Exceptions using Cloud SQL MySQL Socket Factory

[Trevor Hartman]

I'm trying to connect to a Cloud SQL MySQL database for JVM apps.

Followed the instructions at https://github.com/GoogleCloudPlatform/cloud-sql-mysql-socket-factory

I was able to generate a connection string using examples/getting-started.

I've tried using the root account as well as a dev account, but regardless, I an exception:

CompilerException java.util.concurrent.ExecutionException: com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Could not create connection to database server.

Logs show:

INFO: Connecting to Cloud SQL instance [myproject:us-central1:mydb-staging].

Apr 07, 2017 10:00:54 AM com.google.cloud.sql.mysql.SslSocketFactory getInstance

INFO: First Cloud SQL connection, generating RSA key pair.

Apr 07, 2017 10:00:55 AM com.google.cloud.sql.mysql.SslSocketFactory fetchInstanceSslInfo

INFO: Obtaining ephemeral certificate for Cloud SQL instance [myproject:us-central1:mydb-staging].

Apr 07, 2017 10:00:55 AM com.google.cloud.sql.mysql.SocketFactory connect

INFO: Connecting to Cloud SQL instance [myproject:us-central1:mydb-staging].

Apr 07, 2017 10:00:55 AM com.google.cloud.sql.mysql.SslSocketFactory getInstanceSslInfo

WARNING: Re-throwing cached exception due to attempt to refresh instance information too soon after error.

Apr 07, 2017 10:00:55 AM com.google.cloud.sql.mysql.SocketFactory connect

INFO: Connecting to Cloud SQL instance [myproject:us-central1:mydb-staging].

Apr 07, 2017 10:00:55 AM com.google.cloud.sql.mysql.SslSocketFactory getInstanceSslInfo

I am able to connect directly using the mysql client but not from my JVM (clojure) app.

Thanks,

Trevor

[Vadim Berezniker]

Please include the full stack trace from the exception. 

Without seeing the exception cause, it's hard to say what happened.

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-d...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/8ba44aff-a3e3-4ec2-b68c-32f7e91ab8fc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Trevor Hartman]

 :cause "unable to find valid certification path to requested target"

 :via

 [{:type java.util.concurrent.ExecutionException

   :message "com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Could not create connection to database server."

   :at [java.util.concurrent.FutureTask report "FutureTask.java" 122]}

  {:type com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException

   :message "Could not create connection to database server."

   :at [sun.reflect.GeneratedConstructorAccessor17 newInstance nil -1]}

  {:type java.lang.RuntimeException

   :message "Unable to retrieve information about Cloud SQL instance [myproject:us-central1:mydb-staging]"

   :at [com.google.cloud.sql.mysql.SslSocketFactory obtainInstanceMetadata "SslSocketFactory.java" 417]}

  {:type javax.net.ssl.SSLHandshakeException

   :message "sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

   :at [sun.security.ssl.Alerts getSSLException "Alerts.java" 192]}

  {:type sun.security.validator.ValidatorException

   :message "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

   :at [sun.security.validator.PKIXValidator doBuild "PKIXValidator.java" 387]}

  {:type sun.security.provider.certpath.SunCertPathBuilderException

   :message "unable to find valid certification path to requested target"

   :at [sun.security.provider.certpath.SunCertPathBuilder build "SunCertPathBuilder.java" 141]}]

 :trace

 [[sun.security.provider.certpath.SunCertPathBuilder build "SunCertPathBuilder.java" 141]

  [sun.security.provider.certpath.SunCertPathBuilder engineBuild "SunCertPathBuilder.java" 126]

  [java.security.cert.CertPathBuilder build "CertPathBuilder.java" 280]

  [sun.security.validator.PKIXValidator doBuild "PKIXValidator.java" 382]

  [sun.security.validator.PKIXValidator engineValidate "PKIXValidator.java" 292]

  [sun.security.validator.Validator validate "Validator.java" 260]

  [sun.security.ssl.X509TrustManagerImpl validate "X509TrustManagerImpl.java" 324]

  [sun.security.ssl.X509TrustManagerImpl checkTrusted "X509TrustManagerImpl.java" 229]

  [sun.security.ssl.X509TrustManagerImpl checkServerTrusted "X509TrustManagerImpl.java" 124]

  [sun.security.ssl.ClientHandshaker serverCertificate "ClientHandshaker.java" 1496]

  [sun.security.ssl.ClientHandshaker processMessage "ClientHandshaker.java" 216]

  [sun.security.ssl.Handshaker processLoop "Handshaker.java" 1026]

  [sun.security.ssl.Handshaker process_record "Handshaker.java" 961]

  [sun.security.ssl.SSLSocketImpl readRecord "SSLSocketImpl.java" 1062]

  [sun.security.ssl.SSLSocketImpl performInitialHandshake "SSLSocketImpl.java" 1375]

  [sun.security.ssl.SSLSocketImpl startHandshake "SSLSocketImpl.java" 1403]

  [sun.security.ssl.SSLSocketImpl startHandshake "SSLSocketImpl.java" 1387]

  [sun.net.www.protocol.https.HttpsClient afterConnect "HttpsClient.java" 559]

  [sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection connect "AbstractDelegateHttpsURLConnection.java" 185]

  [sun.net.www.protocol.http.HttpURLConnection getOutputStream0 "HttpURLConnection.java" 1316]

  [sun.net.www.protocol.http.HttpURLConnection getOutputStream "HttpURLConnection.java" 1291]

  [sun.net.www.protocol.https.HttpsURLConnectionImpl getOutputStream "HttpsURLConnectionImpl.java" 250]

  [com.google.api.client.http.javanet.NetHttpRequest execute "NetHttpRequest.java" 77]

  [com.google.api.client.http.HttpRequest execute "HttpRequest.java" 981]

  [com.google.api.client.auth.oauth2.TokenRequest executeUnparsed "TokenRequest.java" 283]

  [com.google.api.client.auth.oauth2.TokenRequest execute "TokenRequest.java" 307]

  [com.google.api.client.googleapis.auth.oauth2.GoogleCredential executeRefreshToken "GoogleCredential.java" 384]

  [com.google.api.client.auth.oauth2.Credential refreshToken "Credential.java" 489]

  [com.google.api.client.auth.oauth2.Credential intercept "Credential.java" 217]

  [com.google.api.client.http.HttpRequest execute "HttpRequest.java" 868]

  [com.google.api.client.googleapis.services.AbstractGoogleClientRequest executeUnparsed "AbstractGoogleClientRequest.java" 419]

  [com.google.api.client.googleapis.services.AbstractGoogleClientRequest executeUnparsed "AbstractGoogleClientRequest.java" 352]

  [com.google.api.client.googleapis.services.AbstractGoogleClientRequest execute "AbstractGoogleClientRequest.java" 469]

  [com.google.cloud.sql.mysql.SslSocketFactory obtainInstanceMetadata "SslSocketFactory.java" 370]

  [com.google.cloud.sql.mysql.SslSocketFactory fetchInstanceSslInfo "SslSocketFactory.java" 282]

  [com.google.cloud.sql.mysql.SslSocketFactory getInstanceSslInfo "SslSocketFactory.java" 262]

  [com.google.cloud.sql.mysql.SslSocketFactory createAndConfigureSocket "SslSocketFactory.java" 181]

  [com.google.cloud.sql.mysql.SslSocketFactory create "SslSocketFactory.java" 150]

  [com.google.cloud.sql.mysql.SocketFactory connect "SocketFactory.java" 47]

  [com.mysql.jdbc.MysqlIO <init> "MysqlIO.java" 305]

  [com.mysql.jdbc.ConnectionImpl coreConnect "ConnectionImpl.java" 2479]

  [com.mysql.jdbc.ConnectionImpl connectOneTryOnly "ConnectionImpl.java" 2516]

  [com.mysql.jdbc.ConnectionImpl createNewIO "ConnectionImpl.java" 2301]

  [com.mysql.jdbc.ConnectionImpl <init> "ConnectionImpl.java" 834]

  [com.mysql.jdbc.JDBC4Connection <init> "JDBC4Connection.java" 47]

  [sun.reflect.NativeConstructorAccessorImpl newInstance0 "NativeConstructorAccessorImpl.java" -2]

  [sun.reflect.NativeConstructorAccessorImpl newInstance "NativeConstructorAccessorImpl.java" 62]

  [sun.reflect.DelegatingConstructorAccessorImpl newInstance "DelegatingConstructorAccessorImpl.java" 45]

  [java.lang.reflect.Constructor newInstance "Constructor.java" 423]

  [com.mysql.jdbc.Util handleNewInstance "Util.java" 411]

  [com.mysql.jdbc.ConnectionImpl getInstance "ConnectionImpl.java" 416]

  [com.mysql.jdbc.NonRegisteringDriver connect "NonRegisteringDriver.java" 317]

  [org.apache.tomcat.jdbc.pool.PooledConnection connectUsingDriver "PooledConnection.java" 266]

  [org.apache.tomcat.jdbc.pool.PooledConnection connect "PooledConnection.java" 175]

  [org.apache.tomcat.jdbc.pool.ConnectionPool createConnection "ConnectionPool.java" 684]

  [org.apache.tomcat.jdbc.pool.ConnectionPool borrowConnection "ConnectionPool.java" 616]

  [org.apache.tomcat.jdbc.pool.ConnectionPool init "ConnectionPool.java" 479]

  [org.apache.tomcat.jdbc.pool.ConnectionPool <init> "ConnectionPool.java" 135]

  [org.apache.tomcat.jdbc.pool.DataSourceProxy pCreatePool "DataSourceProxy.java" 114]

  [org.apache.tomcat.jdbc.pool.DataSourceProxy createPool "DataSourceProxy.java" 101]

  [org.apache.tomcat.jdbc.pool.DataSourceProxy getConnection "DataSourceProxy.java" 125]

  [datomic.sql$connect invokeStatic "sql.clj" 16]

  [datomic.sql$connect invoke "sql.clj" 13]

  [datomic.kv_sql_ext$try_validation_query invokeStatic "kv_sql_ext.clj" 47]

  [datomic.kv_sql_ext$try_validation_query invoke "kv_sql_ext.clj" 42]

  [datomic.kv_sql_ext$fn__8020 invokeStatic "kv_sql_ext.clj" 76]

  [datomic.kv_sql_ext$fn__8020 invoke "kv_sql_ext.clj" 60]

  [clojure.lang.AFn applyToHelper "AFn.java" 154]

  [clojure.lang.AFn applyTo "AFn.java" 144]

  [clojure.core$apply invokeStatic "core.clj" 657]

  [clojure.core$memoize$fn__7869 doInvoke "core.clj" 6235]

  [clojure.lang.RestFn invoke "RestFn.java" 408]

  [datomic.kv_sql_ext$cluster_conf__GT_spec invokeStatic "kv_sql_ext.clj" 82]

  [datomic.kv_sql_ext$cluster_conf__GT_spec invoke "kv_sql_ext.clj" 79]

  [datomic.kv_sql_ext$kv_sql invokeStatic "kv_sql_ext.clj" 91]

  [datomic.kv_sql_ext$kv_sql invoke "kv_sql_ext.clj" 90]

  [clojure.lang.AFn applyToHelper "AFn.java" 154]

  [clojure.lang.AFn applyTo "AFn.java" 144]

  [clojure.lang.Var applyTo "Var.java" 700]

  [clojure.core$apply invokeStatic "core.clj" 657]

  [clojure.core$apply invoke "core.clj" 652]

  [datomic.require$require_and_run invokeStatic "require.clj" 22]

  [datomic.require$require_and_run doInvoke "require.clj" 17]

  [clojure.lang.RestFn invoke "RestFn.java" 423]

  [datomic.coordination_ext$fn__8340$fn__8341 invoke "coordination_ext.clj" 79]

  [clojure.lang.Atom swap "Atom.java" 37]

  [clojure.core$swap_BANG_ invokeStatic "core.clj" 2342]

  [clojure.core$swap_BANG_ invoke "core.clj" 2335]

  [datomic.coordination_ext$fn__8340 invokeStatic "coordination_ext.clj" 75]

  [datomic.coordination_ext$fn__8340 invoke "coordination_ext.clj" 68]

  [clojure.lang.MultiFn invoke "MultiFn.java" 229]

  [datomic.coordination$create_system_cluster invokeStatic "coordination.clj" 92]

  [datomic.coordination$create_system_cluster invoke "coordination.clj" 88]

  [datomic.coordination$cluster_conf__GT_resolved_conf invokeStatic "coordination.clj" 160]

  [datomic.coordination$cluster_conf__GT_resolved_conf invoke "coordination.clj" 152]

  [datomic.cache$fn$reify__3426 valAt "cache.clj" 342]

  [clojure.lang.RT get "RT.java" 777]

  [datomic.cache$lookup_cache$reify__3423 valAt "cache.clj" 287]

  [datomic.cache$lookup_cache$reify__3423 valAt "cache.clj" 280]

  [clojure.lang.RT get "RT.java" 750]

  [datomic.connector$resolve_name invokeStatic "connector.clj" 71]

  [datomic.connector$resolve_name invoke "connector.clj" 66]

  [datomic.peer$get_connection$fn__9230 invoke "peer.clj" 670]

  [datomic.peer$get_connection invokeStatic "peer.clj" 667]

  [datomic.peer$get_connection invoke "peer.clj" 664]

  [datomic.peer$connect_uri invokeStatic "peer.clj" 749]

  [datomic.peer$connect_uri invoke "peer.clj" 741]

  [clojure.lang.Var invoke "Var.java" 379]

  [datomic.Peer connect "Peer.java" 106]

  [datomic.api$connect invokeStatic "api.clj" 15]

  [datomic.api$connect invoke "api.clj" 13]

  [ccm.db.manage$conn invokeStatic "manage.clj" 30]

  [ccm.db.manage$conn invoke "manage.clj" 26]

  [ccm.db.manage$conn invokeStatic "manage.clj" 29]

  [ccm.db.manage$conn invoke "manage.clj" 26]

  [ccm.db.manage$eval48028 invokeStatic "form-init5282699826905750771.clj" 1]

  [ccm.db.manage$eval48028 invoke "form-init5282699826905750771.clj" 1]

  [clojure.lang.Compiler eval "Compiler.java" 6978]

  [clojure.lang.Compiler eval "Compiler.java" 6941]

  [clojure.core$eval invokeStatic "core.clj" 3187]

  [clojure.core$eval invoke "core.clj" 3183]

  [clojure.main$repl$read_eval_print__9945$fn__9948 invoke "main.clj" 242]

  [clojure.main$repl$read_eval_print__9945 invoke "main.clj" 242]

  [clojure.main$repl$fn__9954 invoke "main.clj" 260]

  [clojure.main$repl invokeStatic "main.clj" 260]

  [clojure.main$repl doInvoke "main.clj" 176]

  [clojure.lang.RestFn invoke "RestFn.java" 1523]

  [clojure.tools.nrepl.middleware.interruptible_eval$evaluate$fn__25332 invoke "interruptible_eval.clj" 87]

  [clojure.lang.AFn applyToHelper "AFn.java" 152]

  [clojure.lang.AFn applyTo "AFn.java" 144]

  [clojure.core$apply invokeStatic "core.clj" 657]

  [clojure.core$with_bindings_STAR_ invokeStatic "core.clj" 1963]

  [clojure.core$with_bindings_STAR_ doInvoke "core.clj" 1963]

  [clojure.lang.RestFn invoke "RestFn.java" 425]

  [clojure.tools.nrepl.middleware.interruptible_eval$evaluate invokeStatic "interruptible_eval.clj" 85]

  [clojure.tools.nrepl.middleware.interruptible_eval$evaluate invoke "interruptible_eval.clj" 55]

  [clojure.tools.nrepl.middleware.interruptible_eval$interruptible_eval$fn__25377$fn__25380 invoke "interruptible_eval.clj" 222]

  [clojure.tools.nrepl.middleware.interruptible_eval$run_next$fn__25372 invoke "interruptible_eval.clj" 190]

  [clojure.lang.AFn run "AFn.java" 22]

  [java.util.concurrent.ThreadPoolExecutor runWorker "ThreadPoolExecutor.java" 1142]

  [java.util.concurrent.ThreadPoolExecutor$Worker run "ThreadPoolExecutor.java" 617]

  [java.lang.Thread run "Thread.java" 745]]}

To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsub...@googlegroups.com.

[Vadim Berezniker]

Interesting, haven't seen that one before. It seems to indicate a problem setting up certificates within the library.

Are you running the app with the same JVM as the getting-started app? Which JVM are you using?

Would you be able to create a small self-contained repro clojure app?

To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-d...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/8ba44aff-a3e3-4ec2-b68c-32f7e91ab8fc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.

To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-d...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/7e14a5a7-7757-4643-b898-13addd2689bd%40googlegroups.com.

[Trevor Hartman]

Are you running the app with the same JVM as the getting-started app?

No, separate JVM.

Which JVM are you using?

java version "1.8.0_121"

Java(TM) SE Runtime Environment (build 1.8.0_121-b13)

Java HotSpot(TM) 64-Bit Server VM (build 25.121-b13, mixed mode)

Would you be able to create a small self-contained repro clojure app?

This might be difficult. The database is Datomic using Cloud SQL as its backing store.

Not sure if it's relevant but I am setting system properties javax.net.ssl.trustStore and Djavax.net.ssl.trustStorePassword to use my own custom trustStore. Would that conflict?

Thanks,

Trevor

You received this message because you are subscribed to a topic in the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-cloud-sql-discuss/qThO29dhsTo/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-cloud-sql-d...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/CABDU3p03TwbwOupyfueGvFRe59XbLbVTJpxGgGp6oY%3DuSkOykA%40mail.gmail.com.

[Vadim Berezniker]

I would not expect those flags to make a difference since the library manages its own stores... but you never know.

Are you able to to do a test run w/o specifying those ssl flags to see if it makes a difference?

To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/CAN6ZE98X1MLFE7SouWvB4AQh-5ZnG38DYanZ4%2Bj5V_mqF9jC%2BA%40mail.gmail.com.

[Trevor Hartman]

Removing trustStore allowed it to work.

I also had to adjust my jdbc connection string (specifying user and password params at the end).

This might be problematic though since I needed to configure the trustStore to trust my self-signed certs in order connect to the Datomic transactor. Any ideas?

To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/CABDU3p0iuQNoA6v6n8ZHG97dutaPoGi2OOYQJO1rgsuNf%2BdWFA%40mail.gmail.com.

[Vadim Berezniker]

I've opened https://github.com/GoogleCloudPlatform/cloud-sql-mysql-socket-factory/issues/33, but I can't make any promises about when we can look at it.

The library sets up its own trustStore so I'm surprised that changing JVM settings breaks the library.

We need to figure out how those flags affect the custom trust store and whether we can have it not be affected by those flags.

To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/CAN6ZE9_Uns3mRVGvq66JnWnnpkZSFC2RA7u5Yr-tjaWHZEaJxg%40mail.gmail.com.