Debugging Java Security Kerberos in Eclipse IDE

Similar Messages

• How to get Java source in applet stack trace to debug Java security manager

  How can I get line numbers for Java source in stack traces for my applet? I'm having a problem with my code-signing certificate. On one of my applets, I consistently get a NullPointerException inside the security dialog code in the JDK. As a result, either the "trust this applet" dialog never appears, or even though it appears, it defaults to untrusted because of the exception, so I can't access any local files (and that's a bit of a problem for an applet whose sole purpose is to upload files to our server). I unzipped src.zip in my JDK directory and set the debug flag for my Ant <javac> task as well as set debuglevel to "lines." Anything else? Here's the trace that I'm getting so far. See that after the NullPointerException it assumes that the user has denied permission. If I could read this Java source maybe I could figure out why it hates my code-signing certificate (jarsigner, BTW, never complains when I verify my jar).
  security: Blacklist file not found or revocation check is disabled
  security: Accessing keys and certificate in Mozilla user profile: null
  security: Loading Root CA certificates from D:\Program Files (x86)\Java\jre6\lib\security\cacerts
  security: Loaded Root CA certificates from D:\Program Files (x86)\Java\jre6\lib\security\cacerts
  security: Loading Deployment certificates from C:\Users\Rich\AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs
  security: Loaded Deployment certificates from C:\Users\Rich\AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs
  security: Loading certificates from Deployment session certificate store
  security: Loaded certificates from Deployment session certificate store
  security: Validate the certificate chain using CertPath API
  security: Obtain certificate collection in Root CA certificate store
  security: Obtain certificate collection in Root CA certificate store
  security: Start to check whether root CA is replaced
  security: The root CA has been replaced
  security: No timestamping info available
  security: Found jurisdiction list file
  security: Start checking trusted extension for this certificate
  security: Start comparing to jurisdiction list with this certificate
  security: The CRL support is disabled
  security: The OCSP support is disabled
  security: This OCSP End Entity validation is disabled
  security: Checking if certificate is in Deployment denied certificate store
  security: Checking if certificate is in Deployment permanent certificate store
  security: Checking if certificate is in Deployment session certificate store
  java.lang.NullPointerException
       at com.sun.deploy.ui.UIFactory.showSecurityDialog(Unknown Source)
       at com.sun.deploy.security.TrustDeciderDialog.showDialog(Unknown Source)
       at com.sun.deploy.security.X509Util.showSecurityDialog(Unknown Source)
       at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader.isTrustedByTrustDecider(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader.getTrustedCodeSources(Unknown Source)
       at com.sun.deploy.security.CPCallbackHandler$ParentCallback.strategy(Unknown Source)
       at com.sun.deploy.security.CPCallbackHandler$ParentCallback.openClassPathElement(Unknown Source)
       at com.sun.deploy.security.DeployURLClassPath$JarLoader.getJarFile(Unknown Source)
       at com.sun.deploy.security.DeployURLClassPath$JarLoader.access$700(Unknown Source)
       at com.sun.deploy.security.DeployURLClassPath$JarLoader$1.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sun.deploy.security.DeployURLClassPath$JarLoader.ensureOpen(Unknown Source)
       at com.sun.deploy.security.DeployURLClassPath$JarLoader.<init>(Unknown Source)
       at com.sun.deploy.security.DeployURLClassPath$3.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
       at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
       at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
       at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
       at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
       at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)
  security: User has denied the priviledges to the code
  security: Adding certificate in Deployment denied certificate store
  security: Added certificate in Deployment denied certificate store
  security: Loading certificates from Deployment session certificate store
  security: Loaded certificates from Deployment session certificate store
  security: Validate the certificate chain using CertPath API
  security: Obtain certificate collection in Root CA certificate store
  security: Obtain certificate collection in Root CA certificate store
  security: Start to check whether root CA is replaced
  security: The root CA has been replaced
  security: No timestamping info available
  security: Found jurisdiction list file
  security: Start checking trusted extension for this certificate
  security: Start comparing to jurisdiction list with this certificate
  security: The CRL support is disabled
  security: The OCSP support is disabled
  security: This OCSP End Entity validation is disabled
  security: Checking if certificate is in Deployment denied certificate store
  security: Checking if certificate is in Deployment denied certificate store

  Rats, now that I look at the stack trace and compare to what's in the JDK srce.zip, it appears that most of this code is not part of the JDK source. I don't see any com/sun/deploy, etc.

• How to debug a swing application using eclipse IDE

  plz tell me how can i approach to understand SWING GUI application using eclipse debugging procedure.
  for example:
  i would like to know how the program flow is, for creating a particular screen.
  how to approach my SWING application flow eaasily... plz suggest me anyone!!!

  avula wrote:
  plz tell me how can i approach to understand SWING GUI application using eclipse debugging procedure.
  for example:
  i would like to know how the program flow is, for creating a particular screen.
  how to approach my SWING application flow eaasily... plz suggest me anyone!!!Add break points and step through the code, you can examine the stack, and variables in the debug perspective .

• Eclipse IDE won't start anymore after most recent security update

  Hello everybody,
  after today's security update the Eclipse IDE won't start anymore on my system, I just receive the following error message:
  A Java Runtime Environment (JRE) or Java Development Kit (JDK) must be available in order to run Eclipse.
  No Java virtual machine was found after searching the following locations: /Applications/eclipse/Eclipse.app/Contents/MacOS/jre/bin/
  java
  'java' in your current PATH
  Java is installed and Eclipse ran smoothly until I upgraded. Other Java programs like Visual Paradigm still work without problems.
  Does anybody have an idea what I can do about this? I have already tried repairing permissions, to no avail.
  Best regards,
  Björn
  Mac Pro   Mac OS X (10.4.9)  

  I have narrowed down the problem even more:
  Obviously system path variables are not set anymore on my system for UNIX processes that are started in background, whereas starting applications from terminal using the open command ('open Gimp.app' for instance) still works without any problems.
  Any ideas where to change this behaviour?

• Tomcat error when run through Eclipse IDE :- java.util.MissingResourceExcep

  Friends,
  I get the following error while running the tomcat from my eclipse IDE(com.sysdeo.eclipse.tomcat_3.2.1) .
  If i try running my tomcat with an application through the command line , it runs fine .... can anybody please guide .?
  The error is as follows :-
  [b]
  Can't find bundle for base name EnvironmentResources_XXXXLocalhostDev, locale en_GB
  java.util.MissingResourceException: Can't find bundle for base name EnvironmentResources_XXXXXxLocalhostDev, locale en_GB

  Putting the driver into [TOMCAT]/common/lib is sufficient.
  The error I think is not related to finding the driver, but actually not retrieving the correct connection string info.
  I never had much luck putting this definition info into server.xml
  I have had success putting it into a custom context.xml file for a web app as described [url http://tomcat.apache.org/tomcat-5.5-doc/config/context.html]here
  in individual files (with a ".xml" extension) in the $CATALINA_HOME/conf/[enginename]/[hostname]/ directory. The name of the file (less the .xml) extension will be used as the context path. Multi-level context paths may be defined using #, e.g. context#path.xml. The default web application may be defined by using a file called ROOT.xml.
  eg [TOMCAT]/conf/catalina/localhost/DataSourceExample.xml
  Hope this helps,
  evnafets

• How to debug java web start with jdk1.5?

  i want to debug a JWS app with eclipse, not java console, so I follow Unofficial Java Web Start/JNLP FAQ(http://lopica.sourceforge.net/faq.html) and still not worked.
  the attached session worked at first and broke soon, and I found some idea from Unofficial Web Start FAQ Update/Errata(http://lopica.sourceforge.net/update.html). I did the following:
  set JAVAWS_TRACE_NATIVE=1
  javaws http://localhost/test/test.jnlp
  copy command line from popup window.
  add "transport=dt_socket,server=y,address=7000" to command line:
  C:\progra~1\Java\jdk1.5.0_03\bin\javaw.exe -Xrunjdwp:transport=dt_socket,server=y,address=7000 -Xbootclasspath/a:C:\progra~1\Java\jre1.5.0_04\lib\javaws.jar;C:\progra~1\Java\jre1.5.0_04\lib\deploy.jar -classpath C:\progra~1\Java\jre1.5.0_04\lib\deploy.jar -Djnlpx.home=C:\progra~1\Java\jre1.5.0_04\bin -Djnlpx.splashport=4362 -Djnlpx.jvm="C:\progra~1\Java\jdk1.5.0_03\bin\javaw.exe" -Djnlpx.remove=false -Djava.security.policy=file:C:\progra~1\Java\jre1.5.0_04\lib\security\javaws.policy -DtrustProxy=true -Xverify:remote -Djnlpx.heapsize=NULL,NULL com.sun.javaws.Main http://localhost:8080/test/test.jnlp
  the debugger still gets detached. I don't know what's wrong.
  JWS has come out for many years, I still found so many undocumented skills, even netbeans5 doesn't support it. Sun want to give up java?

  Try checking out this other thread, particularly the reply from dietz333 (I happen to know he's a regular genius when it comes to JavaWS):
          http://forum.java.sun.com/thread.jspa?forumID=38&threadID=569693

• Dynamically adding JRE for IE, Java Security Warnings, & Next Gen Plugin.

  I wrote an portal application to control the environment for a third party application, the portal uses a JRE version that I supply with it, this was to ensure that users are using the same JRE so any issues can be limited to one version of Java. The only piece of the application that I could not specify the JRE version and path was for Internet Explorer. Please keep in mind that I do not control when the system JRE is updated or not, this is pushed to our systems and the latest JRE would be enabled automatically. I wanted to be able to dynamically add and enable the version of the JRE that Microsoft Internet Explorer uses for applets. So I was digging around recently and if I have the next-generation plugin enabled I could programmatically update the deployment.properties file prior to launching Internet Explorer(assuming I have closed all prior instances of IE that were running) to add and enable a version of the JRE which I choose to use. When I launch IE and run an applet I see that it is using the JRE I had dynamically supplied. However everytime I run the applet a Java security warning comes up saying "The application requires an earlier version of Java", I wanted to suppress this message but after research I tried adding 'deployment.security.mixcode=HIDE_RUN' to the deployment.properties, that did not work. I tried disabling the Next Generation Plugin, that worked to suppress the message however internet explorer was no longer using my dynamically supplied JRE for applets in IE, so that was not going to work for my purposes. My questions are:
  1. Is there a reliable way(not using ssvagent) to programmatically enable and disable Java's Next Generation Plugin option? (I want to make sure it is enabled when launching third party application from the portal)
  2. Is there a programmatic way to suppress the Java Security Warning "The application requires an earlier version of Java", without disabling Java's Next Generation Plugin option?
  deployment.properties entries after addition of my jre entry:
  #deployment.properties
  #Fri Sep 28 14:09:24 PDT 2012
  deployment.javapi.lifecycle.exception=true
  deployment.trace=true
  deployment.javaws.viewer.bounds=323,144,720,360
  deployment.javaws.autodownload=NEVER
  deployment.version=6.0
  deployment.browser.path=C\:\\Program Files (x86)\\Internet Explorer\\iexplore.exe
  deployment.security.mixcode=HIDE_RUN
  deployment.log=true
  deployment.console.startup.mode=SHOW
  deployment.capture.mime.types=true
  #Java Deployment jre's
  #Fri Sep 28 14:09:24 PDT 2012
  deployment.javaws.jre.0.registered=true
  deployment.javaws.jre.0.platform=1.6
  deployment.javaws.jre.0.osname=Windows
  deployment.javaws.jre.0.path=C\:\\Program Files (x86)\\Java\\jre6\\bin\\javaw.exe
  deployment.javaws.jre.0.product=1.6.0_33
  deployment.javaws.jre.0.osarch=x86
  deployment.javaws.jre.0.location=http\://java.sun.com/products/autodl/j2se
  deployment.javaws.jre.0.enabled=false
  deployment.javaws.jre.0.args=
  deployment.javaws.jre.1.enabled=true
  deployment.javaws.jre.1.registered=true
  deployment.javaws.jre.1.osname=Windows
  deployment.javaws.jre.1.location=http\\\://java.sun.com/products/autodl/j2se
  deployment.javaws.jre.1.osarch=x86
  deployment.javaws.jre.1.path=C\:\\Portal\\dist\\java\\jre6\\bin\\javaw.exe
  deployment.javaws.jre.1.platform=1.6
  deployment.javaws.jre.1.product=1.6.0_29
  Note: The reason not to use most recent version of Java is the necessity to test the third party application prior to deployment of a new Java version and since I do not control when a new version of Java is deployed and enabled to our machines, I am required to find an transparent solution. I understand the security issues by doing so, but the time between testing and acceptance of a new Java version for our application is within an acceptable timeframe. On exiting the application, I would restore the JRE settings and restore previous settings, to minimize the exposure of a potential security risk. Also any manual configurations are trying to be avoided as to maintain transparency to the user.

  I'm having a similar problem and I think it is related with this.
  If, after a Java--->Javascript call, a Javascript--->Java call isn't made soon after the first, it works. But, if the Java--->Javascript call triggers a Javascript--->Java call, any Java--->Javascript call that is made after that doesn't reach Javascript :/
  I have a method that handles the Java--->Javascript calls and goes something like this:
  System.out.println("Calling Javascript...");
  JSObject win = JSObject.getWindow(this);
  win.call(jsEventHandler, new Object[] { json.toString() });
  System.out.println("Done.");I further found out that, after looking at the Java debug console in the scenario where a Java--->Javascript call triggers a Javascript--->Java call, only after this last method returns is the "Done" message printed, even though the respective Javascript call was already invoked.
  Could you explain in more detail the queue based solution you found? Any other ideas?
  Regards,
  Andr&eacute; Tavares.

• How to Debug Java Applet called in a BSP Component

  Hi All,
  In CRM Marketing->Segments->Graphical Modeler
  A click on settings button will load a Java Applet window.
  The settings window displays some elements. I want to translate a text displayed in that Java Applet window.
  Please let me know the ways to debug a Java applet loaded from BSP Component or ways the data is loaded into Java applet from SAP.
  Your help would be appreciated and points will be rewarded.
  Thanks a lot in advance.

  For the newbies, like me:
  Instruction to setup and debug an applet in Eclipse IDE via your Browser
  Java Console Setup for Applet debugging:
  1. Open up the Java Console Application by double clicking on it at C:\Program Files (x86)\Java\jre1.6.0_03\bin\javacpl.exe
  2. Select the Java Tab
  3. View Applet Runtime Settings button
  4. Enter in the Java Runtime Parameters the following: -Xdebug -Xrunjdwp:transport=dt_socket,address=5555,server=y,suspend=y
  5. Note: the port address 5555 can be anytime you want. You will need to enter whatever number you select into Eclipse IDE.
  6. Note: if you don�t need to debug code in the Applet�s init() method, then use....suspend=n (Not tested yet.)
  Eclipse setup for Applet debugging:
  1. Open up Eclipse and create your Applet. Once you are ready to debug go to the next step.
  2. Select the top level Run menu
  3. Pick the Open Debug Dialog� option
  4. In the left column select Remote Java Application
  5. Then select the �New� button to create a debug configuration for the remote session (the new button looks like a page with a yellow plus in the upper right hand corner)
  6. Give your session a name. I used the class name followed with the work remote for example: mainclassnameRemote
  7. Set connection type to Standard (Socket Attached)
  8. Host to localhost
  9. Port to 5555, or whatever you used in Java Console Setup step 5.
  10. Due not check the �Allow termination of remote VM�
  11. Due not close this window.
  Start debugging:
  1. Go to your Applet html launch file and launch in a browser
  2. Then go back to eclipse and select the debug button
  3. Eclipse should now throw you into the debugger mode.
  4. If it hangs, just retry again. It seems to work ok most of the time. A few time I need to close the browser and start over and then it seems to work.

• Question about Java GSS-Kerberos authentication

  Hi,
  I am new to GSS API. I have a client requirement to use Java GSS Kerberos Authentication instead of using IIS for Integrated Windows Authentication. In IWA, the IE browser automatically picks up the logged-in windows user credentials and passes it to IIS, which authenticates you against Active Directory and returns SUCCESS.
  We are planning to write a Servlet/JSP code on Apache Tomcat on Solaris 10, which uses Java GSS API to do Kerberos Authentication and return SUCCESS to the user. When I look at the examples:
  http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/tutorials/AcnOnly.html#RunAc
  it says:
  "You will be prompted for your Kerberos user name and password, and the underlying Kerberos authentication mechanism specified in the login configuration file will log you into Kerberos. If your login is successful, you will see the following message: Authentication succeeded!"
  Does this mean that in Kerberos Authentication using Java GSS API, the user will have to enter his windows credentials for authentication? Is there a way for the credentials to be passed from Windows automatically to the API, without user intervention?
  Any links detailing the procedure would be of great help.
  Thanks,
  shetty2k

  We are having a similar requirement from our end. To make situation worst I do not even have an idea about an approach.
  What are the ways that we can use windows credentials to authenticate against IIS with tomcat?
  any help is greatly appreciated.
  R.

• Web Service issue in eclipse IDE

  Hi,
  I am trying to execute a code for web service related in eclipse IDE (Plug in environment).
  when i am trying to debug, It throws class not found exception in plugin environment and its not creating instance for Wsdlparser1.
  but it is executing fine in java environment.
  And the code is,
  public void testCaseCreation() {
            try{
                 Wsdlparser1 wsdlParser1 = new Wsdlparser1(sWsdlFilePath);
                 wsdlParser1.createWSDLReader(sWsdlFilePath);
                 GenerateTypeSystem gTypeSystem = new GenerateTypeSystem(sPath);
                 gTypeSystem.createModule();
                 System.out.println("TypeSystem Created Successfully");
                 GenerateTestCase1 gTestCase = new GenerateTestCase1(wsdlParser1,sPath);
                 gTestCase.createTestcases();
                 System.out.println("TestCase Created Successfully");
            } catch (Exception e) {
                 e.printStackTrace();
  let me know how to proceed further.

  service created in SOAMANAGER will  not work in older patch level version where
  WSADMIN/WSCONFIG. is available

• Java.security.cert.CertificateException

  Hi,
  I am using a JAVA client to connect to a https server which uses certificates for authentication.
  The server uses gSOAP certificates for client authentication and encryption of messages.
  I am using JSSE coming along with JDK1.6 and generated keystore file from client.pem and cacert.pem files used by the server.
  I need to send SOAP messages with attachments.
  I am using SAAJ API with JDK 1.6 .
  When I try to connect to the server through javax.xml.soap.SOAPConnection, I am getting java.security.cert.CertificateException. Please see the exception below.
  Note: Server is responding properly to SOAP UI tool(java testing tool) with certifcates authentication.
  I have enabled debug option in SSL.
  E:\test\properties\storefile.jks
  keyStore is : E:\test\properties\storefile.jks
  keyStore type is : jks
  keyStore provider is :
  init keystore
  init keymanager of type SunX509
  trustStore is: E:\test\properties\storefile.jks
  trustStore type is : jks
  trustStore provider is :
  init truststore
  adding as trusted cert:
  Subject: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
  Issuer: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
  Algorithm: RSA; Serial number: 0x0
  Valid from Sat Oct 02 22:38:06 IST 2004 until Tue Oct 02 22:38:06 IST 2007
  adding as trusted cert:
  Subject: [email protected], CN=localhost, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
  Issuer: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
  Algorithm: RSA; Serial number: 0x7
  Valid from Sun Dec 25 01:01:53 IST 2005 until Wed Dec 24 01:01:53 IST 2008
  adding as trusted cert:
  Subject: [email protected], CN=localhost, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
  Issuer: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
  Algorithm: RSA; Serial number: 0x8
  Valid from Sun Dec 25 01:03:13 IST 2005 until Wed Dec 24 01:03:13 IST 2008
  trigger seeding of SecureRandom
  done seeding SecureRandom
  %% No cached client session
  *** ClientHello, TLSv1
  RandomCookie: GMT: 1155448094 bytes = { 120, 70, 246, 123, 195, 47, 61, 191, 223, 241, 23, 204, 98, 143, 212, 251, 80, 10, 100, 183, 82, 82, 215, 228, 212, 47, 68, 224 }
  Session ID: {}
  Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
  Compression Methods: { 0 }
  Thread-3, WRITE: TLSv1 Handshake, length = 73
  Thread-3, WRITE: SSLv2 client hello message, length = 98
  Thread-3, READ: TLSv1 Handshake, length = 74
  *** ServerHello, TLSv1
  RandomCookie: GMT: 1155531752 bytes = { 248, 141, 63, 154, 117, 213, 184, 250, 239, 237, 26, 225, 175, 38, 151, 65, 101, 127, 134, 46, 180, 80, 153, 133, 215, 120, 102, 11 }
  Session ID: {100, 201, 98, 232, 113, 191, 163, 129, 1, 101, 251, 29, 233, 245, 144, 203, 231, 208, 202, 248, 160, 99, 84, 248, 86, 16, 235, 234, 20, 73, 231, 148}
  Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
  Compression Method: 0
  %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
  ** SSL_RSA_WITH_RC4_128_MD5
  Thread-3, READ: TLSv1 Handshake, length = 1868
  *** Certificate chain
  chain [0] = [
  Version: V3
  Subject: [email protected], CN=localhost, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
  Key: Sun RSA public key, 1024 bits
  modulus: 144881101064455404788814091404981462608080902688277626878350142057531273562236240952084735254146287262789443540177122740514352105900513219519909051335421867736741713195463254360663999239941476817345303119999799829037388457231058611674562175705514528085594563474765367007497034178272408363177194954006361904887
  public exponent: 65537
  Validity: [From: Sun Dec 25 01:03:13 IST 2005,
                 To: Wed Dec 24 01:03:13 IST 2008]
  Issuer: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
  SerialNumber: [    08]
  Certificate Extensions: 4
  [1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
  0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
  0020: 65 e
  [2]: ObjectId: 2.5.29.14 Criticality=false
  SubjectKeyIdentifier [
  KeyIdentifier [
  0000: 3D C1 C8 B5 19 17 C3 8C 12 64 3C 05 C3 22 EE 7B =........d<.."..
  0010: BA 27 B4 C1 .'..
  [3]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: E0 CC 88 8B 41 A0 21 4A A4 61 18 67 27 61 A0 C9 ....A.!J.a.g'a..
  0010: 49 95 77 CA I.w.
  [[email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US]
  SerialNumber: [    00]
  [4]: ObjectId: 2.5.29.19 Criticality=false
  BasicConstraints:[
  CA:false
  PathLen: undefined
  Algorithm: [SHA1withRSA]
  Signature:
  0000: 6E D0 0E EC 85 EA A9 71 60 5D CB 13 3A 0C C2 C6 n......q`]..:...
  0010: A1 92 15 14 2A BB 86 2A 1D 68 B1 4B 41 C0 0B FB ....*..*.h.KA...
  0020: 35 C7 0F 6E 51 99 B3 25 95 4F 58 18 3D 73 F2 06 5..nQ..%.OX.=s..
  0030: 18 63 40 21 A7 44 1D AB 46 DB DD 6C 20 7D 23 23 .c@!.D..F..l .##
  0040: 08 84 92 CE 04 93 10 B3 CB 84 67 FD 3F 53 81 51 ..........g.?S.Q
  0050: 25 60 EE D1 02 89 06 58 E6 E0 B4 C2 20 D8 E8 84 %`.....X.... ...
  0060: 8A 4E 8D 59 62 67 33 4C 95 BD A3 F7 68 76 5E BA .N.Ybg3L....hv^.
  0070: D9 84 3F 80 C8 1E 49 3A 59 D0 B4 74 9E 2D CD F6 ..?...I:Y..t.-..
  chain [1] = [
  Version: V3
  Subject: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
  Key: Sun RSA public key, 1024 bits
  modulus: 106482211752195899275275639329238789380560290379431640534106480581317795742917955972475513891969031216742557266096088552725987675210922796797720103531106400345818891764659480805498923495886457178236281557583158652266656923442983245641013901721295378444704296581436391012531718274035287004196101203604693764023
  public exponent: 65537
  Validity: [From: Sat Oct 02 22:38:06 IST 2004,
                 To: Tue Oct 02 22:38:06 IST 2007]
  Issuer: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
  SerialNumber: [    00]
  Certificate Extensions: 3
  [1]: ObjectId: 2.5.29.14 Criticality=false
  SubjectKeyIdentifier [
  KeyIdentifier [
  0000: E0 CC 88 8B 41 A0 21 4A A4 61 18 67 27 61 A0 C9 ....A.!J.a.g'a..
  0010: 49 95 77 CA I.w.
  [2]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: E0 CC 88 8B 41 A0 21 4A A4 61 18 67 27 61 A0 C9 ....A.!J.a.g'a..
  0010: 49 95 77 CA I.w.
  [[email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US]
  SerialNumber: [    00]
  [3]: ObjectId: 2.5.29.19 Criticality=false
  BasicConstraints:[
  CA:true
  PathLen:2147483647
  Algorithm: [SHA1withRSA]
  Signature:
  0000: 59 9B F6 45 7E 10 3C 79 3B 88 FB 74 B3 2E F7 4F Y..E..<y;..t...O
  0010: 67 16 09 C1 2F 4E AC 7A 98 EA B4 12 08 6D 96 37 g.../N.z.....m.7
  0020: 1A 70 A0 79 FC 4A A7 54 BA 21 FD 35 FE 67 55 EF .p.y.J.T.!.5.gU.
  0030: D9 D9 18 99 5D 7A 03 3B EE DC F8 54 89 73 B8 86 ....]z.;...T.s..
  0040: B3 FB 63 4E F8 6A 9B AF A1 2B 39 1F B7 50 63 AB ..cN.j...+9..Pc.
  0050: 46 E1 F7 F5 A3 13 D4 3B F0 1D 8A 54 E4 65 3E 94 F......;...T.e>.
  0060: 6D 5A 58 77 50 A7 CB 99 E7 2E 28 90 C8 37 67 D2 mZXwP.....(..7g.
  0070: 19 E6 78 A3 91 49 E9 08 74 0E FA AF FC 16 B3 0B ..x..I..t.......
  Feb 24, 2007 9:50:47 AM com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection post
  SEVERE: SAAJ0009: Message send failed
  com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: java.security.PrivilegedActionException: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
       at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.call(Unknown Source)
       at SOAPConnector$1.run(SOAPConnector.java:145)
  Caused by: java.security.PrivilegedActionException: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
       at java.security.AccessController.doPrivileged(Native Method)Found trusted certificate:
  Version: V3
  Subject: [email protected], CN=localhost, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
  Key: Sun RSA public key, 1024 bits
  modulus: 144881101064455404788814091404981462608080902688277626878350142057531273562236240952084735254146287262789443540177122740514352105900513219519909051335421867736741713195463254360663999239941476817345303119999799829037388457231058611674562175705514528085594563474765367007497034178272408363177194954006361904887
  public exponent: 65537
  Validity: [From: Sun Dec 25 01:03:13 IST 2005,
                 To: Wed Dec 24 01:03:13 IST 2008]
  Issuer: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
  SerialNumber: [    08]
  Certificate Extensions: 4
  [1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
  0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
  0020: 65 e
  [2]: ObjectId: 2.5.29.14 Criticality=false
  SubjectKeyIdentifier [
  KeyIdentifier [
  0000: 3D C1 C8 B5 19 17 C3 8C 12 64 3C 05 C3 22 EE 7B =........d<.."..
  0010: BA 27 B4 C1 .'..
  [3]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: E0 CC 88 8B 41 A0 21 4A A4 61 18 67 27 61 A0 C9 ....A.!J.a.g'a..
  0010: 49 95 77 CA I.w.
  [[email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US]
  SerialNumber: [    00]
  [4]: ObjectId: 2.5.29.19 Criticality=false
  BasicConstraints:[
  CA:false
  PathLen: undefined
  Algorithm: [SHA1withRSA]
  Signature:
  0000: 6E D0 0E EC 85 EA A9 71 60 5D CB 13 3A 0C C2 C6 n......q`]..:...
  0010: A1 92 15 14 2A BB 86 2A 1D 68 B1 4B 41 C0 0B FB ....*..*.h.KA...
  0020: 35 C7 0F 6E 51 99 B3 25 95 4F 58 18 3D 73 F2 06 5..nQ..%.OX.=s..
  0030: 18 63 40 21 A7 44 1D AB 46 DB DD 6C 20 7D 23 23 .c@!.D..F..l .##
  0040: 08 84 92 CE 04 93 10 B3 CB 84 67 FD 3F 53 81 51 ..........g.?S.Q
  0050: 25 60 EE D1 02 89 06 58 E6 E0 B4 C2 20 D8 E8 84 %`.....X.... ...
  0060: 8A 4E 8D 59 62 67 33 4C 95 BD A3 F7 68 76 5E BA .N.Ybg3L....hv^.
  0070: D9 84 3F 80 C8 1E 49 3A 59 D0 B4 74 9E 2D CD F6 ..?...I:Y..t.-..
  Thread-3, SEND TLSv1 ALERT: fatal, description = certificate_unknown
  Thread-3, WRITE: TLSv1 Alert, length = 2
  Thread-3, called closeSocket()
  Thread-3, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
       ... 2 more
  Caused by: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
       at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.post(Unknown Source)
       at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection$PriviledgedPost.run(Unknown Source)
       ... 3 more
  Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
       at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
       at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
       at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
       at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
       at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
       at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
       at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
       at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
       at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
       ... 5 more
  Caused by: java.security.cert.CertificateException: No subject alternative names present
       at sun.security.util.HostnameChecker.matchIP(Unknown Source)
       at sun.security.util.HostnameChecker.match(Unknown Source)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
       ... 17 more
  CAUSE:
  java.security.PrivilegedActionException: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.call(Unknown Source)
       at SOAPConnector$1.run(SOAPConnector.java:145)
  Caused by: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
       at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.post(Unknown Source)
       at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection$PriviledgedPost.run(Unknown Source)
       ... 3 more
  Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
       at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
       at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
       at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
       at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
       at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
       at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
       at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
       at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
       at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
       ... 5 more
  Caused by: java.security.cert.CertificateException: No subject alternative names present
       at sun.security.util.HostnameChecker.matchIP(Unknown Source)
       at sun.security.util.HostnameChecker.match(Unknown Source)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
       ... 17 more
  CAUSE:
  java.security.PrivilegedActionException: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.call(Unknown Source)
       at SOAPConnector$1.run(SOAPConnector.java:145)
  Caused by: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
       at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.post(Unknown Source)
       at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection$PriviledgedPost.run(Unknown Source)
       ... 3 more
  Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
       at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
       at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
       at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
       at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
       at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
       at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
       at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
       at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
       at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
       ... 5 more
  Caused by: java.security.cert.CertificateException: No subject alternative names present
       at sun.security.util.HostnameChecker.matchIP(Unknown Source)
       at sun.security.util.HostnameChecker.match(Unknown Source)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
       ... 17 more
  Any help is appreciated.

  did you find the solution for the issue i am using jscape now...

• Java.security.cert.CertificateException: Untrusted Cert Chain

  Hi all,
  While sending transaction to our supplier I am facing below error, Actually Our trading partner has given .p7b cert, I converted it into base 64 and i m using in b2b server. I am doing the same with all the suppliers but I am facing issue with only this trading partner. I asked him to send a new trusted certificate but he said that he is having 100's of customers, all are using the same certficate.
  Error
  http.sender.timeout=0
  2010.05.20 at 10:52:20:711: Thread-19: B2B - (DEBUG) scheme null userName null realm null
  2010.05.20 at 10:52:22:159: Thread-19: B2B - (WARNING)
  Message Transmission Transport Exception
  Transport Error Code is OTA-HTTP-SEND-1006
  StackTrace oracle.tip.transport.TransportException: [IPT_HttpSendHttpResponseError] HTTP response error :java.security.cert.CertificateException: Untrusted Cert Chain.
       at oracle.tip.transport.TransportException.create(TransportException.java:91)
       at oracle.tip.transport.basic.HTTPSender.send(HTTPSender.java:627)
       at oracle.tip.transport.b2b.B2BTransport.send(B2BTransport.java:311)
       at oracle.tip.adapter.b2b.transport.TransportInterface.send(TransportInterface.java:1034)
       at oracle.tip.adapter.b2b.msgproc.Request.outgoingRequestPostColab(Request.java:1758)
       at oracle.tip.adapter.b2b.msgproc.Request.outgoingRequest(Request.java:976)
       at oracle.tip.adapter.b2b.engine.Engine.processOutgoingMessage(Engine.java:1167)
       at oracle.tip.adapter.b2b.transport.AppInterfaceListener.onMessage(AppInterfaceListener.java:141)
       at oracle.tip.transport.basic.FileSourceMonitor.processMessages(FileSourceMonitor.java:903)
       at oracle.tip.transport.basic.FileSourceMonitor.run(FileSourceMonitor.java:317)
  Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Untrusted Cert Chain
       at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
       at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
       at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
       at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
       at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA12275)
       at java.io.ByteArrayOutputStream.writeTo(ByteArrayOutputStream.java:112)
       at HTTPClient.HTTPConnection.sendRequest(HTTPConnection.java:3018)
       at HTTPClient.HTTPConnection.handleRequest(HTTPConnection.java:2843)
       at HTTPClient.HTTPConnection.setupRequest(HTTPConnection.java:2635)
       at HTTPClient.HTTPConnection.Post(HTTPConnection.java:1107)
       at oracle.tip.transport.basic.HTTPSender.send(HTTPSender.java:590)
       ... 8 more
  Caused by: java.security.cert.CertificateException: Untrusted Cert Chain
       at oracle.security.pki.ssl.C21.checkClientTrusted(C21)
       at oracle.security.pki.ssl.C21.checkServerTrusted(C21)
       at oracle.security.pki.ssl.C08.checkServerTrusted(C08)
       at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA12275)
       ... 21 more
  2010.05.20 at 10:52:22:164: Thread-19: B2B - (DEBUG) oracle.tip.adapter.b2b.transport.TransportInterface:send Error in sending message
  2010.05.20 at 10:52:22:168: Thread-19: B2B - (INFORMATION) oracle.tip.adapter.b2b.msgproc.Request:outgoingRequestPostColab Request Message Transmission failed
  2010.05.20 at 10:52:22:170: Thread-19: B2B - (DEBUG) DBContext beginTransaction: Enter
  2010.05.20 at 10:52:22:173: Thread-19: B2B - (DEBUG) DBContext beginTransaction: Transaction.begin()
  2010.05.20 at 10:52:22:176: Thread-19: B2B - (DEBUG) DBContext beginTransaction: Leave
  2010.05.20 at 10:52:22:179: Thread-19: B2B - (DEBUG) oracle.tip.adapter.b2b.msgproc.Request:outgoingRequestPostColab [IPT_HttpSendHttpResponseError] HTTP response error :java.security.cert.CertificateException: Untrusted Cert Chain.
  Untrusted Cert Chain
  2010.05.20 at 10:52:22:226: Thread-19: B2B - (DEBUG) oracle.tip.adapter.b2b.engine.Engine:notifyApp retry value <= 0, so sending exception to IP_IN_QUEUE
  2010.05.20 at 10:52:22:232: Thread-19: B2B - (DEBUG) Engine:notifyApp Enter
  2010.05.20 at 10:52:22:248: Thread-19: B2B - (DEBUG) notifyApp:notifyApp Enqueue the ip exception message:
  <Exception xmlns="http://integration.oracle.com/B2B/Exception" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <correlationId>543222</correlationId>
  <b2bMessageId>543222</b2bMessageId>
  <errorCode>AIP-50079</errorCode>
  <errorText>Transport error: [IPT_HttpSendHttpResponseError] HTTP response error :java.security.cert.CertificateException: Untrusted Cert Chain.
  Untrusted Cert Chain</errorText>
  <errorDescription>
  <![CDATA[Machine Info: (usmtnz-sinfwi02)Transport error: [IPT_HttpSendHttpResponseError] HTTP response error :java.security.cert.CertificateException: Untrusted Cert Chain.
  Untrusted Cert Chain ]]>
  </errorDescription>
  <errorSeverity>2</errorSeverity>
  </Exception>
  2010.05.20 at 10:52:22:298: Thread-19: B2B - (DEBUG) Engine:notifyApp Exit
  2010.05.20 at 10:52:22:301: Thread-19: B2B - (DEBUG) DBContext commit: Enter
  2010.05.20 at 10:52:22:307: Thread-19: B2B - (DEBUG) DBContext commit: Transaction.commit()
  2010.05.20 at 10:52:22:310: Thread-19: B2B - (DEBUG) DBContext commit: Leave
  2010.05.20 at 10:52:22:313: Thread-19: B2B - (DEBUG) oracle.tip.adapter.b2b.msgproc.Request:outgoingRequest Exit
  2010.05.20 at 10:52:22:317: Thread-19: B2B - (INFORMATION) oracle.tip.adapter.b2b.engine.Engine:processOutgoingMessage:
  ***** REQUEST MESSAGE *****
  Exchange Protocol: AS2 Version 1.1
  Transport Protocol: HTTPS
  Unique Message ID: <543222@EMRSNS>
  Trading Partner: ZZEASY_PROD
  Message Signed: RSA
  Payload encrypted: 3DES
  Attachment: None

  Hi CNU,
  1st they has given me in .p7b certificateIs it a self-signed certificate? If no then do you have the CA certs as well?
  Open the certificate by double clicking on it. If "Issued To" and "Issued By" fields are same then it is a self signed cert and you need to import only this cert (in base64 format) into wallet.
  If it is not a self-signed cert then open the certificate and click on "Certification Path" tab. You should be able to see the issue's certificate here. Make sure that you have imported all issuers certificate along with your TP's cert in the wallet. Moreover, check that all the certs (TP cert and it's issuer cert's) are valid in terms of dates. You can see the "Certificate status" in "Certification Path" tab of certificate.
  Please provide the certificate chain details here along with list of certs in wallet (you may mail it to my id as well - [email protected])
  Regards,
  Anuj

• Java Security Model: Java Protection Domains

  1.     Policy Configuration
  Until now, security policy was hard-coded in the security manager used by Java applications. This gives us the effective but rigid Java sandbox for applets.A major enhancement to the Java sandbox is the separation of policy from mechanism. Policy is now expressed in a separate, persistent format. The policy is represented in simple ascii, and can be modified and displayed by any tools that support the policy syntax specification. This allows:
  o     Configurable policies -- no longer is the security policy hard-coded into the application.
  o     Flexible policies -- Since the policy is configurable, system administrators can enforce global polices for the enterprise. If permitted by the enterprise's global policy, end-users can refine the policy for their desktop.
  o     Fine-grain policies -- The policy configuration file uses a simple, extensible syntax that allows you to specify access on specific files or to particular network hosts. Access to resources can be granted only to code signed by trusted principals.
  o     Application policies -- The sandbox is generalized so that applications of any stripe can use the policy mechanism. Previously, to establish a security policy for an application, an developer needed to implement a subclass of the SecurityManager, and hard-code the application's policies in that subclass. Now, the application can make use of the policy file and the extensible Permission object to build an application whose policy is separate from the implementation of the application.
  o     Extensible policies -- Application developers can choose to define new resource types that require fine-grain access control. They need only define a new Permission object and a method that the system invokes to make access decisions. The policy configuration file and policy tools automatically support application-defined permissions. For example, an application could define a CheckBook object and a CheckBookPermission.
  2.     X.509v3 Certificate APIs
  Public-key cryptography is an effective tool for associating an identity with a piece of code. JavaSoft is introducing API support in the core APIs for X.509v3 certificates. This allows system administrators to use certificates from enterprise Certificate Authorities (CAs), as well as trusted third-party CAs, to cryptographically establish identities.
  3.     Protection Domains
  The central architectural feature of the Java security model is its concept of a Protection Domain. The Java sandbox is an example of a Protection Domain that places tight controls around the execution of downloaded code. This concept is generalized so that each Java class executes within one and only one Protection Domain, with associated permissions.
  When code is loaded, its Protection Domain comes into existence. The Protection Domain has two attributes - a signer and a location. The signer could be null if the code is not signed by anyone. The location is the URL where the Java classes reside. The system consults the global policy on behalf of the new Protection Domain. It derives the set of permissions for the Protection Domain based on its signer/location attributes. Those permissions are put into the Protection Domain's bag of permissions.
  4.     Access Decisions
  Access decisions are straightforward. When code tries to access a protected resource, it creates an access request. If the request matches a permission contained in the bag of permissions, then access is granted. Otherwise, access is denied. This simple way of making access decisions extends easily to application-defined resources and access control. For example, the banking application allows access to the CheckBook only when the executing code holds the appropriate CheckBookPermission.
  Sandbox model for Security
  Java is supported in applications and applets, small programs that spurred Java's early growth and are executable in a browser environment. The applet code is downloaded at runtime and executes in the context of a JVM hosted by the browser. An applet's code can be downloaded from anywhere in the network, so Java's early designers thought such code should not be given unlimited access to the target system. That led to the sandbox model -- the security model introduced with JDK 1.0.
  The sandbox model deems all code downloaded from the network untrustworthy, and confines the code to a limited area of the browser -- the sandbox. For instance, code downloaded from the network could not update the local file system. It's probably more accurate to call this a "fenced-in" model, since a sandbox does not connote strict confinement.
  While this may seem a very secure approach, there are inherent problems. First, it dictates a rigid policy that is closely tied to the implementation. Second, it's seldom a good idea to put all one's eggs in one basket -- that is, it's unwise to rely entirely on one approach to provide overall system security.
  Security needs to be layered for depth of defense and flexible enough to accommodate different policies -- the sandbox model is neither.
  java.security.ProtectionDomain
  This class represents a unit of protection within the Java application environment, and is typically associated with a concept of "principal," where a principal is an entity in the computer system to which permissions (and as a result, accountability) are granted.
  A domain conceptually encloses a set of classes whose instances are granted the same set of permissions. Currently, a domain is uniquely identified by a CodeSource, which encapsulates two characteristics of the code running inside the domain: the codebase (java.net.URL), and a set of certificates (of type java.security.cert.Certificate) for public keys that correspond to the private keys that signed all code in this domain. Thus, classes signed by the same keys and from the same URL are placed in the same domain.
  A domain also encompasses the permissions granted to code in the domain, as determined by the security policy currently in effect.
  Classes that have the same permissions but are from different code sources belong to different domains.
  A class belongs to one and only one ProtectionDomain.
  Note that currently in Java 2 SDK, v 1.2, protection domains are created "on demand" as a result of class loading. The getProtectionDomain method in java.lang.Class can be used to look up the protection domain that is associated with a given class. Note that one must have the appropriate permission (the RuntimePermission "getProtectionDomain") to successfully invoke this method.
  Today all code shipped as part of the Java 2 SDK is considered system code and run inside the unique system domain. Each applet or application runs in its appropriate domain, determined by its code source.
  It is possible to ensure that objects in any non-system domain cannot automatically discover objects in another non-system domain. This partition can be achieved by careful class resolution and loading, for example, using different classloaders for different domains. However, SecureClassLoader (or its subclasses) can, at its choice, load classes from different domains, thus allowing these classes to co-exist within the same name space (as partitioned by a classloader).
  jarsigner and keytool
  example : cd D:\EicherProject\EicherWEB\Web Content jarsigner -keystore eicher.store source.jar eichercert
  The javakey tool from JDK 1.1 has been replaced by two tools in Java 2.
  One tool manages keys and certificates in a database. The other is responsible for signing and verifying JAR files. Both tools require access to a keystore that contains certificate and key information to operate. The keystore replaces the identitydb.obj from JDK 1.1. New to Java 2 is the notion of policy, which controls what resources applets are granted access to outside of the sandbox (see Chapter 3).
  The javakey replacement tools are both command-line driven, and neither requires the use of the awkward directive files required in JDK 1.1.x. Management of keystores, and the generation of keys and certificates, is carried out by keytool. jarsigner uses certificates to sign JAR files and to verify the signatures found on signed JAR files.
  Here we list simple steps of doing the signing. We assume that JDK 1.3 is installed and the tools jarsigner and keytool that are part of JDK are in the execution PATH. Following are Unix commands, however with proper changes, these could be used in Windows as well.
  1. First generate a key pair for our Certificate:
  keytool -genkey -keyalg rsa -alias AppletCert
  2. Generate a certification-signing request.
  keytool -certreq -alias AppletCert > CertReq.pem
  3. Send this CertReq.pem to VeriSign/Thawte webform. Let the signed reply from them be SignedCert.pem.
  4. Import the chain into keystore:
  keytool -import -alias AppletCert -file SignedCert.pem
  5. Sign the CyberVote archive �TeleVote.jar�:
  jarsigner TeleVote.jar AppletCert
  This signed applet TeleVote.jar can now be made available to the web server. For testing purpose we can have our own test root CA. Following are the steps to generate a root CA by using openssl.
  1. Generate a key pair for root CA:
  openssl genrsa -des3 -out CyberVoteCA.key 1024
  2. Generate an x509 certificate using the above keypair:
  openssl req -new -x509 -days key CyberVoteCA.key -out CyberVoteCA.crt
  3. Import the Certificate to keystore.
  keytool -import -alias CyberVoteRoot -file CyberVoteCA.crt
  Now, in the step 3 of jar signing above, instead of sending the request certificate to VeriSign/Thawte webform for signing, we 365 - can sign using our newly created root CA using this command:
  openssl x509 -req -CA CyberVoteCA.crt -CAkey CyberVoteCA.key -days 365 -in CertReq.pem -out SignedCert.pem �Cacreateserial
  However, our test root CA has to be imported to the keystore of voter�s web browser in some way. [This was not investigated. We used some manual importing procedure which is not recommended way]
  The Important Classes
  The MessageDigest class, which is used in current CyberVote mockup system (see section 2), is an engine class designed to provide the functionality of cryptographically secure message digests such as SHA-1 or MD5. A cryptographically secure message digest takes arbitrary-sized input (a byte array), and generates a fixed-size output, called a digest or hash. A digest has the following properties:
  � It should be computationally infeasible to find two messages that hashed to the same value.
  � The digest does not reveal anything about the input that was used to generate it.
  Message digests are used to produce unique and reliable identifiers of data. They are sometimes called the "digital fingerprints" of data.
  The (Digital)Signature class is an engine class designed to provide the functionality of a cryptographic digital signature algorithm such as DSA or RSA with MD5. A cryptographically secure signature algorithm takes arbitrary-sized input and a private key and generates a relatively short (often fixed-size) string of bytes, called the signature, with the following properties:
  � Given the public key corresponding to the private key used to generate the signature, it should be possible to verify the authenticity and integrity of the input.
  � The signature and the public key do not reveal anything about the private key.
  A Signature object can be used to sign data. It can also be used to verify whether or not an alleged signature is in fact the authentic signature of the data associated with it.
  ----Cheers
  ---- Dinesh Vishwakarma

  Hi,
  these concepts are used and implemented in jGuard(www.jguard.net) which enable easy JAAS integration into j2ee webapps across application servers.
  cheers,
  Charles(jGuard team).

• Generated Web Service Client giving java.security.PrivilegedActionException

  I generated a Web Service Proxy using jdev but when I run the client I get a hand shake error. I dont get this error in eclipse but happens when I try to run it in JDev. Is there some certificate setting or KeyStore setting I need to do to make this error go away:
  Do I need to add the KeyStore or Certificate from the site I am accessing to oracle application server or jdeveloper... whats the procedure for that..
  WARNING: Unable to connect to URL: https://mytest.test.com/WebService/MyTest_1.0/soap.soap due to java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: Connection refused: connect
  java.rmi.RemoteException: ; nested exception is:
       HTTP transport error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: Connection refused: connect
       at project7.proxy.runtime.MyTestSoapBinding_Stub.echoOfficeLocation(MyTestSoapBinding_Stub.java:11977)
       at project7.proxy.MyTestClient.echoOfficeLocation(MyTestClient.java:1276)
       at project7.proxy.MyTestClient.main(MyTestClient.java:38)
  Caused by: HTTP transport error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: Connection refused: connect
       at oracle.j2ee.ws.client.http.HttpClientTransport.invokeImpl(HttpClientTransport.java:174)
       at oracle.j2ee.ws.client.http.HttpClientTransport.invoke(HttpClientTransport.java:150)
       at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:176)
       at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:113)
       at project7.proxy.runtime.MyTestSoapBinding_Stub.echoOfficeLocation(MyTestSoapBinding_Stub.java:11961)
       ... 2 more
  Process exited with exit code 0.

  hi Kimberly
  It looks like you're getting some feedback in this forum thread:
  "how do you add an existing certificate or keystore to jdev to access WS"
  how do you add an existing certificate or keystore to jdev to access WS
  regards
  Jan Vervecken

• Java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Unab

  Hi
  I deployed an ESB service.
  I am trying to test it from Server Enterprise Manager, Webservices feature.
  I wrapped up my original message with SOAP 1.1 and 1.2 specifications.
  When I invoke the service, I am getting
  java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Unable to get header stream in saveChanges error.
  Any idea how to get rid of that ?
  Thanks
  Praveen

  The current version of ESB does not support SOAP 1.2. You need to make sure your message contains the correct SOAP 1.1 namespace so ESB uses the correct SOAP version:
  SOAP 1.1: http://schemas.xmlsoap.org/soap/envelope/
  SOAP 1.2: http://www.w3.org/2003/05/soap-envelope
  Kind Regards,
  Andre Jochems