Page 1 of 1

SSL via Java API

Posted: Fri Feb 11, 2011 12:27 pm
by vbedrosova
Hello, SourceGear Vault team!

I am the one responsible for TeamCity CI tool Vault integration.

We have a plugin which communicates with Vault server using Java API (ServerOperations, etc.) for retrieving history and sources in scope of TeamCity build process.

One of our users is trying to configure the plugin to connect to Vault 5.0.4 (18845) server using https (please see the corresponding thread at http://devnet.jetbrains.net/message/5286308#5286308).

In fact our plugin code runs following:
ServerOperations.client.LoginOptions.URL = "https://...";
ServerOperations.client.LoginOptions.Repository = "repo_name";
ServerOperations.client.LoginOptions.User = "username";
ServerOperations.client.LoginOptions.Password = "password";
ServerOperations.Login();

And that results in "server cannot be contacted or uses a protocol that is not supported by this client" error.

Any help on using https and Java API will by very much appreciated!

Re: SSL via Java API

Posted: Fri Feb 11, 2011 1:37 pm
by jclausius
Victory,

A couple of thoughts off the top of my head:

a) Does the user know if there are any problems with the SSL Certificate? Non-trusted authorization? Expired certificate? Perhaps something about the certificate itself may lead you to the problem.

b) Perhaps using the SSL port in the connect string may help ex:-

Code: Select all

https://development.healthcaresynergy.com:443/VaultService
c) Have you tried this internally against a test vault server running https? Assuming you have an SSL cert you can assign to a machine, you should be able to configure a test environment relatively quickly.

HTH

Re: SSL via Java API

Posted: Mon Feb 14, 2011 10:30 am
by dmurty
Jeff,

a) There does not seem to be anything wrong with the certificate. If I use IE 8 on the same machine as TeamCity I am able to connect to the site without any problems using https. The ssl certificate is issued by Go Daddy Secure Certification Authority and is valid until 7/21/2013.

b) I tried to have the VCS root connect using https://development.healthcaresynergy.c ... ultService but got the same error message.

c) I assume this would be for the TeamCity developers to try.

Damien

Re: SSL via Java API

Posted: Mon Feb 14, 2011 11:24 am
by jclausius
Addressing c)... Yes, but there is one thing you should try first. .NET is going to store SSL certificate values in one place, and the libraries used to convert this to Java are going to use a different spot. One way around this is to import the SSL certificate in Java's keystore.

This post Using SSL with the Eclipse Plugin or Java CLC has instructions for importing the certificate.

If that does work for you, please post back to the TeamCity site so their developers also know of a possible solution.

Re: SSL via Java API

Posted: Mon Feb 14, 2011 6:58 pm
by dmurty
Hi Jeff,

I followed the instructions to the best of my ability. Not a strong Java person. I was able to run keytool to import the certificate but TeamCity still does not allow me to connect to vault using https. The instructions said something about running the command as root but I was not able to figure out what that meant. That could be part of the problem.

Re: SSL via Java API

Posted: Tue Feb 15, 2011 8:28 am
by jclausius
It could this has to be done under the same credentials that TeamCity would be running under. I don't have any experience with TeamCity integration. Perhaps their support staff could use this info to develop some kind of solution.

Re: SSL via Java API

Posted: Tue Feb 15, 2011 10:34 am
by dmurty
I did do this under the same account that teamcity is running. I will check with the TeamCity support people to see what we can do to resolve this.

Thank you,
Damien

Re: SSL via Java API

Posted: Tue Feb 15, 2011 10:55 am
by dmurty
After adding the certificate to the java keystore and rebooting the machine. TeamCity is now able to connect to Vault using https.

Thanks for your help.

Damien

Re: SSL via Java API

Posted: Tue Feb 15, 2011 2:46 pm
by jclausius
dmurty wrote:After adding the certificate to the java keystore and rebooting the machine. TeamCity is now able to connect to Vault using https.

Thanks for your help.

Damien
NP. Was it simply a matter of running "keytool" and then rebooting?

Re: SSL via Java API

Posted: Tue Feb 15, 2011 2:49 pm
by dmurty
Yes,

Just had to run the keytool and then reboot.

Thanks,

Damien

Re: SSL via Java API

Posted: Wed Feb 16, 2011 4:50 am
by vbedrosova
Jeff,

Thanks a lot for your help!

Is running Java keytool and then rebooting the machine mandatory for all TeamCity Vault plugin users?
Or in some cases certificate can be picked up by Vault Java API somehow without this procedure?

Re: SSL via Java API

Posted: Wed Feb 16, 2011 7:02 am
by vbedrosova
* I mean all TeamCity Vault plugin users interested in using https connections

Re: SSL via Java API

Posted: Wed Feb 16, 2011 9:01 am
by jclausius
vbedrosova wrote:Is running Java keytool and then rebooting the machine mandatory for all TeamCity Vault plugin users? Or in some cases certificate can be picked up by Vault Java API somehow without this procedure?
Victory,

The keytool is definitely req'd (see the post above). Why it took a reboot in order for that to work? To be honest, I don't really know. Perhaps the information created from keytool is only available when a JVM starts, and all that was needed was a restart of the TeamCity process. It's hard to say w/ out working with that setup.

Re: SSL via Java API

Posted: Wed Feb 16, 2011 9:26 am
by vbedrosova
Ok, then I'll investigate this aspect.

Re: SSL via Java API

Posted: Thu Feb 17, 2011 8:12 am
by jclausius
Good luck in your research.