Problem using SSL with JMX
Hi ,
I am trying to implement SSL with JMX. I took the example of Luis Miguel Alventosa to see how it works. I imported all the classes, password a access properties file. When I am able to start the MyApp server in the example. But when I am trying to run MyClient, it is giving me the following exception
Initialize the environment map
Create an RMI connector client and connect it to the RMI connector server
Exception in thread "main" java.rmi.ConnectIOException: Exception creating connection to: <IP>; nested exception is:
java.net.SocketException: Default SSL context init failed: null
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(Unknown Source)
at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)
at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)
at sun.rmi.server.UnicastRef.newCall(Unknown Source)
at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
at com.example.MyClient.main(MyClient.java:30)
Caused by: java.net.SocketException: Default SSL context init failed: null
at javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown Source)
at javax.rmi.ssl.SslRMIClientSocketFactory.createSocket(Unknown Source)
... 6 moreHere is the MyApp code I used
package com.example;
import java.lang.management.*;
import java.rmi.registry.*;
import java.util.*;
import javax.management.*;
import javax.management.remote.*;
import javax.management.remote.rmi.*;
import javax.rmi.ssl.*;
public class MyApp {
public static void main(String[] args) throws Exception {
// Ensure cryptographically strong random number generator used
// to choose the object number - see java.rmi.server.ObjID
System.setProperty("java.rmi.server.randomIDs", "true");
// Start a secure RMI registry on port 3000.
System.out.println("Create a secure RMI registry on port 3000");
SslRMIClientSocketFactory csf = new SslRMIClientSocketFactory();
SslRMIServerSocketFactory ssf = new SslRMIServerSocketFactory(null, null, true);
Registry registry = LocateRegistry.createRegistry(3000, csf, ssf);
// Retrieve the PlatformMBeanServer.
System.out.println("Get the platform's MBean server");
MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();
// Environment map.
System.out.println("Initialize the environment map");
Map<String,Object> env = new HashMap<String,Object>();
// Provide the password file used by the connector server to
// perform user authentication. The password file is a properties
// based text file specifying username/password pairs.
env.put("jmx.remote.x.password.file", "password.properties");
// Provide the access level file used by the connector server to
// perform user authorization. The access level file is a properties
// based text file specifying username/access level pairs where
// access level is either "readonly" or "readwrite" access to the
// MBeanServer operations.
env.put("jmx.remote.x.access.file", "access.properties");
// Create and start an RMI connector server.
// As specified in the JMXServiceURL the RMIServer stub will be
// registered in the RMI registry running in the local host on
// port 3000 with the name "jmxrmi". This is the same name the
// out-of-the-box management agent uses to register the RMIServer
// stub too.
// JMXServiceURL = "service:jmx:rmi:///jndi/rmi://:3000/jmxrmi"
System.out.println("Create and start an RMI connector server");
JMXServiceURL url = new JMXServiceURL("service:jmx:rmi://");
RMIJRMPServerImpl server = new RMIJRMPServerImpl(3000, csf, ssf, env);
RMIConnectorServer cs = new RMIConnectorServer(url, env, server, mbs);
cs.start();
registry.bind("jmxrmi", server);
System.out.println("Waiting for incoming connections...");
}Here is the MyClient
package com.example;
import java.rmi.registry.*;
import java.util.*;
import javax.management.*;
import javax.management.remote.rmi.*;
import javax.rmi.ssl.SslRMIClientSocketFactory;
public class MyClient {
public static void main(String[] args) throws Exception {
// Environment map
System.out.println("\nInitialize the environment map");
Map<String,Object> env = new HashMap<String,Object>();
// Provide the credentials required by the server to successfully
// perform user authentication
String[] credentials = new String[] { "username" , "password" };
env.put("jmx.remote.credentials", credentials);
// Create an RMI connector client and
// connect it to the RMI connector server
System.out.println("\nCreate an RMI connector client and " +
"connect it to the RMI connector server");
SslRMIClientSocketFactory csf = new SslRMIClientSocketFactory();
Registry registry = LocateRegistry.getRegistry(null, 3000, csf);
RMIServer stub = (RMIServer) registry.lookup("jmxrmi");
RMIConnector jmxc = new RMIConnector(stub, env);
jmxc.connect(env);
// Get an MBeanServerConnection
System.out.println("\nGet an MBeanServerConnection");
MBeanServerConnection mbsc = jmxc.getMBeanServerConnection();
// Get domains from MBeanServer
System.out.println("\nDomains:");
String domains[] = mbsc.getDomains();
for (int i = 0; i < domains.length; i++) {
System.out.println("\tDomain[" + i + "] = " + domains);
// Get MBean count
System.out.println("\nMBean count = " + mbsc.getMBeanCount());
// Close MBeanServer connection
System.out.println("\nClose the connection to the server");
jmxc.close();
System.out.println("\nBye! Bye!");
Here is the password.properties
monitorRole mrpasswd
controlRole crpasswdand access.properties
monitorRole readonly
controlRole readwriteI used the following jvm parameters to run the apps
-Djavax.net.ssl.keyStore=.keystore -Djavax.net.ssl.keyStorePassword=keypass -Djavax.net.ssl.trustStore=proxytruststore -Djavax.net.ssl.trustStorePassword=trustpassI really don't know where I am doing the mistake. Can anyone please give any idea ? For security I didnt disclosed the IP of my mechine in the error, insted I replace it with <IP>
Hi,
I assume you did create a keystore and trustore, right?
Could you verify that the paths to these files you give in your java options
are correct?
You could also try to activate debug traces - in particular security traces - see
at the end of this blog:
http://blogs.sun.com/jmxetc/entry/troubleshooting_connection_problems_in_jconsole
This may help you diagnose what is going wrong.
Hope this helps,
-- daniel
JMX, SNMP, Java, etc...
http://blogs.sun.com/jmxetc
Similar Messages
-
Any Problems using SSL with Safari and the move with Internet explorer to require only TLS encryption.
Hi .
Apple no longer supports Safari for Windows if that's what you are asking > Apple apparently kills Windows PC support in Safari 6.0
Microsoft has not written IE for Safari for many years. -
Problem Using Multiple With Statements
I'm having a problem using multiple WITH statements. Oracle seems to be expecting a SELECT statement after the first one. I need two in order to reference stuff from the second one in another query.
Here's my code:
<code>
WITH calculate_terms AS (SELECT robinst_current_term_code,
CASE
WHEN robinst_current_term_code LIKE '%60' THEN robinst_current_term_code - '40'
WHEN robinst_current_term_code LIKE '%20' THEN robinst_current_term_code - '100'
END first_term,
CASE
WHEN robinst_current_term_code LIKE '%60' THEN robinst_current_term_code - '100'
WHEN robinst_current_term_code LIKE '%20' THEN robinst_current_term_code - '160'
END second_term
FROM robinst
WHERE robinst_aidy_code = :aidy)
/*Use terms from calculate_terms to generate attendance periods*/
WITH gen_attn_terms AS
SELECT
CASE
WHEN first_term LIKE '%60' THEN 'Fall '||substr(first_term,0,4)
WHEN first_term LIKE '%20' THEN 'Spring '||substr(first_term,0,4)
END first_attn_period,
CASE
WHEN second_term LIKE '%60' THEN 'Fall '||substr(second_term,0,4)
WHEN second_term LIKE '%20' THEN 'Spring '||substr(second_term,0,4)
END second_attn_period
FROM calculate_terms
SELECT *
FROM gen_attn_terms
<code>
I get ORA-00928: missing SELECT keyword error. What could be the problem?You can just separate them with a comma:
WITH calculate_terms AS (SELECT robinst_current_term_code,
CASE
WHEN robinst_current_term_code LIKE '%60' THEN robinst_current_term_code - '40'
WHEN robinst_current_term_code LIKE '%20' THEN robinst_current_term_code - '100'
END first_term,
CASE
WHEN robinst_current_term_code LIKE '%60' THEN robinst_current_term_code - '100'
WHEN robinst_current_term_code LIKE '%20' THEN robinst_current_term_code - '160'
END second_term
FROM robinst
WHERE robinst_aidy_code = :aidy),
/*Use terms from calculate_terms to generate attendance periods*/
gen_attn_terms AS
SELECT
CASE
WHEN first_term LIKE '%60' THEN 'Fall '||substr(first_term,0,4)
WHEN first_term LIKE '%20' THEN 'Spring '||substr(first_term,0,4)
END first_attn_period,
CASE
WHEN second_term LIKE '%60' THEN 'Fall '||substr(second_term,0,4)
WHEN second_term LIKE '%20' THEN 'Spring '||substr(second_term,0,4)
END second_attn_period
FROM calculate_terms
)Not tested because there are no scripts. -
Problem using Toplink with JUnit
Hi,
I have a problem using Toplink with JUnit. Method under test is very simple: it use a static EntityManager object to open a transaction and persists data to db. When I invoke the method from a test method, it gives me the exception:
java.lang.AssertionError
at oracle.toplink.essentials.ejb.cmp3.persistence.PersistenceUnitProcessor.computePURootURL(PersistenceUnitProcessor.java:248)
at oracle.toplink.essentials.ejb.cmp3.persistence.PersistenceUnitProcessor.findPersistenceArchives(PersistenceUnitProcessor.java:232)
at oracle.toplink.essentials.ejb.cmp3.persistence.PersistenceUnitProcessor.findPersistenceArchives(PersistenceUnitProcessor.java:216)
at oracle.toplink.essentials.internal.ejb.cmp3.JavaSECMPInitializer.initialize(JavaSECMPInitializer.java:239)
at oracle.toplink.essentials.internal.ejb.cmp3.JavaSECMPInitializer.initializeFromMain(JavaSECMPInitializer.java:278)
at oracle.toplink.essentials.internal.ejb.cmp3.JavaSECMPInitializer.getJavaSECMPInitializer(JavaSECMPInitializer.java:81)
at oracle.toplink.essentials.ejb.cmp3.EntityManagerFactoryProvider.createEntityManagerFactory(EntityManagerFactoryProvider.java:119)
at javax.persistence.Persistence.createEntityManagerFactory(Persistence.java:83)
at javax.persistence.Persistence.createEntityManagerFactory(Persistence.java:60)
at it.valerio.electromanager.model.EntityFacade.<clinit>(EntityFacade.java:12)
at it.valerio.electromanager.business.ClienteBiz.insertIntoDatabase(ClienteBiz.java:36)
at it.valerio.electromanager.test.model.ClienteTest.insertDBTest(ClienteTest.java:30)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.junit.internal.runners.TestMethodRunner.executeMethodBody(TestMethodRunner.java:99)
at org.junit.internal.runners.TestMethodRunner.runUnprotected(TestMethodRunner.java:81)
at org.junit.internal.runners.BeforeAndAfterRunner.runProtected(BeforeAndAfterRunner.java:34)
at org.junit.internal.runners.TestMethodRunner.runMethod(TestMethodRunner.java:75)
at org.junit.internal.runners.TestMethodRunner.run(TestMethodRunner.java:45)
at org.junit.internal.runners.TestClassMethodsRunner.invokeTestMethod(TestClassMethodsRunner.java:66)
at org.junit.internal.runners.TestClassMethodsRunner.run(TestClassMethodsRunner.java:35)
at org.junit.internal.runners.TestClassRunner$1.runUnprotected(TestClassRunner.java:42)
at org.junit.internal.runners.BeforeAndAfterRunner.runProtected(BeforeAndAfterRunner.java:34)
at org.junit.internal.runners.TestClassRunner.run(TestClassRunner.java:52)
at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:38)
at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:460)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:673)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:386)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:196)
Where is the problem???
Regards,
ValerioEntityFacade class is very simple and it uses a static EntityManager object. Here the code:
public class EntityFacade {
private static EntityManager em = Persistence.createEntityManagerFactory("ElectroManager").createEntityManager();
private static Logger logger=Logger.getLogger(EntityFacade.class);
public static void insertCliente(Cliente c)
logger.debug("Inserisco cliente nel db: " + c);
em.getTransaction().begin();
c.setId(getNextIdForTable("Cliente"));
em.persist(c);
em.getTransaction().commit();
If I call the method from inside a main it works well, so I think the problem is not the classpath neither the URL in the persistence.xml. However the URL is:
<property name="toplink.jdbc.url" value="jdbc:derby:c:/programmi/ElectroManager/db/electroManager"/>
I use the latest build version of TopLink.
Thanks. -
Configuring SquirrelMail to use SSL with SMTP
I ran the conf.pl script to have SquirrelMail access my IMAP server via SSL, and everything works.
I then tried to use SSL with SMTP as well but when I used SquirrelMail to send mail, I got an error saying "Can't open SMTP stream". What is the correct setting to tell conf.pl to use?
I had secure SMTP enabled and chose CRAM-MD5 for the authentication method.
I actually have my web server and smtp server on the same machine, so this is more of a hypothetical question. In the end I turned off secure SMTP and set authentication back to none.
BenI don't have access to logs right now, but to answer your other question, SSL works fine when sending from Mail.
But with Mail, I supply the username and password; which user does SquirrelMail use to send? -
Problem using ViewObject with bc4j:table
Hello !!
This is the query of my ViewObject:
select * from speiseplan order by jahr desc, kw desc;
and everything works fine in the BC4J tester:
jahr kw
2003 52
2003 7
2003 3
2002 51
But in my uix page the rows are not correctly sorted:
jahr kw
2003 3
2003 7
2003 52
2002 51
What's going wrong here?
Thanks for your help.
Regards,
MareikeDuplicate post.
Original problem using ViewObject with <bc4j:table> -
Problems using iCloud with Mountain Lion on iMac8,1
problems using iCloud with Mountain Lion on iMac8,1 - about 5J old - iMac gets slower and slower - total free memory is used in some minutes - no more reaction on input
Download > http://codykrieger.com/gfxCardStatus Open it and select Integrated Only. It's a bug with NVIDIA graphic cards
-
Problem using HTTPService with SSL
I have seen a lot of messages talking about problems with
HTTPService and SSL (https) regarding Flex 1.5.
What I would like to know is if there are any similar issues
in Flex 2? I am using HTTPService to access an https address
through a reverse proxy and am getting an IO error (streaming
error) for reasons beyond me. The first thing I want to know is
whether there are any obvious bugs or required work-arounds when
using HTTPService with SSL.
thanksI had problems with IE6+HTTPS+Flex 2.
I had to set the HTTP header on server side.
Cache-Control
no-store, no-cache, must-revalidate, post-check=0,
pre-check=0
Java code:
response.setHeader("Cache-Control", "no-store, no-cache,
must-revalidate, post-check=0, pre-check=0");
Lacito -
Problems Using Viber with new iPhone 4S
When I try and use VIber with my new iPhone is says push notifications are not enabled, even though I've enabled them. I've also tried deleting and reinstalling viber several times, along with restarting the phone. Is anyone else having the same problem and does anyone have any suggestions of something else I could do?
Hi,
This is a member of Viber's development team.
@libbyfromchristchurch - Please check: http://helpme.viber.com/index.php?/Knowledgebase/Article/View/38/0/push-notifica tions-for-iphone---how-to-enable
@quyenfromseattle - This is a known issue which will be resolved shortly. Make sure that you stay current with our version updates.
It may help to change 'banners' to 'alerts' on Viber's Push Notification settings as a temporary workaround.
Thank you for your patience! -
Problem using ipod with itunes 5.0.1
Could anyone help me?? I'm having serious problems using my ipod mini with my "just downloaded" itunes 5.0.1.
it says that my comunication software with ipod is not correctly installed and that i have to reinstall itunes again. i did it the problem is always there. what can i do?? can someone help me??Man, it seems that iTunes 5.whatever has gotten us all a little hot under the collar. I'm back up and running...this is what I did...I hope it helps some of you out.
1) created a new folder in MyMusic and copied everything from my iTunes library to the new folder. I then tested a few songs to make sure they still played (you never know)
2) I deleted iTunes using the control panel selection Add/Delete programs. I emptied the recycle gin and then did a search to see that iTunes was no longer there.
3) I went to filehippo.com to download iTunes 4.8 (my original disks are packed (Thank you to poster Allison for the filehippo.com suggestion).
4) I copied all my songs back into iTunes from where I had stored them in the new folder I created in MyMusic)
5) I connected the iPod Mini and opened iTunes and darn if it STILL didn't recognize the iPod
6) I did a restore on the iPod
7) I reconnected the iPod and had to reregister it and Voila! it worked again!!!!
Whatever the new features were in ver. 5.01, they were NOT worth the hassle I've experienced over the past two weeks. I'll stick with version 4.8 for awhile. -
Problem using SmartCard with 2 Certificates stored and SunPKCS11
Hi,
I'm trying to access one SmartCard token in Java 1.5 using SunPKCS11 provider for crypt, decrypt and digital signature operations.
I have 2 certificates stored on Token:
- CertA;
- CertB.
There are also 2 PIN:
- PIN1;
- PIN2.
I use:
- PIN1 for logging into the token;
- PIN1 for operation involving CertA;
- PIN2 for operation involving CertB;
There is no problem to logging into the token using Java and, without any troubles, I can read certificates and key from the
cryptographic card.
There is no problem using CertA for all my operation, but every attempt of using Private Key of CertB (for the same operations) returns with an Exception:
java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DEVICE_ERROR
Here there's an extract of my source code.
public void loginToken() {
Provider UserProvider = new sun.security.pkcs11.SunPKCS11(C:\\pkcs11.cfg);
Security.addProvider(UserProvider);
try {
KeyStore ks = null;
X509Certificate UserCert = null;
PrivateKey UserCertPrivKey = null;
PublicKey UserCertPubKey = null;
//PIN
char PIN1[] = "11111".toCharArray();
char PIN2[] = "22222".toCharArray();
//logging into token
ks = KeyStore.getInstance("PKCS11", UserProvider);
ks.load(null, PIN1);
//enumeration alias
String alias = "";
Enumeration e = ks.aliases();
while (e.hasMoreElements()) {
alias = (String) e.nextElement();
//Certificate
UserCert = (X509Certificate) ks.getCertificate(alias);
//PublicKey
UserCertPubKey = (PublicKey) ks.getCertificate(alias).getPublicKey();
if (alias.compareToIgnoreCase("Cert1") == 0) {
//PrivateKey reference
UserCertPrivKey = (PrivateKey) ks.getKey(alias, PIN1);
} else if (alias.compareToIgnoreCase("Cert2") == 0) {
//PrivateKey reference
UserCertPrivKey = (PrivateKey) ks.getKey(alias, PIN2);
} else {
System.out.println("ALIAS UNKNOW");
System.exit(1);
//Signature Test
if (!MakeSignature(UserCertPrivKey, UserProvider))
System.out.println(" *** SIGNATURE OK *** ");
else
System.out.println(" *** SIGNATURE KO *** ");
catch (Exception ex) {
System.out.println("ERROR: " + ex);
public boolean MakeSign(PrivateKey PrivKey, Provider p) {
try {
//File I/O
FileInputStream txtfis = new FileInputStream("C:\\Test.txt");
FileOutputStream sigfos = new FileOutputStream("C:\\Test_Signature.txt");
//Signature Obj init
Signature dsa = Signature.getInstance("SHA1withRSA", p.getName());
dsa.initSign(PrivKey);
//Update data
BufferedInputStream bufin = new BufferedInputStream(txtfis);
byte[] buffer = new byte[1024];
int len;
while (bufin.available() != 0) {
len = bufin.read(buffer);
dsa.update(buffer, 0, len);
bufin.close();
//Make signature
byte[] realSig = dsa.sign();
//save signature on file
sigfos.write(realSig);
sigfos.close();
return true;
catch (Exception ex) {
System.out.println("ERROR: " + ex);
return false;
Any help would be grateful...
Thanks in advance.
P.S. Sorry for my EnglishThis is the same my initial problem.
I resolved it using IAIK-PKCS#11Wrapper (it is FREE) insted of sun.security.pkcs11.SunPKCS11.
You can find it here:
http://jce.iaik.tugraz.at/sic/products/core_crypto_toolkits/pkcs_11_wrapper
Here an exemple of code.
The main class:
import iaik.pkcs.pkcs11.Module;
import iaik.pkcs.pkcs11.DefaultInitializeArgs;
import java.util.Hashtable;
import iaik.pkcs.pkcs11.Token;
import iaik.pkcs.pkcs11.Slot;
import iaik.pkcs.pkcs11.Session;
import iaik.pkcs.pkcs11.objects.RSAPrivateKey;
import java.util.Vector;
import iaik.pkcs.pkcs11.objects.PrivateKey;
import iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate;
import java.util.Enumeration;
import iaik.pkcs.pkcs11.objects.Key;
import java.security.cert.CertificateFactory;
import java.io.ByteArrayInputStream;
import iaik.pkcs.pkcs11.Mechanism;
import java.security.Security;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import java.io.File;
import java.io.FileInputStream;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.CMSProcessableByteArray;
import java.util.ArrayList;
import java.security.cert.CertStore;
import java.security.cert.CollectionCertStoreParameters;
import org.bouncycastle.cms.CMSSignedData;
import java.io.FileOutputStream;
import java.security.cert.X509Certificate;
import iaik.pkcs.pkcs11.TokenInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
public class MakeSignature {
public static void main(String[] args) {
String USER_PIN = "12345678";
String DLL_NAME = "C:\\windows\\system32\\dll_P11_name.dll";
String OBJ_LABEL1 = "CNS0"; //this is the label of my 1th cert
String OBJ_LABEL2 = "CNS1"; //this is the label of my 2th cert
String INPUT_FILE = "C:\\Temp\\test.txt";
String OUTPUT_FILE = "C:\\Temp\\test.p7m";
try {
// ********** INITIALIZE PKCS#11 MODULE WITH DEFAULT PARAMETERS **********
Module pkcs11Module = Module.getInstance(DLL_NAME);
pkcs11Module.initialize(new DefaultInitializeArgs());
// ********** SELECT TOKEN **********
Slot[] slotsWithToken = pkcs11Module.getSlotList(Module.SlotRequirement.TOKEN_PRESENT);
Token[] tokens = new Token[slotsWithToken.length];
Hashtable tokenIDtoToken = new Hashtable(tokens.length);
long tokenID = -1;
Token tokenUsed = null;
//enum readers
for (int i = 0; i < slotsWithToken.length; i++) {
tokens[i] = slotsWithToken.getToken();
tokenID = tokens[i].getTokenID();
tokenIDtoToken.put(new Long(tokenID), tokens[i]);
System.out.println("Active tokens:");
System.out.println("Token ID: " + tokenID);
if (tokens.length == 0) { //No SC found
System.out.println("No SC presents");
else {
System.out.println("Using token: " + tokens[0].getTokenID());
tokenUsed = tokens[0];
//Note: if you have more reader and more SC inserted, you have to write
//here the code for select the right token
// ********** OPEN SESSION VS THE TOKEN AND IF REQUIRED SUBMIT PIN **********
TokenInfo tokenInfo = tokenUsed.getTokenInfo();
Session session = tokenUsed.openSession(Token.SessionType.SERIAL_SESSION, false, null, null);
if (tokenInfo.isLoginRequired()) {
session.login(Session.UserType.USER, USER_PIN.toCharArray());
// ********** SET SEARCH TEMPLATE FOR THE P11 OBJECT **********
RSAPrivateKey privateSignatureKeyTemplate = new RSAPrivateKey();
privateSignatureKeyTemplate.getSign().setBooleanValue(Boolean.TRUE);
privateSignatureKeyTemplate.getLabel().setCharArrayValue(OBJ_LABEL2.toCharArray());
// ********** SEARCH P11 OBJECT USING TEMPLATE **********
Vector keyList = new Vector(4);
session.findObjectsInit(privateSignatureKeyTemplate);
Object[] matchingKeys;
while ( (matchingKeys = session.findObjects(1)).length > 0) {
keyList.addElement(matchingKeys[0]);
session.findObjectsFinal();
//Try to find the corresponding certificates for the signature keys
Hashtable keyToCertificateTable = new Hashtable(4);
Enumeration keyListEnumeration = keyList.elements();
while (keyListEnumeration.hasMoreElements()) {
PrivateKey signatureKey = (PrivateKey) keyListEnumeration.nextElement();
byte[] keyID = signatureKey.getId().getByteArrayValue();
X509PublicKeyCertificate certificateTemplate = new X509PublicKeyCertificate();
certificateTemplate.getId().setByteArrayValue(keyID);
session.findObjectsInit(certificateTemplate);
Object[] correspondingCertificates = session.findObjects(1);
if (correspondingCertificates.length > 0) {
keyToCertificateTable.put(signatureKey, correspondingCertificates[0]);
session.findObjectsFinal();
//There are three cases now: 1 no obj found; 2 found only one obj, 3 found more obj
Key selectedKey = null;
X509PublicKeyCertificate correspondingCertificate = null;
//no object found for template
if (keyList.size() == 0) {
System.out.println("No object found for template");
throw new Exception("No object found for template");
//Founf only one object
else if (keyList.size() == 1) {
selectedKey = (Key) keyList.elementAt(0);
// create a IAIK JCE certificate from the PKCS11 certificate
correspondingCertificate = (X509PublicKeyCertificate)keyToCertificateTable.get(selectedKey);
System.out.println("One object Found");
//Found more object ... user can select one
else {
System.out.println("Many obj found!!!");
//write here the code for select the right object
// ********** GET THE OBJECT **********
RSAPrivateKey signerPriKey = (RSAPrivateKey) selectedKey;
java.security.cert.CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
byte[] derEncodedCertificate = correspondingCertificate.getValue().getByteArrayValue();
//Cast to java.security.cert.X509Certificate
java.security.cert.X509Certificate signerCert = (java.security.cert.X509Certificate) certificateFactory.
generateCertificate(new ByteArrayInputStream(derEncodedCertificate));
// ********** SIGNATURE OPERATION **********
//Add BouncyCastle as provider
Security.addProvider(new BouncyCastleProvider());
//initialize signature operation
session.signInit(Mechanism.RSA_PKCS, (PrivateKey) signerPriKey);
//get input data
File src = new File(INPUT_FILE);
int sizecontent = ( (int) src.length());
byte[] contentData = new byte[sizecontent];
FileInputStream freader = new FileInputStream(src);
freader.read(contentData, 0, sizecontent);
freader.close();
//calculate digest of the input data
byte[] toEncrypt = buildBits(contentData); //I've already posted the code for this function
//make signature
byte[] signature = session.sign(toEncrypt);
// ********** MAKE P7 WELL FORMAT DOCUMENT **********
//CMSSignedDataGenerator fact = new CMSSignedDataGenerator();
Signature2CMSSignedData fact = new Signature2CMSSignedData();
CMSProcessableByteArray content = new CMSProcessableByteArray(contentData);
//Creation of BC CertStore
ArrayList certList = new ArrayList();
certList.add(signerCert);
CertStore certs = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList), "BC");
//Signature Alg
String algorithm = CMSSignedDataGenerator.DIGEST_SHA1;
//add element to P7
fact.addSignature(signature, signerCert, algorithm);
fact.addCertificatesAndCRLs(certs);
//generate enveloped using Bouncycastle provider
CMSSignedData envdata = fact.generate(PKCSObjectIdentifiers.data.getId(), content, true);
byte[] enveloped = envdata.getEncoded();
//Write P7 file
FileOutputStream efos = new FileOutputStream(OUTPUT_FILE);
efos.write(enveloped);
efos.close();
// ********** END **********
session.closeSession();
pkcs11Module.finalize(null);
catch (Exception ex) {
ex.printStackTrace();
}Main class uses buildBits function (already posted in this topic) and Signature2CMSSignedData class.import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.security.cert.CertStore;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.BERConstructedOctetString;
import org.bouncycastle.asn1.DEREncodable;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import org.bouncycastle.asn1.cms.SignedData;
import org.bouncycastle.asn1.cms.SignerIdentifier;
import org.bouncycastle.asn1.cms.SignerInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.CertificateList;
import org.bouncycastle.asn1.x509.TBSCertificateStructure;
import org.bouncycastle.asn1.x509.X509CertificateStructure;
import org.bouncycastle.cms.CMSProcessable;
import org.bouncycastle.cms.CMSSignedData;
* class for generating a RSA pkcs7-signature message.
public class Signature2CMSSignedData2 {
CertStore certStore;
List certs = new ArrayList();
List crls = new ArrayList();
List signerInfs = new ArrayList();
List signers = new ArrayList();
public static final String DATA = PKCSObjectIdentifiers.data.getId();
public static final String ENCRYPTION_RSA = "1.2.840.113549.1.1.1";
private byte[] signatureData = null;
private X509Certificate cert = null;
private String digestOID = null;
private String encOID = null;
public Signature2CMSSignedData2() {
public void addSignature(byte[] signatureData, X509Certificate cert, String digestOID) {
this.signatureData = signatureData;
this.cert = cert;
this.digestOID = digestOID;
this.encOID = ENCRYPTION_RSA;
public void addCertificatesAndCRLs(CertStore certStore) throws Exception{
try {
Iterator it = certStore.getCertificates(null).iterator();
while (it.hasNext()) {
X509Certificate c = (X509Certificate) it.next();
certs.add(new X509CertificateStructure((ASN1Sequence) makeObj(c.getEncoded())));
Iterator it2 = certStore.getCRLs(null).iterator();
while (it2.hasNext()) {
X509CRL c = (X509CRL) it2.next();
crls.add(new CertificateList((ASN1Sequence) makeObj(c.getEncoded())));
catch (Exception e) {
throw new Exception(e.getMessage());
private DERObject makeObj(byte[] encoding) throws Exception {
if (encoding == null) {
return null;
ByteArrayInputStream bIn = new ByteArrayInputStream(encoding);
ASN1InputStream aIn = new ASN1InputStream(bIn);
return aIn.readObject();
public CMSSignedData generate(String signedContentType, CMSProcessable content, boolean encapsulate) throws Exception {
try {
ASN1EncodableVector digestAlgs = new ASN1EncodableVector();
ASN1EncodableVector signerInfos = new ASN1EncodableVector();
DERObjectIdentifier contentTypeOID = new DERObjectIdentifier(signedContentType);
// add the SignerInfo objects
Iterator it = signerInfs.iterator();
AlgorithmIdentifier digAlgId = new AlgorithmIdentifier(new DERObjectIdentifier(digestOID), new DERNull());
AlgorithmIdentifier encAlgId;
encAlgId = new AlgorithmIdentifier(new DERObjectIdentifier(encOID), new DERNull());
digestAlgs.add(digAlgId);
ASN1Set signedAttr = null;
ASN1Set unsignedAttr = null;
ASN1OctetString encDigest = new DEROctetString(signatureData);
ByteArrayInputStream bIn = new ByteArrayInputStream(cert.getTBSCertificate());
ASN1InputStream aIn = new ASN1InputStream(bIn);
TBSCertificateStructure tbs = TBSCertificateStructure.getInstance(aIn.readObject());
IssuerAndSerialNumber encSid = new IssuerAndSerialNumber(tbs.getIssuer(), tbs.getSerialNumber().getValue());
signerInfos.add(new SignerInfo(new SignerIdentifier(encSid), digAlgId, signedAttr, encAlgId, encDigest, unsignedAttr));
ASN1Set certificates = null;
if (certs.size() != 0) {
ASN1EncodableVector v = new ASN1EncodableVector();
it = certs.iterator();
while (it.hasNext()) {
v.add( (DEREncodable) it.next());
certificates = new DERSet(v);
ASN1Set certrevlist = null;
if (crls.size() != 0) {
ASN1EncodableVector v = new ASN1EncodableVector();
it = crls.iterator();
while (it.hasNext()) {
v.add( (DEREncodable) it.next());
certrevlist = new DERSet(v);
ContentInfo encInfo;
if (encapsulate) {
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
content.write(bOut);
ASN1OctetString octs = new BERConstructedOctetString(bOut.toByteArray());
encInfo = new ContentInfo(contentTypeOID, octs);
else {
encInfo = new ContentInfo(contentTypeOID, null);
SignedData sd = new SignedData(new DERSet(digestAlgs), encInfo, certificates, certrevlist, new DERSet(signerInfos));
ContentInfo contentInfo = new ContentInfo(PKCSObjectIdentifiers.signedData, sd);
return new CMSSignedData(content, contentInfo);
catch (Exception e) {
throw new Exception(e.getMessage());
}Bye. -
Problem using workflow with ess leave requests
Hello, I have been experiencing some problems using wf for approval with leave request in ess.
I customized ws12300111 for request approval and it is working fine. But when we try to cancel a request in ess, there are strange things happening:
- If the request is in status sent: the workflow gets in error.
- If the request is already in db: it starts a new workflow (ws12300111).
We don't want this because we have customized ws12300111 only for new requests. I have tried to customize absences in SPRO so that onlu new requests start the WS12300111, Onlu new requests have the workflow field filled with 12300111, but even like that, the WS12300111 starts whenever that is a cancelling or modification of a request.
I have also tried using a different workflow for canceliing (WS12400007), but in this case there is an error in ess when we try to submit.
This is really annoying, I have tried everything...Hello,
"If the request is in status sent: the workflow gets in error."
Please always say what the error is.
" If the request is already in db: it starts a new workflow (ws12300111"
You first have to find out how this is done. Look in SWEL, it's probably via some sort of CHANGED event.
regards
Rick Bakker
hanabi technology -
Is it possible to use SSL with LDAP, but not rest of Hyperion environment?
Hello Experts,
We need to encrypt the user credentials passed between LDAP and Shared Services. For this, I believe, we need to use SSL. And for that, we need to SSL enable the Web App Server that Shared Services runs off? If we enable SSL on this, is it possible to continue using non-SSL versions of App & Web servers in the rest of the Hyperion environment? This is because SSL will cause a negative impact to performance, and we want to reduce that impact as much as possible.
Environment:
Shared Services 9.3.1.0.7 on WebSphere Application Server 6.0.2.11 on Windows 2003
Planning 9.3.1.1
Essbase 9.3.1
HFM 9.3.1
BI+ 9.3.1
Please Suggest. Thanks in advance.
Regards,
SonuBoth windows and osx do a few things that can cause problems, they do what you say, they assume that you will connect to the same network you last connected and try to use the same configuration, they try to skip most steps like dhcp and arp and it will probably work fine if it actually is the same network and no one else got the same IP otherwise they will have to go through all the steps.
I have seen a blog post describing the differences a while ago but now I can't find it and I don't remember how I got there, I guess that if you search long enough you might stumble upon some description of this. From what I remember, the short story is that on linux programs go by the book and try to be good neighbors, windows and osx don't and they can cause trouble just for the sake of shaving a few seconds of the time to get connected, the thing is most of the times it works fine -
Trying to login over a form using ssl with ldap
i am trying to loging over a form using ssl. i have kept the cacert at the specified /usr/java/jdk1.5.0_03/jre/lib/security/cacerts.
i am getting this error.
javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
kindly help it is urgent.
Regards,A possible reason for this is the requirement for something in the 'Path' field such as public_html - some ISPs don't use this, some do, or something different. This is a folder in your server space, and its contents represent the published webspace, so if you don't have the path when it's required you are publishing to a level on the server one above what outsiders can read. This is something you'd have to check with Easyspace.
-
I have problem using sbh50 with sony z1
when i use sbh50 with my z1 during call the screen stays on I want it off how can i solv this problem ?????
Try settings-apps-all-smart connect,force stop and clear data.Restart the phone.
All we have to decide is what to do with the time that is given to us - J.R.R. Tolkien
Maybe you are looking for
-
How do I restore an iPhoto library from Time Capsule
My iMac was stolen. I have a MacBook Air running Yosemite version 10.10.2. The iPhoto Library was not on the MacBook. How do I restore my iPhoto Library from a Time Machine backup on my Time Capsule onto my MacBook? I am using iPhoto version 9.6.1. T
-
ERROR-With non-valuated GR, please also enter GR indicator
Hi, We are on SRM 5.0 SP12,Extended Classic scenario. For all PO's which have no follow on docs created,whenever the Confirmation-Related Invoice Verification (GR_BASEDIV) and Confirm Performance of Service/Goods Receipt(GR_IND) fields are changed,th
-
Subject: Cannot see the characteristic/variable in a query
I am in a query designer. I am looking at query 0TCT_MC21_Q404. It sees under Characteristic Restriction, A characteristic 0CALWEEK which is restricted by the variable 0CWEEK-26-0CWEEK which is last 26 weeks. My problem is I do not see this any where
-
Hi all, I have designed main window as such it matches the statinary requirements. the mainwindow has BOX command so it is like table of 2 rows and 5 columns. The database fields present in the script gets displayed on the mainwindow
-
I've written a pl/sql block report and I'd like to add it to the OMS reports. Are there any examples or hints on how to do this ? Thanks