Spark ES SSL handshake issue

Issue description

I have Elasticsearch 6.8 enable XPack SSL. Both trust and client certificate are generated and verified through java elastic search RESTAPI client.
However, when I try same trust/client certificate connect the elasticsearch for spark, failed with
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Steps to reproduce

spark configure
return SparkSession
.builder()
.appName(APP_NAME)
//.master(LOCAL) // use the JVM as the master
.config(CONFIG_NODE, esHost) // connect to elasticsearch server
.config(CONFIG_RESOURCE, esIndex + "/" + ES_DEFAULT_TYPE)
//.config("es.nodes.wan.only", true)
.config("es.port", "443")
.config("es.net.http.auth.user", esUserName)
.config("es.net.http.auth.pass", esPwd)
.config("es.http.timeout","300000")
.config("es.net.ssl", true)
.config("es.net.ssl.protocol", "SSL")
//.config("es.net.ssl.cert.allow.self.signed", true)
.config("es.net.ssl.keystore.location", keyStorePath)
.config("es.net.ssl.keystore.pass", keyStorePwd)
.config("es.net.ssl.truststore.location", trustStorePath)
.config("es.net.ssl.truststore.pass", trustStorePwd)
.getOrCreate();

write function
public void write(Dataset itemRows) {
try {
JavaEsSparkSQL.saveToEs(itemRows, index,
ImmutableMap.of(ES_MAPPING_ID, "id"));
}
catch(Exception e) {
throw new RuntimeException("collection writer failed " + e.getMessage());
}
}

savetoES failed with javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Stack trace:
0 = {StackTraceElement@10600} "sun.security.ssl.Alerts.getSSLException(Alerts.java:192)"
1 = {StackTraceElement@10601} "sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)"
2 = {StackTraceElement@10602} "sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)"
3 = {StackTraceElement@10603} "sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)"
4 = {StackTraceElement@10604} "sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)"
5 = {StackTraceElement@10605} "sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)"
6 = {StackTraceElement@10606} "sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)"
7 = {StackTraceElement@10607} "sun.security.ssl.Handshaker.process_record(Handshaker.java:961)"
8 = {StackTraceElement@10608} "sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)"
9 = {StackTraceElement@10609} "sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)"
10 = {StackTraceElement@10610} "sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:757)"
11 = {StackTraceElement@10611} "sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)"
12 = {StackTraceElement@10612} "java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)"
13 = {StackTraceElement@10613} "java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)"
14 = {StackTraceElement@10614} "org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)"
15 = {StackTraceElement@10615} "org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)"
16 = {StackTraceElement@10616} "org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)"
17 = {StackTraceElement@10617} "org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)"
18 = {StackTraceElement@10618} "org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)"
19 = {StackTraceElement@10619} "org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)"
20 = {StackTraceElement@10620} "org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)"
21 = {StackTraceElement@10621} "org.elasticsearch.hadoop.rest.commonshttp.CommonsHttpTransport.doExecute(CommonsHttpTransport.java:685)"
22 = {StackTraceElement@10622} "org.elasticsearch.hadoop.rest.commonshttp.CommonsHttpTransport.execute(CommonsHttpTransport.java:664)"
23 = {StackTraceElement@10623} "org.elasticsearch.hadoop.rest.NetworkClient.execute(NetworkClient.java:115)"
24 = {StackTraceElement@10624} "org.elasticsearch.hadoop.rest.RestClient.execute(RestClient.java:403)"
25 = {StackTraceElement@10625} "org.elasticsearch.hadoop.rest.RestClient.execute(RestClient.java:367)"
26 = {StackTraceElement@10626} "org.elasticsearch.hadoop.rest.RestClient.execute(RestClient.java:371)"
27 = {StackTraceElement@10627} "org.elasticsearch.hadoop.rest.RestClient.get(RestClient.java:166)"
28 = {StackTraceElement@10628} "org.elasticsearch.hadoop.rest.RestClient.mainInfo(RestClient.java:692)"
29 = {StackTraceElement@10629} "org.elasticsearch.hadoop.rest.InitializationUtils.discoverClusterInfo(InitializationUtils.java:334)"
30 = {StackTraceElement@10630} "org.elasticsearch.spark.sql.EsSparkSQL$.saveToEs(EsSparkSQL.scala:97)"
31 = {StackTraceElement@10631} "org.elasticsearch.spark.sql.EsSparkSQL$.saveToEs(EsSparkSQL.scala:83)"
32 = {StackTraceElement@10632} "org.elasticsearch.spark.sql.api.java.JavaEsSparkSQL$.saveToEs(JavaEsSparkSQL.scala:52)"
33 = {StackTraceElement@10633} "org.elasticsearch.spark.sql.api.java.JavaEsSparkSQL.saveToEs(JavaEsSparkSQL.scala)"

Version Info

OS: : Mac
JVM : java version "1.8.0_141"
Hadoop/Spark: 2.0
ES-Hadoop : org.elasticsearch:elasticsearch-spark-20_2.11:6.8.2
ES : 6.8.2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.