TimeOutError when using "HttpUtil.executeUrl"

error
timeouts
httputil
Tags: #<Tag:0x00007f6ce145c400> #<Tag:0x00007f6ce145c2c0> #<Tag:0x00007f6ce145c180>

(Stephan Pilz) #21

Hello Martin,

Sorry for the late answer. Please let me answer your first topic about the keytool. I have only one keytool in my system (not one for each JRT). The /etc/alternatives/keytool is a symlink to /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/bin/keytool. So I think, this is the correct version for JRT8 and this version I was used to install the certificate.

Now I had time for a test without trustAllCerts. The test was failed with exception, that no known certificate was found. I tried 2 versions. First version without this lines of code:
//SSLContext sc = SSLContext.getInstance(“TLS”);
//sc.init(null, trustAllCerts, new java.security.SecureRandom());
//javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
Second version without a trustAllCerts object:
SSLContext sc = SSLContext.getInstance(“TLS”);
sc.init(null, null, new java.security.SecureRandom());
javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

Both version trows the same exeception. So my statement is, that I must set the path to the keystore inside the code AND I must trustAllCerts. Here is the exception:

20:55:51.593 [DEBUG] [ig.internal.data.TankerkoenigService] - Error in executeGetRequest:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)[:1.8.0_65]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)[:1.8.0_65]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)[:1.8.0_65]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)[:1.8.0_65]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)[:1.8.0_65]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)[:1.8.0_65]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)[:1.8.0_65]
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)[:1.8.0_65]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)[:1.8.0_65]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)[:1.8.0_65]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)[:1.8.0_65]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)[:1.8.0_65]
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)[:1.8.0_65]
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)[:1.8.0_65]
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1513)[:1.8.0_65]
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)[:1.8.0_65]
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)[:1.8.0_65]
at org.openhab.binding.tankerkoenig.internal.data.TankerkoenigService.executeGetRequest(TankerkoenigService.java:120)[251:org.openhab.binding.tankerkoenig:2.2.0.201711141822]
at org.openhab.binding.tankerkoenig.internal.data.TankerkoenigService.getTankerkoenigDetailResult(TankerkoenigService.java:191)[251:org.openhab.binding.tankerkoenig:2.2.0.201711141822]
at org.openhab.binding.tankerkoenig.internal.data.TankerkoenigService.getStationDetailData(TankerkoenigService.java:61)[251:org.openhab.binding.tankerkoenig:2.2.0.201711141822]
at org.openhab.binding.tankerkoenig.handler.StationHandler.updateDetailData(StationHandler.java:156)[251:org.openhab.binding.tankerkoenig:2.2.0.201711141822]
at org.openhab.binding.tankerkoenig.handler.StationHandler$1.run(StationHandler.java:94)[251:org.openhab.binding.tankerkoenig:2.2.0.201711141822]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)[:1.8.0_65]
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)[:1.8.0_65]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)[:1.8.0_65]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)[:1.8.0_65]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)[:1.8.0_65]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)[:1.8.0_65]
at java.lang.Thread.run(Thread.java:745)[:1.8.0_65]
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)[:1.8.0_65]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)[:1.8.0_65]
at sun.security.validator.Validator.validate(Validator.java:260)[:1.8.0_65]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)[:1.8.0_65]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)[:1.8.0_65]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)[:1.8.0_65]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)[:1.8.0_65]
… 24 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146)[:1.8.0_65]
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)[:1.8.0_65]
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)[:1.8.0_65]
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)[:1.8.0_65]
… 30 more
20:55:51.593 [DEBUG] [.tankerkoenig.handler.StationHandler] - Caught exception in ScheduledExecutorService of TankerkoenigHandler. RuntimeExcetion: {}
java.lang.NullPointerException
at org.openhab.binding.tankerkoenig.handler.StationHandler.updateDetailData(StationHandler.java:158)[251:org.openhab.binding.tankerkoenig:2.2.0.201711141822]
at org.openhab.binding.tankerkoenig.handler.StationHandler$1.run(StationHandler.java:94)[251:org.openhab.binding.tankerkoenig:2.2.0.201711141822]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)[:1.8.0_65]
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)[:1.8.0_65]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)[:1.8.0_65]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)[:1.8.0_65]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)[:1.8.0_65]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)[:1.8.0_65]
at java.lang.Thread.run(Thread.java:745)[:1.8.0_65]
20:55:51.622 [DEBUG] [ig.internal.data.TankerkoenigService] - getTankerkoenigDetailResult jsonData : null
20:55:51.624 [DEBUG] [.tankerkoenig.handler.StationHandler] - Caught exception in ScheduledExecutorService of TankerkoenigHandler. RuntimeExcetion: {}
java.lang.NullPointerException
at org.openhab.binding.tankerkoenig.handler.StationHandler.updateDetailData(StationHandler.java:158)[251:org.openhab.binding.tankerkoenig:2.2.0.201711141822]
at org.openhab.binding.tankerkoenig.handler.StationHandler$1.run(StationHandler.java:94)[251:org.openhab.binding.tankerkoenig:2.2.0.201711141822]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)[:1.8.0_65]
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)[:1.8.0_65]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)[:1.8.0_65]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)[:1.8.0_65]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)[:1.8.0_65]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)[:1.8.0_65]
at java.lang.Thread.run(Thread.java:745)[:1.8.0_65]


(Martin van Wingerden) #22

Can we do some more checks, because configuring a trust-all is not an option in the generic tool.

Can you check the following:

The java version (see https://stackoverflow.com/questions/34110426/does-java-support-lets-encrypt-certificates)

$ java -version

And the following commands

pi@k2 ~ $ readlink -f `which java`
/usr/lib/jvm/java-8-oracle/jre/bin/java
pi@k2 ~ $ readlink -f `which keytool`
/usr/lib/jvm/java-8-oracle/jre/bin/keytool
# substitute with the correct path maybe check the last modified of the files
pi@k2 ~ $ stat /usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts
pi@k2 ~ $ keytool -list -v -keystore /usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts

(Stephan Pilz) #23

pi@pi:~ $ java -version
java version "1.8.0_65"
Java™ SE Runtime Environment (build 1.8.0_65-b17)
Java HotSpot™ Client VM (build 25.65-b01, mixed mode)
pi@pi:~ $ readlink -f which java
/usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/bin/java
pi@pi:~ $ readlink -f which keytool
/usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/bin/keytool
pi@pi:~ $ stat /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/security/cacerts
Datei: „/usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/security/cacerts“
Größe: 101984 Blöcke: 200 EA Block: 4096 reguläre Datei
Gerät: b307h/45831d Inode: 179669 Verknüpfungen: 1
Zugriff: (0644/-rw-r–r--) Uid: ( 0/ root) Gid: ( 0/ root)
Zugriff : 2017-06-08 22:21:48.000000000 +0200
Modifiziert: 2017-11-11 18:15:32.524204644 +0100
Geändert : 2017-11-11 18:15:32.524204644 +0100
Geburt : -
pi@pi:~ $ keytool -list -v -keystore /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/security/cacerts
Keystore-Kennwort eingeben:
x.json (129.0 KB)

Please rename it to txt

I’m be with you, that trustAllCerts is not an option for official. But I think, it’s a good idea, to provide for all things a configuration param in the bridge (KeystorePath, KeystorePass, CertAlias, TrustAllCerts, UseSimpleMode (HttpUtils)


(Martin van Wingerden) #24

[Update 2016-06-08: According to https://bugs.openjdk.java.net/browse/JDK-8154757 the IdenTrust CA will be included in Oracle Java 8u101.]

[Update 2016-08-05: Java 8u101 has been released and does indeed include the IdenTrust CA: release notes]

Can you upgrade to a newer version?


(Stephan Pilz) #25

Currently I have not enough free space on my pi. Before I can make a java update, I must buy a bigger sdcard and move the system. I don’t know, when I have time for this. Sorry.


(Martin van Wingerden) #26

@opus as far as I read and find our tankerkoening uses Let’s encrypt and according to the source above the certificates are natively supported starting from version 101. If anyone else could test this we could update the readme to include it.


(Jürgen Baginski) #27

I’m not questioning that, just out of curiosity where did you find that?

OFF TOPIC: funny, you do the same typos on tankerkoenig as me!

Always standing by to do updates (best after returning home on Tuesday).


(Martin van Wingerden) #28

I checked there server and viewed their certificate saw that it was lets encrypt, I remember others having problems with them to because they have their own root certificate.

I just now searched in the community forum (I remembered vaguely that it was something with my.openhab.org) and found this topic My.openhab.org is online // iOS app doesn't show sitemap -> Solution: Java update!

Maybe @Dojokun is also helped by this post My.openhab.org is online // iOS app doesn't show sitemap -> Solution: Java update!


(Jürgen Baginski) #29

I was going to refer to that problem with myopenhab and the minimum required java version, in order not to suggest such a change in the readme. But it looks like this kind of setup (with older java versions) is sticking around a little longer. So…

If the error of @Dojokun is related to that, the initial problem would be “solved”. :sweat:

I can’t test (at least not in here) such a regression since the notebook I have in here is just handling what is has, end of life is expected on Tuesday.


(Stephan Pilz) #30

Hello together,

I’ve a new and bigger SD card installed and I’ve updated my Java to the version:
java version "1.8.0_151"
Java™ SE Runtime Environment (build 1.8.0_151-b12)
Java HotSpot™ Client VM (build 25.151-b12, mixed mode)

When I try the official Tankerkoenig Binding (Version 2.1.0) I get for the most stations a valid result, but only by one I get an exception. I remember me, that Jürgen has fixed this problem with the null value in the response JSON in an unofficial version.

@Jürgen:
Right?

I think, we can publish, that the java version is important for the binding. If the exception is fixed in an official binding, I will used it. Until then, I use my private binding.

13:53:42.812 [DEBUG] [ig.internal.data.TankerkoenigService] - getTankerkoenigDetailResult jsonData : {“ok”:true,“license”:“CC BY 4.0 - https://creativecommons.tankerkoenig.de”,“data”:“MTS-K”,“status”:“ok”,“station”:{“id”:“b4d96bec-b357-439e-bc21-d0fddd8ef843”,“name”:“KESSELSDORF, SACHSENALLEE.”,“brand”:“Shell”,“street”:“SACHSENALLEE 1”,“houseNumber”:"",“postCode”:1723,“place”:“KESSELSDORF”,“openingTimes”:[{“text”:“t\u00e4glich”,“start”:“02:00:00”,“end”:“01:30:00”}],“overrides”:[],“wholeDay”:false,“isOpen”:true,“e5”:1.369,“e10”:null,“diesel”:1.209,“lat”:51.035035,“lng”:13.584056,“state”:null}}
13:53:42.826 [DEBUG] [.tankerkoenig.handler.StationHandler] - Caught exception in ScheduledExecutorService of TankerkoenigHandler. RuntimeExcetion: {}
java.lang.UnsupportedOperationException: JsonNull
at com.google.gson.JsonElement.getAsDouble(JsonElement.java:204)[10:com.google.gson:2.3.1]
at org.openhab.binding.tankerkoenig.internal.serializer.CustomTankerkoenigDetailResultDeserializer.deserialize(CustomTankerkoenigDetailResultDeserializer.java:41)[256:org.openhab.binding.tankerkoenig:2.1.0]
at org.openhab.binding.tankerkoenig.internal.serializer.CustomTankerkoenigDetailResultDeserializer.deserialize(CustomTankerkoenigDetailResultDeserializer.java:1)[256:org.openhab.binding.tankerkoenig:2.1.0]
at com.google.gson.TreeTypeAdapter.read(TreeTypeAdapter.java:58)[10:com.google.gson:2.3.1]
at com.google.gson.Gson.fromJson(Gson.java:810)[10:com.google.gson:2.3.1]
at com.google.gson.Gson.fromJson(Gson.java:775)[10:com.google.gson:2.3.1]
at com.google.gson.Gson.fromJson(Gson.java:724)[10:com.google.gson:2.3.1]
at com.google.gson.Gson.fromJson(Gson.java:696)[10:com.google.gson:2.3.1]
at org.openhab.binding.tankerkoenig.internal.data.TankerkoenigService.getTankerkoenigDetailResult(TankerkoenigService.java:92)[256:org.openhab.binding.tankerkoenig:2.1.0]
at org.openhab.binding.tankerkoenig.internal.data.TankerkoenigService.getStationDetailData(TankerkoenigService.java:48)[256:org.openhab.binding.tankerkoenig:2.1.0]
at org.openhab.binding.tankerkoenig.handler.StationHandler.updateDetailData(StationHandler.java:133)[256:org.openhab.binding.tankerkoenig:2.1.0]
at org.openhab.binding.tankerkoenig.handler.StationHandler$1.run(StationHandler.java:90)[256:org.openhab.binding.tankerkoenig:2.1.0]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)[:1.8.0_151]
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)[:1.8.0_151]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)[:1.8.0_151]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)[:1.8.0_151]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)[:1.8.0_151]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)[:1.8.0_151]
at java.lang.Thread.run(Thread.java:748)[:1.8.0_151]


(Jürgen Baginski) #31

The “unofficial” version is the one that comes with the Snapshot version ( i.e. 2.2), didn’t I share the .jar of this updated binding in your original thread? You should also be able to use any of the .jars which I changed for you in order to have a longer TimeOut.

Reference your suggestion to mention the required Java Version in the docs of the binding, Yes, as already stated above, I will definitely put that into the docs.

In other words, I can “solve” this thread (and you could mark your original thread as soved as well?)