fonctionne de manière similaire à l’implémentation “dans les couches basses”.
Unirest répond donc bien au besoin cumulé de gérer simplement le proxy et un certificat PKCS12.

J’ai juste une dernière question concernant l’extrême verbosité des logs/traces générées lors de l’exécution (à chaque appel) et que je n’arrive pas à contrôler :

2021-11-18 18:17:24,189||DEBUG|Connection released: [id: 12][route: {tls}->http://cosmos-vip.intra.renault.fr:3128->https://apis-pp.tls.renault.com:443][state: UID=awbca02, EMAILADDRESS=list.bcsi-admin@renault.com, CN=BCA awbca02 (IRN-68521), O=Renault][total available: 1; route allocated: 1 of 2; total allocated: 1 of 20]
2021-11-18 18:17:24,189||DEBUG|http-outgoing-12: set socket timeout to 0
2021-11-18 18:17:24,189||DEBUG|Connection [id: 12][route: {tls}->http://cosmos-vip.intra.renault.fr:3128->https://apis-pp.tls.renault.com:443][state: UID=awbca02, EMAILADDRESS=list.bcsi-admin@renault.com, CN=BCA awbca02 (IRN-68521), O=Renault] can be kept alive indefinitely
2021-11-18 18:17:24,188||DEBUG|Connection can be kept alive indefinitely
2021-11-18 18:17:24,188||DEBUG|http-outgoing-12 << X-Renault-Apigee-traceId: rrt-027fd08309edf0e92-a-eu-12175-93223907-1
2021-11-18 18:17:24,188||DEBUG|http-outgoing-12 << Access-Control-Max-Age: 3628800
2021-11-18 18:17:24,188||DEBUG|http-outgoing-12 << access-control-allow-origin: *
2021-11-18 18:17:24,188||DEBUG|http-outgoing-12 << access-control-allow-methods: OPTIONS
2021-11-18 18:17:24,188||DEBUG|http-outgoing-12 << access-control-allow-methods: PATCH
2021-11-18 18:17:24,188||DEBUG|http-outgoing-12 << access-control-allow-methods: DELETE
2021-11-18 18:17:24,188||DEBUG|http-outgoing-12 << access-control-allow-methods: POST
2021-11-18 18:17:24,188||DEBUG|http-outgoing-12 << access-control-allow-methods: PUT
2021-11-18 18:17:24,188||DEBUG|http-outgoing-12 << access-control-allow-methods: GET
2021-11-18 18:17:24,188||DEBUG|http-outgoing-12 << Access-Control-Allow-Headers: Cache-Control
2021-11-18 18:17:24,188||DEBUG|http-outgoing-12 << Access-Control-Allow-Headers: User-Agent
2021-11-18 18:17:24,188||DEBUG|http-outgoing-12 << Access-Control-Allow-Headers: Referrer
2021-11-18 18:17:24,188||DEBUG|http-outgoing-12 << Access-Control-Allow-Headers: Pragma
2021-11-18 18:17:24,188||DEBUG|http-outgoing-12 << Access-Control-Allow-Headers: Host
2021-11-18 18:17:24,188||DEBUG|http-outgoing-12 << Access-Control-Allow-Headers: Accept-Language
2021-11-18 18:17:24,188||DEBUG|http-outgoing-12 << Access-Control-Allow-Headers: Accept-Encoding
2021-11-18 18:17:24,188||DEBUG|http-outgoing-12 << Access-Control-Allow-Headers: Content-Type
2021-11-18 18:17:24,188||DEBUG|http-outgoing-12 << Access-Control-Allow-Headers: Accept
2021-11-18 18:17:24,188||DEBUG|http-outgoing-12 << Access-Control-Allow-Headers: x-requested-with
2021-11-18 18:17:24,188||DEBUG|http-outgoing-12 << Access-Control-Allow-Headers: Origin
2021-11-18 18:17:24,188||DEBUG|http-outgoing-12 << Access-Control-Allow-Headers: id_token
2021-11-18 18:17:24,188||DEBUG|http-outgoing-12 << Access-Control-Allow-Headers: Authorization
2021-11-18 18:17:24,188||DEBUG|http-outgoing-12 << Access-Control-Allow-Headers: apikey
2021-11-18 18:17:24,188||DEBUG|http-outgoing-12 << Connection: keep-alive
2021-11-18 18:17:24,188||DEBUG|http-outgoing-12 << Content-Length: 239
2021-11-18 18:17:24,188||DEBUG|http-outgoing-12 << Content-Type: application/json
2021-11-18 18:17:24,188||DEBUG|http-outgoing-12 << Date: Thu, 18 Nov 2021 17:17:24 GMT
2021-11-18 18:17:24,187||DEBUG|http-outgoing-12 << HTTP/1.1 403 org.mozilla.javascript.Undefined@0
2021-11-18 18:17:24,187||DEBUG|http-outgoing-12 << "{"errors":[{"errorCode":"10.02.04.01","errorMessage":"The client-id doesn't match what's already in application credentials. Received: 539f6e6b-30a0-453a-8757-73453007516a"}],"error_reference":"rrt-027fd08309edf0e92-a-eu-12175-93223907-1"}"
2021-11-18 18:17:24,187||DEBUG|http-outgoing-12 << "[\r][\n]"
2021-11-18 18:17:24,187||DEBUG|http-outgoing-12 << "X-Renault-Apigee-traceId: rrt-027fd08309edf0e92-a-eu-12175-93223907-1[\r][\n]"
2021-11-18 18:17:24,187||DEBUG|http-outgoing-12 << "Access-Control-Max-Age: 3628800[\r][\n]"
2021-11-18 18:17:24,187||DEBUG|http-outgoing-12 << "access-control-allow-origin: *[\r][\n]"
2021-11-18 18:17:24,187||DEBUG|http-outgoing-12 << "access-control-allow-methods: OPTIONS[\r][\n]"
2021-11-18 18:17:24,187||DEBUG|http-outgoing-12 << "access-control-allow-methods: PATCH[\r][\n]"
2021-11-18 18:17:24,187||DEBUG|http-outgoing-12 << "access-control-allow-methods: DELETE[\r][\n]"
2021-11-18 18:17:24,187||DEBUG|http-outgoing-12 << "access-control-allow-methods: POST[\r][\n]"
2021-11-18 18:17:24,187||DEBUG|http-outgoing-12 << "access-control-allow-methods: PUT[\r][\n]"
2021-11-18 18:17:24,187||DEBUG|http-outgoing-12 << "access-control-allow-methods: GET[\r][\n]"
2021-11-18 18:17:24,187||DEBUG|http-outgoing-12 << "Access-Control-Allow-Headers: Cache-Control[\r][\n]"
2021-11-18 18:17:24,187||DEBUG|http-outgoing-12 << "Access-Control-Allow-Headers: User-Agent[\r][\n]"
2021-11-18 18:17:24,187||DEBUG|http-outgoing-12 << "Access-Control-Allow-Headers: Referrer[\r][\n]"
2021-11-18 18:17:24,187||DEBUG|http-outgoing-12 << "Access-Control-Allow-Headers: Pragma[\r][\n]"
2021-11-18 18:17:24,187||DEBUG|http-outgoing-12 << "Access-Control-Allow-Headers: Host[\r][\n]"
2021-11-18 18:17:24,187||DEBUG|http-outgoing-12 << "Access-Control-Allow-Headers: Accept-Language[\r][\n]"
2021-11-18 18:17:24,187||DEBUG|http-outgoing-12 << "Access-Control-Allow-Headers: Accept-Encoding[\r][\n]"
2021-11-18 18:17:24,187||DEBUG|http-outgoing-12 << "Access-Control-Allow-Headers: Content-Type[\r][\n]"
2021-11-18 18:17:24,187||DEBUG|http-outgoing-12 << "Access-Control-Allow-Headers: Accept[\r][\n]"
2021-11-18 18:17:24,187||DEBUG|http-outgoing-12 << "Access-Control-Allow-Headers: x-requested-with[\r][\n]"
2021-11-18 18:17:24,187||DEBUG|http-outgoing-12 << "Access-Control-Allow-Headers: Origin[\r][\n]"
2021-11-18 18:17:24,187||DEBUG|http-outgoing-12 << "Access-Control-Allow-Headers: id_token[\r][\n]"
2021-11-18 18:17:24,187||DEBUG|http-outgoing-12 << "Access-Control-Allow-Headers: Authorization[\r][\n]"
2021-11-18 18:17:24,187||DEBUG|http-outgoing-12 << "Access-Control-Allow-Headers: apikey[\r][\n]"
2021-11-18 18:17:24,187||DEBUG|http-outgoing-12 << "Connection: keep-alive[\r][\n]"
2021-11-18 18:17:24,186||DEBUG|http-outgoing-12 << "Content-Length: 239[\r][\n]"
2021-11-18 18:17:24,186||DEBUG|http-outgoing-12 << "Content-Type: application/json[\r][\n]"
2021-11-18 18:17:24,186||DEBUG|http-outgoing-12 << "Date: Thu, 18 Nov 2021 17:17:24 GMT[\r][\n]"
2021-11-18 18:17:24,186||DEBUG|http-outgoing-12 << "HTTP/1.1 403 org.mozilla.javascript.Undefined@0[\r][\n]"
2021-11-18 18:17:24,134||DEBUG|http-outgoing-12 >> "[\r][\n]"
2021-11-18 18:17:24,134||DEBUG|http-outgoing-12 >> "tracestate: cad8c29b-98001bdc@dt=fw4;32;9f5b1882;f960;2;0;0;1fb;97e4;2h01;3h9f5b1882;4hf960;5h01;7hc3f5a96804f1e325[\r][\n]"
2021-11-18 18:17:24,134||DEBUG|http-outgoing-12 >> "traceparent: 00-87ecd444ade5786413419911e9ca07cb-c3f5a96804f1e325-01[\r][\n]"
2021-11-18 18:17:24,134||DEBUG|http-outgoing-12 >> "X-dynaTrace: FW4;-1744823332;50;-1621419902;63840;2;-891764069;507;e3c7;2h01;3h9f5b1882;4hf960;5h01;6h87ecd444ade5786413419911e9ca07cb;7hc3f5a96804f1e325[\r][\n]"
2021-11-18 18:17:24,133||DEBUG|http-outgoing-12 >> "Accept-Encoding: gzip,deflate[\r][\n]"
2021-11-18 18:17:24,133||DEBUG|http-outgoing-12 >> "User-Agent: Apache-HttpClient/4.5.13 (Java/17)[\r][\n]"
2021-11-18 18:17:24,133||DEBUG|http-outgoing-12 >> "Connection: Keep-Alive[\r][\n]"
2021-11-18 18:17:24,133||DEBUG|http-outgoing-12 >> "Host: apis-pp.tls.renault.com[\r][\n]"
2021-11-18 18:17:24,133||DEBUG|http-outgoing-12 >> "Accept: application/json[\r][\n]"
2021-11-18 18:17:24,133||DEBUG|http-outgoing-12 >> "Cache-Control: no-cache[\r][\n]"
2021-11-18 18:17:24,133||DEBUG|http-outgoing-12 >> "apikey: v2AoFcHgcTzEqImm22UtZdQ8SqvJGYlG[\r][\n]"
2021-11-18 18:17:24,133||DEBUG|http-outgoing-12 >> "Authorization: Bearer eyJraWQiOiIxNzY3IiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwczovL2lkcDIucmVuYXVsdC5jb20vbmlkcC9vYXV0aC9uYW0iLCJqdGkiOiIwYTEyZTY4My1jMzlmLTRhOWQtOWY1MC1jY2MxYjMxMzllN2UiLCJhdWQiOiI1MzlmNmU2Yi0zMGEwLTQ1M2EtODc1Ny03MzQ1MzAwNzUxNmEiLCJleHAiOjE2MzcyNTc2NDMsImlhdCI6MTYzNzI1NTg0MywibmJmIjoxNjM3MjU1ODEzLCJzdWIiOiIzOTYxMzc2MzM4MzkzODMyMmQ2NjY0NjM2NjMxMzE2NTM3MmQzODM1MzAzMjM5NjQzOTM0MmQ2MjMzMzczNzM3NjMzODY2IiwiX3B2dCI6IjM2ejVuZ0JnMm1ubEVHR2F6aDVvUGhEczRMeWlKSWFpMEVLVE8vTWJCNXB5Mktzb2hqaXJHU2ZyRWVQaWVSbUxxckpxWVZDd0pIRklqQ050eXp2ZjZJeGhYVWJjQkF1Ti9xdEVwVUMrT0J1bkdsdzJpd3FWVStWWDZKWTNwWDllVndtVHN2WDBEYUM5REc1OXBOYXdxRmhFaktDUVJweGZsTW9TOXgyK21kZU41Mno1bUE4UXNHSlBBbnM5cHI4Yjgvek04b0dNOENGL21DeWd2UXpOTHdsbzNWYlRoMkJiUlJJdHlDc0ZxTkpES21sUUNrNFdvSnZUQlVDd1hkTUl4Y3VVcGZabFc3OVpOWnBsRHh4bEtnMDMwalhncW5GTjdZSU41SU9scklIRjBLQituN3BZc3dTVzRwdHlWVE8vUHlITHZmaVVsa3U2SXo0WGJXYkxhQk1ML1o3RlBmSVdzMTcrN1k3Z2ZITmpVbUs0SzNlNHYwRjVJRUpzZCtlS3J0d2NHd0ErbVczeUtaR2JPK3lmUlVtbE0wb05YQk9kU2tqczF4RDMya0JXMWdJR3Rkc284WlUyWDc2aWQ5aFpPZE1JUjJKQ3p6WWdEaWVaYmlKNDNnWk9LTjlzOVNJVlkrY3RHbmRjUEFtcFhtVXdxMDJYTjFGcXBJUUJiV0hLL3RXWU1MRXN4RjkrWmdYUDkzdXNlOVo5aUdhTU9aL285K0hKWU40TE1WUT0uNSIsInNjb3BlIjpbImFyY2EiLCJyb2xlLWJjYS1pcm42ODUyMSJdLCJ1aWQiOiJhd2JjYTAyIiwiZmlyc3RuYW1lIjoiSXJuLTY4NTIxIiwidXNlckRpcmVjdG9yeSI6ImFyY2EiLCJwb3N0T2ZmaWNlQm94IjoiRlJFUVZOT1YzODkiLCJwcmVmZXJyZWRMYW5ndWFnZSI6IkVOIiwiY29zdENlbnRlciI6IkFBNTA0NzEiLCJwZXJzb25UeXBlIjoiY2F0QVBQSSIsImxhc3RuYW1lIjoiQmNhIiwiX3RhcmdldCI6IklkZW50aXR5UHJvdmlkZXIifQ.RiMyOo8T5n0vume2GcuLFP_k3Z-gazX0Np9f0eX4hY4bEkGea0QcI16IMC3vuVadWQBQoSkjrPU7mGN9fV-UwO_G6ST6TLfpBPiVxvAOamnKDnorwi_UrXtY5SnkB96t0IpQxd5NUwTXcHjhJPE2BWsJRuk-EP24kLpTvwfcCqF0QgPPq24IomXGCu_cDuxnGrULniHscsKQSjMtxRSSSa3UuPNcL7t4dm3PS4zNsXXA4D8yh3suQwUCkk7EN9FRQUHGfsTFpBXbCC3j0R1llWHolj4Wq7808sysMelCao1iecCHd49TthBAmsrKdGzJ5P_P1dHcetdQwvi6KQd7Sg[\r][\n]"
2021-11-18 18:17:24,133||DEBUG|http-outgoing-12 >> "Content-Type: application/json[\r][\n]"
2021-11-18 18:17:24,133||DEBUG|http-outgoing-12 >> "GET /arca/acs/v1/Role?$filter=ApplicationDomain%20eq%20'FRA'%20and%20ApplicationId%20eq%20'bcsi'%20and%20Uid%20eq%20'a068181' HTTP/1.1[\r][\n]"
2021-11-18 18:17:24,133||DEBUG|http-outgoing-12 >> tracestate: cad8c29b-98001bdc@dt=fw4;32;9f5b1882;f960;2;0;0;1fb;97e4;2h01;3h9f5b1882;4hf960;5h01;7hc3f5a96804f1e325
2021-11-18 18:17:24,133||DEBUG|http-outgoing-12 >> traceparent: 00-87ecd444ade5786413419911e9ca07cb-c3f5a96804f1e325-01
2021-11-18 18:17:24,133||DEBUG|http-outgoing-12 >> X-dynaTrace: FW4;-1744823332;50;-1621419902;63840;2;-891764069;507;e3c7;2h01;3h9f5b1882;4hf960;5h01;6h87ecd444ade5786413419911e9ca07cb;7hc3f5a96804f1e325
2021-11-18 18:17:24,133||DEBUG|http-outgoing-12 >> Accept-Encoding: gzip,deflate
2021-11-18 18:17:24,133||DEBUG|http-outgoing-12 >> User-Agent: Apache-HttpClient/4.5.13 (Java/17)
2021-11-18 18:17:24,133||DEBUG|http-outgoing-12 >> Connection: Keep-Alive
2021-11-18 18:17:24,133||DEBUG|http-outgoing-12 >> Host: apis-pp.tls.renault.com
2021-11-18 18:17:24,133||DEBUG|http-outgoing-12 >> Accept: application/json
2021-11-18 18:17:24,133||DEBUG|http-outgoing-12 >> Cache-Control: no-cache
2021-11-18 18:17:24,133||DEBUG|http-outgoing-12 >> apikey: v2AoFcHgcTzEqImm22UtZdQ8SqvJGYlG
2021-11-18 18:17:24,133||DEBUG|http-outgoing-12 >> Authorization: Bearer ...
2021-11-18 18:17:24,132||DEBUG|http-outgoing-12 >> Content-Type: application/json
2021-11-18 18:17:24,132||DEBUG|http-outgoing-12 >> GET /arca/acs/v1/Role?$filter=ApplicationDomain%20eq%20'FRA'%20and%20ApplicationId%20eq%20'bcsi'%20and%20Uid%20eq%20'a068181' HTTP/1.1
2021-11-18 18:17:24,132||DEBUG|Executing request GET /arca/acs/v1/Role?$filter=ApplicationDomain%20eq%20'FRA'%20and%20ApplicationId%20eq%20'bcsi'%20and%20Uid%20eq%20'a068181' HTTP/1.1
2021-11-18 18:17:24,132||DEBUG| issuer principal: CN=TBS X509 CA business 2, OU=TBS INTERNET CA, O=TBS INTERNET, L=Caen, ST=Calvados, C=FR
2021-11-18 18:17:24,132||DEBUG| peer alternative names: [apis-pp.tls.renault.com, www.apis-pp.tls.renault.com]
2021-11-18 18:17:24,132||DEBUG| peer principal: CN=apis-pp.tls.renault.com, OU=RENAULT SAS, O=RENAULT SAS, STREET=13 QUAI ALPHONSE LE GALLO, L=BOULOGNE-BILLANCOURT, ST=Hauts-De-Seine, OID.2.5.4.17=92100, C=FR
2021-11-18 18:17:24,131||DEBUG| negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
2021-11-18 18:17:24,131||DEBUG| negotiated protocol: TLSv1.2
2021-11-18 18:17:24,131||DEBUG|Secure session established
2021-11-18 18:17:24,000||DEBUG|Starting handshake
2021-11-18 18:17:24,000||DEBUG|Enabled cipher suites:[TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
2021-11-18 18:17:24,000||DEBUG|Enabled protocols: [TLSv1.3, TLSv1.2]
2021-11-18 18:17:23,999||DEBUG|Tunnel to target created.
2021-11-18 18:17:23,999||DEBUG|http-outgoing-12 << HTTP/1.1 200 Connection established
2021-11-18 18:17:23,999||DEBUG|http-outgoing-12 << "[\r][\n]"
2021-11-18 18:17:23,999||DEBUG|http-outgoing-12 << "HTTP/1.1 200 Connection established[\r][\n]"
2021-11-18 18:17:23,955||DEBUG|http-outgoing-12 >> "[\r][\n]"
2021-11-18 18:17:23,955||DEBUG|http-outgoing-12 >> "tracestate: cad8c29b-98001bdc@dt=fw4;32;9f5b1882;f960;1;0;0;1fb;f671;2h01;3h9f5b1882;4hf960;5h01;7hbd1dde52d4dd7dbe[\r][\n]"
2021-11-18 18:17:23,955||DEBUG|http-outgoing-12 >> "traceparent: 00-87ecd444ade5786413419911e9ca07cb-bd1dde52d4dd7dbe-01[\r][\n]"
2021-11-18 18:17:23,955||DEBUG|http-outgoing-12 >> "X-dynaTrace: FW4;-1744823332;50;-1621419902;63840;1;-891764069;507;6e8d;2h01;3h9f5b1882;4hf960;5h01;6h87ecd444ade5786413419911e9ca07cb;7hbd1dde52d4dd7dbe[\r][\n]"
2021-11-18 18:17:23,955||DEBUG|http-outgoing-12 >> "User-Agent: Apache-HttpClient/4.5.13 (Java/17)[\r][\n]"
2021-11-18 18:17:23,955||DEBUG|http-outgoing-12 >> "Host: apis-pp.tls.renault.com[\r][\n]"
2021-11-18 18:17:23,954||DEBUG|http-outgoing-12 >> "CONNECT apis-pp.tls.renault.com:443 HTTP/1.1[\r][\n]"
2021-11-18 18:17:23,954||DEBUG|http-outgoing-12 >> tracestate: cad8c29b-98001bdc@dt=fw4;32;9f5b1882;f960;1;0;0;1fb;f671;2h01;3h9f5b1882;4hf960;5h01;7hbd1dde52d4dd7dbe
2021-11-18 18:17:23,954||DEBUG|http-outgoing-12 >> traceparent: 00-87ecd444ade5786413419911e9ca07cb-bd1dde52d4dd7dbe-01
2021-11-18 18:17:23,954||DEBUG|http-outgoing-12 >> X-dynaTrace: FW4;-1744823332;50;-1621419902;63840;1;-891764069;507;6e8d;2h01;3h9f5b1882;4hf960;5h01;6h87ecd444ade5786413419911e9ca07cb;7hbd1dde52d4dd7dbe
2021-11-18 18:17:23,954||DEBUG|http-outgoing-12 >> User-Agent: Apache-HttpClient/4.5.13 (Java/17)
2021-11-18 18:17:23,954||DEBUG|http-outgoing-12 >> Host: apis-pp.tls.renault.com
2021-11-18 18:17:23,954||DEBUG|http-outgoing-12 >> CONNECT apis-pp.tls.renault.com:443 HTTP/1.1
2021-11-18 18:17:23,954||DEBUG|Connection established 172.18.0.3:44078<->138.21.169.36:3128
2021-11-18 18:17:23,953||DEBUG|Connecting to cosmos-vip.intra.renault.fr/138.21.169.36:3128
2021-11-18 18:17:23,952||DEBUG|Opening connection {tls}->http://cosmos-vip.intra.renault.fr:3128->https://apis-pp.tls.renault.com:443
2021-11-18 18:17:23,952||DEBUG|Connection leased: [id: 12][route: {tls}->http://cosmos-vip.intra.renault.fr:3128->https://apis-pp.tls.renault.com:443][total available: 0; route allocated: 1 of 2; total allocated: 1 of 20]
2021-11-18 18:17:23,951||DEBUG|Connection request: [route: {tls}->http://cosmos-vip.intra.renault.fr:3128->https://apis-pp.tls.renault.com:443][total available: 0; route allocated: 0 of 2; total allocated: 0 of 20]
2021-11-18 18:17:23,951||DEBUG|Auth cache not set in the context
2021-11-18 18:17:23,951||DEBUG|CookieSpec selected: default

NB:

  • J’avais déjà ce niveau de logs avec mon code précédent instanciant directement les classes org.apache.http.client et org.apache.http.ssl
  • Si je fais appel à HTTPTool, je n’ai pas toutes ces logs/traces.

J’ai peut-être activé un mode DEBUG quelque-part mais je ne retrouve pas où (et je retrouve ces logs sur l’instance Cloud bcsi.renault.simplicite.io sur laquelle je n’ai fait qu’installer mon code).

Voici le code testé :

public static JSONObject getJSONObject(Grant grant, String url, String token, String apiKey) {
		AppLog.warning("Unirest.get("+url+")", null, grant);
		Unirest.config()
						.clientCertificateStore(CERTIFICATE_PATH, CERTIFICATE_PASSWORD);
						
		boolean needProxy = !url.startsWith(Grant.getSystemAdmin().getContextURL());
		if (needProxy) {
			String proxyData = Grant.getSystemAdmin().getParameter("RENAULT_PROXY");
			String proxyHost = null;
			String proxyPort = null;
			if (StringUtils.isNotBlank(proxyData)) {
				String[] proxyDataPart = proxyData.split(",");
				proxyHost = proxyDataPart[0].trim();
				proxyPort = proxyDataPart[1].trim();
			} else {
				if (url.startsWith("https")) {
					proxyHost = System.getProperty("https.proxyHost");
					proxyPort = System.getProperty("https.proxyPort");
				} else {
					proxyHost = System.getProperty("http.proxyHost");
					proxyPort = System.getProperty("http.proxyPort");
				}
			}
			return new JSONObject(Unirest.get(url)
				.proxy(proxyHost, Integer.parseInt(proxyPort))
				.header(HttpHeaders.CONTENT_TYPE, "application/json")
				.header(HttpHeaders.AUTHORIZATION, "Bearer " + token)
				.header("apikey", apiKey)
				.header(HttpHeaders.CACHE_CONTROL, "no-cache")
				.header(HttpHeaders.ACCEPT, "application/json")
				.asString()
				.getBody());
		} else {
			return new JSONObject(Unirest.get(url)
				.header(HttpHeaders.CONTENT_TYPE, "application/json")
				.header(HttpHeaders.AUTHORIZATION, "Bearer " + token)
				.header("apikey", apiKey)
				.header(HttpHeaders.CACHE_CONTROL, "no-cache")
				.header(HttpHeaders.ACCEPT, "application/json")
				.asString()
				.getBody());
		}
	}
24

Il faut sans doute remonter le niveau de log (à INFO, WARN ou ERROR) pour les classes ad hoc - ou plus globalement - à faire dans le log4j2.xml et/ou le logging.properties.

25

OK merci.

Je suis à peu près sûr de ne pas avoir modifié ces fichiers de configuration (sauf sur mes instances Docker locales)

Est-il possible que le niveau de DEBUG ait été activé par défaut dans les images Simplicité générées pour Renault en octobre lorsque je cherchais à comprendre pourquoi les certificats (et chaînes de certification) n’étaient pas bien pris en compte ?

26

Dans le log4j2.xml par défaut:

image
image1356×486 45.2 KB

En tout cas si c’est du Log4j (ou du slf4j qu’on fait gérer par Log4j)

27

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.