Problemi di connessione di Pentaho Kettle/Spoon a Heroku PostgreSQL usando SSL

Question

Sto provando a connettere spoon ad un'istanza di Heroku PostgreSQL usando il driver JDBC fornito con Spoon. Heroku richiede SSL per le istanze PostgreSQL autonome, che ho abilitato.

Sono in grado di connettersi al database utilizzando altri software client utilizzando SSL, quindi questo sembra essere specifico per Java/JDBC. Non so abbastanza su Java per risolvere questo problema, quindi spero che qualcuno sia già stato in passato.

Viene visualizzato il messaggio di errore seguente e piuttosto dettagliato che menziona SSLHandshakeException, ma non sono sicuro che questa sia la causa o un sintomo di qualcos'altro? Forse ho bisogno di specificare i certificati SSL in Java?

Error connecting to database [XXXX.com] : org.pentaho.di.core.exception.KettleDatabaseException: 
Error occured while trying to connect to the database 

Error connecting to database: (using class org.postgresql.Driver) 
The connection attempt failed. 


org.pentaho.di.core.exception.KettleDatabaseException: 
Error occured while trying to connect to the database 

Error connecting to database: (using class org.postgresql.Driver) 
The connection attempt failed. 


at org.pentaho.di.core.database.Database.normalConnect(Database.java:374) 
at org.pentaho.di.core.database.Database.connect(Database.java:323) 
at org.pentaho.di.core.database.Database.connect(Database.java:285) 
at org.pentaho.di.core.database.Database.connect(Database.java:275) 
at org.pentaho.di.core.database.DatabaseFactory.getConnectionTestReport(DatabaseFactory.java:76) 
at org.pentaho.di.core.database.DatabaseMeta.testConnection(DatabaseMeta.java:2455) 
at org.pentaho.ui.database.event.DataHandler.testDatabaseConnection(DataHandler.java:511) 
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) 
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) 
at java.lang.reflect.Method.invoke(Unknown Source) 
at org.pentaho.ui.xul.impl.AbstractXulDomContainer.invoke(AbstractXulDomContainer.java:329) 
at org.pentaho.ui.xul.impl.AbstractXulComponent.invoke(AbstractXulComponent.java:139) 
at org.pentaho.ui.xul.impl.AbstractXulComponent.invoke(AbstractXulComponent.java:123) 
at org.pentaho.ui.xul.swt.tags.SwtButton.access$500(SwtButton.java:26) 
at org.pentaho.ui.xul.swt.tags.SwtButton$4.widgetSelected(SwtButton.java:119) 
at org.eclipse.swt.widgets.TypedListener.handleEvent(Unknown Source) 
at org.eclipse.swt.widgets.EventTable.sendEvent(Unknown Source) 
at org.eclipse.swt.widgets.Widget.sendEvent(Unknown Source) 
at org.eclipse.swt.widgets.Display.runDeferredEvents(Unknown Source) 
at org.eclipse.swt.widgets.Display.readAndDispatch(Unknown Source) 
at org.eclipse.jface.window.Window.runEventLoop(Window.java:820) 
at org.eclipse.jface.window.Window.open(Window.java:796) 
at org.pentaho.ui.xul.swt.tags.SwtDialog.show(SwtDialog.java:378) 
at org.pentaho.ui.xul.swt.tags.SwtDialog.show(SwtDialog.java:304) 
at org.pentaho.di.ui.core.database.dialog.XulDatabaseDialog.open(XulDatabaseDialog.java:104) 
at org.pentaho.di.ui.core.database.dialog.DatabaseDialog.open(DatabaseDialog.java:51) 
at org.pentaho.di.ui.trans.step.BaseStepDialog$3.widgetSelected(BaseStepDialog.java:480) 
at org.eclipse.swt.widgets.TypedListener.handleEvent(Unknown Source) 
at org.eclipse.swt.widgets.EventTable.sendEvent(Unknown Source) 
at org.eclipse.swt.widgets.Widget.sendEvent(Unknown Source) 
at org.eclipse.swt.widgets.Display.runDeferredEvents(Unknown Source) 
at org.eclipse.swt.widgets.Display.readAndDispatch(Unknown Source) 
at org.pentaho.di.ui.trans.steps.tableoutput.TableOutputDialog.open(TableOutputDialog.java:916) 
at org.pentaho.di.ui.spoon.delegates.SpoonStepsDelegate.editStep(SpoonStepsDelegate.java:126) 
at org.pentaho.di.ui.spoon.Spoon.editStep(Spoon.java:7733) 
at org.pentaho.di.ui.spoon.trans.TransGraph.editStep(TransGraph.java:2744) 
at org.pentaho.di.ui.spoon.trans.TransGraph.mouseDoubleClick(TransGraph.java:693) 
at org.eclipse.swt.widgets.TypedListener.handleEvent(Unknown Source) 
at org.eclipse.swt.widgets.EventTable.sendEvent(Unknown Source) 
at org.eclipse.swt.widgets.Widget.sendEvent(Unknown Source) 
at org.eclipse.swt.widgets.Display.runDeferredEvents(Unknown Source) 
at org.eclipse.swt.widgets.Display.readAndDispatch(Unknown Source) 
at org.pentaho.di.ui.spoon.Spoon.readAndDispatch(Spoon.java:1169) 
at org.pentaho.di.ui.spoon.Spoon.start(Spoon.java:6945) 
at org.pentaho.di.ui.spoon.Spoon.main(Spoon.java:553) 
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) 
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) 
at java.lang.reflect.Method.invoke(Unknown Source) 
at org.pentaho.commons.launcher.Launcher.main(Launcher.java:134) 
Caused by: org.pentaho.di.core.exception.KettleDatabaseException: 
Error connecting to database: (using class org.postgresql.Driver) 
The connection attempt failed. 

at org.pentaho.di.core.database.Database.connectUsingClass(Database.java:510) 
at org.pentaho.di.core.database.Database.normalConnect(Database.java:358) 
... 50 more 
Caused by: org.postgresql.util.PSQLException: The connection attempt failed. 
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:152) 
at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:66) 
at org.postgresql.jdbc2.AbstractJdbc2Connection.<init>(AbstractJdbc2Connection.java:125) 
at org.postgresql.jdbc3.AbstractJdbc3Connection.<init>(AbstractJdbc3Connection.java:30) 
at org.postgresql.jdbc3g.AbstractJdbc3gConnection.<init>(AbstractJdbc3gConnection.java:22) 
at org.postgresql.jdbc4.AbstractJdbc4Connection.<init>(AbstractJdbc4Connection.java:32) 
at org.postgresql.jdbc4.Jdbc4Connection.<init>(Jdbc4Connection.java:24) 
at org.postgresql.Driver.makeConnection(Driver.java:393) 
at org.postgresql.Driver.connect(Driver.java:267) 
at java.sql.DriverManager.getConnection(Unknown Source) 
at java.sql.DriverManager.getConnection(Unknown Source) 
at org.pentaho.di.core.database.Database.connectUsingClass(Database.java:490) 
... 51 more 
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:  PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) 
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source) 
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) 
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) 
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source) 
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source) 
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source) 
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source) 
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source) 
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) 
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source) 
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source) 
at java.io.BufferedOutputStream.flushBuffer(Unknown Source) 
at java.io.BufferedOutputStream.flush(Unknown Source) 
at org.postgresql.core.PGStream.flush(PGStream.java:523) 
at org.postgresql.core.v3.ConnectionFactoryImpl.sendStartupPacket(ConnectionFactoryImpl.java:259) 
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:105) 
... 62 more 
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
at sun.security.validator.PKIXValidator.doBuild(Unknown Source) 
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) 
at sun.security.validator.Validator.validate(Unknown Source) 
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source) 
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) 
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) 
... 75 more 
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) 
at java.security.cert.CertPathBuilder.build(Unknown Source) 
... 81 more 

Hostname  : XXXX.com 
Port   : 5432 
Database name : XXXX 

Answer 1

ho trovato il problema. Semplicemente passando

ssl = true 

non è sufficiente per JDBC, è inoltre necessario installare i certificati principali corrette nel chiavi Java in modo che PgJDBC possa verificare il certificato a distanza.

Se non si desidera configurare certificati radice si può invece passare:

ssl = true 
sslfactory = org.postgresql.ssl.NonValidatingFactory 

anche se così facendo disabilita man-in-the-middle protezione dagli attacchi, quindi la sessione SSL non è più ha una sicurezza end-to-end affidabile.

Vedi la documentazione Heroku qui:

http://devcenter.heroku.com/articles/connecting-to-relational-databases-on-heroku-with-java#connecting_to_a_dedicated_database_remotely

(avvertimento per la sicurezza SSL aggiunto da Craig Ringer)

Answer 2

Il problema di base sembra essere l'handshake SSL. Estratto dai messaggi di errore:

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: 
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 

Questo non è un problema specifico PostgreSQL, è una cosa pura SSL. Usando questi messaggi di errore puoi trovare un po 'di aiuto su questo sito. Sfogliando loro questa risposta sembra essere molto promettente per me e si potrebbe guidare nella giusta direzione:

https://stackoverflow.com/a/6908991/947357