Key store problem using bouncycastle
Hey guys, i'm writing pseudo PGP encryption code using bouncycastle provider. Now everything works great when i start my project from NETBeans 6.8, but when i build .jar file,execute it and try to create a key store i get following message : "java.io.IOException: Error initialising store of key store : java.security.NoSuchProviderException: JCE cannot authenticate the provider BC" . Does anyone knows what might be the problem?
Vaskea wrote:
Hey guys, i'm writing pseudo PGP encryption code using bouncycastle provider. Now everything works great when i start my project from NETBeans 6.8, but when i build .jar file,execute it and try to create a key store i get following message : "java.io.IOException: Error initialising store of key store : java.security.NoSuchProviderException: JCE cannot authenticate the provider BC" . Does anyone knows what might be the problem?You probably have not included the BC JCE jar in your classpath!
Similar Messages
-
Key swap problem using Microsoft keyboard with my Mac
The keyboard used with my TiBook is an old (circa 1997) ergonomic "Natural Keyboard" made by Microsoft. I'd like to fix the problem of having the "Command" key function swapped with the "Alt" key. Downloading and installing the latest Microsoft keyboard driver for Mac (for OSX 1 thru 4) didn't fix the problem (even though I checked the box to swap the "Command" key (i.e., the Windows key) and ALT key. Is my keyboard just too old?
thanks
TiBook Mac OS X (10.3.9)Try:
*[[/questions/947513]] -
WLST/start AdminServer - problems with trusted cert key store
Hello,
I have clustered environment. Machine1: AdminServer and odi_server1. Machine2: odi_server2. There is NodeManager running on each machine. This is my nodemanager.properties for NodeManager on Machine1:
#Thu Dec 19 13:18:30 CET 2013
#Thu Dec 19 11:29:43 CET 2013
#Thu Dec 19 11:17:53 CET 2013
#Tue Dec 11 11:40:20 CET 2012
DomainsFile=/home/oracle/Oracle/Middleware/wlserver_10.3/common/nodemanager/nodemanager.domains
LogLimit=0
PropertiesVersion=10.3
DomainsDirRemoteSharingEnabled=false
javaHome=/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64
AuthenticationEnabled=true
NodeManagerHome=/home/oracle/Oracle/Middleware/wlserver_10.3/common/nodemanager
JavaHome=/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre
LogLevel=INFO
DomainsFileEnabled=true
StartScriptName=startWebLogic.sh
ListenAddress=
NativeVersionEnabled=true
ListenPort=5556
LogToStderr=true
SecureListener=true
LogCount=1
DomainRegistrationEnabled=false
StopScriptEnabled=false
QuitEnabled=false
LogAppend=true
StateCheckInterval=500
CrashRecoveryEnabled=false
StartScriptEnabled=true
LogFile=/home/oracle/Oracle/Middleware/wlserver_10.3/common/nodemanager/nodemanager.log
LogFormatter=weblogic.nodemanager.server.LogFormatter
ListenBacklog=50
KeyStores=CustomIdentityAndCustomTrust
CustomIdentityKeystoreType=jks
CustomIdentityKeyStoreFileName=/home/oracle/Oracle/Middleware/user_projects/domains/odi_cluster/keystore.jks
CustomIdentityKeyStorePassPhrase={3DES}VRCBXCfDocQ=
CustomTrustKeystoreType=jks
CustomTrustKeyStoreFileName=/home/oracle/Oracle/Middleware/user_projects/domains/odi_cluster/cacerts.jks
CustomTrustKeyStorePassPhrase=
CustomIdentityAlias=keyAlias
CustomIdentityPrivateKeyPassPhrase={3DES}VRCBXCfDocQ=
As you can see, I have my custom trust (cacerts,jks) and identity (keystore.jks) keystores and they are set for node manager in this file. Next, nodemanager is started via wlst, like this:
bea_home = '/home/oracle/Oracle/Middleware';
pathseparator = '/';
listen_port = '5556';
listen_address = 'eb-etl1';
node_manager_home = bea_home + pathseparator + 'wlserver_10.3' + pathseparator + 'common' + pathseparator + 'nodemanager';
startNodeManager(verbose='true', NodeManagerHome=node_manager_home, ListenPort=listen_port, ListenAddress=listen_address);
I want to start my AdminServer via wlst (by connectiong to nodemanager), like this:
bea_home = '/home/oracle/Oracle/Middleware';
pathseparator = '/';
admin_username = 'weblogic';
admin_password = '1q2w3e1q2w3e';
listen_address = 'eb-etl1';
listen_port = '5556';
admin_server_url='t3://eb-etl1:7005'
domain_name = 'odi_cluster';
domain_home = bea_home + pathseparator + 'user_projects' + pathseparator + 'domains' + pathseparator + domain_name;
print 'CONNECT TO NODE MANAGER';
nmConnect(admin_username, admin_password, listen_address, listen_port, domain_name, domain_home, 'ssl');
print 'START ADMIN SERVER ONLY ON THE MACHINE WHERE THE ADMIN SERVER IS PRESENT';
nmStart('AdminServer');
print 'CONNECT TO ADMIN SERVER';
connect(admin_username, admin_password, admin_server_url);
print 'START MANAGED SERVERS ON THE MACHINE';
start('odi_server1','Server');
But I can't even connect to node manager:
CONNECT TO NODE MANAGER
Connecting to Node Manager ...
<2013-12-19 13:48:23 CET> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true>
<2013-12-19 13:48:23 CET> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true>
<2013-12-19 13:48:24 CET> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=Entrust Root Certification Authority - G2,OU=(c) 2009 Entrust\, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<2013-12-19 13:48:24 CET> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=thawte Primary Root CA - G3,OU=(c) 2008 thawte\, Inc. - For authorized use only,OU=Certification Services Division,O=thawte\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<2013-12-19 13:48:24 CET> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<2013-12-19 13:48:24 CET> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<2013-12-19 13:48:24 CET> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<2013-12-19 13:48:24 CET> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "OU=Security Communication RootCA2,O=SECOM Trust Systems CO.\,LTD.,C=JP". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<2013-12-19 13:48:24 CET> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=VeriSign Universal Root Certification Authority,OU=(c) 2008 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<2013-12-19 13:48:24 CET> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=KEYNECTIS ROOT CA,OU=ROOT,O=KEYNECTIS,C=FR". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<2013-12-19 13:48:24 CET> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<2013-12-19 13:48:24 CET> <Warning> <Security> <BEA-090542> <Certificate chain received from eb-etl1 - 172.18.0.106 was not trusted causing SSL handshake failure. Check the certificate chain to determine if it should be trusted or not. If it should be trusted, then update the client trusted CA configuration to trust the CA certificate that signed the peer certificate chain. If you are connecting to a WLS server that is using demo certificates (the default WLS server behavior), and you want this client to trust demo certificates, then specify -Dweblogic.security.TrustKeyStore=DemoTrust on the command line for this client.>
This Exception occurred at Thu Dec 19 13:48:24 CET 2013.
javax.net.ssl.SSLKeyException: [Security:090542]Certificate chain received from eb-etl1 - 172.18.0.106 was not trusted causing SSL handshake failure. Check the certificate chain to determine if it should be trusted or not. If it should be trusted, then update the client trusted CA configuration to trust the CA certificate that signed the peer certificate chain. If you are connecting to a WLS server that is using demo certificates (the default WLS server behavior), and you want this client to trust demo certificates, then specify -Dweblogic.security.TrustKeyStore=DemoTrust on the command line for this client.
Problem invoking WLST - Traceback (innermost last):
File "/home/oracle/Oracle/Middleware/deploy/scripts/startBiatelbit_puw.py", line 12, in ?
File "<iostream>", line 123, in nmConnect
File "<iostream>", line 648, in raiseWLSTException
WLSTException: Error occured while performing nmConnect : Cannot connect to Node Manager. : [Security:090542]Certificate chain received from eb-etl1 - 172.18.0.106 was not trusted causing SSL handshake failure. Check the certificate chain to determine if it should be trusted or not. If it should be trusted, then update the client trusted CA configuration to trust the CA certificate that signed the peer certificate chain. If you are connecting to a WLS server that is using demo certificates (the default WLS server behavior), and you want this client to trust demo certificates, then specify -Dweblogic.security.TrustKeyStore=DemoTrust on the command line for this client.
Use dumpStack() to view the full stacktrace
So - it seems my trust keystore is not even used, why? Why still demo key store is used??
If I remove this:
KeyStores=CustomIdentityAndCustomTrust
CustomIdentityKeystoreType=jks
CustomIdentityKeyStoreFileName=/home/oracle/Oracle/Middleware/user_projects/domains/odi_cluster/keystore.jks
CustomIdentityKeyStorePassPhrase={3DES}VRCBXCfDocQ=
CustomTrustKeystoreType=jks
CustomTrustKeyStoreFileName=/home/oracle/Oracle/Middleware/user_projects/domains/odi_cluster/cacerts.jks
CustomTrustKeyStorePassPhrase=
CustomIdentityAlias=keyAlias
CustomIdentityPrivateKeyPassPhrase={3DES}VRCBXCfDocQ=
from my nodemanager.properties, there is no exception while connecting to node manager and I can start admin server. But - I can't start odi_server1 (weblogic console says that node manager for Machine1 is unreachable). From other hand, when I run AdminServer via startWebLogic script (with above keystore definitions), I can start my odi_server1 via weblogic administration console without any problems.
Also, NodeManager for Machine2 is always unreachable, no matter what I do (with or without keystore definitions).
Do you have any idea what am I doing wrong?Hi,
If the admin URL is specified with the https protocol, then http tunneling must be enabled for the server from the console -> servers -> AdminServer ->Protocols -> http.
Moreover we also need to add following java options to the stopWebLogic.cmd or setDomainEnv.cmd:
set JAVA_OPTIONS=$JAVA_OPTIONS$ -Dweblogic.security.IdentityKeyStore=CustomIdentity -Dweblogic.security.CustomIdentityKeyStoreFileName=identity.jks -Dweblogic.security.CustomIdentityKeyStorePassPhrase=password -Dweblogic.security.Identity.KeyStoreType=JKS -Dweblogic.security.TrustKeyStore=CustomTrust -Dweblogic.security.CustomTrustKeyStoreFileName=trust.jks -Dweblogic.security.CustomTrustKeyStoreType=JKS -Dweblogic.security.CustomTrustKeyStorePassPhrase=password -Dweblogic.security.IgnoreHostNameVerification=true -Dweblogic.security.SSL.ignoreHostnameVerification=true
Regards,
Kal -
"key inappropriate for algorithm" error using BouncyCastle
Hi,
I am working on an email client application that sends encrypted emails.
For encryption i have followed the approach :
1) Generated a private/public key pair for RSA using OpenSSL.
2)Generated a certificate using OpenSSL which contains Private and public keys(RSA Keys).
3) Using BouncyCastle to prepare an encrypted MimeMessage instance using SMIMEEnvelopedGenerator like :
SMIMEEnvelopedGenerator gen = new SMIMEEnvelopedGenerator();
gen.addKeyTransRecipient((X509Certificate) chain[0]);
msgbody = gen.generate(msgbody,SMIMEEnvelopedGenerator.RC2_CBC, 2048,"BC");
As the keys contained in the certificate are for RSA and the algorithm specified in the generate() method is "RC2_CBC", it throws an exception
java.io.IOException: org.bouncycastle.cms.CMSException: key inappropriate for algorithm.
at org.bouncycastle.mail.smime.SMIMEEnvelopedGenerator$ContentEncryptor.write(Unknown Source)
at org.bouncycastle.mail.smime.handlers.PKCS7ContentHandler.writeTo(Unknown Source)
at javax.activation.ObjectDataContentHandler.writeTo(DataHandler.java:839)
at javax.activation.DataHandler.writeTo(DataHandler.java:295)
at javax.mail.internet.MimeBodyPart.writeTo(MimeBodyPart.java:1209)
at javax.mail.internet.MimeMessage.writeTo(MimeMessage.java:1614)
at com.sun.mail.smtp.SMTPTransport.sendMessage(SMTPTransport.java:537)
But i tried with all other algo options also and it gives the same error..
Requirement is asymmetric encryption of MimeMessage.
Kindly help me in case someone has faced/solved such a situation or correct me in case the approach is wrong
ThanksHi,
I am working on an email client application that sends encrypted emails.
For encryption i have followed the approach :
1) Generated a private/public key pair for RSA using OpenSSL.
2)Generated a certificate using OpenSSL which contains Private and public keys(RSA Keys).
3) Using BouncyCastle to prepare an encrypted MimeMessage instance using SMIMEEnvelopedGenerator like :
SMIMEEnvelopedGenerator gen = new SMIMEEnvelopedGenerator();
gen.addKeyTransRecipient((X509Certificate) chain[0]);
msgbody = gen.generate(msgbody,SMIMEEnvelopedGenerator.RC2_CBC, 2048,"BC");
As the keys contained in the certificate are for RSA and the algorithm specified in the generate() method is "RC2_CBC", it throws an exception
java.io.IOException: org.bouncycastle.cms.CMSException: key inappropriate for algorithm.
at org.bouncycastle.mail.smime.SMIMEEnvelopedGenerator$ContentEncryptor.write(Unknown Source)
at org.bouncycastle.mail.smime.handlers.PKCS7ContentHandler.writeTo(Unknown Source)
at javax.activation.ObjectDataContentHandler.writeTo(DataHandler.java:839)
at javax.activation.DataHandler.writeTo(DataHandler.java:295)
at javax.mail.internet.MimeBodyPart.writeTo(MimeBodyPart.java:1209)
at javax.mail.internet.MimeMessage.writeTo(MimeMessage.java:1614)
at com.sun.mail.smtp.SMTPTransport.sendMessage(SMTPTransport.java:537)
But i tried with all other algo options also and it gives the same error..
Requirement is asymmetric encryption of MimeMessage.
Kindly help me in case someone has faced/solved such a situation or correct me in case the approach is wrong
Thanks -
Problems using virtual key figures
Hi experts,
I have got 2 questions regarding virtual key figures, by using the OLAP BADI
1. Is there a chance to get the variable values out of the variable selection screen in the BADI implemtentation? If so, how?.
2. In the compute method the assign does not work because the Attributes (p_kyf_ZIMCREDAY, p_cha_0material,p_cha_0calday) are 0 all the time.
How does the attribute get a correct assignment to a component name? See my coding of the define and compute method below.
Thanks and Regards, Mario
IF_EX_RSR_OLAP_BADI~DEFINE
DATA: l_s_chanm TYPE rrke_s_chanm,
l_kyfnm TYPE rsd_kyfnm.
FIELD-SYMBOLS:
<l_s_chanm> TYPE rrke_s_chanm.
CASE i_s_rkb1d-infocube.
WHEN 'ZD_IMC001'.
l_s_chanm-chanm = '0MATERIAL'.
l_s_chanm-mode = rrke_c_mode-read.
APPEND l_s_chanm TO c_t_chanm.
l_s_chanm-chanm = '0CALDAY'.
l_s_chanm-mode = rrke_c_mode-read.
APPEND l_s_chanm TO c_t_chanm.
APPEND 'ZIMCREDAY' TO c_t_kyfnm.
ENDCASE.
IF_EX_RSR_OLAP_BADI~COMPUTE
FIELD-SYMBOLS <fs_ZIMCREDAY> TYPE ANY.
FIELD-SYMBOLS <fs_material> TYPE ANY.
FIELD-SYMBOLS : <fs_calday> TYPE ANY.
ASSIGN COMPONENT p_kyf_ZIMCREDAY OF STRUCTURE c_s_data
TO <fs_ZIMCREDAY>.
ASSIGN COMPONENT p_cha_0material OF STRUCTURE c_s_data "p_cha_0material
TO <fs_material>.
ASSIGN COMPONENT p_cha_0calday OF STRUCTURE c_s_data "p_cha_0calday
TO <fs_calday>.Regarding 1.
I checked in debugging the variable I_TH_SFC in the initialize method, but there is no information regarding the selections in the variable popup.
Can you please explain in detail how to access the variable values.
Regarding 2.
I changed l_s_chanm-mode to rrke_c_mode-no_selection according to your recommendation.
Unfortunately it´s still the same. The attributes still does have the value 0. Therefore the assign does not work correct.
The attributes are defined with type i. But the component names are like 'K____132'. Is this the cause of the problem?
Thanks, Mario -
BUG? JDev 10.1.3.1.0 on MacBook Pro - problem using space and delete keys
Is anyone using JDev 10.1.3.1.0 production release on a Macbook Pro? I am experiencing problems using the delete and space keys. The delete key no longer seems to work at all when using any of the key bindings including Default MacOS X. Using the spacebar also seems to have a conflict with the code completion feature. I am finding that the code completion always pops up when the space bar is used and no space is inserted with the editor. The space bar only works when used in conjuction with the shift key. Can anyone verify if they are able to use these keys in JDeveloper 10.1.3.1.0 on a Macbook Pro?
Thanks,
RichardThis was from the dmg file.
I found that in Preferences | Accelerators, Completion Insight lists 'Space' as an accelerator, right after 'CommandAIC'. Removing that fixed the problem, but I still can't fix the Delete issue.
The Delete action is assigned to the 'Delete' key, which is recognizes as the key combination fn-Delete. I tried to assign the Delete Previous Char to just the delete key, but pressing the Delete key while in the New Accelerator field is not recognized - it just pretends as if I had not pressed a key.
I'm looking at the the file:
jdevhome/system/oracle.jdeveloper.10.1.3.39.84/Default_macosx.kdf
trying to find entries for Delete and they are not in there - is there some other place I should be looking?
Thanks,
--ee -
My MacAir is great except for a problem i have. Keys F1, F2,F5,F6,F7,F8,F9,F10,F11,F12 and the power button are unresponsive. These are keys i frequently use and i have searched the whole apple help centre. Anyone got answers for me? Please helP!!!
Some keys don't work as expected
From the Apple menu, choose System Preferences.
From the View menu, choose Speech.
Click the Text to Speech tab.
If "Speak selected text when the key is pressed" is enabled, the key or key combination set to speak text cannot be used for other purposes or used to type text--click Set Key and change it to a less-commonly used key combination (try to use modifier keys such as Shift, Command, Option, and Control). Or, disable the "Speak selected text when the key is pressed" option.
Click the Universal Access pane in System Preferences, click the Keyboard tab.
Make sure that Slow Keys is turned off. With Slow Keys on, you need to press a key for a longer period of time for it to be recognized.
In the Universal Access pane, click the Mouse tab, and make sure Mouse Keys is turned off. With Mouse Keys enabled, you cannot use the Numeric Keypad to enter numbers--instead the keypad moves the pointer (cursor). (There is an option to enable Mouse Keys with five presses of the Option key; you may want to turn that option off to avoid accidentally enabling it.) If Mouse Keys is enabled and you are using a keyboard with no numeric keypad or Num Lock function, see Unable to type while Mouse Keys is enabled in Mac OS X.
If the function keys on the top row of the keyboard are not working as expected, see Mac OS X: How to change the behavior of function keys.
If the issue persists, use Keyboard Viewer to help isolate the issue:
Click the Language & Text pane (Mac OS X v10.6) or International pane (Mac OS X v10.5.8 or earlier) in System Preferences.
Click the Input Sources tab (or Input Menu tab in Mac OS X 10.5.8 or earlier).
Click the Keyboard & Character Viewer "On" checkbox to select it (click the Keyboard Viewer "On" checkbox in Mac OS X 10.5.8 or earlier).
From the Input (flag) menu, choose Show Keyboard Viewer.
If the keyboard is connected and detected by Mac OS X, the keys you type will highlight in the Keyboard Viewer window. Open TextEdit (or any text application), and try to type something using the keys that were previously not responding to see if they highlight in Keyboard Viewer.
Start from the Mac OS X Install Disc, choose Terminal from the Utilities menu and test the keys which were previously not working. If the keys work while started from the Install disc, then the keyboard itself is working correctly. Use Mac OS X: How to troubleshoot a software issue to isolate the software issue that may be causing the keys to not respond.
http://support.apple.com/kb/TS1381 -
I can not update/download an app from app store by using my iphone 4s. I try every method by re-setting date/time and reboot the phone etc.NO Help.
The icon will change to blank keep waiting & can not go in & use in. Anyone have solution for this. pls help me...tks.local indicates local activity by the computer host Williams-macbook-pro.local=hostname@domain . The UID of 501 is the standard UID of a local computer administrator.
Copy and paste this little script in your terminal:
if [ "SSH_CONNECTION ]; then
echo I am remote
else
echo I am local
fi
A return of "i am local" ensures there is no remote connection to your machine (through SSH).
In the future, to avoid remote entry, I would recommend not posting your IP address though. -
Problem using Binary wrappers in a Replicated cache
I'd like to store my keys and values as Binary objects in a replicated cache so I can monitor their size using a BINARY unit-calculator. However, when I attempt to put a key and value as com.tangosol.util.Binary, I get the enclosed IOException.
I have a very simple sample to reproduce the exception, but I don't see a way to attach it here.
2008-07-07 09:21:35.061 Oracle Coherence GE 3.3.1/389 <Error> (thread=ReplicatedCache, member=1): Failed to deserialize a key for cache MyMap
2008-07-07 09:21:35.061 Oracle Coherence GE 3.3.1/389 <Error> (thread=ReplicatedCache, member=1): An exception (java.io.IOException) occurred reading Message LeaseUpdate Type=9 for Service=ReplicatedCache{Name=ReplicatedCache, State=(SERVICE_STARTED), Id=2, Version=3.0, OldestMemberId=1}
2008-07-07 09:21:35.061 Oracle Coherence GE 3.3.1/389 <Error> (thread=ReplicatedCache, member=1): Terminating ReplicatedCache due to unhandled exception: java.io.IOException
2008-07-07 09:21:35.061 Oracle Coherence GE 3.3.1/389 <Error> (thread=ReplicatedCache, member=1):
java.io.IOException: unsupported type / corrupted stream
at com.tangosol.util.ExternalizableHelper.readObject(ExternalizableHelper.java:2162)
at com.tangosol.coherence.component.net.Message.readObject(Message.CDB:3)
at com.tangosol.coherence.component.net.message.LeaseMessage.read(LeaseMessage.CDB:11)
at com.tangosol.coherence.component.net.message.leaseMessage.ResourceMessage.read(ResourceMessage.CDB:5)
at com.tangosol.coherence.component.util.daemon.queueProcessor.Service.onNotify(Service.CDB:110)
at com.tangosol.coherence.component.util.daemon.queueProcessor.service.ReplicatedCache.onNotify(ReplicatedCache.CDB:3)
at com.tangosol.coherence.component.util.Daemon.run(Daemon.CDB:35)
at java.lang.Thread.run(Thread.java:619)
2008-07-07 09:21:35.061 Oracle Coherence GE 3.3.1/389 <D5> (thread=ReplicatedCache, member=1): Service ReplicatedCache left the clusterHi John,
Currently the Replicated cache service uses Binary only for internal value representation and does not allow storing arbitrary Binary objects in replicated caches. You should have no problems using partitioned (Distributed) cache service with this approach.
Regards,
Gene -
Built two OIF 11.1.1.2 instances in same IDMDomain, second instance cannot read key store
I asked about loading two versions of OIF onto two different managed servers listening on two different ports but within the same IDMDomain that gets bootstrapped here: Different instances of OIF within the same IDMDomain
I have built this out. Here is what it looks like in EM. Ports are highlighted.
AdminServer 7001
wls_oif1 7499 (bootstrapped at config)
OIF 11.1.1.2 (bootstrapped at config)
wls_oif2 7498 (cloned from wls_oif1 in WL Console)
OIF 11.1.1.2 (changed target from bootstrapped instance to hit both servers)
I had to do a few other hacky things to get this up without any erratic EM or application errors. I had to change the targets on several libraries and other EAR/WARs to hit both wls_oif1 and wls_oif2, and then edited my config.xml for IDMDomin to reference all three servers where it would only reference Admin and wls_oif1 before, and change single references to wls_oif1 to both wls_oif1 and wls_oif2. This got me a stable EM and deployment.
I can pull metadata from http://dlaxoifs101:7499/fed/idp/metadata, but I get an HTTP 500 error when trying http://dlaxoifs101:7498/fed/idp/metadata. The only error in the logs of wls_oif2 OIF instance is:
Message ID
FED-20000
Message Level
1
Relationship ID
0
Component
wls_oif2
Module
oracle.security.fed.sec.key.select.CryptoStore
Host
dlaxoifs101.devapollogrp.edu
Host IP Address
10.87.1.3
User
<anonymous>
Thread ID
[ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'
ECID
37391fee28ccc45c:-13d3734e:13ff2932ce7:-8000-0000000000000570
Message
Cannot open the key store.
I altered the config of the Admin Server and wls_oif2 Identity and Trust to reference some new keystores of my own creation to make sure the cloned server and the Admin server were speaking the same language, but that just prevented me from being able to start wls_oif2 due to an "SSL not trusted" error- which was odd because I am not using SSL in any of these connections.
So am I missing any other keystores, or do I just need to admit that running two distinct OIF instances on the same IDMDomain is not supported and a bad idea?First, I sent an email to the author of PhotoME to inform him of the serious issues his addon caused with Firefox latest versions.
Now, for those of you who do not have the PhotoME addon and yet experience the same problem that I had and that I described above, I suggest the following strategy.
As PhotoME did cause these problems with Firefox latest versions, I am pretty covinved other addons probably might cause these problems too. Therefore, adopt the following method.
Test one addon at a time to see if this particular addon is behind your Firefox issues like the ones I had.
So, disable one addon only at a time. Then close your Firefox and restart it from scratch and see if you still have your Firefox problems. You must restart the Firefox browser from scratch. If you still have these Firefox problems, re-enable the disabled addon, restart your Firefox (again!) and repeat the same method for every single addon that you have.
Try to be selective by choosing first addons that are more likely to cause your Firefox problems such as not very well-known or not very popular addons (like it was the case for the PhotoME addon).
If this method works or if it does not work, report it on this web page so that others can be helped with your comments.
I hope this method will help you because I was really upset that I had these Firefox problems and I first thought it was the fault of Firefox, only to discover later that this PhotoME addon was the culprit and had caused me such upset. -
Hello, I've successfully configured the Custom Trust and Key Store on one server (hosting OpenSSO,) but when I follow the exact same directions to configure the Custom Trust and Key Store on another server (hosting Identity Manager with OpenSSO policy agent) WebLogic pre-empts my configuration by loading the DemoTrust.jks and cacerts keystores. I think the issue is introduced because the OpenSSO policy agent requires an Authentication Provider (Agent_Authenticator, com.sun.identity.agents.weblogic.v10.AmWLAuthProvider) that is loaded before the WebLogic domain's config/config.xml file, which contains the Custom Trust and Key Store entities.
Thanks.
A part of the log file showing that these two stores are loaded before the custom identity and trust stores are loaded:
Note JAVA_OPTIONS has -verbose:class and -Dssl.debug=true set
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE KeyAgreement: SunPKCS11-Solaris version 1.6 for algorithm DiffieHellman>
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default KeyAgreement for algorithm DiffieHellman>
[Loaded com.certicom.ecc.scheme.DH from file:/opt/bea/wlserver_10.3/server/lib/EccpressoCore.jar]
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default KeyAgreement for algorithm ECDH>
[Loaded com.certicom.ecc.scheme.KeyAgreement from file:/opt/bea/wlserver_10.3/server/lib/EccpressoCore.jar]
[Loaded com.certicom.ecc.scheme.ECDH from file:/opt/bea/wlserver_10.3/server/lib/EccpressoCore.jar]
[Loaded com.certicom.ecc.scheme.KDF from file:/opt/bea/wlserver_10.3/server/lib/EccpressoCore.jar]
[Loaded com.certicom.tls.provider.Cipher from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.provider.cipher.NullCipher from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.provider.cipher.ECCpresso_RC4 from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.provider.cipher.des.ECCpresso_DESCBCNoPad from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.provider.cipher.ECCpresso_AESCBCNoPad from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.provider.cipher.JSAFE_RSA from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.provider.cipher.ECCpresso_RSACipher from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.jce.WLCipher from file:/opt/bea/wlserver_10.3/server/lib/wlcipher.jar]
[Loaded sun.security.pkcs11.P11Cipher from file:/usr/jdk/instances/jdk1.6.0/jre/lib/ext/sunpkcs11.jar]
[Loaded sun.security.pkcs11.P11Cipher$Padding from file:/usr/jdk/instances/jdk1.6.0/jre/lib/ext/sunpkcs11.jar]
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Cipher: SunPKCS11-Solaris version 1.6 for algorithm DESede/CBC/NoPadding>
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm DESede>
[Loaded com.certicom.ecc.scheme.DES from file:/opt/bea/wlserver_10.3/server/lib/EccpressoCore.jar]
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Cipher: SunPKCS11-Solaris version 1.6 for algorithm DES/CBC/NoPadding>
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm DES>
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Cipher: SunPKCS11-Solaris version 1.6 for algorithm AES/CBC/NoPadding>
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm AES>
[Loaded com.certicom.ecc.scheme.AES from file:/opt/bea/wlserver_10.3/server/lib/EccpressoCore.jar]
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Cipher: SunPKCS11-Solaris version 1.6 for algorithm RC4>
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm RC4>
[Loaded com.certicom.ecc.scheme.ARC4 from file:/opt/bea/wlserver_10.3/server/lib/EccpressoCore.jar]
[Loaded com.sun.crypto.provider.RSACipher from file:/usr/jdk/instances/jdk1.6.0/jre/lib/ext/sunjce_provider.jar]
[Loaded javax.crypto.spec.PSource from /usr/jdk/instances/jdk1.6.0/jre/lib/jce.jar]
[Loaded javax.crypto.spec.PSource$PSpecified from /usr/jdk/instances/jdk1.6.0/jre/lib/jce.jar]
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA>
[Loaded java.util.regex.Pattern$BranchConn from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded java.util.regex.Pattern$Branch from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA/ECB/NoPadding>
[Loaded com.certicom.tls.interfaceimpl.CertificateSupport from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded java.security.cert.CertificateParsingException from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded java.security.cert.CertificateNotYetValidException from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded java.security.cert.CertificateExpiredException from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded com.certicom.security.cert.internal.x509.X509V3CertImpl from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.provider.KeyFactory from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.net.ssl.TrustManager from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.net.ssl.impl.TrustManagerImpl from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.interfaceimpl.SessionDBImpl from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSL Session TTL :90000>
[Loaded com.certicom.tls.interfaceimpl.ProtocolVersions from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.interfaceimpl.ProtocolVersion from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.security.utils.SSLTrustValidator from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded java.security.cert.CertificateEncodingException from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded weblogic.security.SSL.CertPathTrustManager from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.security.utils.SSLWLSHostnameVerifier from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.security.utils.SSLWLSHostnameVerifier$NullHostnameVerifier from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.security.utils.SSLWLSHostnameVerifier$DefaultHostnameVerifier from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <DefaultHostnameVerifier: allowReverseDNS=false>
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: loading trusted CA certificates>
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: using pre-mbean command line configuration for SSL trust>
[Loaded weblogic.security.utils.KeyStoreConfigurationHelper from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.security.utils.PreMBeanKeyStoreConfiguration from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.security.utils.KeyStoreInfo from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.security.utils.KeyStoreConstants from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.security.utils.SSLContextManager from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
<Jan 26, 2010 4:00:26 PM EST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file /opt/bea/wlserver_10.3/server/lib/DemoTrust.jks.>
[Loaded weblogic.jndi.ClientEnvironment from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.jndi.Environment from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.security.utils.KeyStoreUtils from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded java.security.KeyStoreSpi from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.security.provider.JavaKeyStore from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.security.provider.JavaKeyStore$JKS from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded java.security.DigestInputStream from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.security.provider.JavaKeyStore$TrustedCertEntry from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded weblogic.security.utils.SSLCertUtility from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded javax.security.cert.CertificateException from /usr/jdk/instances/jdk1.6.0/jre/lib/jsse.jar]
[Loaded javax.security.cert.CertificateEncodingException from /usr/jdk/instances/jdk1.6.0/jre/lib/jsse.jar]
[Loaded javax.net.ssl.SSLException from /usr/jdk/instances/jdk1.6.0/jre/lib/jsse.jar]
[Loaded javax.net.ssl.SSLPeerUnverifiedException from /usr/jdk/instances/jdk1.6.0/jre/lib/jsse.jar]
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLContextManager: loaded 5 trusted CAs from /opt/bea/wlserver_10.3/server/lib/DemoTrust.jks>
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Subject: CN=CACERT, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US; Issuer: CN=CACERT, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US>
... The Certs ....
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Subject: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US; Issuer: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US>
<Jan 26, 2010 4:00:26 PM EST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file /usr/jdk/instances/jdk1.6.0/jre/lib/security/cacerts.>
[Loaded sun.security.x509.CRLDistributionPointsExtension from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.security.x509.DistributionPoint from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.security.x509.URIName from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.security.x509.DNSName from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.security.x509.CertificatePoliciesExtension from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.security.x509.PolicyInformation from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.security.x509.CertificatePolicyId from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded java.security.cert.PolicyQualifierInfo from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.security.x509.PrivateKeyUsageExtension from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.reflect.GeneratedConstructorAccessor9 from __JVM_DefineClass__]
[Loaded sun.reflect.GeneratedConstructorAccessor10 from __JVM_DefineClass__]
[Loaded sun.security.x509.ExtendedKeyUsageExtension from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.reflect.GeneratedConstructorAccessor11 from __JVM_DefineClass__]
[Loaded sun.reflect.GeneratedConstructorAccessor12 from __JVM_DefineClass__]
[Loaded sun.security.x509.IssuerAlternativeNameExtension from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.security.x509.AuthorityInfoAccessExtension from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.security.x509.AccessDescription from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
<Jan 26, 2010 4:00:27 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLContextManager: loaded 76 trusted CAs from /usr/jdk/instances/jdk1.6.0/jre/lib/security/cacerts>
... The 76 Certs ...
[Loaded sun.nio.cs.ISO_8859_1$Decoder from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
<Jan 26, 2010 4:00:27 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US; Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US>
[Loaded com.certicom.security.asn1.ASN1ParsingException from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1Type from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1Structured from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1Sequence from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1SequenceOf from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.Extensions from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.SubjectPublicKeyInfo from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1InputStream from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.Certificate from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1EncodingException from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1OutputStream from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.TBSCertificate from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1Tag from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1Primitive from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1Integer from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.AlgorithmIdentifier from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1Null from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkcs.pkcs1.DSSParams from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1OID from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkcs.pkcs5.PBEParameter from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1Choice from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.Name from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.RDNSequence from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.AttributeTypeAndValue from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1SetOf from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.RelativeDistinguishedName from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1String from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1SimpleString from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1PrintableString from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1TeletextString from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1IA5String from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.UTF8String from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1BMPString from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.Validity from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.Time from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1BitString from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.DERInputStream from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.DERDefiniteLengthInputStream from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1Time from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1Set from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1OctetString from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1Boolean from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.DERInputStream$Header from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1UTCTime from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.Extension from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.DEROutputStream from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.DERByteArrayOutputStream from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.DEROutputSizer from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.provider.kf.ECCpresso_ECKeyFactory from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.provider.kf.JSAFE_RSAKeyFactory from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.provider.kf.ECCpresso_RSAKeyFactory from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.provider.kf.DSAKeyFactory from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded sun.reflect.GeneratedConstructorAccessor13 from __JVM_DefineClass__]
[Loaded sun.reflect.GeneratedConstructorAccessor14 from __JVM_DefineClass__]
[Loaded sun.reflect.GeneratedConstructorAccessor15 from __JVM_DefineClass__]
[Loaded com.certicom.locale.Resources from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.locale.jSSLPlusResources from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.locale.jSSLPlusResources_en from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.bea.logging.ThrowableWrapper from file:/opt/bea/modules/com.bea.core.logging_1.4.0.0.jar]
[Loaded weblogic.logging.ThrowableInfo from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
<Jan 26, 2010 4:00:27 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Failure loading trusted CA list
java.security.cert.CertificateParsingException: PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11
at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown Source)
at com.certicom.tls.interfaceimpl.CertificateSupport.addTrustedCertificate(Unknown Source)
at com.certicom.net.ssl.SSLContext.addTrustedCertificate(Unknown Source)
at com.bea.sslplus.CerticomSSLContext.addTrustedCA(Unknown Source)
at weblogic.security.utils.SSLContextWrapper.addTrustedCA(SSLContextWrapper.java:62)
at weblogic.security.utils.SSLSetup.getSSLContext(SSLSetup.java:320)
at weblogic.security.SSL.SSLClientInfo.getSSLSocketFactory(SSLClientInfo.java:101)
at weblogic.security.SSL.SSLSocketFactory.setSSLClientInfo(SSLSocketFactory.java:218)
at weblogic.security.SSL.SSLSocketFactory.<init>(SSLSocketFactory.java:36)
at weblogic.security.SSL.SSLSocketFactory.getInstance(SSLSocketFactory.java:68)
at weblogic.net.http.HttpsClient.New(HttpsClient.java:561)
at weblogic.net.http.HttpsURLConnection.connect(HttpsURLConnection.java:242)
at weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:237)
at com.iplanet.services.comm.client.PLLClient.send(PLLClient.java:191)
at com.iplanet.services.comm.client.PLLClient.send(PLLClient.java:93)
at com.iplanet.services.naming.WebtopNaming.getNamingTable(WebtopNaming.java:1038)
at com.iplanet.services.naming.WebtopNaming.updateNamingTable(WebtopNaming.java:1074)
at com.iplanet.services.naming.WebtopNaming.getNamingProfile(WebtopNaming.java:991)
at com.iplanet.services.naming.WebtopNaming.access$000(WebtopNaming.java:74)
at com.iplanet.services.naming.WebtopNaming$SiteMonitor.<clinit>(WebtopNaming.java:1386)
at com.iplanet.services.comm.client.PLLClient.send(PLLClient.java:145)
at com.iplanet.services.comm.client.PLLClient.send(PLLClient.java:93)
at com.iplanet.services.naming.WebtopNaming.getNamingTable(WebtopNaming.java:1038)
at com.iplanet.services.naming.WebtopNaming.updateNamingTable(WebtopNaming.java:1074)
at com.iplanet.services.naming.WebtopNaming.getNamingProfile(WebtopNaming.java:991)
at com.iplanet.services.naming.WebtopNaming.getServiceAllURLs(WebtopNaming.java:466)
at com.sun.identity.authentication.AuthContext.login(AuthContext.java:575)
at com.sun.identity.authentication.AuthContext.login(AuthContext.java:521)
at com.sun.identity.authentication.AuthContext.login(AuthContext.java:381)
at com.sun.identity.agents.common.ApplicationSSOTokenProvider.getApplicationSSOToken(ApplicationSSOTokenProvider.java:63)
at com.sun.identity.agents.arch.AgentConfiguration.setAppSSOToken(AgentConfiguration.java:541)
at com.sun.identity.agents.arch.AgentConfiguration.bootStrapClientConfiguration(AgentConfiguration.java:646)
at com.sun.identity.agents.arch.AgentConfiguration.initializeConfiguration(AgentConfiguration.java:1054)
at com.sun.identity.agents.arch.AgentConfiguration.<clinit>(AgentConfiguration.java:1498)
at com.sun.identity.agents.arch.Manager.<clinit>(Manager.java:643)
at com.sun.identity.agents.weblogic.v10.AmWLAuthProvider.initialize(AmWLAuthProvider.java:57)
at com.bea.common.security.internal.legacy.service.SecurityProviderImpl.init(SecurityProviderImpl.java:65)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:363)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
at weblogic.security.service.internal.WLSIdentityServiceImpl.initialize(Unknown Source)
at weblogic.security.service.CSSWLSDelegateImpl.initializeServiceEngine(Unknown Source)
at weblogic.security.service.CSSWLSDelegateImpl.initialize(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.InitializeServiceEngine(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(Unknown Source)
at weblogic.security.service.SecurityServiceManager.initialize(Unknown Source)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
[Loaded javax.net.ssl.impl.SSLSocketImpl from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded java.net.SocksConsts from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded java.net.PlainSocketImpl from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded java.net.SocksSocketImpl from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded java.net.SocksSocketImpl$5 from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded java.net.ProxySelector from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.net.spi.DefaultProxySelector from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.net.spi.DefaultProxySelector$1 from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.net.NetProperties from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.net.NetProperties$1 from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.net.spi.DefaultProxySelector$3 from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded java.net.Socket$2 from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded java.net.SocketInputStream from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded java.net.Socket$3 from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded java.net.SocketOutputStream from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded javax.net.ssl.impl.StringID from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.event.HandshakeWouldBlockException from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded javax.net.ssl.SSLProtocolException from /usr/jdk/instances/jdk1.6.0/jre/lib/jsse.jar]
[Loaded javax.net.ssl.SSLHandshakeException from /usr/jdk/instances/jdk1.6.0/jre/lib/jsse.jar]
[Loaded javax.net.ssl.SSLKeyException from /usr/jdk/instances/jdk1.6.0/jre/lib/jsse.jar]
[Loaded com.certicom.tls.record.Message from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.io.InputSSLIO from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.io.OutputSSLIO from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.bea.sslplus.TwoWaySSLHandshakeStageSocketException from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.TLSSession from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.io.OutputSSLIOStreamWrapper from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.io.InputSSLIOStreamWrapper from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.io.InputSSLIOStream from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.io.OutputSSLIOStream from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.record.alert.AlertHandler from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.record.handshake.HandshakeHandler from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.record.alert.Alert from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.record.handshake.HandshakeInputBuffer from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.interfaceimpl.TLSSessionImpl from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.record.CryptoRecordState from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.record.handshake.HandshakeTypes from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.record.handshake.HandshakeState from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.record.handshake.ClientStateSentHello from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.record.handshake.HandshakeMessage from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.record.handshake.MessageSSL2Error from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.record.handshake.MessageClientHelloVersion2 from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.record.handshake.MessageClientHello from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.interfaceimpl.SessionID from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.record.handshake.ServerStateNoHandshake from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.record.handshake.ClientStateNoHandshake from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.record.WriteHandler from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.record.MessageEncryptor from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.record.MessageFragmentor from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.record.ReadHandler from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.record.MessageInterpreter from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.security.utils.SSLIOContext from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.socket.SSLFilter from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.utils.collections.PartitionedStackPool from file:/opt/bea/modules/com.bea.core.utils_1.4.0.0.jar]
<Jan 26, 2010 4:00:27 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
[Loaded weblogic.security.utils.SSLIOContextTable from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
<Jan 26, 2010 4:00:27 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 16880245>
<Jan 26, 2010 4:00:27 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
Edited by: user585541 on Jan 26, 2010 1:23 PM
Edited by: user585541 on Jan 26, 2010 1:29 PMFaisal Khan wrote:
<BEA-000000> <Failure loading trusted CA list
java.security.cert.CertificateParsingException: PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11
at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown Source)
The root problem is the Certicom SSL does not support SHA256 algorithm, which is required with the trusted certificates of “ttelesecglobalrootclass2ca" and "ttelesecglobalrootclass3ca"
A fix is included in JDK 1.6.0_13 wherein WLS just ignores these certificates.
You can get more information on the fix for Oracle Support
You can delete these certificates yourself using the keytool utility..Thank you. I removed them all, but WebLogic still loads the Demo and JDK keystores and not the custom keystores before loading the security realm.
Is there a way to specify the KeyStores for the security realm?
I've provided the following to the JVM but to no avail:
-Djavax.net.ssl.keyStore=/export/home/weblogic/keystore/keystore.jks -Djavax.net.ssl.keyStoreType=jks -Djavax.net.ssl.keyStore
Password=***** -Djavax.net.ssl.trustStore=/export/home/weblogic/keystore/keystore.jks -Djavax.net.ssl.trustStoreType=jks -Dj
avax.net.ssl.trsustStorePassword=***** -
Problem using SmartCard with 2 Certificates stored and SunPKCS11
Hi,
I'm trying to access one SmartCard token in Java 1.5 using SunPKCS11 provider for crypt, decrypt and digital signature operations.
I have 2 certificates stored on Token:
- CertA;
- CertB.
There are also 2 PIN:
- PIN1;
- PIN2.
I use:
- PIN1 for logging into the token;
- PIN1 for operation involving CertA;
- PIN2 for operation involving CertB;
There is no problem to logging into the token using Java and, without any troubles, I can read certificates and key from the
cryptographic card.
There is no problem using CertA for all my operation, but every attempt of using Private Key of CertB (for the same operations) returns with an Exception:
java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DEVICE_ERROR
Here there's an extract of my source code.
public void loginToken() {
Provider UserProvider = new sun.security.pkcs11.SunPKCS11(C:\\pkcs11.cfg);
Security.addProvider(UserProvider);
try {
KeyStore ks = null;
X509Certificate UserCert = null;
PrivateKey UserCertPrivKey = null;
PublicKey UserCertPubKey = null;
//PIN
char PIN1[] = "11111".toCharArray();
char PIN2[] = "22222".toCharArray();
//logging into token
ks = KeyStore.getInstance("PKCS11", UserProvider);
ks.load(null, PIN1);
//enumeration alias
String alias = "";
Enumeration e = ks.aliases();
while (e.hasMoreElements()) {
alias = (String) e.nextElement();
//Certificate
UserCert = (X509Certificate) ks.getCertificate(alias);
//PublicKey
UserCertPubKey = (PublicKey) ks.getCertificate(alias).getPublicKey();
if (alias.compareToIgnoreCase("Cert1") == 0) {
//PrivateKey reference
UserCertPrivKey = (PrivateKey) ks.getKey(alias, PIN1);
} else if (alias.compareToIgnoreCase("Cert2") == 0) {
//PrivateKey reference
UserCertPrivKey = (PrivateKey) ks.getKey(alias, PIN2);
} else {
System.out.println("ALIAS UNKNOW");
System.exit(1);
//Signature Test
if (!MakeSignature(UserCertPrivKey, UserProvider))
System.out.println(" *** SIGNATURE OK *** ");
else
System.out.println(" *** SIGNATURE KO *** ");
catch (Exception ex) {
System.out.println("ERROR: " + ex);
public boolean MakeSign(PrivateKey PrivKey, Provider p) {
try {
//File I/O
FileInputStream txtfis = new FileInputStream("C:\\Test.txt");
FileOutputStream sigfos = new FileOutputStream("C:\\Test_Signature.txt");
//Signature Obj init
Signature dsa = Signature.getInstance("SHA1withRSA", p.getName());
dsa.initSign(PrivKey);
//Update data
BufferedInputStream bufin = new BufferedInputStream(txtfis);
byte[] buffer = new byte[1024];
int len;
while (bufin.available() != 0) {
len = bufin.read(buffer);
dsa.update(buffer, 0, len);
bufin.close();
//Make signature
byte[] realSig = dsa.sign();
//save signature on file
sigfos.write(realSig);
sigfos.close();
return true;
catch (Exception ex) {
System.out.println("ERROR: " + ex);
return false;
Any help would be grateful...
Thanks in advance.
P.S. Sorry for my EnglishThis is the same my initial problem.
I resolved it using IAIK-PKCS#11Wrapper (it is FREE) insted of sun.security.pkcs11.SunPKCS11.
You can find it here:
http://jce.iaik.tugraz.at/sic/products/core_crypto_toolkits/pkcs_11_wrapper
Here an exemple of code.
The main class:
import iaik.pkcs.pkcs11.Module;
import iaik.pkcs.pkcs11.DefaultInitializeArgs;
import java.util.Hashtable;
import iaik.pkcs.pkcs11.Token;
import iaik.pkcs.pkcs11.Slot;
import iaik.pkcs.pkcs11.Session;
import iaik.pkcs.pkcs11.objects.RSAPrivateKey;
import java.util.Vector;
import iaik.pkcs.pkcs11.objects.PrivateKey;
import iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate;
import java.util.Enumeration;
import iaik.pkcs.pkcs11.objects.Key;
import java.security.cert.CertificateFactory;
import java.io.ByteArrayInputStream;
import iaik.pkcs.pkcs11.Mechanism;
import java.security.Security;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import java.io.File;
import java.io.FileInputStream;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.CMSProcessableByteArray;
import java.util.ArrayList;
import java.security.cert.CertStore;
import java.security.cert.CollectionCertStoreParameters;
import org.bouncycastle.cms.CMSSignedData;
import java.io.FileOutputStream;
import java.security.cert.X509Certificate;
import iaik.pkcs.pkcs11.TokenInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
public class MakeSignature {
public static void main(String[] args) {
String USER_PIN = "12345678";
String DLL_NAME = "C:\\windows\\system32\\dll_P11_name.dll";
String OBJ_LABEL1 = "CNS0"; //this is the label of my 1th cert
String OBJ_LABEL2 = "CNS1"; //this is the label of my 2th cert
String INPUT_FILE = "C:\\Temp\\test.txt";
String OUTPUT_FILE = "C:\\Temp\\test.p7m";
try {
// ********** INITIALIZE PKCS#11 MODULE WITH DEFAULT PARAMETERS **********
Module pkcs11Module = Module.getInstance(DLL_NAME);
pkcs11Module.initialize(new DefaultInitializeArgs());
// ********** SELECT TOKEN **********
Slot[] slotsWithToken = pkcs11Module.getSlotList(Module.SlotRequirement.TOKEN_PRESENT);
Token[] tokens = new Token[slotsWithToken.length];
Hashtable tokenIDtoToken = new Hashtable(tokens.length);
long tokenID = -1;
Token tokenUsed = null;
//enum readers
for (int i = 0; i < slotsWithToken.length; i++) {
tokens[i] = slotsWithToken.getToken();
tokenID = tokens[i].getTokenID();
tokenIDtoToken.put(new Long(tokenID), tokens[i]);
System.out.println("Active tokens:");
System.out.println("Token ID: " + tokenID);
if (tokens.length == 0) { //No SC found
System.out.println("No SC presents");
else {
System.out.println("Using token: " + tokens[0].getTokenID());
tokenUsed = tokens[0];
//Note: if you have more reader and more SC inserted, you have to write
//here the code for select the right token
// ********** OPEN SESSION VS THE TOKEN AND IF REQUIRED SUBMIT PIN **********
TokenInfo tokenInfo = tokenUsed.getTokenInfo();
Session session = tokenUsed.openSession(Token.SessionType.SERIAL_SESSION, false, null, null);
if (tokenInfo.isLoginRequired()) {
session.login(Session.UserType.USER, USER_PIN.toCharArray());
// ********** SET SEARCH TEMPLATE FOR THE P11 OBJECT **********
RSAPrivateKey privateSignatureKeyTemplate = new RSAPrivateKey();
privateSignatureKeyTemplate.getSign().setBooleanValue(Boolean.TRUE);
privateSignatureKeyTemplate.getLabel().setCharArrayValue(OBJ_LABEL2.toCharArray());
// ********** SEARCH P11 OBJECT USING TEMPLATE **********
Vector keyList = new Vector(4);
session.findObjectsInit(privateSignatureKeyTemplate);
Object[] matchingKeys;
while ( (matchingKeys = session.findObjects(1)).length > 0) {
keyList.addElement(matchingKeys[0]);
session.findObjectsFinal();
//Try to find the corresponding certificates for the signature keys
Hashtable keyToCertificateTable = new Hashtable(4);
Enumeration keyListEnumeration = keyList.elements();
while (keyListEnumeration.hasMoreElements()) {
PrivateKey signatureKey = (PrivateKey) keyListEnumeration.nextElement();
byte[] keyID = signatureKey.getId().getByteArrayValue();
X509PublicKeyCertificate certificateTemplate = new X509PublicKeyCertificate();
certificateTemplate.getId().setByteArrayValue(keyID);
session.findObjectsInit(certificateTemplate);
Object[] correspondingCertificates = session.findObjects(1);
if (correspondingCertificates.length > 0) {
keyToCertificateTable.put(signatureKey, correspondingCertificates[0]);
session.findObjectsFinal();
//There are three cases now: 1 no obj found; 2 found only one obj, 3 found more obj
Key selectedKey = null;
X509PublicKeyCertificate correspondingCertificate = null;
//no object found for template
if (keyList.size() == 0) {
System.out.println("No object found for template");
throw new Exception("No object found for template");
//Founf only one object
else if (keyList.size() == 1) {
selectedKey = (Key) keyList.elementAt(0);
// create a IAIK JCE certificate from the PKCS11 certificate
correspondingCertificate = (X509PublicKeyCertificate)keyToCertificateTable.get(selectedKey);
System.out.println("One object Found");
//Found more object ... user can select one
else {
System.out.println("Many obj found!!!");
//write here the code for select the right object
// ********** GET THE OBJECT **********
RSAPrivateKey signerPriKey = (RSAPrivateKey) selectedKey;
java.security.cert.CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
byte[] derEncodedCertificate = correspondingCertificate.getValue().getByteArrayValue();
//Cast to java.security.cert.X509Certificate
java.security.cert.X509Certificate signerCert = (java.security.cert.X509Certificate) certificateFactory.
generateCertificate(new ByteArrayInputStream(derEncodedCertificate));
// ********** SIGNATURE OPERATION **********
//Add BouncyCastle as provider
Security.addProvider(new BouncyCastleProvider());
//initialize signature operation
session.signInit(Mechanism.RSA_PKCS, (PrivateKey) signerPriKey);
//get input data
File src = new File(INPUT_FILE);
int sizecontent = ( (int) src.length());
byte[] contentData = new byte[sizecontent];
FileInputStream freader = new FileInputStream(src);
freader.read(contentData, 0, sizecontent);
freader.close();
//calculate digest of the input data
byte[] toEncrypt = buildBits(contentData); //I've already posted the code for this function
//make signature
byte[] signature = session.sign(toEncrypt);
// ********** MAKE P7 WELL FORMAT DOCUMENT **********
//CMSSignedDataGenerator fact = new CMSSignedDataGenerator();
Signature2CMSSignedData fact = new Signature2CMSSignedData();
CMSProcessableByteArray content = new CMSProcessableByteArray(contentData);
//Creation of BC CertStore
ArrayList certList = new ArrayList();
certList.add(signerCert);
CertStore certs = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList), "BC");
//Signature Alg
String algorithm = CMSSignedDataGenerator.DIGEST_SHA1;
//add element to P7
fact.addSignature(signature, signerCert, algorithm);
fact.addCertificatesAndCRLs(certs);
//generate enveloped using Bouncycastle provider
CMSSignedData envdata = fact.generate(PKCSObjectIdentifiers.data.getId(), content, true);
byte[] enveloped = envdata.getEncoded();
//Write P7 file
FileOutputStream efos = new FileOutputStream(OUTPUT_FILE);
efos.write(enveloped);
efos.close();
// ********** END **********
session.closeSession();
pkcs11Module.finalize(null);
catch (Exception ex) {
ex.printStackTrace();
}Main class uses buildBits function (already posted in this topic) and Signature2CMSSignedData class.import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.security.cert.CertStore;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.BERConstructedOctetString;
import org.bouncycastle.asn1.DEREncodable;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import org.bouncycastle.asn1.cms.SignedData;
import org.bouncycastle.asn1.cms.SignerIdentifier;
import org.bouncycastle.asn1.cms.SignerInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.CertificateList;
import org.bouncycastle.asn1.x509.TBSCertificateStructure;
import org.bouncycastle.asn1.x509.X509CertificateStructure;
import org.bouncycastle.cms.CMSProcessable;
import org.bouncycastle.cms.CMSSignedData;
* class for generating a RSA pkcs7-signature message.
public class Signature2CMSSignedData2 {
CertStore certStore;
List certs = new ArrayList();
List crls = new ArrayList();
List signerInfs = new ArrayList();
List signers = new ArrayList();
public static final String DATA = PKCSObjectIdentifiers.data.getId();
public static final String ENCRYPTION_RSA = "1.2.840.113549.1.1.1";
private byte[] signatureData = null;
private X509Certificate cert = null;
private String digestOID = null;
private String encOID = null;
public Signature2CMSSignedData2() {
public void addSignature(byte[] signatureData, X509Certificate cert, String digestOID) {
this.signatureData = signatureData;
this.cert = cert;
this.digestOID = digestOID;
this.encOID = ENCRYPTION_RSA;
public void addCertificatesAndCRLs(CertStore certStore) throws Exception{
try {
Iterator it = certStore.getCertificates(null).iterator();
while (it.hasNext()) {
X509Certificate c = (X509Certificate) it.next();
certs.add(new X509CertificateStructure((ASN1Sequence) makeObj(c.getEncoded())));
Iterator it2 = certStore.getCRLs(null).iterator();
while (it2.hasNext()) {
X509CRL c = (X509CRL) it2.next();
crls.add(new CertificateList((ASN1Sequence) makeObj(c.getEncoded())));
catch (Exception e) {
throw new Exception(e.getMessage());
private DERObject makeObj(byte[] encoding) throws Exception {
if (encoding == null) {
return null;
ByteArrayInputStream bIn = new ByteArrayInputStream(encoding);
ASN1InputStream aIn = new ASN1InputStream(bIn);
return aIn.readObject();
public CMSSignedData generate(String signedContentType, CMSProcessable content, boolean encapsulate) throws Exception {
try {
ASN1EncodableVector digestAlgs = new ASN1EncodableVector();
ASN1EncodableVector signerInfos = new ASN1EncodableVector();
DERObjectIdentifier contentTypeOID = new DERObjectIdentifier(signedContentType);
// add the SignerInfo objects
Iterator it = signerInfs.iterator();
AlgorithmIdentifier digAlgId = new AlgorithmIdentifier(new DERObjectIdentifier(digestOID), new DERNull());
AlgorithmIdentifier encAlgId;
encAlgId = new AlgorithmIdentifier(new DERObjectIdentifier(encOID), new DERNull());
digestAlgs.add(digAlgId);
ASN1Set signedAttr = null;
ASN1Set unsignedAttr = null;
ASN1OctetString encDigest = new DEROctetString(signatureData);
ByteArrayInputStream bIn = new ByteArrayInputStream(cert.getTBSCertificate());
ASN1InputStream aIn = new ASN1InputStream(bIn);
TBSCertificateStructure tbs = TBSCertificateStructure.getInstance(aIn.readObject());
IssuerAndSerialNumber encSid = new IssuerAndSerialNumber(tbs.getIssuer(), tbs.getSerialNumber().getValue());
signerInfos.add(new SignerInfo(new SignerIdentifier(encSid), digAlgId, signedAttr, encAlgId, encDigest, unsignedAttr));
ASN1Set certificates = null;
if (certs.size() != 0) {
ASN1EncodableVector v = new ASN1EncodableVector();
it = certs.iterator();
while (it.hasNext()) {
v.add( (DEREncodable) it.next());
certificates = new DERSet(v);
ASN1Set certrevlist = null;
if (crls.size() != 0) {
ASN1EncodableVector v = new ASN1EncodableVector();
it = crls.iterator();
while (it.hasNext()) {
v.add( (DEREncodable) it.next());
certrevlist = new DERSet(v);
ContentInfo encInfo;
if (encapsulate) {
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
content.write(bOut);
ASN1OctetString octs = new BERConstructedOctetString(bOut.toByteArray());
encInfo = new ContentInfo(contentTypeOID, octs);
else {
encInfo = new ContentInfo(contentTypeOID, null);
SignedData sd = new SignedData(new DERSet(digestAlgs), encInfo, certificates, certrevlist, new DERSet(signerInfos));
ContentInfo contentInfo = new ContentInfo(PKCSObjectIdentifiers.signedData, sd);
return new CMSSignedData(content, contentInfo);
catch (Exception e) {
throw new Exception(e.getMessage());
}Bye. -
AuthSSLProtocolSocketFactor could not load the certificate from key store
Hello,
I am trying to use this to the mutual authentication.
I create a self signed cert and and imported to a key store. I tried a couple ways to create the cert, but all of them failed when creating AuthSSLProtocolSocketFactory
new AuthSSLProtocolSocketFactory( new URL("file:my.keystore"), "mypassword", new URL("file:my.truststore"), "mypassword")
One of the store which is used for ssl by the Jetty server which is approved works.
The exception is like this:
java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
at java.security.KeyStore.load(KeyStore.java:1185)
at org.apache.commons.ssl.KeyStoreBuilder.tryJKS(KeyStoreBuilder.java:519)
at org.apache.commons.ssl.KeyStoreBuilder.parse(KeyStoreBuilder.java:365)
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:240)
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:232)
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:220)
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:214)
at org.apache.commons.ssl.SSL.<init>(SSL.java:170)
at org.apache.commons.ssl.SSLClient.<init>(SSLClient.java:62)
at org.apache.commons.ssl.HttpSecureProtocol.<init>(HttpSecureProtocol.java:57)
at org.apache.commons.httpclient.contrib.ssl.AuthSSLProtocolSocketFactory.<init>(AuthSSLProtocolSocketFactory.java:175)
Any help will be greatly appreciated!Hello,
I am using the same way as that in this post:
Re: apache commons httpclient - keystore problem
However, it seems the client did not send the cert to sever. BTW, the server is Jetty.
Here is the way how to generate the client cert:
keytool -genkey -alias client-alias -keyalg RSA -keypass password -storepass password -keystore clientStore.jks
keytool -export -alias client-alias -keypass password -storepass password -file client.cer -keystore clientStore.jks
keytool -import -v -trustcacerts -alias client-alias -file client.cer -keypass password -storepass password -keystore cacerts.jks
Here is the exception:
WARNING: EXCEPTION
javax.net.ssl.SSLHandshakeException: null cert chain
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:177)
at com.sun.net.ssl.internal.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1206)
at com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:148)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:630)
at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:488)
2011-02-03 11:05:31,914 [main] granteeId=2 ERROR sms.SendSmsTextsProcess$2 - A unexpected exception occurred processig sms AlertMessage 2
java.lang.RuntimeException: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at org.jboss.resteasy.client.core.ClientInvoker.invoke(ClientInvoker.java:101)
at org.jboss.resteasy.client.core.ClientProxy.invoke(ClientProxy.java:72) -
Key Store error won't allow me to backup, or upgrade OS
I was in the process of upgrading my OS when the phone rang. I didn't answer it but it interupted the upgrade process, and when I tryed it again, it keeps stopping at the part for the Key Store, and it won't go past it. I can't even do a backup. Can anyone help me?
Here is a picture of where it stops. It also says your device has encountered a fatal error. But, once I unplug it from my computer, the phone works fine.Ok one sec. Let me get that info together. I've made several videos in the past using the exact same kinds of photos from the same source and never had this problem before. I never had issues like this with premier elements 3.02 on my desktop computer either. I had elements 9 installed on my desktop and made several videos with no issues until about 6 months before I bought my laptop. My desktop was running windows xp and was pretty old and when I encountered this same problem for the first time on the desktop pc, I decided to just get a laptop thinking that maybe the issue was in my old pc. When I first got my laptop about a year ago, i had the dvd install disks for premier elements 3.02 and just decided to load that on and see how it did first before putting elements 9 on. I made 2 videos with no issues whatsoever and then started getting that same error message and could do nothing without the program shutting itself down. I hadn't made any videos since but decided to make one a few days ago. I tried again with 3.02 and got the same error message so I decided to download and install premier elements 9 and see how that would do. But again, I'm getting the same error message. I just don't understand why it would work one time and then start getting these error messages the next.
-
Apple App Store is used for Account. How to Avoid It? How to Delete All Sharing Preferences?
Every time I go to the Apple App Store, I have intrusion, relentless stalking, piggy back computer usage, ID Theft, Account takeovers, and theft problems on everything including all brands of email accounts. I keep changing the ID and the passwords intermittently, but attacks continue. Erasing or replacing the HD does not remedy the situation either.
As of now, the computer has practically empty; 979.87 GB free out of 1TB. It may have a couple of notes, pdf's, and some bookmarks. It was recently erased and is running on the OS X 10.7.5 to avoid Apple App Store updates to Mavericks, Pages, Keynote, etc. The security was set on everything I could think of to use the internet safely.
Besides surfing the web, I only did a few things. Because Chrome is better recommended, I used Safari to download Firefox, then used Firefox to download Chrome. Safari won't download it directly. I checked Yahoo mail. I used the Apple ID to post a question in the Apple Communities (within 24-48 hours of today). I changed the password to Apple ID in case there was an issue later. (I have to change the password almost 100% of the time because it gets stolen often) I usually erase Firefox because I don't use it. This time I left it there while I worked on other things & erased it later.
After reading some online material, the system started to run slow as though there was too much data or space being taken up. Then I felt that someone or someone was using it at the same time. I disconnected the Ethernet and left an idle screen (it will sleep after a few minutes) because no sharing options remained. All fields are depopulated. All internet connection options were turned off and removed. Only the Ethernet remains. Unfortunately, that Bluetooth button can still be turned "on" and/or "discoverable". I don't know it this will still work with Bluetooth turned off and removed in Sharing. Please clarify that for me.
When I returned, the screen saver was changed. I expected to use a password to get back onto the computer, but no password was needed. I checked the settings and found the password for logging onto an idle & sleeping screen was removed. No one physically changed things around. This was done remotely or through malware.
I checked various system preferences, and found the locks to Sharing was open with some of the components set up for usage (public files, bluetooth, remote apple events, etc.). I tried to change some options, but some items did not move. I tried to lock it but it would not lock. I tried other sys pref screens and found that some of them had been dismantled too.
I tried to open the lock for other changes, but the password to System Preferences was changed.
Is it normal to get a password popup window to LOCK users & groups when it is OPEN? I don't believe you need a password to lock it. Eventually, open locks closed with no chance to immediately reopen it to adjust the preferences (all passwords were changed).
The terminal looks like it was used. No history was found. Reseting Password rejected new passwords. iTunes sharing could not be changed and parental control refused to lock. After waiting an hour or two, was able to lock it. I wonder what it was being used for.
Now that the internet and the network are disconnected (before sending this message), everything is still extremely slow. A single window takes a long time to open. I have no idea what is making it drag and I don't know where to look.
If history is repeating itself, then the computer is set for piracy just like before. Every place I go is watched, all passwords are captured, all files are checked, all email accounts can be stolen, chat and messages are used (email & computer), iTunes will be logged into, other types of accounts are stolen/taken over, and everything I type is read. Any changes will be sabotaged.
I am confident that someone in the Apple Community will have the answers to getting rid of this problem for good. If you don't have all the answers, then perhaps you have good resources and referrals (not speculations or guesses).
I read about apps, software, or devices that either detect or deter this type of problem. What are they and how do they work?
Q- Also, exactly what are the steps to transfer the OS X 10.7.5, Mavericks, and the future Yosemite to a flash drive or disk to avoid future contact with the Apple App Store or using the Apple ID? (external HD's have been sabotaged in the past-via remote or erasing program of some sort)
Q- How to permanently get rid of Messages & Chats
Q- How to permanently remove Dropbox & Public file sharing?
Q- How to permanently remove all sharing options?
Q- Are there other ways to share (codes, commands, etc.) that need be to blocked/fixed/patched? If so, then what are they?
Q- Are computers stalked by IP address? by Network? by computer numbers or codes? or just by traps or their accounts?
Q- Is there a handy, "go to" type of checklist of where to look or what to do when there is a a suspicion of implants in the computer?See Recover your iTunes library from your iPod or iOS device.
tt2
Maybe you are looking for
-
Integrating Oracle EBS and ApEx Aplication with Responsibilities and SSO.
Good day all. I am looking forward from getting somebody 's help, the trouble I am facing is described below: a) I am currently working on SSO with EBS. I mean, my users can connect and work perfectly. b) ApEx is Configured as Application Partner wit
-
from 2..3 weeks,firefox ,even with this beta version,sometime..closes unespectedly (1)... then it is impossible to see a part of a site..the account details of my bank,but with safari is ok (2). when firefox requests to download an update..to fix tro
-
WRT330N Lan ports stopped working!
Randomly stopped working. tried a hard reset, tried flashing...the wireless works, but the 4 lan ports don't. Help?
-
Error Message when iTunes starts
I have had iTunes and an iPod Mini that have worked fine since February 2005 until now. When i tried to open iTunes, the message said: Quicktime Unavailable Quicktime failed to initialize. Error #-2093. Please make sure Quicktime is properly installe
-
Installing error, desktop madness..
Ok This is it: First, from 10.3.9 and Logic Pro 6.4 to 10.4.3 and Logic Pro 7.2 all of this on a G4 dual 800/1.2 GB Ram/Radeon 9200/2 monitors, etc... When installing OSX Tiger, multiple error istalling...then after a while, success Then when install