Cipher in multihreaded environments
Hi,
I have short question because I didn't find an anwser yet.
Is the Cipher I use to encrypt/decrypt multithreading-safe?
I ask this because I want to use it in a web-environment.
I have something like this:
public class Whatever {
// Are these to fields Thread safe?
private static Cipher cipherEncrypt;
private static Cipher cipherDecrypt;
private static Key key = new SecretKeySpec("donttell".getBytes(), "DES");
private static boolean initialised = false;
private void initialise() {
if (!initialised) {
synchronized (ImmonetCookie.class) {
if (!initialised) {
try {
cipherEncrypt = Cipher.getInstance("DES"); // This one is very expensive, so we try to avoid it for every user
cipherEncrypt.init(Cipher.ENCRYPT_MODE, key);
cipherDecrypt = Cipher.getInstance("DES");
cipherDecrypt.init(Cipher.DECRYPT_MODE, key);
catch (Exception ex) {
logger.error("..", ex);
initialised = true;
protected String encryptValue(String value) {
ByteArrayOutputStream output = new ByteArrayOutputStream();
// Here we use the cipher ..
CipherOutputStream cos = new CipherOutputStream(output, cipherEncrypt);
try {
cos.write(value.getBytes());
cos.close();
catch (IOException e) {
logger.error("..", e);
return null;
return new String(Base64.encodeBase64(output.toByteArray()));
protected String decryptValue(String value) {
ByteArrayInputStream input = new ByteArrayInputStream(Base64.decodeBase64(value.getBytes()));
// .. and here we use the cipher
CipherInputStream cis = new CipherInputStream(input, cipherDecrypt);
BufferedReader reader = new BufferedReader(new InputStreamReader(cis));
try {
StringBuffer buffer = new StringBuffer();
String next = reader.readLine();
while (next != null) {
buffer.append(next);
next = reader.readLine();
reader.close();
return buffer.toString();
catch (IOException e) {
logger.error("..", e);
return null;
}
Cipher keeps internal state between init, update, and doFinal time. I suspect that what you're doing here will fail horribly.
And why do you think that Cipher.getInstance("DES") is so awful? The very first time you do it, ever, I suspect it will be,
because I think that's when SecureRandom gets initialized. After that, though, Cipher.getInstance() isn't a big deal.Thanks Grant, this are the information I was searching for. You're right, the getInstance was just the first time very slow,
(Also, if you throw an exception trying to initialize your Ciphers, you -still- set "initialised" to true. This will break the rest of your app, because it will keep trying to use null Ciphers.)
(Your key, btw, is pretty dismal. There are ways of generating reasonable keys from human-readable passwords - a straight getBytes() isn't one of them.)
(And why are you using DES? Ew. AES is actually secure - nowadays, DES is considered so broken that you might almost just as well use plaintext.)Also thanks a lot for your additional useful information, I will dig into it and take it to heart.
Regards
Daniel
Similar Messages
-
Best practice to move things between various environments in SharePoint 2013
Hi All SharePoint Gurus!! - I was using SP deployment wizard to move Sites/lists/libraries/items etc. using SP Deployment Wizard (spdeploymentwizard.codeplex.com) in SP 2010. We just upgraded to SP 2013. I have few Lists and Libraries that I need to push
into the Staging 2013 and Production 2013 environment from Development 2013 environment. SP Deployment Wizard is throwing error right from the startup. I checked SP 2013 provides granular backups but is restricted to Lists/Library level. Could anybody
let me know if SP Deployment Wizard works for 2013? I love that tool. Also, Whats the best practice to move things between various environments?
Regards,
Khushi
KhushiHi Khushi,
I want to let you know that we built
SharePoint Migration tool
MetaVis Migrator that can copy and migrate to and from on-premise or hosted SharePoint sites. The tool can copy entire
sites with sub-site hierarchies, content types, fields, lists, list views, documents, items with attachments, look and feel elements, permissions, groups and other objects - all together on at any level of granularity (for
example, just lists or just list views or selected items). The tool preserves created / modified properties, all metadata and versions. It looks like Windows Explorer with copy/paste and drag-n-drop functions so it is easy to learn. It does not require any
server side installations so you can do everything using your computer or any other server. The tool can copy the complete sites or just individual lists or even selected items. The tool also supports incremental or delta copy based on the previous migrations.
The tool also includes Pre-Migration Analysis that helps to identify customizations.
Free trial is available:
http://www.metavistech.com . Feel free to contact us.
Good luck with your migration project,
Mark -
CBO generating different plans for the same data in similar Environments
Hi All
I have been trying to compare an SQL from 2 different but similar environments build of the same hardware specs .The issue I am facing is environment A, the query executes in less than 2 minutes with plan mostly showing full table scans and hash join whereas in environment B(problematic), it times out after 2 hours with an error of unable to extend table space . The statistics are up to date in both environments for both tables and indexes . System parameters are exactly similar(default oracle for except for multiblock_read_count ).
Both Environment have same db parameter for db_file_multiblock_read_count(16), optimizer(refer below),hash_area_size (131072),pga_aggregate_target(1G),db_block_size(8192) etc . SREADTIM, MREADTIM, CPUSPEED, MBRC are all null in aux_stats in both environment because workload was never collected i believe.
Attached is details about the SQL with table stats, SQL and index stats my main concern is CBO generating different plans for the similar data and statistics and same hardware and software specs. Is there any thing else I should consider .I generally see environment B being very slow and always plans tend to nested loops and index scan whereas what we really need is a sensible FTS in many cases. One of the very surprising thing is METER_CONFIG_HEADER below which has just 80 blocks of data is being asked for index scan.
show parameter optimizer
optimizer_dynamic_sampling integer 2
optimizer_features_enable string 10.2.0.4
optimizer_index_caching integer 0
optimizer_index_cost_adj integer 100
optimizer_mode string ALL_ROWS
optimizer_secure_view_merging boolean TRUE
**Environment**
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bi
PL/SQL Release 10.2.0.4.0 - Production
CORE 10.2.0.4.0 Production
TNS for Solaris: Version 10.2.0.4.0 - Production
NLSRTL Version 10.2.0.4.0 - Production
Note: : There are slight difference in the no of records in the attached sheet.However, I wanted to tell that i have tested with exact same data and was getting similar results but I couldn't retain the data untill collecting the details in the attachment
TEST1 COMPARE TABLE LEVE STATS used by CBO
ENVIRONMENT A
TABLE_NAME NUM_ROWS BLOCKS LAST_ANALYZED
ASSET 3607425 167760 5/02/2013 22:11
METER_CONFIG_HEADER 3658 80 5/01/2013 0:07
METER_CONFIG_ITEM 32310 496 5/01/2013 0:07
NMI 1899024 33557 18/02/2013 10:55
REGISTER 4830153 101504 18/02/2013 9:57
SDP_LOGICAL_ASSET 1607456 19137 18/02/2013 15:48
SDP_LOGICAL_REGISTER 5110781 78691 18/02/2013 9:56
SERVICE_DELIVERY_POINT 1425890 42468 18/02/2013 13:54
ENVIRONMENT B
TABLE_NAME NUM_ROWS BLOCKS LAST_ANALYZED
ASSET 4133939 198570 16/02/2013 10:02
METER_CONFIG_HEADER 3779 80 16/02/2013 10:55
METER_CONFIG_ITEM 33720 510 16/02/2013 10:55
NMI 1969000 33113 16/02/2013 10:58
REGISTER 5837874 120104 16/02/2013 11:05
SDP_LOGICAL_ASSET 1788152 22325 16/02/2013 11:06
SDP_LOGICAL_REGISTER 6101934 91088 16/02/2013 11:07
SERVICE_DELIVERY_POINT 1447589 43804 16/02/2013 11:11
TEST ITEM 2 COMPARE INDEX STATS used by CBO
ENVIRONMENT A
TABLE_NAME INDEX_NAME UNIQUENESS BLEVEL LEAF_BLOCKS DISTINCT_KEYS AVG_LEAF_BLOCKS_PER_KEY AVG_DATA_BLOCKS_PER_KEY CLUSTERING_FACTOR NUM_ROWS
ASSET IDX_AST_DEVICE_CATEGORY_SK NONUNIQUE 2 9878 67 147 12982 869801 3553095
ASSET IDX_A_SAPINTLOGDEV_SK NONUNIQUE 2 7291 2747 2 639 1755977 3597916
ASSET SYS_C00102592 UNIQUE 2 12488 3733831 1 1 3726639 3733831
METER_CONFIG_HEADER SYS_C0092052 UNIQUE 1 12 3670 1 1 3590 3670
METER_CONFIG_ITEM SYS_C0092074 UNIQUE 1 104 32310 1 1 32132 32310
NMI IDX_NMI_ID NONUNIQUE 2 6298 844853 1 2 1964769 1965029
NMI IDX_NMI_ID_NK NONUNIQUE 2 6701 1923072 1 1 1922831 1923084
NMI IDX_NMI_STATS NONUNIQUE 1 106 4 26 52 211 211
REGISTER REG_EFFECTIVE_DTM NONUNIQUE 2 12498 795 15 2899 2304831 4711808
REGISTER SYS_C00102653 UNIQUE 2 16942 5065660 1 1 5056855 5065660
SDP_LOGICAL_ASSET IDX_SLA_SAPINTLOGDEV_SK NONUNIQUE 2 3667 1607968 1 1 1607689 1607982
SDP_LOGICAL_ASSET IDX_SLA_SDP_SK NONUNIQUE 2 3811 668727 1 2 1606204 1607982
SDP_LOGICAL_ASSET SYS_C00102665 UNIQUE 2 5116 1529606 1 1 1528136 1529606
SDP_LOGICAL_REGISTER SYS_C00102677 UNIQUE 2 17370 5193638 1 1 5193623 5193638
SERVICE_DELIVERY_POINT IDX_SDP_NMI_SK NONUNIQUE 2 4406 676523 1 2 1423247 1425890
SERVICE_DELIVERY_POINT IDX_SDP_SAP_INT_NMI_SK NONUNIQUE 2 7374 676523 1 2 1458238 1461108
SERVICE_DELIVERY_POINT SYS_C00102687 UNIQUE 2 4737 1416207 1 1 1415022 1416207
ENVIRONMENT B
TABLE_NAME INDEX_NAME UNIQUENESS BLEVEL LEAF_BLOCKS DISTINCT_KEYS AVG_LEAF_BLOCKS_PER_KEY AVG_DATA_BLOCKS_PER_KEY CLUSTERING_FACTOR NUM_ROWS
ASSET IDX_AST_DEVICE_CATEGORY_SK NONUNIQUE 2 8606 121 71 16428 1987833 4162257
ASSET IDX_A_SAPINTLOGDEV_SK NONUNIQUE 2 8432 1780146 1 1 2048170 4162257
ASSET SYS_C00116157 UNIQUE 2 13597 4162263 1 1 4158759 4162263
METER_CONFIG_HEADER SYS_C00116570 UNIQUE 1 12 3779 1 1 3734 3779
METER_CONFIG_ITEM SYS_C00116592 UNIQUE 1 107 33720 1 1 33459 33720
NMI IDX_NMI_ID NONUNIQUE 2 6319 683370 1 2 1970460 1971313
NMI IDX_NMI_ID_NK NONUNIQUE 2 6597 1971293 1 1 1970771 1971313
NMI IDX_NMI_STATS NONUNIQUE 1 98 48 2 4 196 196
REGISTER REG_EFFECTIVE_DTM NONUNIQUE 2 15615 1273 12 2109 2685924 5886582
REGISTER SYS_C00116748 UNIQUE 2 19533 5886582 1 1 5845565 5886582
SDP_LOGICAL_ASSET IDX_SLA_SAPINTLOGDEV_SK NONUNIQUE 2 4111 1795084 1 1 1758441 1795130
SDP_LOGICAL_ASSET IDX_SLA_SDP_SK NONUNIQUE 2 4003 674249 1 2 1787987 1795130
SDP_LOGICAL_ASSET SYS_C004520 UNIQUE 2 5864 1795130 1 1 1782147 1795130
SDP_LOGICAL_REGISTER SYS_C004539 UNIQUE 2 20413 6152850 1 1 6073059 6152850
SERVICE_DELIVERY_POINT IDX_SDP_NMI_SK NONUNIQUE 2 3227 660649 1 2 1422572 1447803
SERVICE_DELIVERY_POINT IDX_SDP_SAP_INT_NMI_SK NONUNIQUE 2 6399 646257 1 2 1346948 1349993
SERVICE_DELIVERY_POINT SYS_C00128706 UNIQUE 2 4643 1447946 1 1 1442796 1447946
TEST ITEM 3 COMPARE PLANS
ENVIRONMENT A
Plan hash value: 4109575732
| Id | Operation | Name | Rows | Bytes |TempSpc| Cost (%CPU)| Time |
| 0 | SELECT STATEMENT | | 13 | 2067 | | 135K (2)| 00:27:05 |
| 1 | HASH UNIQUE | | 13 | 2067 | | 135K (2)| 00:27:05 |
|* 2 | HASH JOIN | | 13 | 2067 | | 135K (2)| 00:27:05 |
|* 3 | HASH JOIN | | 6 | 900 | | 135K (2)| 00:27:04 |
|* 4 | HASH JOIN ANTI | | 1 | 137 | | 135K (2)| 00:27:03 |
|* 5 | TABLE ACCESS BY INDEX ROWID| NMI | 1 | 22 | | 5 (0)| 00:00:01 |
| 6 | NESTED LOOPS | | 1 | 131 | | 95137 (2)| 00:19:02 |
|* 7 | HASH JOIN | | 1 | 109 | | 95132 (2)| 00:19:02 |
|* 8 | TABLE ACCESS FULL | ASSET | 36074 | 1021K| | 38553 (2)| 00:07:43 |
|* 9 | HASH JOIN | | 90361 | 7059K| 4040K| 56578 (2)| 00:11:19 |
|* 10 | HASH JOIN | | 52977 | 3414K| 2248K| 50654 (2)| 00:10:08 |
|* 11 | HASH JOIN | | 39674 | 1782K| | 40101 (2)| 00:08:02 |
|* 12 | TABLE ACCESS FULL | REGISTER | 39439 | 1232K| | 22584 (2)| 00:04:32 |
|* 13 | TABLE ACCESS FULL | SDP_LOGICAL_REGISTER | 4206K| 56M| | 17490 (2)| 00:03:30 |
|* 14 | TABLE ACCESS FULL | SERVICE_DELIVERY_POINT | 675K| 12M| | 9412 (2)| 00:01:53 |
|* 15 | TABLE ACCESS FULL | SDP_LOGICAL_ASSET | 1178K| 15M| | 4262 (2)| 00:00:52 |
|* 16 | INDEX RANGE SCAN | IDX_NMI_ID_NK | 2 | | | 2 (0)| 00:00:01 |
| 17 | VIEW | | 39674 | 232K| | 40101 (2)| 00:08:02 |
|* 18 | HASH JOIN | | 39674 | 1046K| | 40101 (2)| 00:08:02 |
|* 19 | TABLE ACCESS FULL | REGISTER | 39439 | 500K| | 22584 (2)| 00:04:32 |
|* 20 | TABLE ACCESS FULL | SDP_LOGICAL_REGISTER | 4206K| 56M| | 17490 (2)| 00:03:30 |
|* 21 | TABLE ACCESS FULL | METER_CONFIG_HEADER | 3658 | 47554 | | 19 (0)| 00:00:01 |
|* 22 | TABLE ACCESS FULL | METER_CONFIG_ITEM | 7590 | 68310 | | 112 (2)| 00:00:02 |
Predicate Information (identified by operation id):
2 - access("METER_CONFIG_HEADER_SK"="METER_CONFIG_HEADER_SK")
3 - access("NETWORK_TARIFF_CD"="NETWORK_TARIFF_CD")
4 - access("SERVICE_DELIVERY_POINT_SK"="TMP"."SERVICE_DELIVERY_POINT_SK")
5 - filter("ROW_CURRENT_IND"='Y' AND ("NMI_STATUS_CD"='A' OR "NMI_STATUS_CD"='D'))
7 - access("ASSET_CD"="EQUIP_CD" AND "SAP_INT_LOG_DEVICE_SK"="SAP_INT_LOG_DEVICE_SK")
8 - filter("ROW_CURRENT_IND"='Y')
9 - access("SERVICE_DELIVERY_POINT_SK"="SERVICE_DELIVERY_POINT_SK")
10 - access("SERVICE_DELIVERY_POINT_SK"="SERVICE_DELIVERY_POINT_SK")
11 - access("SAP_INT_LOGICAL_REGISTER_SK"="SAP_INT_LOGICAL_REGISTER_SK")
12 - filter("REGISTER_TYPE_CD"='C' AND (SUBSTR("REGISTER_ID_CD",1,1)='4' OR
SUBSTR("REGISTER_ID_CD",1,1)='5' OR SUBSTR("REGISTER_ID_CD",1,1)='6') AND "ROW_CURRENT_IND"='Y')
13 - filter("ROW_CURRENT_IND"='Y')
14 - filter("ROW_CURRENT_IND"='Y')
15 - filter("ROW_CURRENT_IND"='Y')
16 - access("NMI_SK"="NMI_SK")
18 - access("SAP_INT_LOGICAL_REGISTER_SK"="SAP_INT_LOGICAL_REGISTER_SK")
19 - filter("REGISTER_TYPE_CD"='C' AND (SUBSTR("REGISTER_ID_CD",1,1)='1' OR
SUBSTR("REGISTER_ID_CD",1,1)='2' OR SUBSTR("REGISTER_ID_CD",1,1)='3') AND "ROW_CURRENT_IND"='Y')
20 - filter("ROW_CURRENT_IND"='Y')
21 - filter("ROW_CURRENT_IND"='Y')
22 - filter("ROW_CURRENT_IND"='Y' AND "CONROL_REGISTER"='X')
ENVIRONMENT B
Plan hash value: 2826260434
| Id | Operation | Name | Rows | Bytes | Cost (%CPU)| Time |
| 0 | SELECT STATEMENT | | 1 | 181 | 103K (2)| 00:20:47 |
| 1 | HASH UNIQUE | | 1 | 181 | 103K (2)| 00:20:47 |
|* 2 | HASH JOIN ANTI | | 1 | 181 | 103K (2)| 00:20:47 |
|* 3 | HASH JOIN | | 1 | 176 | 56855 (2)| 00:11:23 |
|* 4 | HASH JOIN | | 1 | 163 | 36577 (2)| 00:07:19 |
|* 5 | TABLE ACCESS BY INDEX ROWID | ASSET | 1 | 44 | 4 (0)| 00:00:01 |
| 6 | NESTED LOOPS | | 1 | 131 | 9834 (2)| 00:01:59 |
| 7 | NESTED LOOPS | | 1 | 87 | 9830 (2)| 00:01:58 |
| 8 | NESTED LOOPS | | 1 | 74 | 9825 (2)| 00:01:58 |
|* 9 | HASH JOIN | | 1 | 52 | 9820 (2)| 00:01:58 |
|* 10 | TABLE ACCESS BY INDEX ROWID| METER_CONFIG_HEADER | 1 | 14 | 1 (0)| 00:00:01 |
| 11 | NESTED LOOPS | | 1 | 33 | 116 (2)| 00:00:02 |
|* 12 | TABLE ACCESS FULL | METER_CONFIG_ITEM | 1 | 19 | 115 (2)| 00:00:02 |
|* 13 | INDEX RANGE SCAN | SYS_C00116570 | 1 | | 1 (0)| 00:00:01 |
|* 14 | TABLE ACCESS FULL | SERVICE_DELIVERY_POINT | 723K| 13M| 9699 (2)| 00:01:57 |
|* 15 | TABLE ACCESS BY INDEX ROWID | NMI | 1 | 22 | 5 (0)| 00:00:01 |
|* 16 | INDEX RANGE SCAN | IDX_NMI_ID_NK | 2 | | 2 (0)| 00:00:01 |
|* 17 | TABLE ACCESS BY INDEX ROWID | SDP_LOGICAL_ASSET | 1 | 13 | 5 (0)| 00:00:01 |
|* 18 | INDEX RANGE SCAN | IDX_SLA_SDP_SK | 2 | | 2 (0)| 00:00:01 |
|* 19 | INDEX RANGE SCAN | IDX_A_SAPINTLOGDEV_SK | 2 | | 2 (0)| 00:00:01 |
|* 20 | TABLE ACCESS FULL | REGISTER | 76113 | 2378K| 26743 (2)| 00:05:21 |
|* 21 | TABLE ACCESS FULL | SDP_LOGICAL_REGISTER | 5095K| 63M| 20245 (2)| 00:04:03 |
| 22 | VIEW | | 90889 | 443K| 47021 (2)| 00:09:25 |
|* 23 | HASH JOIN | | 90889 | 2307K| 47021 (2)| 00:09:25 |
|* 24 | TABLE ACCESS FULL | REGISTER | 76113 | 966K| 26743 (2)| 00:05:21 |
|* 25 | TABLE ACCESS FULL | SDP_LOGICAL_REGISTER | 5095K| 63M| 20245 (2)| 00:04:03 |
Predicate Information (identified by operation id):
2 - access("SERVICE_DELIVERY_POINT_SK"="TMP"."SERVICE_DELIVERY_POINT_SK")
3 - access("SERVICE_DELIVERY_POINT_SK"="SERVICE_DELIVERY_POINT_SK" AND
"SAP_INT_LOGICAL_REGISTER_SK"="SAP_INT_LOGICAL_REGISTER_SK")
4 - access("ASSET_CD"="EQUIP_CD")
5 - filter("ROW_CURRENT_IND"='Y')
9 - access("NETWORK_TARIFF_CD"="NETWORK_TARIFF_CD")
10 - filter("ROW_CURRENT_IND"='Y')
12 - filter("ROW_CURRENT_IND"='Y' AND "CONROL_REGISTER"='X')
13 - access("METER_CONFIG_HEADER_SK"="METER_CONFIG_HEADER_SK")
14 - filter("ROW_CURRENT_IND"='Y')
15 - filter("ROW_CURRENT_IND"='Y' AND ("NMI_STATUS_CD"='A' OR "NMI_STATUS_CD"='D'))
16 - access("NMI_SK"="NMI_SK")
17 - filter("ROW_CURRENT_IND"='Y')
18 - access("SERVICE_DELIVERY_POINT_SK"="SERVICE_DELIVERY_POINT_SK")
19 - access("SAP_INT_LOG_DEVICE_SK"="SAP_INT_LOG_DEVICE_SK")
20 - filter((SUBSTR("REGISTER_ID_CD",1,1)='4' OR SUBSTR("REGISTER_ID_CD",1,1)='5' OR
SUBSTR("REGISTER_ID_CD",1,1)='6') AND "REGISTER_TYPE_CD"='C' AND "ROW_CURRENT_IND"='Y')
21 - filter("ROW_CURRENT_IND"='Y')
23 - access("SAP_INT_LOGICAL_REGISTER_SK"="SAP_INT_LOGICAL_REGISTER_SK")
24 - filter((SUBSTR("REGISTER_ID_CD",1,1)='1' OR SUBSTR("REGISTER_ID_CD",1,1)='2' OR
SUBSTR("REGISTER_ID_CD",1,1)='3') AND "REGISTER_TYPE_CD"='C' AND "ROW_CURRENT_IND"='Y')
25 - filter("ROW_CURRENT_IND"='Y')Edited by: abhilash173 on Feb 24, 2013 9:16 PM
Edited by: abhilash173 on Feb 24, 2013 9:18 PMHi Paul,
I misread your question initially .The system stats are outdated in both ( same result as seen from aux_stats) .I am not a DBA and do not have access to gather system stats fresh.
select * from sys.aux_stats$
SNAME PNAME PVAL1 PVAL2
SYSSTATS_INFO STATUS NULL COMPLETED
SYSSTATS_INFO DSTART NULL 02-16-2011 15:24
SYSSTATS_INFO DSTOP NULL 02-16-2011 15:24
SYSSTATS_INFO FLAGS 1 NULL
SYSSTATS_MAIN CPUSPEEDNW 1321.20523 NULL
SYSSTATS_MAIN IOSEEKTIM 10 NULL
SYSSTATS_MAIN IOTFRSPEED 4096 NULL
SYSSTATS_MAIN SREADTIM NULL NULL
SYSSTATS_MAIN MREADTIM NULL NULL
SYSSTATS_MAIN CPUSPEED NULL NULL
SYSSTATS_MAIN MBRC NULL NULL
SYSSTATS_MAIN MAXTHR NULL NULL
SYSSTATS_MAIN SLAVETHR NULL NULL -
Increase Performance and ROI for SQL Server Environments
May 2015
Explore
The Buzz from Microsoft Ignite 2015
NetApp was in full force at the recent Microsoft Ignite show in Chicago, talking about solutions for hybrid cloud, and our proven solutions for Microsoft SQL Server and other Microsoft applications.
Hot topics at the NetApp booth included:
OnCommand® Shift. A revolutionary technology that lets you move virtual machines back and forth between VMware and Hyper-V environments in minutes.
Azure Site Recovery to NetApp Private Storage. Replicate on-premises SAN-based applications to NPS for disaster recovery in the Azure cloud.
These tools give you greater flexibility for managing and protecting important business applications.
Chris Lemmons
Director, EIS Technical Marketing, NetApp
If your organization runs databases such as Microsoft SQL Server and Oracle DB, you probably know that these vendors primarily license their products on a "per-core" basis. Microsoft recently switched to "per-core" rather than "per-socket" licensing for SQL Server 2012 and 2014. This change can have a big impact on the total cost of operating a database, especially as core counts on new servers continue to climb. It turns out that the right storage infrastructure can drive down database costs, increase productivity, and put your infrastructure back in balance.
In many customer environments, NetApp has noticed that server CPU utilization is low—often on the order of just 20%. This is usually the result of I/O bottlenecks. Server cores have to sit and wait for I/O from hard disk drives (HDDs). We've been closely studying the impact of all-flash storage on SQL Server environments that use HDD-based storage systems. NetApp® All Flash FAS platform delivers world-class performance for SQL Server plus the storage efficiency, application integration, nondisruptive operations, and data protection of clustered Data ONTAP®, making it ideal for SQL Server environments.
Tests show that All Flash FAS can drive up IOPS and database server CPU utilization by as much as 4x. And with a 95% reduction in latency, you can achieve this level of performance with half as many servers. This reduces the number of servers you need and the number of cores you have to license, driving down costs by 50% or more and paying back your investment in flash in as little as six months.
Figure 1) NetApp All Flash FAS increases CPU utilization on your SQL Server database servers, lowering costs.
Source: NetApp, 2015
Whether you're running one of the newer versions of SQL Server or facing an upgrade of an earlier version, you can't afford not to take a second look at your storage environment.
End of Support for Microsoft SQL Server 2005 is Rapidly Approaching
Microsoft has set the end of extended support for SQL Server 2005 for April 2016—less than a year away. With support for Microsoft Windows 2003 ending in July 2015, time may already be running short.
If you're running Windows Server 2003, new server hardware is almost certainly needed when you upgrade SQL Server. Evaluate your server and storage options now to get costs under control.
Test Methodology
To test the impact of flash on SQL Server performance, we replaced a legacy HDD-based storage system with an All Flash FAS AFF8080 EX. The legacy system was configured with almost 150 HDDs, a typical configuration for HDD storage supporting SQL Server. The AFF8080 EX used just 48 SSDs.
Table 1) Components used in testing.
Test Configuration Components
Details
SQL Server 2014 servers
Fujitsu RX300
Server operating system
Microsoft Windows 2012 R2 Standard Edition
SQL Server database version
Microsoft SQL Server 2014 Enterprise Edition
Processors per server
2 6-core Xeon E5-2630 at 2.30 GHz
Fibre channel network
8Gb FC with multipathing
Storage controller
AFF8080 EX
Data ONTAP version
Clustered Data ONTAP® 8.3.1
Drive number and type
48 SSD
Source: NetApp, 2015
The test configuration consisted of 10 database servers connected through fibre channel to both the legacy storage system and the AFF8080 EX. Each of the 10 servers ran SQL Server 2014 Enterprise Edition.
The publicly available HammerDB workload generator was used to drive an OLTP-like workload simultaneously from each of the 10 database servers to storage. We first directed the workload to the legacy storage array to establish a baseline, increasing the load to the point where read latency consistently exceeded 20ms.
That workload was then directed at the AFF8080 EX. The change in storage resulted in an overall 20x reduction in read latency, a greater than 4x improvement in IOPS, and a greater than 4x improvement in database server CPU utilization.
Figure 2) NetApp All Flash FAS increases IOPS and server CPU utilization and lowers latency.
Source: NetApp, 2015
In other words, the database servers are able to process four times as many IOPS with dramatically lower latency. CPU utilization goes up accordingly because the servers are processing 4x the work per unit time.
The All Flash FAS system still had additional headroom under this load.
Calculating the Savings
Let's look at what this performance improvement means for the total cost of running SQL Server 2014 over a 3-year period. To do the analysis we used NetApp Realize, a storage modeling and financial analysis tool designed to help quantify the value of NetApp solutions and products. NetApp sales teams and partners use this tool to assist with return on investment (ROI) calculations.
The calculation includes the cost of the AFF8080 EX, eliminates the costs associated with the existing storage system, and cuts the total number of database servers from 10 to five. This reduces SQL Server licensing costs by 50%. The same workload was run with five servers and achieved the same results. ROI analysis is summarized in Table 2.
Table 2) ROI from replacing an HDD-based storage system with All Flash FAS, thereby cutting server and licensing costs in half.
Value
Analysis Results
ROI
65%
Net present value (NPV)
$950,000
Payback period
six months
Total cost reduction
More than $1 million saved over a 3-year analysis period compared to the legacy storage system
Savings on power, space, and administration
$40,000
Additional savings due to nondisruptive operations benefits (not included in ROI)
$90,000
Source: NetApp, 2015
The takeaway here is that you can replace your existing storage with All Flash FAS and get a big performance bump while substantially reducing your costs, with the majority of the savings derived from the reduction in SQL Server licensing costs.
Replace your existing storage with All Flash FAS and get a big performance bump while substantially reducing your costs.
Maximum SQL Server 2014 Performance
In addition to the ROI analysis, we also measured the maximum performance of the AFF8080 EX with SQL Server 2014. A load-generation tool was used to simulate an industry-standard TPC-E OLTP workload against an SQL Server 2014 test configuration.
A two-node AFF8080 EX achieved a maximum throughput of 322K IOPS at just over 1ms latency. For all points other than the maximum load point, latency was consistently under 1ms and remained under 0.8ms up to 180K IOPS.
Data Reduction and Storage Efficiency
In addition to performance testing, we looked at the overall storage efficiency savings of our SQL Server database implementation. The degree of compression that can be achieved is dependent on the actual data that is written and stored in the database. For this environment, inline compression was effective. Deduplication, as is often the case in database environments, provided little additional storage savings and was not enabled.
For the test data used in the maximum performance test, we measured a compression ratio of 1.5:1. We also tested inline compression on a production SQL Server 2014 data set to further validate these results and saw a 1.8:1 compression ratio.
Space-efficient NetApp Snapshot® copies provide additional storage efficiency benefits for database environments. Unlike snapshot methods that use copy-on-write, there is no performance penalty; unlike full mirror copies, NetApp Snapshot copies use storage space sparingly. Snapshot copies only consume a small amount of storage space for metadata and additional incremental space is consumed as block-level changes occur. In a typical real-world SQL Server deployment on NetApp storage, database volume Snapshot copies are made every two hours.
First introduced more than 10 years ago, NetApp FlexClone® technology also plays an important role in SQL Server environments. Clones are fully writable, and, similar to Snapshot copies, only consume incremental storage capacity. With FlexClone, you can create as many copies of production data as you need for development and test, reporting, and so on. Cloning is a great way to support the development and test work needed when upgrading from an earlier version of SQL Server. You'll sometimes see these types of capabilities referred to as "copy data management."
A Better Way to Run Enterprise Applications
The performance benefits that all-flash storage can deliver for database environments are significant: more IOPS, lower latency, and an end to near-constant performance tuning.
If you think the performance acceleration that comes with all-flash storage is cost prohibitive, think again. All Flash FAS doesn't just deliver a performance boost, it changes the economics of your operations, paying for itself with thousands in savings on licensing and server costs. In terms of dollars per IOPS, All Flash FAS is extremely economical relative to HDD.
And, because All Flash FAS runs NetApp clustered Data ONTAP, it delivers the most complete environment to support SQL Server and all your enterprise applications with capabilities that include comprehensive storage efficiency, integrated data protection, and deep integration for your applications.
For complete details on this testing look for NetApp TR-4303, which will be available in a few weeks. Stay tuned to Tech OnTap for more information as NetApp continues to run benchmarks with important server workloads including Oracle DB and server virtualization.
Learn more about NetApp solutions for SQL Server and NetApp All-flash solutions.
Quick Links
Tech OnTap Community
Archive
PDFMay 2015
Explore
The Buzz from Microsoft Ignite 2015
NetApp was in full force at the recent Microsoft Ignite show in Chicago, talking about solutions for hybrid cloud, and our proven solutions for Microsoft SQL Server and other Microsoft applications.
Hot topics at the NetApp booth included:
OnCommand® Shift. A revolutionary technology that lets you move virtual machines back and forth between VMware and Hyper-V environments in minutes.
Azure Site Recovery to NetApp Private Storage. Replicate on-premises SAN-based applications to NPS for disaster recovery in the Azure cloud.
These tools give you greater flexibility for managing and protecting important business applications.
Chris Lemmons
Director, EIS Technical Marketing, NetApp
If your organization runs databases such as Microsoft SQL Server and Oracle DB, you probably know that these vendors primarily license their products on a "per-core" basis. Microsoft recently switched to "per-core" rather than "per-socket" licensing for SQL Server 2012 and 2014. This change can have a big impact on the total cost of operating a database, especially as core counts on new servers continue to climb. It turns out that the right storage infrastructure can drive down database costs, increase productivity, and put your infrastructure back in balance.
In many customer environments, NetApp has noticed that server CPU utilization is low—often on the order of just 20%. This is usually the result of I/O bottlenecks. Server cores have to sit and wait for I/O from hard disk drives (HDDs). We've been closely studying the impact of all-flash storage on SQL Server environments that use HDD-based storage systems. NetApp® All Flash FAS platform delivers world-class performance for SQL Server plus the storage efficiency, application integration, nondisruptive operations, and data protection of clustered Data ONTAP®, making it ideal for SQL Server environments.
Tests show that All Flash FAS can drive up IOPS and database server CPU utilization by as much as 4x. And with a 95% reduction in latency, you can achieve this level of performance with half as many servers. This reduces the number of servers you need and the number of cores you have to license, driving down costs by 50% or more and paying back your investment in flash in as little as six months.
Figure 1) NetApp All Flash FAS increases CPU utilization on your SQL Server database servers, lowering costs.
Source: NetApp, 2015
Whether you're running one of the newer versions of SQL Server or facing an upgrade of an earlier version, you can't afford not to take a second look at your storage environment.
End of Support for Microsoft SQL Server 2005 is Rapidly Approaching
Microsoft has set the end of extended support for SQL Server 2005 for April 2016—less than a year away. With support for Microsoft Windows 2003 ending in July 2015, time may already be running short.
If you're running Windows Server 2003, new server hardware is almost certainly needed when you upgrade SQL Server. Evaluate your server and storage options now to get costs under control.
Test Methodology
To test the impact of flash on SQL Server performance, we replaced a legacy HDD-based storage system with an All Flash FAS AFF8080 EX. The legacy system was configured with almost 150 HDDs, a typical configuration for HDD storage supporting SQL Server. The AFF8080 EX used just 48 SSDs.
Table 1) Components used in testing.
Test Configuration Components
Details
SQL Server 2014 servers
Fujitsu RX300
Server operating system
Microsoft Windows 2012 R2 Standard Edition
SQL Server database version
Microsoft SQL Server 2014 Enterprise Edition
Processors per server
2 6-core Xeon E5-2630 at 2.30 GHz
Fibre channel network
8Gb FC with multipathing
Storage controller
AFF8080 EX
Data ONTAP version
Clustered Data ONTAP® 8.3.1
Drive number and type
48 SSD
Source: NetApp, 2015
The test configuration consisted of 10 database servers connected through fibre channel to both the legacy storage system and the AFF8080 EX. Each of the 10 servers ran SQL Server 2014 Enterprise Edition.
The publicly available HammerDB workload generator was used to drive an OLTP-like workload simultaneously from each of the 10 database servers to storage. We first directed the workload to the legacy storage array to establish a baseline, increasing the load to the point where read latency consistently exceeded 20ms.
That workload was then directed at the AFF8080 EX. The change in storage resulted in an overall 20x reduction in read latency, a greater than 4x improvement in IOPS, and a greater than 4x improvement in database server CPU utilization.
Figure 2) NetApp All Flash FAS increases IOPS and server CPU utilization and lowers latency.
Source: NetApp, 2015
In other words, the database servers are able to process four times as many IOPS with dramatically lower latency. CPU utilization goes up accordingly because the servers are processing 4x the work per unit time.
The All Flash FAS system still had additional headroom under this load.
Calculating the Savings
Let's look at what this performance improvement means for the total cost of running SQL Server 2014 over a 3-year period. To do the analysis we used NetApp Realize, a storage modeling and financial analysis tool designed to help quantify the value of NetApp solutions and products. NetApp sales teams and partners use this tool to assist with return on investment (ROI) calculations.
The calculation includes the cost of the AFF8080 EX, eliminates the costs associated with the existing storage system, and cuts the total number of database servers from 10 to five. This reduces SQL Server licensing costs by 50%. The same workload was run with five servers and achieved the same results. ROI analysis is summarized in Table 2.
Table 2) ROI from replacing an HDD-based storage system with All Flash FAS, thereby cutting server and licensing costs in half.
Value
Analysis Results
ROI
65%
Net present value (NPV)
$950,000
Payback period
six months
Total cost reduction
More than $1 million saved over a 3-year analysis period compared to the legacy storage system
Savings on power, space, and administration
$40,000
Additional savings due to nondisruptive operations benefits (not included in ROI)
$90,000
Source: NetApp, 2015
The takeaway here is that you can replace your existing storage with All Flash FAS and get a big performance bump while substantially reducing your costs, with the majority of the savings derived from the reduction in SQL Server licensing costs.
Replace your existing storage with All Flash FAS and get a big performance bump while substantially reducing your costs.
Maximum SQL Server 2014 Performance
In addition to the ROI analysis, we also measured the maximum performance of the AFF8080 EX with SQL Server 2014. A load-generation tool was used to simulate an industry-standard TPC-E OLTP workload against an SQL Server 2014 test configuration.
A two-node AFF8080 EX achieved a maximum throughput of 322K IOPS at just over 1ms latency. For all points other than the maximum load point, latency was consistently under 1ms and remained under 0.8ms up to 180K IOPS.
Data Reduction and Storage Efficiency
In addition to performance testing, we looked at the overall storage efficiency savings of our SQL Server database implementation. The degree of compression that can be achieved is dependent on the actual data that is written and stored in the database. For this environment, inline compression was effective. Deduplication, as is often the case in database environments, provided little additional storage savings and was not enabled.
For the test data used in the maximum performance test, we measured a compression ratio of 1.5:1. We also tested inline compression on a production SQL Server 2014 data set to further validate these results and saw a 1.8:1 compression ratio.
Space-efficient NetApp Snapshot® copies provide additional storage efficiency benefits for database environments. Unlike snapshot methods that use copy-on-write, there is no performance penalty; unlike full mirror copies, NetApp Snapshot copies use storage space sparingly. Snapshot copies only consume a small amount of storage space for metadata and additional incremental space is consumed as block-level changes occur. In a typical real-world SQL Server deployment on NetApp storage, database volume Snapshot copies are made every two hours.
First introduced more than 10 years ago, NetApp FlexClone® technology also plays an important role in SQL Server environments. Clones are fully writable, and, similar to Snapshot copies, only consume incremental storage capacity. With FlexClone, you can create as many copies of production data as you need for development and test, reporting, and so on. Cloning is a great way to support the development and test work needed when upgrading from an earlier version of SQL Server. You'll sometimes see these types of capabilities referred to as "copy data management."
A Better Way to Run Enterprise Applications
The performance benefits that all-flash storage can deliver for database environments are significant: more IOPS, lower latency, and an end to near-constant performance tuning.
If you think the performance acceleration that comes with all-flash storage is cost prohibitive, think again. All Flash FAS doesn't just deliver a performance boost, it changes the economics of your operations, paying for itself with thousands in savings on licensing and server costs. In terms of dollars per IOPS, All Flash FAS is extremely economical relative to HDD.
And, because All Flash FAS runs NetApp clustered Data ONTAP, it delivers the most complete environment to support SQL Server and all your enterprise applications with capabilities that include comprehensive storage efficiency, integrated data protection, and deep integration for your applications.
For complete details on this testing look for NetApp TR-4303, which will be available in a few weeks. Stay tuned to Tech OnTap for more information as NetApp continues to run benchmarks with important server workloads including Oracle DB and server virtualization.
Learn more about NetApp solutions for SQL Server and NetApp All-flash solutions.
Quick Links
Tech OnTap Community
Archive
PDF -
Java Client AUthentication to IIS 5 server throwing no IV for Cipher error
I have trying to do Java client authentication. Got the Certificate from CA and loaded it in server. When I run the JavaClient program I get the
error no IV for Cipher.
I am using JDK 1.5.0_06 and JSSE 1.0.3_03.
Any help is greatly appreciated.
Thanks
Here is the debug report
trustStore is: C:\JTEST\cacerts
trustStore type is : JKS
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=devclient.test.com, OU=Mycompany, O=Second Data Corporation., L=San Francisco, ST=California, C=US
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Algorithm: RSA; Serial number: 0x5b0bf
Valid from Thu Feb 16 06:23:37 PST 2006 until Sat Feb 17 06:23:37 PST 2007
adding as trusted cert:
Subject: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Issuer: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Fri Jun 25 17:19:54 PDT 1999 until Tue Jun 25 17:19:54 PDT 2019
adding as trusted cert:
Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000bf
Valid from Wed May 17 07:01:00 PDT 2000 until Sat May 17 16:59:00 PDT 2025
adding as trusted cert:
Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
Algorithm: RSA; Serial number: 0x374ad243
Valid from Tue May 25 09:09:40 PDT 1999 until Sat May 25 09:39:40 PDT 2019
adding as trusted cert:
Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000b9
Valid from Fri May 12 11:46:00 PDT 2000 until Mon May 12 16:59:00 PDT 2025
adding as trusted cert:
Subject: CN=devclient.paymap.com, OU=First Data Corp, O=Paymap Inc, L=San Francisco, ST=California, C=USA
Issuer: CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification, ST=FOR TESTING PURPOSES ONLY, C=ZA
Algorithm: RSA; Serial number: 0xe2501de73ac37428
Valid from Mon Feb 20 15:51:25 PST 2006 until Mon Mar 13 15:51:25 PST 2006
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57
Valid from Thu Sep 30 17:00:00 PDT 1999 until Wed Jul 16 16:59:59 PDT 2036
adding as trusted cert:
Subject: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Issuer: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Jun 29 10:39:16 PDT 2004 until Thu Jun 29 10:39:16 PDT 2034
adding as trusted cert:
Subject: [email protected], CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Sun Dec 31 16:00:00 PST 1995 until Thu Dec 31 15:59:59 PST 2020
adding as trusted cert:
Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x70bae41d10d92934b638ca7b03ccbabf
Valid from Sun Jan 28 16:00:00 PST 1996 until Tue Aug 01 16:59:59 PDT 2028
adding as trusted cert:
Subject: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
Issuer: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
Algorithm: RSA; Serial number: 0x3770cfb5
Valid from Wed Jun 23 05:14:45 PDT 1999 until Sun Jun 23 05:14:45 PDT 2019
adding as trusted cert:
Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Algorithm: RSA; Serial number: 0x35def4cf
Valid from Sat Aug 22 09:41:51 PDT 1998 until Wed Aug 22 09:41:51 PDT 2018
adding as trusted cert:
Subject: [email protected], CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Sun Dec 31 16:00:00 PST 1995 until Thu Dec 31 15:59:59 PST 2020
adding as trusted cert:
Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0x4
Valid from Sun Jun 20 21:00:00 PDT 1999 until Sat Jun 20 21:00:00 PDT 2020
adding as trusted cert:
Subject: [email protected], CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Sun Dec 31 16:00:00 PST 1995 until Thu Dec 31 15:59:59 PST 2020
adding as trusted cert:
Subject: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Algorithm: RSA; Serial number: 0x1b6
Valid from Fri Aug 14 07:50:00 PDT 1998 until Wed Aug 14 16:59:00 PDT 2013
adding as trusted cert:
Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0xcdba7f56f0dfe4bc54fe22acb372aa55
Valid from Sun Jan 28 16:00:00 PST 1996 until Tue Aug 01 16:59:59 PDT 2028
adding as trusted cert:
Subject: CN=GTE CyberTrust Root, O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Root, O=GTE Corporation, C=US
Algorithm: RSA; Serial number: 0x1a3
Valid from Fri Feb 23 15:01:00 PST 1996 until Thu Feb 23 15:59:00 PST 2006
adding as trusted cert:
Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x389b113c
Valid from Fri Feb 04 09:20:00 PST 2000 until Tue Feb 04 09:50:00 PST 2020
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x7dd9fe07cfa81eb7107967fba78934c6
Valid from Sun May 17 17:00:00 PDT 1998 until Tue Aug 01 16:59:59 PDT 2028
adding as trusted cert:
Subject: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x1
Valid from Wed Jul 31 17:00:00 PDT 1996 until Thu Dec 31 15:59:59 PST 2020
adding as trusted cert:
Subject: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Algorithm: RSA; Serial number: 0x2ad667e4e45fe5e576f3c98195eddc0
Valid from Tue Nov 08 16:00:00 PST 1994 until Thu Jan 07 15:59:59 PST 2010
adding as trusted cert:
Subject: CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O=Entrust.net, C=US
Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O=Entrust.net, C=US
Algorithm: RSA; Serial number: 0x380391ee
Valid from Tue Oct 12 12:24:30 PDT 1999 until Sat Oct 12 12:54:30 PDT 2019
adding as trusted cert:
Subject: CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x389ef6e4
Valid from Mon Feb 07 08:16:40 PST 2000 until Fri Feb 07 08:46:40 PST 2020
adding as trusted cert:
Subject: OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x2d1bfc4a178da391ebe7fff58b45be0b
Valid from Sun Jan 28 16:00:00 PST 1996 until Tue Aug 01 16:59:59 PDT 2028
adding as trusted cert:
Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x6170cb498c5f984529e7b0a6d9505b7a
Valid from Thu Sep 30 17:00:00 PDT 1999 until Wed Jul 16 16:59:59 PDT 2036
adding as trusted cert:
Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Algorithm: RSA; Serial number: 0x1a5
Valid from Wed Aug 12 17:29:00 PDT 1998 until Mon Aug 13 16:59:00 PDT 2018
adding as trusted cert:
Subject: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x1
Valid from Wed Jul 31 17:00:00 PDT 1996 until Thu Dec 31 15:59:59 PST 2020
adding as trusted cert:
Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x23456
Valid from Mon May 20 21:00:00 PDT 2002 until Fri May 20 21:00:00 PDT 2022
adding as trusted cert:
Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x3863b966
Valid from Fri Dec 24 09:50:51 PST 1999 until Tue Dec 24 10:20:51 PST 2019
adding as trusted cert:
Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Sun Jun 20 21:00:00 PDT 1999 until Sat Jun 20 21:00:00 PDT 2020
adding as trusted cert:
Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Jun 29 10:06:20 PDT 2004 until Thu Jun 29 10:06:20 PDT 2034
adding as trusted cert:
Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x8b5b75568454850b00cfaf3848ceb1a4
Valid from Thu Sep 30 17:00:00 PDT 1999 until Wed Jul 16 16:59:59 PDT 2036
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0xb92f60cc889fa17a4609b85b706c8aaf
Valid from Sun May 17 17:00:00 PDT 1998 until Tue Aug 01 16:59:59 PDT 2028
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x4cc7eaaa983e71d39310f83d3a899192
Valid from Sun May 17 17:00:00 PDT 1998 until Tue Aug 01 16:59:59 PDT 2028
trigger seeding of SecureRandom
done seeding SecureRandom
main, setSoTimeout(50000) called
TIMEOUT=50000
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1123703368 bytes = { 11, 7, 242, 147, 134, 10, 57, 192, 137, 131, 191, 249, 253, 146, 232, 223, 146, 195, 53, 255, 121, 236, 182, 158, 191, 94, 156, 190 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: TLSv1 Handshake, length = 873
*** ServerHello, TLSv1
RandomCookie: GMT: 1123703296 bytes = { 123, 165, 102, 102, 169, 196, 229, 241, 3, 49, 81, 239, 83, 155, 209, 243, 236, 229, 18, 193, 228, 104, 27, 152, 232, 193, 173, 11 }
Session ID: {147, 24, 0, 0, 22, 29, 124, 158, 177, 166, 96, 36, 217, 32, 191, 41, 36, 217, 54, 244, 11, 56, 214, 139, 133, 140, 38, 132, 157, 77, 87, 77}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=www.just-in-time-eft-paymap.com, OU=Paymap, O=First Data Corporation., L=San Francisco, ST=California, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 115897801846480906504507305240934762652258285705294305856746227593079520228602278416768070978663757452626836382370415992468189745643687252249588163510925353035555192020212360325664657305599855674966873189987712512397233103225326014387972568754281141553272745093478026229567341632738641376167448499163118598699
public exponent: 65537
Validity: [From: Mon Sep 12 11:37:51 PDT 2005,
To: Sun Nov 12 11:37:51 PST 2006]
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
SerialNumber: [ 057aa7]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: FC 76 D2 8C C3 DE 0D 8F EA 32 26 60 83 C9 8B 9C .v.......2&`....
0010: C6 E6 BB 57 ...W
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.geotrust.com/crls/secureca.crl]
[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2]]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [SHA1withRSA]
Signature:
0000: 44 D7 B0 69 BF B0 AA 4D 5A 17 70 9C 37 BA 61 A2 D..i...MZ.p.7.a.
0010: 57 B4 34 85 6D 59 1F 82 72 34 9B 92 7D BD DF 27 W.4.mY..r4.....'
0020: CE 97 E3 CA AE 23 5D 85 3C 1A C6 19 D1 49 C2 3F .....#].<....I.?
0030: C6 E2 7E 97 8D 63 94 1E 04 AC 9F 5F 37 08 2A 96 .....c....._7.*.
0040: 1A 47 D1 9D 69 0C 71 6A F3 74 1C FF 7D 20 E1 CA .G..i.qj.t... ..
0050: 75 D0 45 84 2E 11 3C DD D4 73 25 38 76 27 E0 73 u.E...<..s%8v'.s
0060: 70 AC 70 0F A5 E3 5B 9D 7E 0E AB 6A 79 07 18 38 p.p...[....jy..8
0070: 5B A1 63 A2 89 8C 96 A1 50 36 4C D2 C6 D5 27 25 [.c.....P6L...'%
Found trusted certificate:
Version: V3
Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 135786214035069526348186531221551781468391756233528066061569654028671100866720352830303278016129003918213826297308054231261658522889438712013757624116391437358730449661353175673177742307421061340003741057138887918110217006515773038453829253517076741780039735595086881329494037450587568122088113584549069375417
public exponent: 65537
Validity: [From: Sat Aug 22 09:41:51 PDT 1998,
To: Wed Aug 22 09:41:51 PDT 2018]
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
SerialNumber: [ 35def4cf]
Certificate Extensions: 7
[1]: ObjectId: 1.2.840.113533.7.65.0 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 0D 30 0B 1B 05 56 33 2E 30 63 03 02 06 C0 ..0...V3.0c....
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[CN=CRL1, OU=Equifax Secure Certificate Authority, O=Equifax, C=US]
[5]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
Key_CertSign
Crl_Sign
[6]: ObjectId: 2.5.29.16 Criticality=false
PrivateKeyUsage: [
To: Wed Aug 22 09:41:51 PDT 2018]
[7]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 58 CE 29 EA FC F7 DE B5 CE 02 B9 17 B5 85 D1 B9 X.).............
0010: E3 E0 95 CC 25 31 0D 00 A6 92 6E 7F B6 92 63 9E ....%1....n...c.
0020: 50 95 D1 9A 6F E4 11 DE 63 85 6E 98 EE A8 FF 5A P...o...c.n....Z
0030: C8 D3 55 B2 66 71 57 DE C0 21 EB 3D 2A A7 23 49 ..U.fqW..!.=*.#I
0040: 01 04 86 42 7B FC EE 7F A2 16 52 B5 67 67 D3 40 ...B......R.gg.@
0050: DB 3B 26 58 B2 28 77 3D AE 14 77 61 D6 FA 2A 66 .;&X.(w=..wa..*f
0060: 27 A0 0D FA A7 73 5C EA 70 F1 94 21 65 44 5F FA '....s\.p..!eD_.
0070: FC EF 29 68 A9 A2 87 79 EF 79 EF 4F AC 07 77 38 ..)h...y.y.O..w8
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 82, 2, 69, 241, 210, 36, 175, 168, 76, 86, 170, 3, 158, 52, 89, 146, 84, 210, 223, 113, 212, 231, 129, 100, 177, 125, 116, 31, 97, 233, 150, 162, 161, 51, 168, 189, 14, 47, 83, 27, 67, 252, 172, 191, 102, 39 }
main, WRITE: TLSv1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 52 02 45 F1 D2 24 AF A8 4C 56 AA 03 9E 34 ..R.E..$..LV...4
0010: 59 92 54 D2 DF 71 D4 E7 81 64 B1 7D 74 1F 61 E9 Y.T..q...d..t.a.
0020: 96 A2 A1 33 A8 BD 0E 2F 53 1B 43 FC AC BF 66 27 ...3.../S.C...f'
CONNECTION KEYGEN:
Client Nonce:
0000: 43 FA 5A 48 0B 07 F2 93 86 0A 39 C0 89 83 BF F9 C.ZH......9.....
0010: FD 92 E8 DF 92 C3 35 FF 79 EC B6 9E BF 5E 9C BE ......5.y....^..
Server Nonce:
0000: 43 FA 5A 00 7B A5 66 66 A9 C4 E5 F1 03 31 51 EF C.Z...ff.....1Q.
0010: 53 9B D1 F3 EC E5 12 C1 E4 68 1B 98 E8 C1 AD 0B S........h......
Master Secret:
0000: 10 47 C2 16 13 58 4B 50 D3 D6 34 05 C8 C9 11 29 .G...XKP..4....)
0010: AD 90 0D 8F 9B BD C8 C1 FC CD BC 26 ED FB 26 84 ...........&..&.
0020: 04 0B 94 BC D2 4D 7D 71 E0 1E 08 10 59 38 B5 4E .....M.q....Y8.N
Client MAC write Secret:
0000: A5 66 C1 48 0E F1 18 2B 2B 7A F7 9B A4 6C D7 FA .f.H...++z...l..
Server MAC write Secret:
0000: 3B F5 04 FA AC 9C D7 ED 2E E7 36 44 80 FF 11 E2 ;.........6D....
Client write key:
0000: 7B 9F 56 A1 FC 3D BD 31 25 27 91 BB D0 66 66 0B ..V..=.1%'...ff.
Server write key:
0000: 2B 45 E2 19 E8 C8 61 5B 84 B8 94 76 A1 B4 9C 6E +E....a[...v...n
... no IV for cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 110, 253, 95, 109, 150, 89, 93, 140, 108, 186, 172, 188 }
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Change Cipher Spec, length = 1
main, READ: TLSv1 Handshake, length = 32
*** Finished
verify_data: { 70, 219, 18, 202, 105, 203, 83, 220, 151, 174, 102, 125 }
%% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
main, setSoTimeout(50000) called
main, WRITE: TLSv1 Application Data, length = 96
main, setSoTimeout(50000) called
main, READ: TLSv1 Handshake, length = 20
*** HelloRequest (empty)
%% Client cached [Session-1, SSL_RSA_WITH_RC4_128_MD5]
%% Try resuming [Session-1, SSL_RSA_WITH_RC4_128_MD5] from port 1130
*** ClientHello, TLSv1
RandomCookie: GMT: 1123703368 bytes = { 242, 6, 117, 127, 243, 197, 134, 82, 139, 54, 241, 243, 132, 22, 63, 136, 4, 180, 225, 8, 159, 55, 182, 105, 133, 226, 213, 167 }
Session ID: {147, 24, 0, 0, 22, 29, 124, 158, 177, 166, 96, 36, 217, 32, 191, 41, 36, 217, 54, 244, 11, 56, 214, 139, 133, 140, 38, 132, 157, 77, 87, 77}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
main, WRITE: TLSv1 Handshake, length = 121
main, READ: TLSv1 Handshake, length = 11432
*** ServerHello, TLSv1
RandomCookie: GMT: 1123703296 bytes = { 168, 158, 224, 186, 230, 77, 9, 24, 237, 106, 203, 158, 176, 252, 249, 167, 73, 173, 69, 178, 115, 34, 96, 179, 191, 230, 178, 160 }
Session ID: {3, 27, 0, 0, 51, 252, 181, 131, 214, 28, 220, 247, 154, 175, 51, 237, 76, 111, 88, 78, 28, 105, 106, 114, 42, 51, 53, 144, 178, 93, 245, 127}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-2, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=www.just-in-time-eft-paymap.com, OU=Paymap, O=First Data Corporation., L=San Francisco, ST=California, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 115897801846480906504507305240934762652258285705294305856746227593079520228602278416768070978663757452626836382370415992468189745643687252249588163510925353035555192020212360325664657305599855674966873189987712512397233103225326014387972568754281141553272745093478026229567341632738641376167448499163118598699
public exponent: 65537
Validity: [From: Mon Sep 12 11:37:51 PDT 2005,
To: Sun Nov 12 11:37:51 PST 2006]
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
SerialNumber: [ 057aa7]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: FC 76 D2 8C C3 DE 0D 8F EA 32 26 60 83 C9 8B 9C .v.......2&`....
0010: C6 E6 BB 57 ...W
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.geotrust.com/crls/secureca.crl]
[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2]]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [SHA1withRSA]
Signature:
0000: 44 D7 B0 69 BF B0 AA 4D 5A 17 70 9C 37 BA 61 A2 D..i...MZ.p.7.a.
0010: 57 B4 34 85 6D 59 1F 82 72 34 9B 92 7D BD DF 27 W.4.mY..r4.....'
0020: CE 97 E3 CA AE 23 5D 85 3C 1A C6 19 D1 49 C2 3F .....#].<....I.?
0030: C6 E2 7E 97 8D 63 94 1E 04 AC 9F 5F 37 08 2A 96 .....c....._7.*.
0040: 1A 47 D1 9D 69 0C 71 6A F3 74 1C FF 7D 20 E1 CA .G..i.qj.t... ..
0050: 75 D0 45 84 2E 11 3C DD D4 73 25 38 76 27 E0 73 u.E...<..s%8v'.s
0060: 70 AC 70 0F A5 E3 5B 9D 7E 0E AB 6A 79 07 18 38 p.p...[....jy..8
0070: 5B A1 63 A2 89 8C 96 A1 50 36 4C D2 C6 D5 27 25 [.c.....P6L...'%
Found trusted certificate:
Version: V3
Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 135786214035069526348186531221551781468391756233528066061569654028671100866720352830303278016129003918213826297308054231261658522889438712013757624116391437358730449661353175673177742307421061340003741057138887918110217006515773038453829253517076741780039735595086881329494037450587568122088113584549069375417
public exponent: 65537
Validity: [From: Sat Aug 22 09:41:51 PDT 1998,
To: Wed Aug 22 09:41:51 PDT 2018]
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
SerialNumber: [ 35def4cf]
Certificate Extensions: 7
[1]: ObjectId: 1.2.840.113533.7.65.0 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 0D 30 0B 1B 05 56 33 2E 30 63 03 02 06 C0 ..0...V3.0c....
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[CN=CRL1, OU=Equifax Secure Certificate Authority, O=Equifax, C=US]
[5]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
Key_CertSign
Crl_Sign
[6]: ObjectId: 2.5.29.16 Criticality=false
PrivateKeyUsage: [
To: Wed Aug 22 09:41:51 PDT 2018]
[7]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 58 CE 29 EA FC F7 DE B5 CE 02 B9 17 B5 85 D1 B9 X.).............
0010: E3 E0 95 CC 25 31 0D 00 A6 92 6E 7F B6 92 63 9E ....%1....n...c.
0020: 50 95 D1 9A 6F E4 11 DE 63 85 6E 98 EE A8 FF 5A P...o...c.n....Z
0030: C8 D3 55 B2 66 71 57 DE C0 21 EB 3D 2A A7 23 49 ..U.fqW..!.=*.#I
0040: 01 04 86 42 7B FC EE 7F A2 16 52 B5 67 67 D3 40 ...B......R.gg.@
0050: DB 3B 26 58 B2 28 77 3D AE 14 77 61 D6 FA 2A 66 .;&X.(w=..wa..*f
0060: 27 A0 0D FA A7 73 5C EA 70 F1 94 21 65 44 5F FA '....s\.p..!eD_.
0070: FC EF 29 68 A9 A2 87 79 EF 79 EF 4F AC 07 77 38 ..)h...y.y.O..w8
*** CertificateRequest
Cert Types: RSA,
Cert Authorities:
<OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US>
<CN=Sonera Class1 CA, O=Sonera, C=FI>
<OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 4 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US>
<CN=Staat der Nederlanden Root CA, O=Staat der Nederlanden, C=NL>
<CN=VeriSign Class 3I have the same problem. I�m turning crazy working with certificates in mutual athetication!!!
If someone has the solution to this problem, send a repy or at [email protected]
Thanks in advance -
Cannot decrypt RSA encrypted text : due to : input too large for RSA cipher
Hi,
I am in a fix trying to decrypt this RSA encrypted String ... plzz help
I have the encrypted text as a String.
This is what I do to decrypt it using the Private key
- Determine the block size of the Cipher object
- Get the array of bytes from the String
- Find out how many block sized partitions I have in the array
- Encrypt the exact block sized partitions using update() method
- Ok, now its easy to find out how many bytes remain (using % operator)
- If the remaining bytes is 0 then simply call the 'doFinal()'
i.e. the one which returns an array of bytes and takes no args
- If the remaining bytes is not zero then call the
'doFinal(byte [] input, int offset, in inputLen)' method for the
bytes which actually remained
However, this doesnt work. This is making me go really crazy.
Can anyone point out whats wrong ? Plzz
Here is the (childish) code
Cipher rsaDecipher = null;
//The initialization stuff for rsaDecipher
//The rsaDecipher Cipher is using 256 bit keys
//I havent specified anything regarding padding
//And, I am using BouncyCastle
String encryptedString;
// read in the string from the network
// this string is encrypted using an RSA public key generated earlier
// I have to decrypt this string using the corresponding Private key
byte [] input = encryptedString.getBytes();
int blockSize = rsaDecipher.getBlockSize();
int outputSize = rsaDecipher.getOutputSize(blockSize);
byte [] output = new byte[outputSize];
int numBlockSizedPartitions = input.length / blockSize;
int numRemainingBytes = input.length % blockSize;
boolean hasRemainingBytes = false;
if (numRemainingBytes > 0)
hasRemainingBytes = true;
int offset = 0;
int inputLen = blockSize;
StringBuffer buf = new StringBuffer();
for (int i = 0; i < numBlockSizedPartitions; i++) {
output = rsaDecipher.update(input, offset, blockSize);
offset += blockSize;
buf.append(new String(output));
if (hasRemainingBytes) {
//This is excatly where I get the "input too large for RSA cipher"
//Which is suffixed with ArrayIndexOutofBounds
output = rsaDecipher.doFinal(input,offset,numRemainingBytes);
} else {
output = rsaDecipher.doFinal();
buf.append(new String(output));
//After having reached till here, will it be wrong if I assumed that I
//have the properly decrypted string ???Hi,
I am in a fix trying to decrypt this RSA encrypted
String ... plzz helpYou're already broken at this point.
Repeat after me: ciphertext CANNOT be safely represented as a String. Strings have internal structure - if you hand ciphertext to the new String(byte[]) constructor, it will eat your ciphertext and leave you with garbage. Said garbage will fail to decrypt in a variety of puzzling fashions.
If you want to transmit ciphertext as a String, you need to use something like Base64 to encode the raw bytes. Then, on the receiving side, you must Base64-DEcode back into bytes, and then decrypt the resulting byte[].
Second - using RSA as a general-purpose cipher is a bad idea. Don't do that. It's slow (on the order of 100x slower than the slowest symmetric cipher). It has a HUGE block size (governed by the keysize). And it's subject to attack if used as a stream-cipher (IIRC - I can no longer find the reference for that, so take it with a grain of salt...) Standard practice is to use RSA only to encrypt a generated key for some symmetric algorithm (like, say, AES), and use that key as a session-key.
At any rate - the code you posted is broken before you get to this line:byte [] input = encryptedString.getBytes();Go back to the encrypting and and make it stop treating your ciphertext as a String.
Grant -
We are under strict regulations and monitoring at my company. Because of this, we have to define what updates are being installed during a patch cycle by KB Article. Two production networks and one test network. The installed updates have to be the exact
same in the test environment, run for a few days with no problems, and then we install them in our production networks. The issue is, not all of the software in the environments is identical.
I need to figure out a way to take failed/needed updates from production that are unapproved, export that list so I can approve all of those updates in the test env.. Then once I approve those and any other needed updates in test, I need to be able to export
all approved updates from the test env (which includes the needed ones from production) and import those approvals in production.
How can this be done?
Thanks!the easiest way will be to use a single wsus infrastructre for all your environments.
Tis blog article explains how to duplicate the approvals over groups:
https://thwack.solarwinds.com/community/application-and-server_tht/patchzone/blog/2013/08/06/duplicating-approvals-from-a-test-group-to-a-production-group
MCP/MCSA/MCTS/MCITP -
Error while running BIP report, in one of our ST environments
we are getting this exception while running one of our BIP report(RTF template).
the same code is working in the other ST environments
NOTE: we observed some special cases
if the report contain any Graph(chart) then this error is coming,
with the plain report (means only text), we observe it working fine.
could any one help, for debugging this issue
we found this log in EM console.
oracle.xdo.XDOException: java.lang.reflect.InvocationTargetException[[
at oracle.xdo.template.fo.util.FOUtility.generateFO(FOUtility.java:1205)
at oracle.xdo.template.fo.util.FOUtility.generateFO(FOUtility.java:276)
at oracle.xdo.template.FOProcessor.generate(FOProcessor.java:1118)
at oracle.xdo.servlet.RTFCoreProcessor.transform(RTFCoreProcessor.java:124)
at oracle.xdo.servlet.CoreProcessor.process(CoreProcessor.java:434)
at oracle.xdo.servlet.CoreProcessor.generateDocument(CoreProcessor.java:93)
at oracle.xdo.servlet.ReportImpl.renderBodyHTTP(ReportImpl.java:1059)
at oracle.xdo.servlet.ReportImpl.renderReportBodyHTTP(ReportImpl.java:624)
at oracle.xdo.servlet.XDOServlet.writeReport(XDOServlet.java:473)
at oracle.xdo.servlet.XDOServlet.writeReport(XDOServlet.java:445)
at oracle.xdo.servlet.XDOServlet.doGet(XDOServlet.java:265)
at oracle.xdo.servlet.XDOServlet.doPost(XDOServlet.java:297)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:821)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.security.wls.filter.SSOSessionSynchronizationFilter.doFilter(SSOSessionSynchronizationFilter.java:277)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.xdo.servlet.metadata.track.MostRecentFilter.doFilter(MostRecentFilter.java:65)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.xdo.servlet.security.SecurityFilter.doFilter(SecurityFilter.java:122)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.xdo.servlet.init.InitCheckingFilter.doFilter(InitCheckingFilter.java:64)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at oracle.xdo.common.xml.XSLT10gR1.invokeProcessXSL(XSLT10gR1.java:917)
at oracle.xdo.common.xml.XSLT10gR1.transform(XSLT10gR1.java:609)
at oracle.xdo.common.xml.XSLT10gR1.transform(XSLT10gR1.java:327)
at oracle.xdo.common.xml.XSLTWrapper.transform(XSLTWrapper.java:187)
at oracle.xdo.template.fo.util.FOUtility.generateFO(FOUtility.java:1181)
at oracle.xdo.template.fo.util.FOUtility.generateFO(FOUtility.java:276)
at oracle.xdo.template.FOProcessor.createFO(FOProcessor.java:1974)
at oracle.xdo.template.FOProcessor.generate(FOProcessor.java:1118)
at oracle.xdo.servlet.RTFCoreProcessor.transform(RTFCoreProcessor.java:124)
at oracle.xdo.servlet.CoreProcessor.process(CoreProcessor.java:434)
at oracle.xdo.servlet.CoreProcessor.generateDocument(CoreProcessor.java:93)
at oracle.xdo.servlet.ReportImpl.renderBodyHTTP(ReportImpl.java:1059)
at oracle.xdo.servlet.ReportImpl.renderReportBodyHTTP(ReportImpl.java:624)
at oracle.xdo.servlet.XDOServlet.writeReport(XDOServlet.java:473)
at oracle.xdo.servlet.XDOServlet.writeReport(XDOServlet.java:445)
at oracle.xdo.servlet.XDOServlet.doGet(XDOServlet.java:265)
at oracle.xdo.servlet.XDOServlet.doPost(XDOServlet.java:296)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.wls.filter.SSOSessionSynchronizationFilter.doFilter(SSOSessionSynchronizationFilter.java:276)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.xdo.servlet.metadata.track.MostRecentFilter.doFilter(MostRecentFilter.java:64)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.xdo.servlet.security.SecurityFilter.doFilter(SecurityFilter.java:122)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.xdo.servlet.init.InitCheckingFilter.doFilter(InitCheckingFilter.java:63)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
... 1 more
Caused by: oracle.xdo11g.xpath.XPathException: Extension function error: Error invoking 'chart_svg':'java.lang.NoClassDefFoundError: oracle/dss/graph/TickLabelCallback'
at oracle.xdo11g.xslt.XSLStylesheet.flushErrors(XSLStylesheet.java:1850)
at oracle.xdo11g.xslt.XSLStylesheet.execute(XSLStylesheet.java:616)
at oracle.xdo11g.xslt.XSLStylesheet.execute(XSLStylesheet.java:551)
at oracle.xdo11g.xslt.XSLProcessor.processXSL(XSLProcessor.java:345)
at oracle.xdo11g.xslt.XSLProcessor.processXSL(XSLProcessor.java:194)
at oracle.xdo11g.xslt.XSLProcessor.processXSL(XSLProcessor.java:230)
at oracle.xdo11g.parser.v2.XSLProcessor.processXSL(XSLProcessor.java:124)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at oracle.xdo.common.xml.XSLT10gR1.invokeProcessXSL(XSLT10gR1.java:920)
at oracle.xdo.common.xml.XSLT10gR1.transform(XSLT10gR1.java:609)
at oracle.xdo.common.xml.XSLT10gR1.transform(XSLT10gR1.java:328)
at oracle.xdo.common.xml.XSLTWrapper.transform(XSLTWrapper.java:187)
at oracle.xdo.template.fo.util.FOUtility.generateFO(FOUtility.java:1181)
at oracle.xdo.template.fo.util.FOUtility.generateFO(FOUtility.java:276)
at oracle.xdo.template.FOProcessor.generate(FOProcessor.java:1118)
at oracle.xdo.servlet.RTFCoreProcessor.transform(RTFCoreProcessor.java:124)
at oracle.xdo.servlet.CoreProcessor.process(CoreProcessor.java:434)
at oracle.xdo.servlet.CoreProcessor.generateDocument(CoreProcessor.java:93)
at oracle.xdo.servlet.ReportImpl.renderBodyHTTP(ReportImpl.java:1059)
at oracle.xdo.servlet.ReportImpl.renderReportBodyHTTP(ReportImpl.java:624)
at oracle.xdo.servlet.XDOServlet.writeReport(XDOServlet.java:473)
at oracle.xdo.servlet.XDOServlet.writeReport(XDOServlet.java:445)
at oracle.xdo.servlet.XDOServlet.doGet(XDOServlet.java:265)
at oracle.xdo.servlet.XDOServlet.doPost(XDOServlet.java:297)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:821)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.security.wls.filter.SSOSessionSynchronizationFilter.doFilter(SSOSessionSynchronizationFilter.java:277)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.xdo.servlet.metadata.track.MostRecentFilter.doFilter(MostRecentFilter.java:65)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.xdo.servlet.security.SecurityFilter.doFilter(SecurityFilter.java:122)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.xdo.servlet.init.InitCheckingFilter.doFilter(InitCheckingFilter.java:64)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
... 1 more
i observed some of the forums facing same issue but no use.
BI Beans chart - 'chart_svg' error after migration to Solaris 10
Re: Error while running displaying Charts
Could not initialize class sun.awt.X11GraphicsEnvironment
Edited by: 852973 on Dec 2, 2011 3:31 AM
Edited by: 852973 on Dec 2, 2011 3:33 AMYou might want to repost this in the Reports forum here on OTN to get a Reports Guru to help out with this.
Here's the URL for the Reports Forum: Reports
Thanks,
Rob -
My iPad 2 had no problems loading e-mails until about a month ago. Then it started periodically being unable to load new e-mails from one of my two Yahoo accounts (the primary one), but the secondary Yahoo account worked fine. (It says "Checking for mail..." and never stops checking). This only happens when I'm at home, using my home WiFi (a slow connection.) Now, for the past two weeks, about 95% of the time, neither of my Yahoo accounts works on the iPad, although I have no problem accessing these accounts on my iPod Touches or on my desktop Mac mini. If I take the iPad to my neighbor's house and use her WiFi, I can get the Yahoo mail. (She has cable/internet through Comcast; I have DSL.) I can access the Yahoo mail in public WiFi environments like Starbucks, Barnes & Noble, and the Apple store. I upgraded the operating system to ios 6.0.1, and the problem didn't go away. I've been to two Apple stores and seen two different "Geniuses" about this. The first one observed that although the iPad could load mail while in the store, it was doing so very, very slowly. She did a complete restore (erasing all of my apps, photos, etc.) but when I got back home, the problem resumed. The second Genius couldn't figure the problem out, either. He suggested I contact Yahoo, which I highly doubt will get me anywhere. I eventually added back all of my old apps, but then deleted them again in the past few days thinking that perhaps a persnickety app was causing a problem. No luck.
Answering my own question here. It's fixed! Another user recommended I switch to another wireless network then back to mine. And it worked! Mail is sending again with no problem.
-
Office Web Apps for Hosted Environments
Hi there,
I have a some servers that host two different SharePoint Farms and currently one is connected to an OWA server -
http://blogs.technet.com/b/justin_gao/archive/2013/06/30/configuring-office-web-apps-server-communication-using-https.aspx
I want my second farm to use OWA too and was wondering if it is possible to use the same OWA server for this? So, can I create two Office Web App Farms on the same server?Yes you can use OWA for multiple environments. You can refer to below links:
http://social.technet.microsoft.com/Forums/en-US/78f678cb-69fc-48e6-9f4d-6985154f2d0c/office-web-apps-with-multiple-sp-farms?forum=sharepointadmin
http://blogs.technet.com/b/office_resource_kit/archive/2012/09/11/introducing-office-web-apps-server.aspx
Please ensure that you mark a question as Answered once you receive a satisfactory response. -
It frustrates me to have to ask for detailed instruction on this issue, but normal means of importing these Java-based EC software archives just aren't working in our NWDI system. We never moved our production WDJ applications to CE (like so many others we jumped straight from NW7.01 to NW7.3) but I'm doing my part to come up to speed on composition projects. No matter how we create the NWDI track and import the software archives and dependencies, we can't get to a state where we can successfully import a project (product?) from the Development Infrastructure into the Composite Explorer perspective.
I need to know specifically how I, an experienced WDJ developer with no exposure to CE, can take the five .SCA files that contain Environmental Compliance 3.0 and get the project into my NWDS 7.31 workspace in a workable state, on my local system, without NWDI. Actual code modifications can wait for the moment, I just need to analyze the classes and EJB's to identify where we might want to make enhancements, and where/how to use the provided Enhancement Spots. I've followed the links, downloaded the .pdf's, read the online help, stepped thru the tutorials - I've done my due dilligence. It's common knowledge that Composition Environment is no longer recommended for new development, and as the EH&S programs are converted to WDA there are even fewer resources to look to.
These specific types of pleas don't often return results, as I have learned over my years in this community, but nothing ventured-nothing gained, and I am no longer afraid of looking dumb or being scolded. I just need help.
As always, points will be awarded.I agree in part Tobias.
Because the source code is in the SCA within the src.zip file within each SDA.
What does not exist within that SCA Standard is the SOURCEARCHIVES folder. In that folder should be a file (the extension .dcsa) for each DC (component) that SCA Standard.
In short, yes it is possible to perform a reverse engineering...
Just import the SCA Standard in NWDS.
Note the name and type of all DCs, its dependencies and its public parts... yes, it's a lot of work, as there are many interdependent DCs.
Done so, create a new workspace in NWDS and create a new SCA in DI (custom), inside it create all DCs with the same names and types (and dependencies)... identical to SCA Standard.
And soon after, entering the SRC folder of each of these projects (DCs) and replace its contents with the contents of src.zip file that is contained within the SDA files within the SCA Standard.
That done, we will have an SCA Custom with all representative of the SCA Standard DCs, but editable.
I agree it is not nearly a good practice, or even that SAP indicate that this is done... however, it is possible yes.
Att,
Angelo -
Limitations of read-only JE Environments
Hello all,
I realized recently that our documentation on the limitations of read-only Environments is lacking. So for the next JE release I updated the javadoc for EnvironmentConfig.setReadOnly. The new text is pasted below. If you're using, or thinking of using, a read-only environment, be sure to take a look. I apologize for the lack of documentation in the current release, especially if you've used a read-only environment without understanding these limitations and this has caused problems for you.
--mark
setReadOnly
public EnvironmentConfig setReadOnly(boolean readOnly)
Configures the database environment to be read-only, and any attempt to modify a database will fail.
A read-only environment has several limitations and is recommended only in special circumstances. Note that there is no performance advantage to opening an environment read-only.
The primary reason for opening an environment read-only is to open a single environment in multiple JVM processes. Only one JVM process at a time may open the environment read-write. See EnvironmentLockedException.
When the environment is open read-only, the following limitations apply.
. In the read-only environment no writes may be performed, as expected, and databases must be opened read-only using DatabaseConfig.setReadOnly(boolean).
. The read-only environment receives a snapshot of the data that is effectively frozen at the time the environment is opened. If the application has the environment open read-write in another JVM process and modifies the environment's databases in any way, the read-only version of the data will not be updated until the read-only JVM process closes and reopens the environment (and by extension all databases in that environment).
. If the read-only environment is opened while the environment is in use by another JVM process in read-write mode, opening the environment read-only (recovery) is likely to take longer than it does after a clean shutdown. This is due to the fact that the read-write JVM process is writing and checkpoints are occurring that are not coordinated with the read-only JVM process. The effect is similar to opening an environment after a crash.
. In a read-only environment, the JE cache will contain information that cannot be evicted because it was reconstructed by recovery and cannot be flushed to disk. This means that the read-only environment may not be suitable for operations that use large amounts of memory, and poor performance may result if this is attempted.
. In a read-write environment, the log cleaner will be prohibited from deleting log files for as long as the environment is open read-only in another JVM process. This may cause disk usage to rise, and for this reason it is not recommended that an environment is kept open read-only in this manner for long periods.
For these reasons, it is recommended that a read-only environment be used only for short periods and for operations that are not performance critical or memory intensive. With few exceptions, all application functions that require access to a JE environment should be built into a single application so that they can be performed in the JVM process where the environment is open read-write.
In most applications, opening an environment read-only can and should be avoided.
-----You've asked an interesting question! I'm afraid that the answer is that it's not possible in BDB JE today.
What you'd really like for your second case is part of the type of functionality provided by MVCC (Multi-Version Concurrency Control). In case you're not familiar with that term, MVCC is the database feature which guarantees that all reads made in a transaction will see a consistent snapshot of the database and that the transaction will successfully commit only if no updates it has made conflict with any concurrent updates made since that snapshot. Unfortunately, while our sister product, BDB (C) has that feature, we do not yet support it.
I think your alternatives are to do achieve your point in time snapshot from the file copy based backup, from the second process, or from an application level mechanism that locks out other updates.
Regards,
Linda -
Query performance in two environments
Hi all,
I have developed simple select queries on a multiprovider and I am facing issues with query performance in quality box. A query runs pretty fast in in dev and return results while the same one dumps in Quality environment giving a time out error. This sounds more strange because our dev box has comparitively more records than the quality environment right now.
On anlyzing the query path in both environments, we noticed that the query does an index scan in dev but not in Quality environment, especially when the selection is such that the query is supposed to return lot of records. Since the query does a sequential scan in quality, it dumps. Is there any setting that I need to make seprately in the quality environment.
Any tips on query optimization would be great help. Thanks
Regards
NiranjanaExecute some of the RSRT tests in the QA for the query using "Execute+Debug" option and use some test for Multiprovider and Databases checks in it ,try to compare with Dev as well.
Hope it Helps
Chetan
@CP.. -
Deploying iTunes in lab environments campuswide
We are creating an iTunes U page for our institution (small college), but my question involves the deployment of iTunes across our campus. What is the best, most streamlined method for deploying and using iTunes over a campus network that has migrating user profiles?
We have several lab environments in which students would access iTunes, and we want to minimize the issues involving storage limits with migrating profiles, when any particular user will login to access iTunes from any particular workstation. Specifically, what would be the profile ramifications from accessing the user agreement to syncing their devices? Furthermore, we are mostly a Windows-based campus, so we're looking for any additional caveats that might occur.
Any thoughts, suggestions or references would be greatly appreciated.We are creating an iTunes U page for our institution (small college), but my question involves the deployment of iTunes across our campus. What is the best, most streamlined method for deploying and using iTunes over a campus network that has migrating user profiles?
We have several lab environments in which students would access iTunes, and we want to minimize the issues involving storage limits with migrating profiles, when any particular user will login to access iTunes from any particular workstation. Specifically, what would be the profile ramifications from accessing the user agreement to syncing their devices? Furthermore, we are mostly a Windows-based campus, so we're looking for any additional caveats that might occur.
Any thoughts, suggestions or references would be greatly appreciated. -
How Redirect browser(client) based on non-negotiable SSL/TLS protocol or cipher
Hi guys,
we have a security requirement wherein we have to force the browsers accessing our asp.net application hosted on windows server 2012 to have atleast tsl 1.1 , but we don't want to simply block the request, instead we would like to redirect the request
to a unsecured static html page with the instructions on how to get them onto tsl.
can any one help me here?>? actually i found a similar and exactly same thread on stackoverflow but i think that is probably directed towards linux family. http://serverfault.com/questions/591188/redirect-browser-based-on-non-negotiable-ssl-tls-protocol-or-cipher
please help me guys..
ps: i have posted the same question on IIS forum (http://forums.iis.net/t/1223352.aspx?How+Redirect+browser+client+based+on+non+negotiable+SSL+TLS+protocol+or+cipher+from+IIS)
and got a reply saying that it can be done at windows kernel level(possibly).Hi,
As far as I know, once SSL handshake fails, no subsequent communication would occur between the server and client.
Therefore, as the way I see it, the goal cannot be achieved.
Best Regards,
Amy
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Maybe you are looking for
-
RE Acrobat XI Standard. When printing a 30x42 Drawing PDF with more than 1 page only the first page prints properly the rest are not the proper size or centered. Did I miss a setting? For now I can work around it by printing each page using the "Curr
-
Problem in downloading to excel
while downloading from a customized report.(For excise related details) HTML format is working fine but the problem is when using the excel sheet....only some 23 records were getting downloaded... what might be the problem...
-
Hi, I want to create a Traditional Chinese message catalog using the MessageLocalizer utility. I use "D:\bea\wlserver6.1sp1\samples\examples\i18n\msgcat\HelloWorld.xml" as the master catalog. And create the ...\msgcat\zh\TW\HelloWorld.xml Locale cata
-
Trying to synced Iphone 3g to itunes.
I am trying to synced my iphone to itunes on my mac. It gives me an error message, " cannot synced iphone, the required file cannot be found". Anyone know about this? Thanks
-
Roll up sub equipment cost to Superior Equipment
Hello, Is there a way to see sub equipment cost to the superior equipment. We have a pump (superior) then under that we have motor (sub) and elec (sub). Is there a way to see the total cost of the two subs in the superior. Thanks.