openaev icon indicating copy to clipboard operation
openaev copied to clipboard
Published 1 month ago verified publisher icon OpenAEV-Platform

Settings not populating when RabbitMQ is using SSL

Open Dimfacion opened this issue 1 year ago • 3 comments

Description

Environment

  1. OS (where OpenBAS server runs): any
  2. OpenBAS version: 1.7.0
  3. OpenBAS client: frontend
  4. Other environment details:

Reproducible Steps

Steps to create the smallest reproducible scenario:

  1. Have a rabbitMQ with SSL
  2. Go to the settings page
  3. All settings do not populate and a call is returning a 500 error

Expected Output

No 500 error and settings populated

Actual Output

Additional information

Screenshots (optional)

Dimfacion avatar Oct 04 '24 08:10 Dimfacion

In the logs, we can see this : java.lang.IllegalArgumentException: [https://] is not a valid HTTP URL at org.springframework.web.util.UriComponentsBuilder.fromUriString(UriComponentsBuilder.java:247) ~[spring-web-6.1.1.jar!/:6.1.1] at org.springframework.web.util.DefaultUriBuilderFactory$DefaultUriBuilder.initUriComponentsBuilder(DefaultUriBuilderFactory.java:248) ~[spring-web-6.1.1.jar!/:6.1.1] at org.springframework.web.util.DefaultUriBuilderFactory$DefaultUriBuilder.(DefaultUriBuilderFactory.java:234) ~[spring-web-6.1.1.jar!/:6.1.1] at org.springframework.web.util.DefaultUriBuilderFactory.uriString(DefaultUriBuilderFactory.java:161) ~[spring-web-6.1.1.jar!/:6.1.1] at org.springframework.web.util.DefaultUriBuilderFactory.expand(DefaultUriBuilderFactory.java:154) ~[spring-web-6.1.1.jar!/:6.1.1] at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:780) ~[spring-web-6.1.1.jar!/:6.1.1] at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:663) ~[spring-web-6.1.1.jar!/:6.1.1] at io.openbas.helper.RabbitMQHelper.getRabbitMQVersion(RabbitMQHelper.java:47) ~[!/:1.6.1] at io.openbas.service.PlatformSettingsService.findSettings(PlatformSettingsService.java:210) ~[!/:1.6.1] at io.openbas.rest.settings.PlatformSettingsApi.settings(PlatformSettingsApi.java:35) ~[!/:1.6.1]

This points to an issue with how we call rabbitMQ when SSL is activated. Two possible solutions :

  • Have a properly secured call by adding the keystore used to secure the rabbitMQ (some info : https://www.baeldung.com/spring-resttemplate-secure-https-service )
  • Have an unsecured call as those two components are at our hands ( https://stackoverflow.com/questions/4072585/disabling-ssl-certificate-validation-in-spring-resttemplate )

Suggestion : do not choose and add a way to have the call secured with the keystore or unsecured with an option in the properties

Dimfacion avatar Oct 04 '24 08:10 Dimfacion

Reopen because the RabbitMQ version is not displayed anymore

RomuDeuxfois avatar Oct 15 '24 17:10 RomuDeuxfois

Critical removed because our prospect qualified the bug as low impact

jborozco avatar Oct 17 '24 15:10 jborozco

@Dimfacion Do you have an ETA on this issue ?

RomuDeuxfois avatar Dec 26 '24 14:12 RomuDeuxfois

@RomuDeuxfois I need to take time to work on this. I'm scheduling some dedicated time next week so we can move on.

Dimfacion avatar Jan 02 '25 17:01 Dimfacion