I am trying the tlssimple example:
but when trying to start the worker i, get the exception:
|
WorkflowServiceStubs service = |
|
WorkflowServiceStubs.newInstance( |
|
WorkflowServiceStubsOptions.newBuilder() |
|
.setSslContext(SimpleSslContextBuilder.forPKCS8(clientCert, clientKey).build()) |
|
.build()); |
tlssimple example is gving this exception when tryig to start worker: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address 127.0.0.1 found
I wasn’t able to reproduce your particular error, but tried locally and this worked for me (java sdk version 1.12.0):
WorkflowServiceStubs service = null;
try {
service =
WorkflowServiceStubs.newServiceStubs(
WorkflowServiceStubsOptions.newBuilder()
.setSslContext(
SimpleSslContextBuilder.forPKCS8(CLIENT_CERT, CLIENT_KEY)
.setUseInsecureTrustManager(true)
.build())
.build());
} catch (SSLException e) {
e.printStackTrace();
}
i added .setUseInsecureTrustManager(true) and now i get
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: decrypt_error
at sun.security.ssl.Alert.createSSLException(Alert.java:131)
Whats the java and temporal java sdk version you are using?
Could you provide your code to reproduce this error?
i tried
WorkflowServiceStubs service =
WorkflowServiceStubs.newInstance(
WorkflowServiceStubsOptions.newBuilder()
.setSslContext(SimpleSslContextBuilder.forPKCS8(clientCert, clientKey).setUseInsecureTrustManager(true).build())
.build());
and now i get
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: decrypt_error
at sun.security.ssl.Alert.createSSLException(Alert.java:131)
at sun.security.ssl.Alert.createSSLException(Alert.java:117)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:357)
at sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
at sun.security.ssl.TransportContext.dispatch(TransportContext.java:203
package com.crisil.workflow.worker;
import moneytransferapp.Shared;
import io.temporal.client.WorkflowClient;
import io.temporal.serviceclient.WorkflowServiceStubs;
import io.temporal.serviceclient.WorkflowServiceStubsOptions;
import io.temporal.worker.Worker;
import io.temporal.worker.WorkerFactory;
import com.crisil.workflow.activity.common.impl.CommonActivityImpl;
import com.crisil.workflow.workflow.impl.WASscenarioexpansionImpl;
import com.crisil.workflow.activity.impl.WASActivityscenarioexpansionImpl;
import com.crisil.workflow.workflow.impl.WASgetDataForCreateScenarioPageImpl;
import com.crisil.workflow.activity.impl.WASActivitygetDataForCreateScenarioPageImpl;
import com.crisil.workflow.workflow.impl.WASgetDataForrfsetsPageImpl;
import com.crisil.workflow.activity.impl.WASActivitygetDataForrfsetsPageImpl;
import com.crisil.workflow.workflow.impl.WASevalrfsetsImpl;
import com.crisil.workflow.activity.impl.WASActivityevalrfsetsImpl;
import io.temporal.serviceclient.SimpleSslContextBuilder;
import java.io.FileInputStream;
import java.io.InputStream;
// @@@SNIPSTART money-transfer-project-template-java-worker
public class WASWorkerscenarioexpansion {
public static void main(String[] args) throws Exception {
InputStream clientCert = new FileInputStream("C:\\data\\certs\\ca.cert");
// PKCS8 client key, which should look like:
// -----BEGIN PRIVATE KEY-----
// ...
// -----END PRIVATE KEY-----
//InputStream clientKey = new FileInputStream("C:\\data\\certs\\client.pfx");
InputStream clientKey = new FileInputStream("C:\\data\\certs\\client.key");
// For Temporal Cloud this would likely be ${namespace}.tmprl.cloud:7233
// String targetEndpoint = System.getenv("TEMPORAL_ENDPOINT");
// Your registered Namespace.
//String namespace = System.getenv("TEMPORAL_NAMESPACE");
// Create SSL enabled client by passing SslContext, created by SimpleSslContextBuilder.
// SimpleSslContextBuilder.forPKCS8(clientCert, clientKey).build();
// WorkflowServiceStubs service =
// WorkflowServiceStubs.newInstance(
// WorkflowServiceStubsOptions.newBuilder()
// .setSslContext(SimpleSslContextBuilder.forPKCS12( clientKey).build())
WorkflowServiceStubs service =
WorkflowServiceStubs.newInstance(
WorkflowServiceStubsOptions.newBuilder()
.setSslContext(SimpleSslContextBuilder.forPKCS8(clientCert, clientKey).setUseInsecureTrustManager(true).build())
.build());
// WorkflowServiceStubs is a gRPC stubs wrapper that talks to the local Docker instance of the Temporal server.
//WorkflowServiceStubs service = WorkflowServiceStubs.newInstance();
WorkflowClient client = WorkflowClient.newInstance(service);
// Worker factory is used to create Workers that poll specific Task Queues.
WorkerFactory factory = WorkerFactory.newInstance(client);
Worker worker = factory.newWorker("WAS_TASK_QUEUE_scenarioexpansion");
// This Worker hosts both Workflow and Activity implementations.
// Workflows are stateful so a type is needed to create instances.
worker.registerWorkflowImplementationTypes(WASscenarioexpansionImpl.class,WASgetDataForCreateScenarioPageImpl.class,WASgetDataForrfsetsPageImpl.class,WASevalrfsetsImpl.class);
// Activities are stateless and thread safe so a shared instance is used.
worker.registerActivitiesImplementations(new CommonActivityImpl(), new WASActivityscenarioexpansionImpl(),new WASActivitygetDataForCreateScenarioPageImpl(),new WASActivitygetDataForrfsetsPageImpl(),new WASActivityevalrfsetsImpl());
// Start listening to the Task Queue.
factory.start();
}
}
// @@@SNIPEND
I believe that your
InputStream clientCert = new FileInputStream("C:\\data\\certs\\ca.cert");
should be using the pem file:
InputStream clientCert = new FileInputStream("C:\\data\\certs\\client.pem");
make sure you are also using the certs that are generated
by generate-test-certs.sh
package com.crisil.workflow.worker;
import moneytransferapp.Shared;
import io.temporal.client.WorkflowClient;
import io.temporal.serviceclient.WorkflowServiceStubs;
import io.temporal.serviceclient.WorkflowServiceStubsOptions;
import io.temporal.worker.Worker;
import io.temporal.worker.WorkerFactory;
import com.crisil.workflow.activity.common.impl.CommonActivityImpl;
import com.crisil.workflow.workflow.impl.WASscenarioexpansionImpl;
import com.crisil.workflow.activity.impl.WASActivityscenarioexpansionImpl;
import com.crisil.workflow.workflow.impl.WASgetDataForCreateScenarioPageImpl;
import com.crisil.workflow.activity.impl.WASActivitygetDataForCreateScenarioPageImpl;
import com.crisil.workflow.workflow.impl.WASgetDataForrfsetsPageImpl;
import com.crisil.workflow.activity.impl.WASActivitygetDataForrfsetsPageImpl;
import com.crisil.workflow.workflow.impl.WASevalrfsetsImpl;
import com.crisil.workflow.activity.impl.WASActivityevalrfsetsImpl;
import io.temporal.serviceclient.SimpleSslContextBuilder;
import java.io.FileInputStream;
import java.io.InputStream;
// @@@SNIPSTART money-transfer-project-template-java-worker
public class WASWorkerscenarioexpansion {
public static void main(String[] args) throws Exception {
InputStream clientCert = new FileInputStream("C:\\data\\certs\\ca.cert");
// PKCS8 client key, which should look like:
// -----BEGIN PRIVATE KEY-----
// ...
// -----END PRIVATE KEY-----
//InputStream clientKey = new FileInputStream("C:\\data\\certs\\client.pfx");
InputStream clientKey = new FileInputStream("C:\\data\\certs\\client.key");
// For Temporal Cloud this would likely be ${namespace}.tmprl.cloud:7233
// String targetEndpoint = System.getenv("TEMPORAL_ENDPOINT");
// Your registered Namespace.
//String namespace = System.getenv("TEMPORAL_NAMESPACE");
// Create SSL enabled client by passing SslContext, created by SimpleSslContextBuilder.
// SimpleSslContextBuilder.forPKCS8(clientCert, clientKey).build();
// WorkflowServiceStubs service =
// WorkflowServiceStubs.newInstance(
// WorkflowServiceStubsOptions.newBuilder()
// .setSslContext(SimpleSslContextBuilder.forPKCS12( clientKey).build())
WorkflowServiceStubs service =
WorkflowServiceStubs.newInstance(
WorkflowServiceStubsOptions.newBuilder()
.setSslContext(SimpleSslContextBuilder.forPKCS8(clientCert, clientKey).setUseInsecureTrustManager(true).build())
.build());
// WorkflowServiceStubs is a gRPC stubs wrapper that talks to the local Docker instance of the Temporal server.
//WorkflowServiceStubs service = WorkflowServiceStubs.newInstance();
WorkflowClient client = WorkflowClient.newInstance(service);
// Worker factory is used to create Workers that poll specific Task Queues.
WorkerFactory factory = WorkerFactory.newInstance(client);
Worker worker = factory.newWorker("WAS_TASK_QUEUE_scenarioexpansion");
// This Worker hosts both Workflow and Activity implementations.
// Workflows are stateful so a type is needed to create instances.
worker.registerWorkflowImplementationTypes(WASscenarioexpansionImpl.class,WASgetDataForCreateScenarioPageImpl.class,WASgetDataForrfsetsPageImpl.class,WASevalrfsetsImpl.class);
// Activities are stateless and thread safe so a shared instance is used.
worker.registerActivitiesImplementations(new CommonActivityImpl(), new WASActivityscenarioexpansionImpl(),new WASActivitygetDataForCreateScenarioPageImpl(),new WASActivitygetDataForrfsetsPageImpl(),new WASActivityevalrfsetsImpl());
// Start listening to the Task Queue.
factory.start();
}
}
// @@@SNIPEND
yes, using the certs that are generated by generate-test-certs.sh
issue is resolved,
I changed
InputStream clientCert = new FileInputStream("C:\\data\\certs\\ca.cert");
to
InputStream clientCert = new FileInputStream(“C:\data\certs\client.pem”);