Exchange of initial key for two way encrypted communication

Hello all,
I think the following question has to do with my lack of knowledge of cryptography and will be happy for any pointers you might provide.
I am trying to encrypt socket communication between client/server. I have decided to use AES from the SUNJCE. I don't want to store a static key on the client as that would pose a threat(decompilation). And I don't want to send the key to the client as that would defeat the whole purpose of encryting the communication (the key might get sniffed over the network).
I have a feeling there is a better way but since I am new to crytpography I am a bit lost. Can anybody tell me if there is a standard (best-practice) way of doing this.
Thanks in advance for your help.
depeupleur_

For anyone interested in AES for flash check this code
out:
http://www.codecta.com.br/rijndael.zip
Wow - that is impressive.
I now have a different problem, i can protect the data
being transmitted between server and a legitimate
client but since the connection is done through
internet and i don't know who the potential users are
how can i make sure the client that connects in the
first place is not a rogue client looking to replace a
proper client and trying to determine the
communication protocols and encryption mechanisms?You really do need to read up on how this stuff works. If "Applied Crypto" is too much, there's another book, "Practical Cryptography", by Ferguson and Schneier, that covers the topic pretty readably as well. (The first section, anyway - it gets pretty dense after that...)
In general - if you're going to worry about the identity of the client, you can set up your server to require client-side certificates. Explaining how certificates work is more than a forum-message thing.
Note that, in The Land of Crypto, you must assume that The Bad Guy knows everything about your communications protocols except for the key. If your security relies on hiding them, or your specific encryption algorithm, then you're pretty much toast.
Too right, i won't even pretend that i could write any
crypto code. (unless it is for my little son to
decrypt as a game)It's actually a very interesting field. I would not call myself a cryptographer by any stretch of the imagination - I'm just an educated user of crypto libraries. With a little research, you can be one too! ;)
Good luck,
Grant

Similar Messages

How to Use a Certificate for Two Way SSL and another certificate for WS Security Header at Client Console Application(C# Dotnet)

Hi,
I want to consume a Java Web service from Dotnet based client Application. The service require one Certificate("abc.PFX") for Two Way SSL purpose and another certificate("xyz.pfx") for WS security purpose to be passed from client Application(Dotnet
Console based). I tried configuring the App.config of Client application to pass both the certs but getting Error says:
Could not establish secure channel for SSL/TLS with authority "******aaaa.com"
Please suggest how to pass both the certs from client Application..

Hi,
This problem can be due to an Untrusted certificate. So you need just full permissions to certificates.
And for more information, you could refer to:
http://contractnamespace.blogspot.jp/2014/12/could-not-create-secure-channel-fix.html
Regards

Delivery notification for two way ports

HI
I am using a two way BasicHttp Adapter for sending requests and receiving response from a Web service. I want to handle Delivery Notification errors but since it works only for one way ports how can i implement the same for my scenario Please advice.
Regards
Suresh

Hi Suresh,
Snippet below from the
link should answer your specific question.
Handling Delivery Failure Exception (using a request-response port)
There is a great post
by Naveen Karamchetti about this; this is the key steps…
In order to catch an exception within your scope block in BizTalk while using a request-response port, you might have to do the following:
Set the retry-count to 0 on your physical request-response port which you use to bind.
Enable the flag Delivery Notification to ‘Transmitted’ on your logical request-response port within the orchestration.
Catch the “Microsoft.XLANGs.BaseTypes.DeliveryFailureException” exception and handle it as you’re please.
The Delivery Notification flag on the Send Port indicates that the orchestration must be NOTIFIED back, in case the message has not been received by the destination. Delivery Notification works only when
the Retry Count set to 0. When a message cannot be delivered, a Delivery Failure Exception is raised and the exception needs to be handled by the Orchestration.
Rachit
Please mark as answer or vote as helpful if my reply does

Steps required for two way interface

Hi
i have a scenario SAP seneds Transfer order (Idoc) to external systems via XI middleware, then external system confirm and send the XML file to SAP system visa XI.
i roughly know that i have to use File and IDOC adpaters.but i dont know what are the actual steps
mean how many message interfaces required how may sender and reciver agrrement required
could you please berifely explain the end to end scenarios to design the interface
please dont send me the URL or blogs i already gone through them please explain the scenario as per the my requirement
regards
neelu

Hi,
the scenario depends on the external system...
if your external system is file system then you need to configure two scenarios............IDOC to FILE and FILE to IDOC.......
if your externam system supports synchronous way of communication then you can go with BPM Sync Async scenario........
for file to idoc.......
https://forums.sdn.sap.com/click.jspa?searchID=131889&messageID=884609
https://forums.sdn.sap.com/click.jspa?searchID=131889&messageID=2081240
https://forums.sdn.sap.com/click.jspa?searchID=131889&messageID=2436376
Step by Step Guide - File to IDOC Scenario
https://forums.sdn.sap.com/click.jspa?searchID=131889&messageID=921672
for idoc to file............
https://www.sdn.sap.com/irj/sdn/wiki?path=/display/xi/step%2bby%2bstep%2bprocedure%2bof%2bidoc%2bto%2bfile%2bscenario%2busing%2bbpm
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/e07dcaa0-a92b-2a10-3a96-b3d942bd1539
Reward points if this is helpful
thanks,
Madhu
Edited by: Madhu sudhan Reddy on Jul 19, 2008 7:33 AM

Locked out of Apple ID AND lost Recovery Key for two-step verification

Hey guys,
Firstly, as the title implies, this is a double-whammy of a problem, and obviously, it is very much my fault. The reason I'm bothering to post this, however, is to find out if anyone else has had this issue and where they are at with it.
The story:
I set up two-step verification on my Apple ID about a year ago as I thought it was a good idea. I wrote the Recovery Key down as it told you to, and put it in a folder full of other important documents. In a epic mental lapse, however, I now remember later throwing out that folder, forgetting about my Recovery Key. Ya, that is my fault, I'm and idiot. Anyways...
Fast forward to a few days ago, and I all of a sudden received messages on all my devices saying that my Apple ID had been disabled for security reasons, and that I had to reset the account in order to regain access to it. Scary, but no problem, right? Well, after entering my Apple ID into iForgot.com, the first thing it asked me for was my Recovery Key. This is around the time I was banging my head against the wall in realization that I had thrown it away, but I was relieved to see the "Lost your Recovery Key?" option at the bottom of the screen. I was even more relieved to discover that I had what I needed to reset it: my current password and a trusted Apple device. The catch was that to reset it, I needed to log into my Apple ID to initiate it, which of course I couldn't do because it had been disabled, and the only way for me to disable it is, again, to enter in my Recovery Key. This effectively put me in and endless loop, without any apparent way of gaining accesses to my account. I did contact Apple about it, and I was ultimately told that the lock on my account was so tight, that not even Apple could gain access to it.
I understand that this level of security is probably the whole reason for the two-step verification in the first place, and I again concede that it was extremely foolish of me for forgetting about and discarding my Recovery Key, but a few things still don't make sense...
1. Why would they put a "Lost your Recovery Key?" link on the password recovery page when a password is needed to reset the Recovery Key itself?
2. As far as I can remember, Apple, in their briefing of how two-step verification works, did not bring up this scenario, which is probably relatively common. They DO mention that they can't help when you don't have access to two of the three necessary things for recovery, but they never brought up the apparent exception of if the account is disabled, in which case having two of the three things needed is not enough. I don't understand how they couldn't have mentioned this scenario.
3. Given the above thought, how could Apple not have some sort of special contingency for this type of situation? I profess my ignorance of how these types of systems are set up, but I would feel that there should be a special method for recovery in place if the account has been locked, and the owner is able to verify that they have the password and trusted devices.
I didn't mean to make it sound like a rant. I ADORE Apple, but this system seems like it's less than perfect.
Has anyone else ran into this issue? If so, is your situation similar to mine?
Thanks for any response!

Hey everyone.
It's been awhile, but I wanted to share with anyone who is interested some general knowledge about this issue that I have learned while communicating with Apple support. Unsurprisingly, the issue is still unresolved, and I am under the impression that it will remain that way, but I'm still trying to get in touch with one of the senior representatives I spoke with a while ago who seemed to think that there might be a solution, so I suppose there is still a chance that things could turn out for the better.
Here's the rundown:
Anytime you are unable to sign in to or access your account because of "security reasons", your account is under what is called a "DS Lockout".
A DS Lockout on an Apple ID can be triggered for a few reasons, such as when too many failed logins to the Apple ID (using an incorrect password) are attempted, or when a purchase is made that Apple believes to be fraudulent.
Under normal circumstances, a DS Lockout only lasts for 8 hours, after which the lock is lifted and access to the account by inputting the correct password is re-enabled.
This is where the catch for anybody who set up two-step verification is.
According to one of Apple's security representatives, IF you have two-step verification enabled upon being inflicted with a DS Lockout, the 8-hour lockout period is extended indefinitely as an additional security measure (a feature, I suppose). Therefore, the only way to regain access to the account is by resetting the password, as waiting for the lockout to expire is no longer an option. And of course, resetting your password, as stated by Apple, is one of the situations in which you need your Recovery Key. EVEN IF YOU KNOW WHAT THE ACCOUNT'S CURRENT PASSWORD IS, the lockout prevents you from being able to input it as a means of authentication. You MUST reset your password in order to regain access, and you MUST input your recovery key in order to reset your password.
So, that seems to be the gist of it. It does make sense, but here's my problem:
Upon setting up two-step verification, Apple does warn you of many things, but they do not make any mention of this specific scenario. Indeed, it is very much my fault for loosing my verification key, but the thing is, I’m human, I make mistakes, and I know that I will continue to do so. One of the reasons I chose to take the risk of setting up two-step verification is because Apple explicitly stated that as long as I had access to two of the three required "keys" -- my Recovery Key, my password, and at least one of my trusted Apple devices -- I would always be able to gain access to my account. In other words, as long as I didn’t screw up so bad as to loose access to two of my keys, I’d be okay. Obviously, there is a huge exception to this case that, again, is not mentioned anywhere, hence all the confusion. Had I know that it was possible that it could come down to me needing a single, specific key to regain access to my account, I probably would have opted out of two-step verification, recognizing that as a busy college student who's constantly reorganizing and dealing with tons of forms, worksheets, and other various documents, it's not as easy to hold on to a slip of paper as it might be for others. I'm hoping that at some point, Apple adds a big, red warning to the setup process which reads something like:
"In the event that your Apple ID is locked due to a detected security risk, your Recovery key will be necessary to regaining access to your account; knowing your password and/or having access to any of your trusted devices will no longer be enough."
I really do appreciate how seriously Apple takes its security, but I think that there is still room for improvement. This should start with more clearly and fully stating the conditions of its security measures, as well as having its customer support be more educated on these conditions (they themselves stated that they had never been trained on issues revolving around two-step verification). Protecting someone's private information is important, but so too is making every possible effort to ensure that customers can't easily loose access to all the content and services that they have spent much time and money building up and using.
As stated above, I'm still trying to get a hold of the Apple representative who initially assisted me, so if I have any additional updates, I'll be sure to reply to this thread. I hope that anyone who is going through the same issue, or is simply curious, finds this information to be useful.

Exchange Server Dynamic quorum for two AD site

Hello All,
I have some query regarding the Dynamic Quorum issue:
The environment is two Exchange 2013 in first AD site and another Exchange server 2013 on second AD site. So, total 3 node exchange server.
1. Can i configure DAG with dynamic quorum on this scenario?
2. If first site is totally down then second site can work without any interruption.
3. Is there any need manual switchover in this scenario?
4. OWA and outlook can work if first site down?
5. If first site down then second site exchange server db can automatically mounted.
Thanks,
Parvez

Hi,
1. Can i configure DAG with dynamic quorum on this scenario?
By default dynamic quorum will be enabled once the node is added to the DAG
2. If first site is totally down then second site can work without any interruption.
1.sequential failure on dag nodes - first node in dag will go down and after a short time second node will go down .
2.simultaneous failure on dag nodes - majority of the nodes will go down at a time .On your case majority is two.
Dynamic quorum will support sequential failure of nodes and it will not support the simultaneous failure .
So on your case if you perform manual sequential failure on the dag nodes you can make utilize the dynamic quorum feature .
Note : Please refer the below mentioned blog which will give you a good clarity.Like you they have also demonstrated with three nodes.
Reference
blog : http://www.msexchange.org/articles-tutorials/exchange-server-2013/high-availability-recovery/exchange-2013-dag-dynamic-quorum-part2.html
3. Is there any need manual switchover in this scenario?
Yes it is available .You can follow the below mentioned article .Though it is for exchange 2010 but it will support 2013 .
http://smtpport25.wordpress.com/2010/12/10/exchange-2010-dag-local-and-site-drfailover-and-fail-back/
4. OWA and outlook can work if first site down?
You need to point the outlook and owa namespaces to the exchange 2013
server in DR site or else it would be to an LB in DR site.
5. If first site down then second site exchange server db can automatically mounted.
At a time , If the entire site goes down then the automatic failover will not happen ,because
the dynamic quorum doesn't have the enough time to recalculate the dynamic weight.
Please feel free to reply me if you have any queries.
Thanks & Regards S.Nithyanandham

Best practice for two differing encryption types

I'm using a Aironet 1232g and I want to use WPA2-PSK. I have the XP clients connected appropriately (via WPA2-AES CCMP), however I also have a Ricoh Digital Sender (copier) that only supports WEP. What is the best security practice in this scenario? Can I enable two SSID's one with WPA2-PSK and the other with WEP? If so, do I need to establish a VLAN on the AP? Any help is appreciated.

Hi Scott,
your thougts are right.
You have to establish 2 seperate VLANs on the AP. In the "encryption Manager" you setup the VLAN to encryption type association.
Then you need to define the VLANs to SSIDs in the "SSID Manager".
If you have a WDS running setup the "Server groups" in the WDS Section of "Wireless Services"
Do not forget to change the switchport (where the AP is connected to) to trunking mode.
I hope that helps.
Best regards,
Frank
P.S. Please rate helpful posts.

Dynamic Configuration for two file adapters communication channels

Hello Experts!!!!!!
     In one of the interface in my landscape, I am using two file adapters for creating two files with different names and at two different destination on F.T.P.
However the receiver service for both the communication channel are same.
In message mapping I am using multi mapping to create two files out a single message.
Now i have a requirement of changing file path and file name using dynamic configuration for both the comm channel.
When i doing dynamic coniguration for both the comm. channel. My interface is creating two files but with same name and on same destination which is set for second communication channel through dynamic configuration.
Here, I guess the second dynamic configuration is over writing the first dynamic configuration and hence creating two files with same name and at same destination.
Please suggest, if separate dynamic configuration for separate communication channel of same receiver service can be done?
Thanks & Regards,
Amol

Thanks for your prompt responses!!!!!
    Is there any way, By which in dynamic configuration I can find out the communication channel name and then change its parameter.
I mean if iam using say comm. channel A and B.
Then in dynamic configuration for A, I will first take communication channel A by calling it and then change its path/file name.
and then do samething for comm. channel B in its dynamic conf.
Regards,
Amol

[svn] 3203: Add support for inline two-way data binding (syntax is @{expr}) .

Revision: 3203 Author: [email protected] Date: 2008-09-14 05:11:47 -0700 (Sun, 14 Sep 2008) Log Message: ----------- Add support for inline two-way data binding (syntax is @{expr}). Also add support for two-way data binding via the <mx:Binding> tag and the new property twoWay=boolean (default is false). Code Reviewer: Paul QA: tests for this feature need to be added to the regression test suite Doc: new feature which needs to be documented Modified Paths: -------------- flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/InterfaceCompiler.java flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/analyzer/SyntaxAnalyzer.java flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/builder/AbstractBuilder.java flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/builder/AnonymousObjectGraph Builder.java flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/builder/DocumentBuilder.java flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/builder/ModelBuilder.java flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/builder/ServiceRequestBuilde r.java flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/builder/XMLBuilder.java flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/builder/XMLListBuilder.java flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/dom/BindingNode.java flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/lang/TextParser.java flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/rep/BindingExpression.java flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/rep/MxmlDocument.java flex/sdk/trunk/modules/compiler/src/java/flex2/compiler_en.properties

EvilDave UK wrote:
Surely there's a more practical way around this without having to reboot?
Before you go to the trouble of going through all those steps, be warned that attempting to use Dreamweaver CS4 with SVN could even cause Dreamweaver to crash after updating to SVN 1.6.2. I, too, have abandoned SVN integration with Dreamweaver until the problems are sorted out. I reported this problem to Adobe a couple of weeks ago, and spent a long time working with an Adobe engineer, who was able to reproduce the problem, but not offer a solution. Hopefully, the next version of Dreamweaver will have more robust support for Subversion.

Help with getting Web Start working with two-way SSL

I have successfully transferred data (myclient.jnlp) utilizing web browsers (IE and Mozilla) from my web server (which is set up for two-way SSL "CLIENT-CERT" required) after using the browser's utility to "import" my client-side cert (in .p12 format).
After the browser connects and downloads the "myclient.jnlp" contents and places it in a temporary file, it then kicks off the javaws process with the temporary file as a parameter. The first thing javaws does is utilize the codebase and href values (found in the temporary file) to make a "GET" call to the server for the "myclient.jnlp" file (again).
However, this fails (with a SSL handshake error) since javaws uses a different keystore than IE - the server does not receive the client-side cert. I have imported the root CA and the client cert (in .pem format) into the $JAVA_HOME/jre/lib/security/cacerts file using the keytool command but alas my server still indicates a lack of a client-side cert.
Has anyone else tried this and got it working?

Hi Richard,
Indeed it appears that the 1.5 version will have more built-in capability for client certs. It has the look of the IE browser import capability. Unfortunately, I am stuck with having to utilize 1.4.2 for the time being. Since I have posted my original message I have found more information but have yet to get it all working. The truststore in javaws 1.4.2 does have a default (the 1.4.2 jre's cacert file - stragely enough not the same one that gets updated when you import the root CA! - but this has been noted in many other threads). The javaws keystore does not have a default and I have tried, to no avail yet, to utilize some command line parameters, see http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#Customization - to get my client cert "available" and recognized by javaws.
With the help of some debug flags here is the output on my javaws "output" log - all seems to go well up to the point of the client's Certificate chain (which appears to be empty), after the ServerHelloDone :
trustStore is: C:\j2sdk1.4.2_04\jre\lib\security\cacerts
trustStore type is : jks
init truststore
adding as trusted cert:
snipped all the regular trusted certs, left my root CA as proof it is recognized...
adding as trusted cert:
Subject: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
Issuer: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
Algorithm: RSA; Serial number: 0x0
Valid from Wed May 26 16:38:59 EDT 2004 until Fri Jun 25 16:38:59 EDT 2004
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1070211537 bytes = { 205, 211, 129, 234, 88, 129, 152, 176, 223, 180, 161, 138, 246, 183, 181, 89, 61, 252, 63, 35, 21, 34, 253, 32, 254, 124, 38, 198 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 73
0000: 01 00 00 45 03 01 40 CA 22 D1 CD D3 81 EA 58 81 ...E..@.".....X.
0010: 98 B0 DF B4 A1 8A F6 B7 B5 59 3D FC 3F 23 15 22 .........Y=.?#."
0020: FD 20 FE 7C 26 C6 00 00 1E 00 04 00 05 00 2F 00 . ..&........./.
0030: 33 00 32 00 0A 00 16 00 13 00 09 00 15 00 12 00 3.2.............
0040: 03 00 08 00 14 00 11 01 00 .........
Thread-3, WRITE: TLSv1 Handshake, length = 73
[write] MD5 and SHA1 hashes: len = 98
0000: 01 03 01 00 39 00 00 00 20 00 00 04 01 00 80 00 ....9... .......
0010: 00 05 00 00 2F 00 00 33 00 00 32 00 00 0A 07 00 ..../..3..2.....
0020: C0 00 00 16 00 00 13 00 00 09 06 00 40 00 00 15 ............@...
0030: 00 00 12 00 00 03 02 00 80 00 00 08 00 00 14 00 ................
0040: 00 11 40 CA 22 D1 CD D3 81 EA 58 81 98 B0 DF B4 ..@.".....X.....
0050: A1 8A F6 B7 B5 59 3D FC 3F 23 15 22 FD 20 FE 7C .....Y=.?#.". ..
0060: 26 C6 &.
Thread-3, WRITE: SSLv2 client hello message, length = 98
Thread-3, READ: TLSv1 Handshake, length = 58
*** ServerHello, TLSv1
RandomCookie: GMT: 1070211539 bytes = { 81, 106, 82, 45, 233, 226, 89, 6, 38, 240, 71, 122, 90, 226, 255, 207, 9, 102, 205, 127, 223, 211, 4, 84, 79, 16, 101, 89 }
Session ID: {34, 167, 132, 174, 141, 4, 57, 197, 190, 207, 105, 117, 241, 9, 97, 81}
Cipher Suite: SSL_RSA_WITH_DES_CBC_SHA
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_DES_CBC_SHA]
** SSL_RSA_WITH_DES_CBC_SHA
[read] MD5 and SHA1 hashes: len = 58
0000: 02 00 00 36 03 01 40 CA 22 D3 51 6A 52 2D E9 E2 ...6..@.".QjR-..
0010: 59 06 26 F0 47 7A 5A E2 FF CF 09 66 CD 7F DF D3 Y.&.GzZ....f....
0020: 04 54 4F 10 65 59 10 22 A7 84 AE 8D 04 39 C5 BE .TO.eY.".....9..
0030: CF 69 75 F1 09 61 51 00 09 00 .iu..aQ...
Thread-3, READ: TLSv1 Handshake, length = 607
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
e2bd8de9 598e0735 2bed2057 3800c83d 348550e2 93a017c7 9845f35f cd7b4ada
6ef0c70f 7a033e69 a97ccd15 46f0d1c8 7a0ae909 ddb76f5b cd8029e6 3a6a4965
Validity: [From: Wed May 26 16:38:59 EDT 2004,
 To: Fri Jun 25 16:38:59 EDT 2004]
Issuer: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
SerialNumber: [ 00]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 3F A7 DF 1F FA 90 1F 98 4F BA 42 9F 21 7D B4 C4 ?.......O.B.!...
0010: 88 76 14 DA .v..
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 3F A7 DF 1F FA 90 1F 98 4F BA 42 9F 21 7D B4 C4 ?.......O.B.!...
0010: 88 76 14 DA .v..
[CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US]
SerialNumber: [ 00]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 29 CB D0 48 E2 89 2F 8D 4A A6 73 11 71 EB 58 9D )..H../.J.s.q.X.
0010: 9E 0C 44 1F 87 C2 A3 3C C0 E7 9A E3 C4 BC A7 DD ..D....<........
0020: C4 FC 52 F1 A9 72 65 14 99 C1 A7 62 61 35 91 D8 ..R..re....ba5..
0030: AE FF FB FF 82 D8 1C EE 03 02 77 03 19 6A B0 06 ..........w..j..
Found trusted certificate:
Version: V3
Subject: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
e2bd8de9 598e0735 2bed2057 3800c83d 348550e2 93a017c7 9845f35f cd7b4ada
6ef0c70f 7a033e69 a97ccd15 46f0d1c8 7a0ae909 ddb76f5b cd8029e6 3a6a4965
Validity: [From: Wed May 26 16:38:59 EDT 2004,
 To: Fri Jun 25 16:38:59 EDT 2004]
Issuer: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
SerialNumber: [ 00]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 3F A7 DF 1F FA 90 1F 98 4F BA 42 9F 21 7D B4 C4 ?.......O.B.!...
0010: 88 76 14 DA .v..
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 3F A7 DF 1F FA 90 1F 98 4F BA 42 9F 21 7D B4 C4 ?.......O.B.!...
0010: 88 76 14 DA .v..
[CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US]
SerialNumber: [ 00]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 29 CB D0 48 E2 89 2F 8D 4A A6 73 11 71 EB 58 9D )..H../.J.s.q.X.
0010: 9E 0C 44 1F 87 C2 A3 3C C0 E7 9A E3 C4 BC A7 DD ..D....<........
0020: C4 FC 52 F1 A9 72 65 14 99 C1 A7 62 61 35 91 D8 ..R..re....ba5..
0030: AE FF FB FF 82 D8 1C EE 03 02 77 03 19 6A B0 06 ..........w..j..
[read] MD5 and SHA1 hashes: len = 607
0000: 0B 00 02 5B 00 02 58 00 02 55 30 82 02 51 30 82 ...[..X..U0..Q0.
0010: 01 FB A0 03 02 01 02 02 01 00 30 0D 06 09 2A 86 ..........0...*.
0020: 48 86 F7 0D 01 01 05 05 00 30 57 31 0B 30 09 06 H........0W1.0..
0030: 03 55 04 06 13 02 55 53 31 11 30 0F 06 03 55 04 .U....US1.0...U.
0040: 08 13 08 56 69 72 67 69 6E 69 61 31 10 30 0E 06 ...Virginia1.0..
0050: 03 55 04 07 13 07 46 61 69 72 66 61 78 31 11 30 .U....Fairfax1.0
0060: 0F 06 03 55 04 0A 13 08 5A 6F 72 6B 2E 6F 72 67 ...U....Zork.org
0070: 31 10 30 0E 06 03 55 04 03 13 07 52 6F 6F 74 20 1.0...U....Root
0080: 43 41 30 1E 17 0D 30 34 30 35 32 36 32 30 33 38 CA0...0405262038
0090: 35 39 5A 17 0D 30 34 30 36 32 35 32 30 33 38 35 59Z..04062520385
00A0: 39 5A 30 57 31 0B 30 09 06 03 55 04 06 13 02 55 9Z0W1.0...U....U
00B0: 53 31 11 30 0F 06 03 55 04 08 13 08 56 69 72 67 S1.0...U....Virg
00C0: 69 6E 69 61 31 10 30 0E 06 03 55 04 07 13 07 46 inia1.0...U....F
00D0: 61 69 72 66 61 78 31 11 30 0F 06 03 55 04 0A 13 airfax1.0...U...
00E0: 08 5A 6F 72 6B 2E 6F 72 67 31 10 30 0E 06 03 55 .Zork.org1.0...U
00F0: 04 03 13 07 52 6F 6F 74 20 43 41 30 5C 30 0D 06 ....Root CA0\0..
0100: 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 4B 00 30 .*.H.........K.0
0110: 48 02 41 00 E2 BD 8D E9 59 8E 07 35 2B ED 20 57 H.A.....Y..5+. W
0120: 38 00 C8 3D 34 85 50 E2 93 A0 17 C7 98 45 F3 5F 8..=4.P......E._
0130: CD 7B 4A DA 6E F0 C7 0F 7A 03 3E 69 A9 7C CD 15 ..J.n...z.>i....
0140: 46 F0 D1 C8 7A 0A E9 09 DD B7 6F 5B CD 80 29 E6 F...z.....o[..).
0150: 3A 6A 49 65 02 03 01 00 01 A3 81 B1 30 81 AE 30 :jIe........0..0
0160: 0C 06 03 55 1D 13 04 05 30 03 01 01 FF 30 1D 06 ...U....0....0..
0170: 03 55 1D 0E 04 16 04 14 3F A7 DF 1F FA 90 1F 98 .U......?.......
0180: 4F BA 42 9F 21 7D B4 C4 88 76 14 DA 30 7F 06 03 O.B.!....v..0...
0190: 55 1D 23 04 78 30 76 80 14 3F A7 DF 1F FA 90 1F U.#.x0v..?......
01A0: 98 4F BA 42 9F 21 7D B4 C4 88 76 14 DA A1 5B A4 .O.B.!....v...[.
01B0: 59 30 57 31 0B 30 09 06 03 55 04 06 13 02 55 53 Y0W1.0...U....US
01C0: 31 11 30 0F 06 03 55 04 08 13 08 56 69 72 67 69 1.0...U....Virgi
01D0: 6E 69 61 31 10 30 0E 06 03 55 04 07 13 07 46 61 nia1.0...U....Fa
01E0: 69 72 66 61 78 31 11 30 0F 06 03 55 04 0A 13 08 irfax1.0...U....
01F0: 5A 6F 72 6B 2E 6F 72 67 31 10 30 0E 06 03 55 04 Zork.org1.0...U.
0200: 03 13 07 52 6F 6F 74 20 43 41 82 01 00 30 0D 06 ...Root CA...0..
0210: 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 41 00 29 .*.H.........A.)
0220: CB D0 48 E2 89 2F 8D 4A A6 73 11 71 EB 58 9D 9E ..H../.J.s.q.X..
0230: 0C 44 1F 87 C2 A3 3C C0 E7 9A E3 C4 BC A7 DD C4 .D....<.........
0240: FC 52 F1 A9 72 65 14 99 C1 A7 62 61 35 91 D8 AE .R..re....ba5...
0250: FF FB FF 82 D8 1C EE 03 02 77 03 19 6A B0 06 .........w..j..
Thread-3, READ: TLSv1 Handshake, length = 220
*** CertificateRequest
Cert Types: RSA, DSS, Ephemeral DH (RSA sig),
Cert Authorities:
<CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US>
<CN=Server CA, OU=Server Division, O=Zork.org, L=Fairfax, ST=Virginia, C=US>
[read] MD5 and SHA1 hashes: len = 220
0000: 0D 00 00 D8 03 01 02 05 00 D2 00 59 30 57 31 0B ...........Y0W1.
0010: 30 09 06 03 55 04 06 13 02 55 53 31 11 30 0F 06 0...U....US1.0..
0020: 03 55 04 08 13 08 56 69 72 67 69 6E 69 61 31 10 .U....Virginia1.
0030: 30 0E 06 03 55 04 07 13 07 46 61 69 72 66 61 78 0...U....Fairfax
0040: 31 11 30 0F 06 03 55 04 0A 13 08 5A 6F 72 6B 2E 1.0...U....Zork.
0050: 6F 72 67 31 10 30 0E 06 03 55 04 03 13 07 52 6F org1.0...U....Ro
0060: 6F 74 20 43 41 00 75 30 73 31 0B 30 09 06 03 55 ot CA.u0s1.0...U
0070: 04 06 13 02 55 53 31 11 30 0F 06 03 55 04 08 13 ....US1.0...U...
0080: 08 56 69 72 67 69 6E 69 61 31 10 30 0E 06 03 55 .Virginia1.0...U
0090: 04 07 13 07 46 61 69 72 66 61 78 31 11 30 0F 06 ....Fairfax1.0..
00A0: 03 55 04 0A 13 08 5A 6F 72 6B 2E 6F 72 67 31 18 .U....Zork.org1.
00B0: 30 16 06 03 55 04 0B 13 0F 53 65 72 76 65 72 20 0...U....Server
00C0: 44 69 76 69 73 69 6F 6E 31 12 30 10 06 03 55 04 Division1.0...U.
00D0: 03 13 09 53 65 72 76 65 72 20 43 41 ...Server CA
Thread-3, READ: TLSv1 Handshake, length = 4
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
*** Certificate chain
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 175, 38, 47, 77, 131, 125, 209, 147, 174, 228, 183, 99, 34, 2, 100, 186, 77, 47, 65, 233, 82, 133, 183, 113, 8, 193, 51, 241, 167, 105, 4, 187, 57, 130, 161, 11, 178, 11, 134, 84, 96, 106, 203, 11, 195, 51 }
[write] MD5 and SHA1 hashes: len = 77
0000: 0B 00 00 03 00 00 00 10 00 00 42 00 40 39 9F EC ..........B.@9..
0010: 5F 92 FA 3D 5E 3D 0C 19 10 72 DA BE B6 14 76 62 _..=^=...r....vb
0020: AE 39 75 0B 74 10 C7 B1 42 D7 A1 22 C0 0E B8 A2 .9u.t...B.."....
0030: 22 80 73 20 36 A2 FD BB F9 3E F4 F0 91 CE 95 F8 ".s 6....>......
0040: 05 D7 22 FC 2C CF 1B AB 19 82 03 D2 F5 ..".,........
Thread-3, WRITE: TLSv1 Handshake, length = 77
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 AF 26 2F 4D 83 7D D1 93 AE E4 B7 63 22 02 ...&/M.......c".
0010: 64 BA 4D 2F 41 E9 52 85 B7 71 08 C1 33 F1 A7 69 d.M/A.R..q..3..i
0020: 04 BB 39 82 A1 0B B2 0B 86 54 60 6A CB 0B C3 33 ..9......T`j...3
CONNECTION KEYGEN:
Client Nonce:
0000: 40 CA 22 D1 CD D3 81 EA 58 81 98 B0 DF B4 A1 8A @.".....X.......
0010: F6 B7 B5 59 3D FC 3F 23 15 22 FD 20 FE 7C 26 C6 ...Y=.?#.". ..&.
Server Nonce:
0000: 40 CA 22 D3 51 6A 52 2D E9 E2 59 06 26 F0 47 7A @.".QjR-..Y.&.Gz
0010: 5A E2 FF CF 09 66 CD 7F DF D3 04 54 4F 10 65 59 Z....f.....TO.eY
Master Secret:
0000: 67 B9 58 74 69 18 0B 2E 00 EB AC 9B 77 15 B4 65 g.Xti.......w..e
0010: 61 A1 AC D0 F1 D5 4C CA 0E 51 FC 58 A0 11 B7 87 a.....L..Q.X....
0020: EC 72 26 D0 83 18 27 49 8F B6 32 FF E3 89 1D E4 .r&...'I..2.....
Client MAC write Secret:
0000: D5 96 AB F7 1E 46 5F 46 8A E9 3E DF A0 5E 32 5E .....F_F..>..^2^
0010: 00 FB B8 D8 ....
Server MAC write Secret:
0000: E6 7D 8E F5 6A 4C 94 4C D6 2A 3A 4D FC C1 94 A3 ....jL.L.*:M....
0010: C5 6C 5F B6 .l_.
Client write key:
0000: 18 1D 51 8C 74 6D 18 57 ..Q.tm.W
Server write key:
0000: 0D 4E 7A F1 5A D6 5F 5B .Nz.Z._[
Client write IV:
0000: 4C BB 4D FA 4F EB CB 4E L.M.O..N
Server write IV:
0000: B7 6A CA E9 66 7D 25 88 .j..f.%.
Thread-3, WRITE: TLSv1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher DES/CBC/NoPadding
*** Finished
verify_data: { 20, 20, 38, 13, 43, 235, 102, 72, 75, 212, 21, 21 }
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 14 14 26 0D 2B EB 66 48 4B D4 15 15 ......&.+.fHK...
Padded plaintext before ENCRYPTION: len = 40
0000: 14 00 00 0C 14 14 26 0D 2B EB 66 48 4B D4 15 15 ......&.+.fHK...
0010: 90 9C E9 09 F4 48 96 A6 8F AA 04 DF E9 36 72 F0 .....H.......6r.
0020: 42 F0 60 78 03 03 03 03 B.`x....
Thread-3, WRITE: TLSv1 Handshake, length = 40
Thread-3, READ: TLSv1 Alert, length = 2
Thread-3, RECV TLSv1 ALERT: fatal, handshake_failure
Thread-3, called closeSocket()
Thread-3, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Finalizer, called close()
Finalizer, called closeInternal(true)
So I'll toil away trying to get *right* combination of settings - please let me know if you have any ideas! FYI here are the command line settings I am using for the keystore:
-Djavax.net.ssl.keyStore=c:\myClientIdKeyStore -Djavax.net.ssl.keyStoreType=jks -Djavax.net.ssl.keyStorePassword=myClientIdKeyStorePass
Thanks,
Paul

Two way SSL issue in weblogic

Hi All,
we have enabled 2 way SSL in weblogic, we have one Admin Server and one managed (soa) server version 11.1.1.5
steps we have followed:
we have imported identity certificate and key file to a custom identity store
improted trust certificates to a custom trust keystore
in weblogic consile: soa_server1-> keystires : we have updated custom identity and trust details
in weblogic consile: soa_server1-> ssl - we have updated required custom identity details and selected " Client Certs Requested And Enforced" for Two Way Client Cert Behavior.
but while testing our process we are getting below error:
we have tried openssl to test the connectivity but not sure about the output, is there any way to trace the SSL connection?
any input will be really helpful.
<AIASessionPoolManagerFault xmlns="http://xmlns.oracle.com/AIASessionPoolManager">
-<part name="summary">
<summary xmlns:def="http://www.w3.org/2001/XMLSchema" xsi:type="def:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
com.oracle.bpel.client.BPELFault: faultName: {{http://xmlns.oracle.com/AIASessionPoolManager}AIASessionPoolManagerFault}
messageType: {{http://schemas.oracle.com/bpel/extension}RuntimeFaultMessage}
parts: {{
summary=<summary xmlns:def="http://www.w3.org/2001/XMLSchema" xsi:type="def:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Error on AIASessionPoolManager.bpel when attempting Get operation</summary>
,detail=<detail xmlns:def="http://www.w3.org/2001/XMLSchema" xsi:type="def:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Error on AIASessionPoolManager.bpel: Operation=Get.
 SessionPoolHost.getSession(Siebel,170006): getSession(Siebel,170006) failed: Thread [weblogic.work.j2ee.J2EEWorkManager$WorkWithListener@107d5bb4] faild to initialize the session pool. SessionPoolHost.create() thread[weblogic.work.j2ee.J2EEWorkManager$WorkWithListener@107d5bb4]: Failed to obtain a session after 3 attempts. SPM cannot successfully connect to web server Login credentials [endpoint: https://+<host>+:443/ngbeai_enu/start.swe?SWEExtSource=SecureWebService&SWEExtCmd=Execute&WSSOAP=1 ]
 java.lang.Throwable: SOAPException occured when requesting : javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: Received fatal alert: handshake_failure
 javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: Received fatal alert: handshake_failure.
 </detail>
,code=<code xmlns:def="http://www.w3.org/2001/XMLSchema" xsi:type="def:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Error</code>}
</summary>
</part>
-<part name="detail">
<detail xmlns:def="http://www.w3.org/2001/XMLSchema" xsi:type="def:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
Error on AIASessionPoolManager.bpel: Operation=Get.
 SessionPoolHost.getSession(Siebel,170006): getSession(Siebel,170006) failed: Thread [weblogic.work.j2ee.J2EEWorkManager$WorkWithListener@107d5bb4] faild to initialize the session pool. SessionPoolHost.create() thread[weblogic.work.j2ee.J2EEWorkManager$WorkWithListener@107d5bb4]: Failed to obtain a session after 3 attempts. SPM cannot successfully connect to web server Login credentials [endpoint: https://+<host>+/ngbeai_enu/start.swe?SWEExtSource=SecureWebService&SWEExtCmd=Execute&WSSOAP=1 ]
 java.lang.Throwable: SOAPException occured when requesting : javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: Received fatal alert: handshake_failure
 javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: Received fatal alert: handshake_failure.
</detail>
</part>
TIA,
Vivek
Edited by: 909283 on Apr 15, 2013 12:07 AM

Hi Kishor/Rene,
Thanks for the reply, we have already referred to the mentioned Oracle Note and enabled SSL debugging.
while starting Admin server we are getting below output:
Can you please confirm from below logs that SSL connection is correct, i have also provided below the error message we are getting in our process.
<Apr 2, 2013 6:49:56 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: loading trusted CA certificates>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 316588026>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write SSL_20_RECORD>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received HANDSHAKE>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received HANDSHAKE>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 105197569742293346305268
Issuer:DC=com, DC=<xyz>, DC=dir, DC=test, DC=testcore, CN= Test AD Objects CA1
Subject:C=AU, ST=NSW, L=Sydney, O=<xyz>, OU=Operations and Shared Services, CN= xyz>.com.au, EMAIL=<abcd>@<.com>
Not Valid Before:Thu Oct 11 11:00:23 EST 2012
Not Valid After:Sat Oct 11 11:00:23 EST 2014
Signature Algorithm:SHA1withRSA
>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 458601664052503175495693
Issuer:CN=<xyz> Test Policy CA
Subject:DC=com, DC=<xyz>, DC=dir, DC=test, DC=testcore, CN=<xyz> Test AD Objects CA1
Not Valid Before:Thu Nov 10 15:24:24 EST 2011
Not Valid After:Thu Nov 10 15:34:24 EST 2016
Signature Algorithm:SHA1withRSA
>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 0>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 105197569742293346305268
Issuer:DC=com, DC=<xyz>, DC=dir, DC=test, DC=testcore, CN=<xyz> Test AD Objects CA1
Subject:C=AU, ST=NSW, L=Sydney, O=<xyz>, OU=Operations and Shared Services, CN=<abcd>.<.com>, EMAIL=<abcd>@<.com>
Not Valid Before:Thu Oct 11 11:00:23 EST 2012
Not Valid After:Sat Oct 11 11:00:23 EST 2014
Signature Algorithm:SHA1withRSA
>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 458601664052503175495693
Issuer:CN=<xyz> Test Policy CA
Subject:DC=com, DC=<xyz>, DC=dir, DC=test, DC=testcore, CN=<xyz> Test AD Objects CA1
Not Valid Before:Thu Nov 10 15:24:24 EST 2011
Not Valid After:Thu Nov 10 15:34:24 EST 2016
Signature Algorithm:SHA1withRSA
>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 0>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 0>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (0): NONE>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Performing hostname validation checks: <abcd>.<.com>>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received HANDSHAKE>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerKeyExchange RSA>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA/ECB/NoPadding>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm MD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RC4>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RC4>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received HANDSHAKE>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHelloDone>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 70>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write CHANGE_CIPHER_SPEC, offset = 0, length = 1>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RC4>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HMACMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HMACMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 16>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received CHANGE_CIPHER_SPEC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RC4>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HMACMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HMACMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received HANDSHAKE>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Finished>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 8>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read(offset=0, length=8192)>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received APPLICATION_DATA: databufferLen 0, contentLength 26>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read databufferLen 26>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read A returns 26>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <avalable(): 316565651 : 0 + 0 = 0>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 24>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read(offset=0, length=8192)>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received APPLICATION_DATA: databufferLen 0, contentLength 45>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read databufferLen 45>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read A returns 45>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <avalable(): 316565651 : 0 + 0 = 0>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 15>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read(offset=0, length=8192)>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received APPLICATION_DATA: databufferLen 0, contentLength 30>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read databufferLen 30>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read A returns 30>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <avalable(): 316565651 : 0 + 0 = 0>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 18>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read(offset=0, length=8192)>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received APPLICATION_DATA: databufferLen 0, contentLength 23>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read databufferLen 23>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read A returns 23>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <avalable(): 316565651 : 0 + 0 = 0>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 20>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read(offset=0, length=8192)>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received APPLICATION_DATA: databufferLen 0, contentLength 41>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read databufferLen 41>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read A returns 41>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <avalable(): 316565651 : 0 + 0 = 0>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 7>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read(offset=0, length=8192)>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received APPLICATION_DATA: databufferLen 0, contentLength 13>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read databufferLen 13>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read A returns 13>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <avalable(): 316565651 : 0 + 0 = 0>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: WARNING, Type: 0
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source)
at javax.net.ssl.impl.SSLLayeredSocket.close(Unknown Source)
at weblogic.nodemanager.client.NMServerClient.disconnect(NMServerClient.java:276)
at weblogic.nodemanager.client.NMServerClient.done(NMServerClient.java:138)
at weblogic.nodemanager.mbean.NodeManagerRuntime.getState(NodeManagerRuntime.java:423)
at weblogic.nodemanager.mbean.NodeManagerRuntime.getState(NodeManagerRuntime.java:440)
at weblogic.server.ServerLifeCycleRuntime.getStateNodeManager(ServerLifeCycleRuntime.java:752)
at weblogic.server.ServerLifeCycleRuntime.getState(ServerLifeCycleRuntime.java:584)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.management.jmx.modelmbean.WLSModelMBean.getAttribute(WLSModelMBean.java:525)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.getAttribute(DefaultMBeanServerInterceptor.java:666)
at com.sun.jmx.mbeanserver.JmxMBeanServer.getAttribute(JmxMBeanServer.java:638)
at weblogic.management.mbeanservers.domainruntime.internal.FederatedMBeanServerInterceptor.getAttribute(FederatedMBeanServerInterceptor.java:308)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$12.run(WLSMBeanServerInterceptorBase.java:326)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.getAttribute(WLSMBeanServerInterceptorBase.java:324)
at weblogic.management.mbeanservers.internal.JMXContextInterceptor.getAttribute(JMXContextInterceptor.java:157)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$12.run(WLSMBeanServerInterceptorBase.java:326)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.getAttribute(WLSMBeanServerInterceptorBase.java:324)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$12.run(WLSMBeanServerInterceptorBase.java:326)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.getAttribute(WLSMBeanServerInterceptorBase.java:324)
at weblogic.management.mbeanservers.internal.SecurityInterceptor.getAttribute(SecurityInterceptor.java:299)
at weblogic.management.jmx.mbeanserver.WLSMBeanServer.getAttribute(WLSMBeanServer.java:279)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$5$1.run(JMXConnectorSubjectForwarder.java:326)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$5.run(JMXConnectorSubjectForwarder.java:324)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder.getAttribute(JMXConnectorSubjectForwarder.java:319)
at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1404)
at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1265)
at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1367)
at javax.management.remote.rmi.RMIConnectionImpl.getAttribute(RMIConnectionImpl.java:600)
at javax.management.remote.rmi.RMIConnectionImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:174)
at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:222)
at javax.management.remote.rmi.RMIConnectionImpl_1035_WLStub.getAttribute(Unknown Source)
at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.getAttribute(RMIConnector.java:878)
at javax.management.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:263)
at weblogic.management.jmx.MBeanServerInvocationHandler.doInvoke(MBeanServerInvocationHandler.java:504)
at weblogic.management.jmx.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:380)
at $Proxy138.getState(Unknown Source)
at com.bea.console.actions.core.server.ServerTableAction.populateServerRuntimeTableBean(ServerTableAction.java:365)
at com.bea.console.actions.core.server.ServerTableAction$ServerTableWork.run(ServerTableAction.java:498)
at weblogic.work.commonj.CommonjWorkManagerImpl$WorkWithListener.run(CommonjWorkManagerImpl.java:203)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 316565651>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 316588026>
error in bpel process:
summary=<summary xmlns:def="http://www.w3.org/2001/XMLSchema" xsi:type="def:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Error on AIASessionPoolManager.bpel when attempting Get operation</summary>
,detail=<detail xmlns:def="http://www.w3.org/2001/XMLSchema" xsi:type="def:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Error on AIASessionPoolManager.bpel: Operation=Get.
SessionPoolHost.getSession(Siebel,190001): SessionPoolHost.create() thread[weblogic.work.j2ee.J2EEWorkManager$WorkWithListener@16670d1d]: Failed to obtain a session after 3 attempts. SPM cannot successfully connect to web server Login credentials [endpoint: https://<host>:443/eai_enu/start.swe?SWEExtSource=SecureWebService&SWEExtCmd=Execute&WSSOAP=1 ].
java.lang.Throwable: SOAPException occured when requesting : javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: Received fatal alert: handshake_failure
javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: Received fatal alert: handshake_failure</detail>
,code=<code xmlns:def="http://www.w3.org/2001/XMLSchema" xsi:type="def:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Error</code>}
</summary>
TIA,
Vivek
Edited by: 909283 on Apr 15, 2013 12:08 AM

Two-way lookup data structure?

I am looking for a good data structure for two-way lookup of paired values. Can anyone point me to one?
My list are quite short, so I could just do this with an array and not worry about it, but I'm curious what is out there.

Bidirectional maps
A new interface hierarchy has been added to support bidirectional maps - BidiMap. These represent maps where the the key can lookup the value and the value can lookup the key with equal ease
...yes, perfect. Thanks, again.

Using Same Bank Account for two different company code

Can we use the same bank account number and ABA key for two different company codes? Both the company codes are in USA and with the same currency.
Scenario is to separate one division of the company code to a separate company code. Client wanted to know if we can use the same bank account so that they dont have to open another bank account

The system will allow the same ABA and bank account on two different company codes. However, if you use electronic bank statement (EBS) functionality (or plan to use it in the future), you will not be able to import bank statements for the account if it exists on two company codes. The EBS program uses the house bank/account ID tables to assign a company code to the bank statement. If the account exists for more than one company code, the program cannot assign a company code and it will give an error.
Regards,
Shannon

Two way SSL with jax-ws on weblogic 10.3.1.1

I'm desperately trying to create a webservice client using jax-ws for two way ssl (mutual authentication). The client shoud be a web service (war) not a normal fat java client (jar).Could someone please give me any help? I've tried with the ssl context but it dosn't work :(
BlokIzmenjava service= new BlokIzmenjava(new URL("https://wwwt.ajpes.si/wsBlokIzmenjava/BlokIzmenjava.asmx?WSDL"), new QName("http://www.ajpes.si/blok_izmenjava", "BlokIzmenjava"));
BlokIzmenjavaSoap port=service.getBlokIzmenjavaSoap();
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("D:/Podatki/Workspace1031/TestWorkSpace/TestWS/src/nkbm/ws/Ajpes.jks"), "trustpass".toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, "trustpass".toCharArray());
javax.net.ssl.SSLContext sslCtx = SSLContext.getInstance("SSL");
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
TrustManager tms[] = tmf.getTrustManagers();
sslCtx.init(kmf.getKeyManagers(), tms, null);
javax.net.ssl.SSLSocketFactory ssl = (javax.net.ssl.SSLSocketFactory) sslCtx.getSocketFactory();
Map<String, Object> requestContext = ((BindingProvider) port).getRequestContext();
requestContext.put(com.sun.xml.internal.ws.developer.JAXWSProperties.SSL_SOCKET_FACTORY, ssl);
port.test("aaaaa");
The thing is that this solution works on a fat client(as a jar) but it dosn't work as a client (webservice) deployed on weblogic server. I've also set the everything in the weblogic console (SSL,keystores) and it still dosn't work :(
any help would b appretiated!
thank you!
Edited by: user10677650 on 30.6.2010 6:37

Isn't the SSL adapter meant to be used for jax-rpc webservices?
"JAX-RPC clients can use the SSLAdapter mechanism described in Using a Custom SSL Adapter with Reliable Messaging to persist the state of a request over an SSL connection"
I have already tried with weblogic.wsee.jaxws.sslclient.SSLClientUtil...still I always get the error (this error is with ssl debug mode on)....
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: loading trusted CA certificates>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 31921099>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <write SSL_20_RECORD>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <32946105 SSL3/TLS MAC>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <32946105 received HANDSHAKE>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 994001646
Issuer:C=si, O=state-institutions, OU=sigen-ca
Subject:C=si, O=state-institutions, OU=sigen-ca, OU=org-web, OU=AJPES - 14717468, CN=WWWT.AJPES.SI + ?=2345775710058
Not Valid Before:Fri Nov 17 14:26:17 CET 2006
Not Valid After:Thu Nov 17 14:56:17 CET 2011
Signature Algorithm:SHA1withRSA
>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 0>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 994001646
Issuer:C=si, O=state-institutions, OU=sigen-ca
Subject:C=si, O=state-institutions, OU=sigen-ca, OU=org-web, OU=AJPES - 14717468, CN=WWWT.AJPES.SI + ?=2345775710058
Not Valid Before:Fri Nov 17 14:26:17 CET 2006
Not Valid After:Thu Nov 17 14:56:17 CET 2011
Signature Algorithm:SHA1withRSA
>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 0>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 0>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (0): NONE>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Performing hostname validation checks: wwwt.ajpes.si>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHelloDone>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm MD5>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RC4>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(sock): 12457751>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <close(): 27314217>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 31288249>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 262>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <write CHANGE_CIPHER_SPEC, offset = 0, length = 1>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RC4>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HMACMD5>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HMACMD5>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 16>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <32946105 SSL3/TLS MAC>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <32946105 received CHANGE_CIPHER_SPEC>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RC4>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HMACMD5>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HMACMD5>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <32946105 SSL3/TLS MAC>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <32946105 received HANDSHAKE>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Finished>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 342>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 493>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <5095980 read(offset=0, length=8192)>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <32946105 SSL3/TLS MAC>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <32946105 received HANDSHAKE>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: HelloRequest>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 147>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <32946105 SSL3/TLS MAC>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <32946105 received HANDSHAKE>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 994001646
Issuer:C=si, O=state-institutions, OU=sigen-ca
Subject:C=si, O=state-institutions, OU=sigen-ca, OU=org-web, OU=AJPES - 14717468, CN=WWWT.AJPES.SI + ?=2345775710058
Not Valid Before:Fri Nov 17 14:26:17 CET 2006
Not Valid After:Thu Nov 17 14:56:17 CET 2011
Signature Algorithm:SHA1withRSA
>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 0>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 994001646
Issuer:C=si, O=state-institutions, OU=sigen-ca
Subject:C=si, O=state-institutions, OU=sigen-ca, OU=org-web, OU=AJPES - 14717468, CN=WWWT.AJPES.SI + ?=2345775710058
Not Valid Before:Fri Nov 17 14:26:17 CET 2006
Not Valid After:Thu Nov 17 14:56:17 CET 2011
Signature Algorithm:SHA1withRSA
>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 0>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 0>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (0): NONE>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Performing hostname validation checks: wwwt.ajpes.si>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: CertificateRequest>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHelloDone>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <No suitable identity certificate chain has been found.>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 7>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm MD5>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RC4>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 262>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <write CHANGE_CIPHER_SPEC, offset = 0, length = 1>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RC4>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HMACMD5>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HMACMD5>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 16>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <32946105 SSL3/TLS MAC>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <32946105 received CHANGE_CIPHER_SPEC>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RC4>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HMACMD5>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HMACMD5>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <32946105 SSL3/TLS MAC>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <32946105 received HANDSHAKE>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Finished>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <32946105 SSL3/TLS MAC>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <32946105 received APPLICATION_DATA: databufferLen 0, contentLength 2073>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <5095980 read databufferLen 2073>
<1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <5095980 read A returns 2073>
1.7.2010 8:38:39 com.sun.xml.ws.server.sei.EndpointMethodHandler invoke
SEVERE: The server sent HTTP status code 403: Forbidden
com.sun.xml.ws.client.ClientTransportException: The server sent HTTP status code 403: Forbidden
 at com.sun.xml.ws.transport.http.client.HttpTransportPipe.checkStatusCode(HttpTransportPipe.java:225)
 at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:191)
 at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:101)
 at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604)
 at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563)
 at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548)
 at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445)
 at com.sun.xml.ws.client.Stub.process(Stub.java:246)
 at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:135)
 at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
 at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
 at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:118)
 at $Proxy166.blokVrni(Unknown Source)
 at nkbm.ws.TestAjpes1.hello(TestAjpes1.java:59)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:597)
 at weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker.invoke(WLSInstanceResolver.java:101)
 at weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker.invoke(WLSInstanceResolver.java:83)
 at com.sun.xml.ws.server.InvokerTube$2.invoke(InvokerTube.java:152)
 at com.sun.xml.ws.server.sei.EndpointMethodHandler.invoke(EndpointMethodHandler.java:264)
 at com.sun.xml.ws.server.sei.SEIInvokerTube.processRequest(SEIInvokerTube.java:93)
 at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604)
 at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563)
 at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548)
 at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445)
 at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:249)
 at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:453)
 at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:250)
 at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:140)
 at weblogic.wsee.jaxws.HttpServletAdapter$AuthorizedInvoke.run(HttpServletAdapter.java:298)
 at weblogic.wsee.jaxws.HttpServletAdapter.post(HttpServletAdapter.java:211)
 at weblogic.wsee.jaxws.JAXWSServlet.doPost(JAXWSServlet.java:297)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
 at weblogic.wsee.jaxws.JAXWSServlet.service(JAXWSServlet.java:87)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
 at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
 at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
 at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
 at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
 at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3590)
 at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
 at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
 at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200)
 at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106)
 at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428)
 at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
 at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
<1.7.2010 8:39:01 CEST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: WARNING, Type: 0
java.lang.Exception: New alert stack
 at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
 at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Unknown Source)
 at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source)
 at javax.net.ssl.impl.SSLSocketImpl.close(Unknown Source)
 at weblogic.net.http.HttpClient.closeServer(HttpClient.java:528)
 at weblogic.net.http.KeepAliveCache$1.run(KeepAliveCache.java:111)
 at java.util.TimerThread.mainLoop(Timer.java:512)
 at java.util.TimerThread.run(Timer.java:462)
>
<1.7.2010 8:39:01 CEST> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
<1.7.2010 8:39:01 CEST> <Debug> <SecuritySSL> <BEA-000000> <close(): 5095980>
<1.7.2010 8:39:01 CEST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 31921099>
any ideas?
thank you again!
Edited by: user10677650 on 30.6.2010 23:42

Luks encrypted key file as key for luks partition (two-factor auth)

I'm trying to implement "two-factor" authentication (possession of a keyfile and knowledge of a passphrase required) using dm-crypt in order to open an encrypted root filesystem. In the past I used gpg and later openssl to decrypt a keyfile using a passphrase, which then was used by cryptsetup using --key-file to decrypt the actual data device. I'd like to ditch gpg/openssl and use only cryptsetup.
So the idea is to create a luksFormatted key file (loop device) which, when opened using a passphrase, will be used as the key (using --key-file) to open a luksFormatted hard drive partition.
To illustrate:
# create and luksFormat the key container file
dd if=/dev/urandom of=key_container bs=1M count=4
cryptsetup luksFormat key_container
# open the container and create a random "key" by directly writing pseudo random data to it
cryptsetup luksOpen key_container key_device
dd if=/dev/urandom of=/dev/mapper/key_device
# luksFormat the data device using the random data from the luks key device
cryptsetup -d /dev/mapper/key luksFormat /dev/sda1
# later, to open /dev/sda1
cryptsetup -d /dev/mapper/key_device luksOpen /dev/sda1 encryptedfs
My questions:
1. Is this a valid approach or am I making a mistake/do you see a problem somewhere?
2. How much data from the loop device will cryptsetup use as key to format/open the data device? Everything? Is there a limit?
3. Is there a difference between doing a
cat /dev/mapper/key | cryptsetup -d -
and
cryptsetup -d /dev/mapper/key?
3. Assuming that the answer to 1 is "no mistake/problem" and 2 is "everything there is" or even "the first x bytes", is it possible that the actual contents of the loop device may change in the future because of different loop device implementations or somethings else I didn't think of? I'd like to avoid bad surprises in the future..
4. What would you recommend as size for the key container file, knowing that the luks header requires some space too?
Any feedback appreciated.
Cheers,
fabriceb

I do the same ( https://wiki.gentoo.org/wiki/Custom_Ini … ed_Keyfile ).
--key-file=- should be equivalent, but it's meant for grabbing a key from gpg output or whatever; since you can specify it directly here, no need to involve anything else like cat etc.
without --key-file=- it would stop reading at newlines or something. this behaviour is quite dangerous as it may cause people who believe they're using a long random key, to use only a very short (or even empty) key instead. one way to avoid such ambiguousness is to make sure there are no newline bytes in your keyfile, so it would use the whole thing in either interpretation.
as for the key length, a key is essentially a passphrase. So it does not have to be very long at all; 8 truly random bytes would require up to 256^8 tries to break after all and with LUKS, each try takes ~1 second per physical CPU... but the smallest unit that LUKS allows is 512 bytes (1 sector) so you could just as well use the whole thing. If you use 4096 bytes, you're confusing bytes with bits somewhere... and as for bits, even 128bit AES is still considered secure...
You could save some bytes in the initrd.gz if you initialize the container file with zeroes instead of random, so it can be compressed. The key will still be random as the random cipher key will turn the zeroes to something else after all...

Exchange of initial key for two way encrypted communication

Similar Messages

Maybe you are looking for