Groovy - Ignore SSL Issue

Question

To all those out there doing groovy scripting. Looking for a way to ignore the SSL errors for self signed certificates where it doesn't match the hostname. I found some code snippets but the LM collector doesn't appear to like it too much by disabling SSL verification in a groovy script. Anyone out there run into this and have an idea on how to get around it?&nbsp;

&nbsp;

[02-21 11:13:19.608 EST] [MSG] [WARN] [script-running-2::script.running:Task:232203255:{url removed}:Viptela General_:script:1:7] [GroovyScriptExecutor.execute:79] Failed to execute the script with Invocation exception, CONTEXT=, EXCEPTION=CertificateException: No name matching {url removed} found
com.logicmonitor.common.sse.utils.exception.ScriptExecutingFailedException: CertificateException: No name matching {url removed} found
	at com.logicmonitor.common.sse.utils.GroovyScriptHelper.execute(GroovyScriptHelper.java:186)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at com.logicmonitor.common.sse.executor.impl.GroovyScriptHelperWrapper.execute(GroovyScriptHelperWrapper.java:88)
	at com.logicmonitor.common.sse.executor.GroovyScriptExecutor.execute(GroovyScriptExecutor.java:70)
	at com.logicmonitor.common.sse.SSEScriptExecutor$ScriptExecutingTask.call(SSEScriptExecutor.java:263)
	at com.logicmonitor.common.sse.SSEScriptExecutor$ScriptExecutingTask.call(SSEScriptExecutor.java:242)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:748)
Caused by: java.security.cert.CertificateException: No name matching {url removed} found
	at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:221)
	at sun.security.util.HostnameChecker.match(HostnameChecker.java:95)
	at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
	at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:200)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)

&nbsp;

mike_rodrigues · Answer

Hey @Tom Lasswell, the built-in Groovy Http library should work against hosts with self-signed certs:https://www.logicmonitor.com/support/terminology-syntax/scripting-support/access-a-website-from-groovy/
	If you're using the Apache HTTP libraries, it is possible to skip/customize hostname verification, but if you just need to do some simple GETs and POSTs, the LM-provided one is the way to go.

tom_lasswell · Answer

@Michael Rodrigues&nbsp;to give you an example, I copied the PURE datasource groovy script (as I have to cache a cookie). It's the hostname verification that seems to be the issue and Viptela is a little weird in their self signed certs, having one of our engineers look at it and trying to figure out if we can sign it with the fqdn for the friendly name. It looks like the link you provided has an easier way to get the cookie data, so i'll look and rewrite this code below to follow those examples.&nbsp;

import groovy.json.JsonSlurper;
hostName = hostProps.get("system.hostname");
user = hostProps.get("viptela.user");
pass = hostProps.get("viptela.pass");

// init some stuff
base_url = "https://" + hostName;
slurper  = new JsonSlurper()
cookie   = getSession();

// now run a command to get info from the server

api_commmand = "/dataservice/alarms/count";
api_url      = new URL(base_url + api_commmand);
connection   = api_url.openConnection();
connection.setRequestMethod("GET");
connection.setDoOutput(true);
connection.setRequestProperty("Content-Type", "application/json");
connection.setRequestProperty("Cookie", cookie);

arrayLines = slurper.parseText(connection.content.text);
println "count:" + arrayLines.data.count[0]; 
println "cleared_count:" + arrayLines.data.cleared_count[0];

return(0);

/*
 * getSession - get session cookie
 *
 * @return string cookie
 */
def getSession()
{
    def cookie;
    api_commmand = "/j_security_check";
    api_url      = new URL(base_url + api_commmand);
    connection   = api_url.openConnection();
    connection.setRequestMethod("POST");
    connection.setDoOutput(true);
    connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");

// write out apitoken as a HTTP POST
    def out = new OutputStreamWriter(connection.getOutputStream());
    out.write('j_username=' + user + '&amp;j_password=' + pass);
    out.close();

// loop through http header fields
    for (int i = 1; (headerName = connection.getHeaderFieldKey(i)) != null; i++)
    {
        // is this the cookie field?
        if (headerName.equals("Set-Cookie"))
        {
            // yes. get the cookie data
            cookie = connection.getHeaderField(i);
        }
    }
    return(cookie);
}

&nbsp;

tom_lasswell · Answer

Alright, disregard that old code, whoooo, that's a lot harder to do than what you pointed me at @Michael Rodrigues, i can't believe I missed that in the support documentation.&nbsp;

Anyways, got it working this way. Thanks!&nbsp;

import com.santaba.agent.groovyapi.http.*;
import groovy.json.JsonSlurper;

def hostName = hostProps.get("system.hostname");
def user = hostProps.get("viptela.user");
def pass = hostProps.get("viptela.pass");

slurper  = new JsonSlurper()
// instantiate an http client object for the target system
httpClient = HTTP.open(hostName, 443);

// use an authentication API call to initiate a session
// specify the url to which we want to post
url = "https://"+hostName+"/j_security_check";
def payload = 'j_username=' + user + '&amp;j_password=' + pass;
 
// do the post
def postResponse = httpClient.post(url, payload,["Content-Type":"application/x-www-form-urlencoded"]);
// does the response indicate a successful authentication?
if ( !(httpClient.getStatusCode() =~ /200/) ) 
{
    // no -- report an error, and return a non-zero exit code
    println "authentication failure";
    return(1);
}
// we are now authenticated. Subsequent GETs with the httpClient will pass in the session cookie 
url="https://"+hostName+"/dataservice/alarms/count";
def getResponse=httpClient.get(url);
// print some data
//println httpClient.getResponseBody();

arrayLines = slurper.parseText(httpClient.getResponseBody());
println "count:" + arrayLines.data.count[0]; 
println "cleared_count:" + arrayLines.data.cleared_count[0];

&nbsp;

Forum Discussion

Groovy - Ignore SSL Issue

3 Replies

Recent Discussions

Dashboard Sharing – An Inline Framing Method

2021-12-15 US Office Hours

Live Training - Tuning Datapoints and Alerts - 15th JUNE 2022 - APAC

Live Training - Introduction to Dashboards - 18th MAY 2022 - APAC

2022-05-11- APAC Product Overview -Collectors, Resources/Groups, Dashboards