Java SDK getting error Exception in receiving splu...

ssbapat · ‎01-05-2024

Hi experts,

We are getting this error consistently while querying data from Splunk Enterprise hosted in the company's internal network.

Exception in receiving splunk data

145java.lang.RuntimeException: HTTPS hostname wrong: should be <splunk_enterprise_url - splunk.org.company.com>

The line of code that causes this is

String query = "<splunk valid query>";
Job job = service.getJobs().create(query);

Splunk SDK Version used: 1.9.5

Connection to Splunk is established as follows:

String token = System.getenv("SPLUNK_TOKEN");

            ServiceArgs loginArgs = new ServiceArgs();
            loginArgs.setPort(8089);
            loginArgs.setHost("splunk.org.company.com");
            loginArgs.setScheme("https");
            loginArgs.setToken(String.format("Bearer %s", token));
            service = new Service(loginArgs);
            
            log.info("service val is {}", service.toString());
            Service.setValidateCertificates(false);

This was working few days ago and suddenly it has stopped. We checked the server certificate and it valid till March 2024.

The program querying the splunk is called from a runner hosted on AWS and it has no network restrictions.

Not sure what is the issue. But this issue is getting reproduced consistently.

Note: Surprisingly, the same program runs fine on local machine.

Cannot find out what would be the issue?

Any help will be appreciated.

ssbapat · ‎01-10-2024

Here is the stack trace.

java.lang.RuntimeException: HTTPS hostname wrong: should be <splunk.org.company.com>

149 at com.splunk.HttpService.send(HttpService.java:512)

150 at com.splunk.Service.send(Service.java:1351)

151 at com.splunk.HttpService.get(HttpService.java:169)

152 at com.splunk.Entity.refresh(Entity.java:383)

153 at com.splunk.Entity.refresh(Entity.java:24)

154 at com.splunk.Resource.validate(Resource.java:186)

155 at com.splunk.Entity.validate(Entity.java:484)

156 at com.splunk.Entity.getContent(Entity.java:159)

157 at com.splunk.Entity.getString(Entity.java:295)

158 at com.splunk.ServiceInfo.getInstanceType(ServiceInfo.java:158)

159 at com.splunk.Service.enableV2SearchApi(Service.java:1389)

160 at com.splunk.JobCollection.<init>(JobCollection.java:49)

161 at com.splunk.Service.getJobs(Service.java:676)

162 at com.splunk.Service.getJobs(Service.java:665)

163 at com.splunk.Service.getJobs(Service.java:652)

164 at com.siemens.mindsphere.pss.testing.splunk.EC2Scan.vulnerableEc2InstancesData(EC2Scan.java:64)

165 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

166 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

167 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

168 at java.lang.reflect.Method.invoke(Method.java:498)

169 at io.cucumber.java.Invoker.doInvoke(Invoker.java:66)

170 at io.cucumber.java.Invoker.invoke(Invoker.java:24)

171 at io.cucumber.java.AbstractGlueDefinition.invokeMethod(AbstractGlueDefinition.java:47)

172 at io.cucumber.java.JavaStepDefinition.execute(JavaStepDefinition.java:29)

173 at io.cucumber.core.runner.CoreStepDefinition.execute(CoreStepDefinition.java:66)

174 at io.cucumber.core.runner.PickleStepDefinitionMatch.runStep(PickleStepDefinitionMatch.java:63)

175 at io.cucumber.core.runner.ExecutionMode$1.execute(ExecutionMode.java:10)

176 at io.cucumber.core.runner.TestStep.executeStep(TestStep.java:85)

177 at io.cucumber.core.runner.TestStep.run(TestStep.java:57)

178 at io.cucumber.core.runner.PickleStepTestStep.run(PickleStepTestStep.java:51)

179 at io.cucumber.core.runner.TestCase.run(TestCase.java:84)

180 at io.cucumber.core.runner.Runner.runPickle(Runner.java:75)

181 at io.cucumber.core.runtime.Runtime.lambda$executePickle$6(Runtime.java:128)

182 at io.cucumber.core.runtime.CucumberExecutionContext.lambda$runTestCase$5(CucumberExecutionContext.java:129)

ssbapat · ‎01-10-2024

183 at io.cucumber.core.runtime.RethrowingThrowableCollector.executeAndThrow(RethrowingThrowableCollector.java:23)

184 at io.cucumber.core.runtime.CucumberExecutionContext.runTestCase(CucumberExecutionContext.java:129)

185 at io.cucumber.core.runtime.Runtime.lambda$executePickle$7(Runtime.java:128)

186 at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)

187 at java.util.concurrent.FutureTask.run(FutureTask.java:266)

188 at io.cucumber.core.runtime.Runtime$SameThreadExecutorService.execute(Runtime.java:249)

189 at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:112)

190 at io.cucumber.core.runtime.Runtime.lambda$runFeatures$3(Runtime.java:110)

191 at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193)

192 at java.util.stream.SliceOps$1$1.accept(SliceOps.java:204)

193 at java.util.ArrayList$ArrayListSpliterator.tryAdvance(ArrayList.java:1359)

194 at java.util.stream.ReferencePipeline.forEachWithCancel(ReferencePipeline.java:126)

195 at java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:499)

196 at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:486)

197 at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:472)

198 at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708)

199 at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)

200 at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:566)

201 at io.cucumber.core.runtime.Runtime.runFeatures(Runtime.java:111)

202 at io.cucumber.core.runtime.Runtime.lambda$run$0(Runtime.java:82)

203 at io.cucumber.core.runtime.Runtime.execute(Runtime.java:94)

204 at io.cucumber.core.runtime.Runtime.run(Runtime.java:80)

205 at com.siemens.mindsphere.pss.testing.cli.Runner.run(Runner.java:122)

206 at com.siemens.mindsphere.pss.testing.cli.Main.main(Main.java:43)

207Caused by: java.io.IOException: HTTPS hostname wrong: should be <splunk.sws.siemens.com>

208 at sun.net.www.protocol.https.HttpsClient.checkURLSpoofing(HttpsClient.java:649)

209 at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:573)

210 at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.jav...)

211 at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:167)

212 at com.splunk.HttpService.send(HttpService.java:510)

213 ... 57 common frames omitted

ssbapat · ‎01-10-2024

@tscroggins Yes, the certificate is imported on the client. SDK is calling from a docker image, and in the docker startup we have added instructions to import root CA, and the the splunk certificate.

PickleRick · ‎01-11-2024

Ugh. Docker 😉

But seriously, first things first. Check with normal openssl whether you can properly connect to the server. If not, then problems are on the server's side. If yes, then on the client's side.

openssl s_client -connect splunk.your.org.domain:8089 -CAfile path_to/your_rootCA.pem

tscroggins · ‎01-06-2024

Hi @ssbapat,

A complete stack trace would reveal more, but in a nutshell, certificate verification failed in the underlying SSL/TLS class. Does "splunk.org.company.com" (or the actual hostname) match either the common name (cn) or a subject alternative name (SAN or subjectAltName) on the server's certificate? Are all certificates in the server's certificate chain trusted by the client?

Java SDK getting error Exception in receiving splunk data java.lang.RuntimeException: HTTPS hostname wrong

configuration

development

Introducing the Splunk Community Dashboard Challenge!

Get the T-shirt to Prove You Survived Splunk University Bootcamp

Wondering How to Build Resiliency in the Cloud?