Looking to see if anyone else has experience with DigiCert's automation software to help me out with a problem. Simply put, the automation sensor fails on the POST to AXAPI when attempting to update the client-ssl template. The client-ssl template is the resource that contains the instructions for handling HTTPS for a tcp/443 VIP port, which includes the references to the cert, key and chain cert (among many other things).
Digicert's own documentation is lacking aside from simply setting up the connection to the load balancer from the sensor, and I've been working with an escalation engineer for a multiple weeks now, who confessed to me that his responses are delayed because he doesn't have an A10 for replicating the problem and relies on coordination of this issue with his India-based dev team (who does have an A10. The engineer working on this and myself are located in USA, thus the delay in back and forth communications.
This seems like a simple straightforward process here, and our A10 configurations are not terribly complex.
So here is what I'm seeing from the sensor logs (minus some redactions):
`ID: 445
Address: https://10.xx.xx.xx:443/axapi/v3/slb/template/client-ssl
Http-Method: POST
Content-Type: application/json
Headers: {Authorization=[A10 6144xxxxxxx8207], Accept=[application/json], Cache-Control=[no-cache], Content-Type=[application/json]}
Payload: {"client-ssl":{"session-cache-timeout":0,"server-name-list":[],"cert":"mycert.crt","sni-bypass-enable-log":0,"enable-tls-alert-logging":0,"certificate-list":[{"cert":"test.mycert","key":"test.mycert","chain-cert":"DigiCert_SHA2_High_Assurance_Server_CA_intermediate","shared":0,"uuid":"f200f5f2-9374-11ed-9145-d99b8f82c36b","a10-url":"/axapi/v3/slb/template/client-ssl/test-mycert/certificate/test.mycert"}],"authorization":0,"local-logging":0,"disable-sslv3":1,"sni-bypass-missing-cert":0,"key":"test.mykey","session-ticket-lifetime":0,"chain-cert":"ica-test.mychaincert.crt","shared-partition-cipher-template":0,"sni-bypass-expired-cert":0,"close-notify":0,"session-ticket-disable":0,"early-data":0,"ocsp-stapling":0,"client-certificate":"Ignore","server-name-auto-map":0,"session-cache-size":0,"version":34,"renegotiation-disable":0,"name":"test.mycert","handshake-logging-enable":0,"ssl-false-start-disable":0,"direct-client-server-auth":0,"dgversion":31}}
2023-01-13 14:10:01,936 DEBUG transport.http.Headers - Accept: application/json
2023-01-13 14:10:01,936 DEBUG transport.http.Headers - Authorization: A10 6144000000150c8bc682cf4c32bd8207
2023-01-13 14:10:01,936 DEBUG transport.http.Headers - Cache-Control: no-cache
2023-01-13 14:10:01,936 DEBUG transport.http.Headers - Content-Type: application/json
2023-01-13 14:10:01,936 DEBUG transport.http.HTTPConduit - No Trust Decider for Conduit '{https://10.xx.xx.xx:443/axapi/v3/slb/template/client-ssl}WebClient.http-conduit'. An afirmative Trust Decision is assumed.
2023-01-13 14:10:01,982 DEBUG transport.http.HTTPConduit - Sending POST Message with Headers to https://10.xx.xx.xx:443/axapi/v3/slb/template/client-ssl Conduit :{https://10.xx.xx.xx:443/axapi/v3/slb/template/client-ssl}WebClient.http-conduit
2023-01-13 14:10:02,390 DEBUG cxf.phase.PhaseInterceptorChain - Adding interceptor org.apache.cxf.ws.policy.PolicyInInterceptor#480fe6df to phase receive
2023-01-13 14:10:02,390 DEBUG cxf.phase.PhaseInterceptorChain - Adding interceptor com.digicert.trustgateway.agentless.a10.service.rest.cxf.CustomLogInInterceptor#214027f8 to phase receive
2023-01-13 14:10:02,390 DEBUG cxf.phase.PhaseInterceptorChain - Adding interceptor org.apache.cxf.jaxrs.client.spec.ClientResponseFilterInterceptor#214cbf7e to phase pre-protocol-frontend
2023-01-13 14:10:02,390 DEBUG cxf.phase.PhaseInterceptorChain - Chain org.apache.cxf.phase.PhaseInterceptorChain#2f37e187 was created. Current flow:
receive [PolicyInInterceptor, CustomLogInInterceptor]
pre-protocol-frontend [ClientResponseFilterInterceptor]
2023-01-13 14:10:02,390 DEBUG cxf.phase.PhaseInterceptorChain - Invoking handleMessage on interceptor org.apache.cxf.ws.policy.PolicyInInterceptor#480fe6df
2023-01-13 14:10:02,390 DEBUG cxf.phase.PhaseInterceptorChain - Invoking handleMessage on interceptor com.digicert.trustgateway.agentless.a10.service.rest.cxf.CustomLogInInterceptor#214027f8
2023-01-13 14:10:02,390 INFO cxf.interceptor.LoggingInInterceptor - Inbound Message
ID: 445
Response-Code: 400
Encoding: ISO-8859-1
Content-Type: application/json
Headers: {Cache-Control=[max-age=0, no-cache, no-store, must-revalidate], connection=[close], Content-Length=[199], content-type=[application/json], Date=[Fri, 13 Jan 2023 19:10:01 GMT], Referrer-Policy=[no-referrer-when-downgrade], Server=[Apache], Strict-Transport-Security=[max-age=31536000; includeSubDomains], X-Content-Type-Options=[nosniff], X-Frame-Options=[SAMEORIGIN], X-XSS-Protection=[1; mode=block]}
Payload: {
"response": {
"status": "fail",
"err": {
"code": 67108919,
"from": "BACKEND",
"msg": "Cannot use this command while corresponding deprecated commands in use"
}
}
}
`
Related
I am getting this error in my mulesoft application while making a search call to NetSuite connector (v11.5.12).
org.apache.cxf.phase.PhaseInterceptorChain: Interceptor for {http://client.internal.soap.mule.org/}ProxyService#{http://client.internal.soap.mule.org/}invoke has thrown exception, unwinding now
java.lang.NullPointerException: charsetName
This error has suddenly started to come in the production environment. I am not able to replicate the same in lower environment.
Mule Application is deployment on Anypoint CloudHub with Mule Runtime version 4.4.0
NetSuite connector version v11.5.12
No recent changes deployed to production, existing application started to throw this error while searching
I enabled NetSuite Debug Logger and below are the logs it generated.
DEBUG 2023-02-15 13:50:53,636 [[finance-bulk-api].NetSuite_Config.04 SelectorRunner] [processor: netsuite-advance-search/processors/1/processors/0/processors/0; event: a91c2ba0-ad09-11ed-b6b5-88665a243a09] org.mule.service.http.impl.service.HttpMessageLogger.NetSuite_Config: REQUESTER
POST /services/NetSuitePort_2021_1 HTTP/1.1
SOAPAction: search
Host: 1111.suitetalk.api.netsuite.com
User-Agent: AHC/1.0
Connection: keep-alive
Accept: */*
Content-Type: text/xml
Transfer-Encoding: chunked
c57
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><preferences xmlns="urn:messages_2021_1.platform.webservices.netsuite.com"><warningAsError>false</warningAsError><disableMandatoryCustomFieldValidation>false</disableMandatoryCustomFieldValidation><disableSystemNotesForCustomFields>false</disableSystemNotesForCustomFields><ignoreReadOnlyFields>false</ignoreReadOnlyFields><runServerSuiteScriptAndTriggerWorkflows>false</runServerSuiteScriptAndTriggerWorkflows></preferences><tokenPassport xmlns="urn:messages_2021_1.platform.webservices.netsuite.com"><account xmlns="urn:core_2021_1.platform.webservices.netsuite.com">****</account><consumerKey xmlns="urn:core_2021_1.platform.webservices.netsuite.com">*****</consumerKey><token xmlns="urn:core_2021_1.platform.webservices.netsuite.com">****</token><nonce xmlns="urn:core_2021_1.platform.webservices.netsuite.com">****</nonce><timestamp xmlns="urn:core_2021_1.platform.webservices.netsuite.com">****</timestamp><signature xmlns="urn:core_2021_1.platform.webservices.netsuite.com" algorithm="HMAC_SHA256">fhpl/bxKP/cfuAYhSQ/MULWdkfjfnkfkUlMbWguVr9a6MaXS5fhRUDJVIdjdonddU=</signature></tokenPassport><searchPreferences xmlns="urn:messages_2021_1.platform.webservices.netsuite.com"><bodyFieldsOnly>false</bodyFieldsOnly><returnSearchColumns>true</returnSearchColumns><pageSize>10</pageSize></searchPreferences></soap:Header><soap:Body><ns0:search xmlns:ns0="urn:messages_2021_1.platform.webservices.netsuite.com">
<ns0:searchRecord xmlns:ns01="urn:sales_2021_1.transactions.webservices.netsuite.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns01:TransactionSearchAdvanced">
<ns01:criteria xmlns:ns01="urn:sales_2021_1.transactions.webservices.netsuite.com">
<ns01:basic>
<ns02:lastModifiedDate xmlns:ns02="urn:common_2021_1.platform.webservices.netsuite.com" operator="within">
<ns03:searchValue xmlns:ns03="urn:core_2021_1.platform.webservices.netsuite.com">2023-02-13T22:00:49</ns03:searchValue>
<ns03:searchValue2 xmlns:ns03="urn:core_2021_1.platform.webservices.netsuite.com">2023-02-14T22:00:49</ns03:searchValue2>
</ns02:lastModifiedDate>
<ns02:recordType xmlns:ns02="urn:common_2021_1.platform.webservices.netsuite.com" operator="is">
<ns03:searchValue xmlns:ns03="urn:core_2021_1.platform.webservices.netsuite.com">Invoice</ns03:searchValue>
</ns02:recordType>
</ns01:basic>
</ns01:criteria>
<ns01:columns xmlns:ns01="urn:sales_2021_1.transactions.webservices.netsuite.com">
<ns01:basic>
<ns02:amountRemaining xmlns:ns02="urn:common_2021_1.platform.webservices.netsuite.com"/>
<ns02:internalId xmlns:ns02="urn:common_2021_1.platform.webservices.netsuite.com">
<ns03:searchValue xmlns:ns03="urn:core_2021_1.platform.webservices.netsuite.com" internalId="null"/>
</ns02:internalId>
</ns01:basic>
</ns01:columns>
</ns0:searchRecord>
</ns0:search></soap:Body></soap:Envelope>
DEBUG 2023-02-15 13:50:53,636 [[biz-prc-ent-finance-bulk-api].NetSuite_Config.04 SelectorRunner] [processor: netsuite-advance-search/processors/1/processors/0/processors/0; event: a91c2ba0-ad09-11ed-b6b5-88665a243a09] org.mule.service.http.impl.service.HttpMessageLogger.NetSuite_Config: REQUESTER
0
DEBUG 2023-02-15 13:50:58,153 [[finance-bulk-api].NetSuite_Config.04 SelectorRunner] [processor: netsuite-advance-search/processors/1/processors/0/processors/0; event: a91c2ba0-ad09-11ed-b6b5-88665a243a09] org.mule.service.http.impl.service.HttpMessageLogger.NetSuite_Config: REQUESTER
HTTP/1.1 504 Gateway Time-out
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 176
Expires: Wed, 15 Feb 2023 08:20:58 GMT
X-Reference-Error: 97.27697c68.1676449258.23382b2c
Date: Wed, 15 Feb 2023 08:20:58 GMT
Connection: close
Akamai-GRN: 0.df523617.1676449254.1f240dc8
<HTML><HEAD><TITLE>Error</TITLE></HEAD><BODY>
An error occurred while processing your request.<p>
Reference 
5;97.27697c68.1676449258.23382b2c
</BODY></HTML>
WARN 2023-02-15 13:50:58,155 [[MuleRuntime].uber.02: [finance-bulk-api].netsuite-to-salesforce-sync-shcedular-flow.BLOCKING #32c6a070] [processor: netsuite-advance-search/processors/1/processors/0/processors/0; event: a91c2ba0-ad09-11ed-b6b5-88665a243a09] org.apache.cxf.phase.PhaseInterceptorChain: Interceptor for {http://client.internal.soap.mule.org/}ProxyService#{http://client.internal.soap.mule.org/}invoke has thrown exception, unwinding now
java.lang.NullPointerException: charsetName
at java.io.InputStreamReader.<init>(InputStreamReader.java:99) ~[?:1.8.0_312]
Clearly the error is a timeout on the Netsuite infrastructure:
HTTP/1.1 504 Gateway Time-out
It it not possible to know the cause of the error from the data provided. It could be a Netsuite issue, a configuration issue (wrong connection address?), or simply that the operation takes too long to complete (data issue, which may vary between environments).
It would be recommended to upgrade to the latest Mule Netsuite connector release and test again. There have several fixes and improvements since the version you are using was released, including security fixes and error messages improvements. Even if it doesn't solve the issue you are experiencing you would be better covered against those issues.
I'm running a Kubernetes cluster with 2 API services inside Upon makin a API call to to my web-API located in the cluster I want the call to be forwarded to my backend-API.
This is not happening!
Now I looked into the the Ingress config of the backend-API and found its "Out side address" so to say and tried using that when forwarding API calls from the web-API upon which I received this message (This was a https address.
THE API CALL RESPONSE WAS: StatusCode: 404, ReasonPhrase: 'Not Found', Version: 1.0, Content: System.Net.Http.HttpConnectionResponseContent, Headers:
{
Server: squid/3.1.23
Mime-Version: 1.0
Date: Fri, 22 Oct 2021 23:00:54 GMT
X-Squid-Error: ERR_DNS_FAIL 0
Content-Type: text/html
Content-Length: 3525
}
Then I did some reading and got convinced I should send the internal API call to the backend using its internal IP. So executed in to the container running the backend service and viewed the resolv.config file and here I found 2 things one was a name: which was followed by a IP address and the other was Search: which was followed by 3 very long names.
So I used the IP address that came after name and upon sending a API call to it I got the following response:
http://10.233.0.3/uploadBlob
THE API CALL RESPONSE WAS: StatusCode: 403, ReasonPhrase: 'Forbidden', Version: 1.0, Content: System.Net.Http.HttpConnectionResponseContent, Headers:
{
Server: squid/3.1.23
Mime-Version: 1.0
Date: Sun, 24 Oct 2021 15:59:51 GMT
X-Squid-Error: ERR_ACCESS_DENIED 0
X-Cache: MISS from **************
X-Cache-Lookup: NONE from **************:8080
Via: 1.0 ************* (squid/3.1.23)
Connection: keep-alive
Content-Type: text/html
Content-Length: 3458
}
http://10.233.0.3/uploadBlob
OBS - I had to remove the addresses for security reasons as I am not the owner of it.
Now I'm all out of ideas as to how I can make this internal call between these two services and i would appreciate any help I could get.
My azure hosted web API uses the O365 Calendar and Mail REST APIs for creating events and mails on behalf of the users. All necessary permissions have been enabled for the corresponding Azure AD application. My question - Accessing the mail API using the Bearer OAuth token as part of the header succeeds but when I use the same token for the events API, it fails with a 403.
The Documentation I have been following for my implementation is the official msdn one and the update - https://social.msdn.microsoft.com/Forums/exchange/en-US/6fc135ae-f8f9-4b4d-b50b-f00a2bd79a30/office-365-rest-api-mail-calendar-contacts-update?forum=exchangesvrdevelopment
Fiddler trace (Raw view of request) -
POST https://outlook.office365.com/ews/OData/Me/Events HTTP/1.1
Accept: application/json
client-request-id: 00000000-0000-0000-0000-000000000000
Authorization: Bearer <OAuth token>
Content-Type: application/json; charset=utf-8
Host: outlook.office365.com
Content-Length: 287
Expect: 100-continue
{"Attendees":[{"EmailAddress":{"Address":"sample#sample.com","Name":null},"Type":"Required"}],"Body":{"Content":"Hello World","ContentType":"HTML"},"End":"2014-10-22T19:00:00Z","Location":{"DisplayName":"Conf Room M"},"Start":"2014-10-22T18:00:00Z","Subject":"Testing"}
Text view of response -
{"error":{"code":"ErrorAccessDenied","message":"Access is denied. Check credentials and try again."}}
Fiddler trace of the Mail API request that works fine -
POST https://outlook.office365.com/ews/OData/Me/sendmail HTTP/1.1
Accept: application/json
client-request-id: 00000000-0000-0000-0000-000000000000
Authorization: Bearer <OAuth Token>
Content-Type: application/json; charset=utf-8
Host: outlook.office365.com
Content-Length: 171
Expect: 100-continue
Connection: Keep-Alive
{"Message":{"Body":{"Content":"Test","ContentType":"HTML"},"Subject":"test","ToRecipients":[{"EmailAddress":{"Address":"sample#sample.com","Name":null}}]}}
Considering that you are getting a 403 (Forbidden) error for one API, I'd suggest you review the resources enabled for the application. Can you make sure you have Write permissions for the Calendar API? I know you mentioned that you've done this before, I'm just checking in case of the small chance you missed those Write perms.
Sorry for having kept this question hanging.
The issue was with the ClientSecret (either had stale permissions on it or was wrong in the first place). Generating a new one via the management portal fixed this issue.
I never liked these heavy weight servers like Glassfish, Weblogic etc., but I had to do some implementation by exposing some of the endpoints through http served via Glassfish. In one particular case, I have to send to the Glassfish server a Post request that takes a GZipped input, decompresses it and send a GZipped response back. Here is what I have so far:
On the Glassfish Server:
#Path("/")
class MyService extends BaseService {
#POST
#Path("/myService")
#Consumes(Array("application/json"))
#Produces(Array("application/json"))
#GZIP
def myService(#GZIP json: String): Response = {
println("Message received") // Not getting printed as well!!!
Response.status(200).header("Content-Encoding", "gzip").entity(JsonMarshall.deserialize(json)).build()
}
}
I'm using the JBoss rest easy API's to expose myService endpoint. In my client, I set the necessary headers (snippet shown below)
post.addHeader("Content-Encoding", "gzip")
post.addHeader("Accept-Encoding", "gzip, deflate")
But when I run my client, here is what I see as response:
[main] INFO ServerPingTest - Calling URL http://localhost:8080/glassfish-server/myService
[main] INFO ServerPingTest - --- RESPONSE HEADERS ---
[main] INFO ServerPingTest - X-Powered-By: Servlet/3.1 JSP/2.3 (GlassFish Server Open Source Edition 4.0 Java/Oracle Corporation/1.7)
[main] INFO ServerPingTest - Server: GlassFish Server Open Source Edition 4.0
[main] INFO ServerPingTest - Content-Language:
[main] INFO ServerPingTest - Content-Type: text/html
[main] INFO ServerPingTest - Date: Tue, 11 Mar 2014 16:39:17 GMT
[main] INFO ServerPingTest - Content-Length: 1217
[main] ERROR ServerPingTest - Error occurred when ping testing !!!!! Please see the stacktrace below!
java.util.zip.ZipException: Not in GZIP format
at java.util.zip.GZIPInputStream.readHeader(GZIPInputStream.java:164)
at java.util.zip.GZIPInputStream.<init>(GZIPInputStream.java:78)
at java.util.zip.GZIPInputStream.<init>(GZIPInputStream.java:90)
......
......
This is what I see on the server;
[#|2014-03-11T17:39:17.557+0100|SEVERE|glassfish 4.0||_ThreadID=21;_ThreadName=Thread-4;_TimeMillis=1394555957557;_LevelValue=1000;|
[http-listener-1(3)] WARN org.jboss.resteasy.core.SynchronousDispatcher - Failed executing POST /myService|#]
I also do not see any stack trace. Can anyone please help as to what went wrong?
Looks like I have managed to solve this. I did the following:
Used the latest version of the rest easy API (version 3.0.6.Final) against using an older version 2.2.1 (See this post http://sourceforge.net/p/resteasy/mailman/resteasy-developers/thread/BDED22DA-ACDC-47F5-9B14-30A202B52981#redhat.com/)
I added an additional header on my client (post.addHeader("Content-Type", "application/json"))
Bang it worked!
My OS is a Windows 2012 Essentials.
I installed NServiceBus 4 using the installer, then installed Service Insight.
Accepted the default settings.
When I start up Service Insight, there is an error about connecting to the management service. I've tried putting in http://localhost:3333 but that errors out to a 404. I've verified that the service "particular management" is running.
EDIT
As per Hadi's instructions, I've pasted the url he listed: http://localhost:33333/api into the Connect to Management Service -> Service URL text box, but it still has a 404 not found error. When I try putting the URL into google chrome, I also get a 404 (with graphics courtesy of the oatmeal).
I've verified that a service named Particular Management is running. The description of the service is Particular Management Service for NServiceBus (Version 4.0.5).
I've ran the installer again to get to the modify/repair/remove options and verified in the modify option that the management service is installed.
Is there supposed to be a different service called Management Service? Is this maybe an issue introduced with version 4.0.5?
EDIT 2
I've appended the extra / to the end of the url, still no dice. This here is the logging information.
2013-10-11 09:15:58,488 - [INFO ] - IManagementService - HTTP GET http://localhost:33333/api//
2013-10-11 09:15:58,501 - [DEBUG] - IManagementService - HTTP Status NotFound (404) (http://localhost:33333/api//http://localhost:33333/api)
2013-10-11 09:15:58,506 - [DEBUG] - IManagementService - Response Header: Transfer-Encoding : chunked
2013-10-11 09:15:58,507 - [DEBUG] - IManagementService - Response Header: X-Particular-Version : 1.0.0-unstable122
2013-10-11 09:15:58,508 - [DEBUG] - IManagementService - Response Header: Cache-Control : private, max-age=300, must-revalidate
2013-10-11 09:15:58,509 - [DEBUG] - IManagementService - Response Header: Content-Type : text/html
2013-10-11 09:15:58,529 - [DEBUG] - IManagementService - Response Header: Date : Fri, 11 Oct 2013 14:15:58 GMT
2013-10-11 09:15:58,533 - [DEBUG] - IManagementService - Response Header: Server : Microsoft-HTTPAPI/2.0
2013-10-11 09:15:58,536 - [ERROR] - IManagementService - Error executing the request: , Status code is NotFound
You need the slash at the end:
http://localhost:33333/api/
The Url to Service Control (a.k.a Management Service) also needs /api, e.g. http://localhost:33333/api (you missed a 3?). At the end of the day, it is also a NServiceBus host process, so you need to check and make sure it is actually running (using Task Manager, or Services).