Problem with socket factory in RMI over SSL in proxy setup
Hi
The following is the setup I have;
1. I have an application in which the server is running in https mode and I have exported my remote objects using ServerSocketFactory and ClientSocketFactory which will create SSLServerSocket and SSLSocket respectively.
2. When I run my connect a client to this server and invoke some method on any of the remote objects, I get the following exception:
java.lang.NullPointerException
at sun.rmi.transport.tcp.TCPConnection.getOutputStream(Unknown Source)
at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)
at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)
at sun.rmi.server.UnicastRef.invoke(Unknown Source)
at com.acme.ems.server.app.main.TestSumImpl_Stub.addOne(Unknown Source)
at com.acme.ems.client.app.tools.EMSHaSftpSettings.okButtonActionPerformed(EMSHaSftpSettings.java:216)
at com.acme.ems.client.app.tools.EMSHaSftpSettings.access$000(EMSHaSftpSettings.java:28)
at com.acme.ems.client.app.tools.EMSHaSftpSettings$1.actionPerformed(EMSHaSftpSettings.java:183)
at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
at java.awt.Component.processMouseEvent(Unknown Source)
at javax.swing.JComponent.processMouseEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Window.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.Dialog$1.run(Unknown Source)
at java.awt.Dialog$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.awt.Dialog.show(Unknown Source)
at com.acme.ems.client.utility.BasicDialog.showContainerInsideDialog(BasicDialog.java:103)
at com.acme.ems.client.app.tools.EMSHaSftpSettings.init(EMSHaSftpSettings.java:322)
at com.adventnet.nms.util.ConsumeKnownEvents.showTheFrame(ConsumeKnownEvents.java:197)
at com.adventnet.nms.util.ConsumeKnownEvents.actionPerformed(ConsumeKnownEvents.java:103)
at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
at javax.swing.AbstractButton.doClick(Unknown Source)
at javax.swing.plaf.basic.BasicMenuItemUI.doClick(Unknown Source)
at javax.swing.plaf.basic.BasicMenuItemUI$Handler.mouseReleased(Unknown Source)
at java.awt.Component.processMouseEvent(Unknown Source)
at javax.swing.JComponent.processMouseEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Window.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)
My understanding is, when invoking remote object's method from the client, a the clientSocketFactory implementation will be called and an SSLSocket will be created for communication between remote server and client. In this case,my guess is somehow the createSocket() method of the clientSocketFactory is returning Null.The question is why?????Any help soon is appreciated.
Note that , we are doing this in a proxy set-up.
I've made a similer post.
I was able to get it working by doing the following
Make sure to add and equals to your RMISocketFactory's
something at least this
public boolean equals(Object obj)
return obj != null && obj.getClass() == this.getClass();
I had to enable the follong cypher suite SSL_DH_anon_WITH_RC4_128_MD5
but this leads to a possible man in the middle attack.
I posted to try and get that resolved. (see ssl lockup on handshake)
Similar Messages
-
hi,
i am trying to connect a remote machine with rmi over ssl. but i got the following exceptions;
java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is:
Caused by: javax.net.ssl.SSLKeyException: RSA premaster secret error
Caused by: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/PKCS1Padding
Caused by: java.lang.IllegalArgumentException: can't support mode ECB
i am using jdk1.5.0. i have tried many samples but i have not run them successfully however they were running successfully in j2sdk1.4.2.
also i downloaded the bouncycastle provider but it did not work.
is there anybody who knows about a running sample about rmi and ssl in jdk1.5.0? please send me....
email: [email protected]Hi!
I know it's not the exactly right topic, but I've nearly the same problem with a https connection for a webService. I'm not using turkish locale, I'm using BouncyCastle and the "Unlimited Strength" policy files. I've no problems if i start my application with eclipse, starting it with jdk1.5.0_03\jre\bin\java or jre1.5.0_03\bin\java form commandline i get the same stacktrace:
javax.net.ssl.SSLKeyException: RSA premaster secret error
Caused by: javax.net.ssl.SSLKeyException: RSA premaster secret error
Caused by: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/PKCS1Padding
Caused by: java.lang.IllegalArgumentException: can't support mode ECB
if i try to get the cipher with
Cipher c = Cipher.getInstance("RSA/ECB/PKCS1Padding");
I'll get the same stacktrace, with
Cipher c = Cipher.getInstance("RSA/ECB/PKCS1Padding", "BC");
i works fine, but I've no idea how to run this code out of axis...
Thanks & Regards
Helmut -
RMI over SSL under Web Start can't find trusted certificate
I have implemented RMI over SSL to get a Java EJB Client application talking to a JRun server over SSL. It works fine from the command line, but when I try to run it as a Web Start application, I get
java.security.cert.CertificateException: Couldn't find trusted certificate
(More complete stack trace below)
I am using a test certificate, not one from a bona fide CA.
I have tried putting the key store file in one of the jars used by the application, and adding:
<argument>-Djavax.net.ssl.trustStore=jssecacerts</argument>
and
<argument>-Djavax.net.ssl.trustStore=jar:http://ip/app/xxx/lib/JarWithCacs.jar!/jssecacerts</argument>
to no avail.
If I copy the jssecacerts to Web Start's jre/lib/security directory, it works fine.
I have seen other postings that say to use keytool to update the JRE used by Web Start, but that kind of defeats the purpose of Web Start: zero admin client. I can't touch each user's machine.
I have seen other posts saying to implement a more relaxed trust manager, but that doesn't seem right either.
I am using JDK 1.4.1_02b6 on Win2k. This should be irrelevant: JRun 4 sp1a.
Is there a way to specify the jssecacerts file in the jnlp file so Web Start will recognize it?
Thanks for any help,
JohnI think I have an answer:
1) Package the truststore file in the client JAR file
2) Add code to the client to copy the truststore from the JAR file to the client hard drive
3) Add code to the client to set the truststore properties to refer to the file on the client hard drive
<<code>>
private void setupTrustStore() {
try {
// save truststore file to local disk
File homeDir = new File(System.getProperty("user.home"));
File trustStoreFile = new File(homeDir, "mytruststore");
URL url =
this.getClass().getClassLoader().getResource("mytruststore");
BufferedInputStream in =
new BufferedInputStream(url.openStream());
BufferedOutputStream out =
new BufferedOutputStream(new FileOutputStream(trustStoreFile));
while(true) {
int data = in.read();
if(data < 0) break;
out.write(data);
in.close();
out.flush();
out.close();
// set truststore properties
System.setProperty("javax.net.ssl.trustStore",
trustStoreFile.getPath());
System.setProperty("javax.net.ssl.trustStorePassword", "mypasswd");
} catch(Exception e) {
e.printStackTrace();
} -
[Java 1.4.2] Rmi over SSL : bind/rebind hangs
Hello everybody,
I am trying to test client/server communication with RMI over an SSL layer, as explained here .
Here is my server class :
package rmitest.server;
import java.rmi.registry.*;
import java.rmi.*;
import rmitest.client.RMISSLClientSocketFactory;
import java.rmi.server.RMIClientSocketFactory;
import java.rmi.server.RMIServerSocketFactory;
import java.rmi.registry.LocateRegistry;
import java.rmi.server.*;
import java.io.IOException;
public class Hello extends UnicastRemoteObject implements HelloInterface
public Hello(RMIClientSocketFactory csf, RMIServerSocketFactory ssf) throws RemoteException
//super();
super(1099, csf, ssf);
System.out.println("Initialisation de Hello OK.");
public int sayHello()
try {
System.out.println("Hello, World !");
return 0;
catch (Exception e)
e.printStackTrace();
return 1;
public static void main(String[] args)
try
System.setSecurityManager(new RMISecurityManager());
RMIClientSocketFactory csf = new RMISSLClientSocketFactory();
RMIServerSocketFactory ssf = new RMISSLServerSocketFactory();
HelloInterface myHello = new Hello(csf, ssf);
Registry reg = LocateRegistry.getRegistry("lat203", 1099, csf);
reg.rebind("HelloInterface", myHello);
System.out.println("The server is ready.");
catch (RemoteException e)
e.printStackTrace();
catch (Exception e)
e.printStackTrace();
}My problem is, the program hangs in the rebind(...) instruction. Would anybody have a clue ?
Here is the stack just before it hangs :
{codeThread [main] (Stepping)
UnicastRef2(UnicastRef).newCall(RemoteObject, Operation[], int, long) line: 313
RegistryImpl_Stub.rebind(String, Remote) line: not available
Hello.main(String[]) line: 56
Thread [Thread-1] (Running) }Thank you by advance.
Edited by: le_barde on Oct 17, 2008 6:45 AMOk I settled that in the client socket factory. Here is what it looks like :
package com.infotel.rmitest.client;
import java.io.*;
import java.net.*;
import java.rmi.server.*;
import javax.net.ssl.*;
import sun.security.util.Debug;
public class RMISSLClientSocketFactory
implements RMIClientSocketFactory, Serializable {
public Socket createSocket(String host, int port)
throws IOException
SSLSocketFactory factory = (SSLSocketFactory)SSLSocketFactory.getDefault();
SSLSocket socket = (SSLSocket)factory.createSocket(host, port);
String[] strtab = {"TLSv1", "SSLv3"};
socket.setEnabledProtocols(strtab);
System.out.println("---> before handshake");
socket.startHandshake();
System.out.println("---> after handshake.");
return socket;
public int hashCode()
return getClass().hashCode();
public boolean equals(Object obj)
if (obj == this)
return true;
else if (obj == null || getClass() != obj.getClass())
return false;
return true;
}I haven't modified my Server socket factory.
The client still hangs but the messages are different as I have removed the SSLv2ClientHello :
>
(lots of trusted certificates...)
init context
trigger seeding of SecureRandom
done seeding SecureRandom
---> before handshake
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1225125230 bytes = { 150, 101, 222, 255, 92, 207, 52, 204, 48, 37, 184, 89, 56, 39, 207, 230, 8, 210, 1, 235, 137, 48, 202, 242, 203, 4, 61, 91 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 73
0000: 01 00 00 45 03 01 49 06 ED 6E 96 65 DE FF 5C CF ...E..I..n.e..\.
0010: 34 CC 30 25 B8 59 38 27 CF E6 08 D2 01 EB 89 30 4.0%.Y8'.......0
0020: CA F2 CB 04 3D 5B 00 00 1E 00 04 00 05 00 2F 00 ....=[......../.
0030: 33 00 32 00 0A 00 16 00 13 00 09 00 15 00 12 00 3.2.............
0040: 03 00 08 00 14 00 11 01 00 .........
main, WRITE: TLSv1 Handshake, length = 73
(Here the client hangs; this is the point when I kill the JVM)>
Now my server output (I don't give the verbose certificates):
>
trigger seeding of SecureRandom
done seeding SecureRandom
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, SEND TLSv1 ALERT: warning, description = close_notify
Finalizer, WRITE: TLSv1 Alert, length = 2
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, SEND TLSv1 ALERT: warning, description = close_notify
Finalizer, WRITE: TLSv1 Alert, length = 2
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, SEND TLSv1 ALERT: warning, description = close_notify
Finalizer, WRITE: TLSv1 Alert, length = 2
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, SEND TLSv1 ALERT: warning, description = close_notify
Finalizer, WRITE: TLSv1 Alert, length = 2
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, SEND TLSv1 ALERT: warning, description = close_notify
Finalizer, WRITE: TLSv1 Alert, length = 2
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, SEND TLSv1 ALERT: warning, description = close_notify
Finalizer, WRITE: TLSv1 Alert, length = 2
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, SEND TLSv1 ALERT: warning, description = close_notify
Finalizer, WRITE: TLSv1 Alert, length = 2
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, SEND TLSv1 ALERT: warning, description = close_notify
Finalizer, WRITE: TLSv1 Alert, length = 2
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, SEND TLSv1 ALERT: warning, description = close_notify
Finalizer, WRITE: TLSv1 Alert, length = 2
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, SEND TLSv1 ALERT: warning, description = close_notify
Finalizer, WRITE: TLSv1 Alert, length = 2
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, SEND TLSv1 ALERT: warning, description = close_notify
Finalizer, WRITE: TLSv1 Alert, length = 2
* SERVER INITIALIZED *
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, SEND TLSv1 ALERT: warning, description = close_notify
Finalizer, WRITE: TLSv1 Alert, length = 2
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, SEND TLSv1 ALERT: warning, description = close_notify
Finalizer, WRITE: TLSv1 Alert, length = 2
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, SEND TLSv1 ALERT: warning, description = close_notify
Finalizer, WRITE: TLSv1 Alert, length = 2
etc. -
There seems to be a problem with the plastic cpu clip i work as a tech in a computer store we build many systems with msi boards, the plastic clip on the 915G series most times has fallen off and pins in the cpu socket have been damaged.
You should use a plastic insert under the cpu hood to prevent it from falling off.Quote
Not sure either why DelUK thinks this is not a suitable topic for this forum.
Probably because Del interpreted "You should use a plastic insert under the cpu hood to prevent it from falling off." to mean that "You" was MSI, and not the members of this forum. Oddly enough, I interpreted this the same way. I don't see where Del indicated the topic was not suitable, though.
As Del said, and as mentioned in the Forum Rules, MSI does not participate here. If you feel there is a manufacturing problem, contact MSI directly. -
Hello,
I have a problem with a java socket.
I have a server application that generate random number.
I my client application, I connected to server application and red the random number.
My problem is in my application client only read one time. After this, the socket server application close.
How to do the server socket wait a new request from my client application?Put your accept in a while ....
while (!this.interrupted()) {
Socket socket;
try {
socket = serverSocket.accept();
if (this.isInterrupted()) {
return;
new ClientConnection(); ///////Do your thing here ...
} catch (IOException e) {
return;
HOPE this helps -
Problem with importing and creating self signed SSL certificate
Mac Pro, 10.7.2 Server. Attempting to import or create a self signed certificate for use as ichat.domain.com to encrypt iChat service. Server is acutally called server.domain.com but has an alias of ichat.domain.com. I understand that this is probably not best practice but I would like to keep things this way since we have one server, run multiple services on it, but want to continue to connect to each service at SERVICE.domain.com. We have been using this type of mismatched certificate with success since 10.4 or so.
I am working through setup of 10.7 Server to replace our 10.6 server.
Tried upgrade of 10.6 to 10.7 installation. The installation made a mess of some services and our Open Directory, but did move the certificate over and allowed iChat service to function properly.
Clean install and setup of 10.7 Server. Exported self signed certificate, private key, and encryption password from 10.6 Server and functioning 10.7 upgraded Server.
On import or manual creation of certificate get the following error:
Error
Check your server's logs for more information. The error (code 5001) was: Expected SecKeychainItemImport to return a SecIdentityRef, but it did not
Log shows:
Dec 29 17:56:55 server servermgrd[498]: -[CertsRequestHandler(HelperAdditions) importP12Data:passphrase:error:]: importedItems = (
"<SecCertificate 0x7fcf6ed43c00 [0x7fff78d96f40]>"
I have tried importing and manually creating other certificates with a variety of names with success. I assume that there is something buried somewhere that is causing this particular one to be a problem. Other than manually removing any remnants of the certificate from /etc/certficates I do not have any ideas what to try. I am essentially ready to move this server to 10.7 except for this problem and would like to avoid a reinstall.
Suggestions?
-ErichTake a look here.
https://bbs.archlinux.org/viewtopic.php?id=146649
Maybe it's a problem with your network. -
Apple Banned me, because of a very weird problem with my "Factory Unlocked"
Hi Everybody! Im having a very weird problem with my unlocked iphone 4.
First of all, i would like to apologize because of my english, is not very good. My native language is Spanish.
Well.. Im from Mexico, and here we can buy the iphone Unlocked on the Apple Online Store.
Here's my problem. Apple has exchanged my iphone 3 times.
I returned the iphone the first time because the screen was totally yellowish, other than that everything was working great!, that was by the end of September.
On October 20th, i recieved my second iphone, and then a bigger problem started .
Before i continue, let me give you this information: here in Mexico we have basically 3 cell phone companies
1.- Telcel
2.- Movistar
3.- Unefon
OK, now on october 20th, i recieved my second iphone, and then procced to activate via itunes using my UNEFON sim card (microsim).
And every time i tried to activate it, only got this message onscreen:
http://i148.photobucket.com/albums/s2/jorgelomeli/Screenshot2010-10-29at24915PM. png
I though something was wrong with my brand new factory unlocked iphone 4.
I have 4 more simcards from my brothers (they all had iphone 4 too)
I tried telcel sim card, and i could activate my iphone. Then i insterted the Movistar microsim, and it worked too!! But then when i put the Unefon sim, the itunes logo inmediatly appears on the screen asking to activate on itunes, and when i tried that, the only response i got was the image above saying " The Simcard inserted on this iphone does not appear to be supported"
Weird thing here is, that, when i put my Unefon sim card on my brothers iphone 4, it worked great! on all of them, internet 3g, phone, wireless , evrything!
I called apple support, and they exchange the iphone for another one.
I recieved the third iphone on October 29. Last friday. and guess what? SAME PROBLEM! different serial number, same week production (week 42) but exactly the same message on itunes.
Very, very frustrated, i called apple again, and after 1 hour with thechnical support, they told me " We are sorry, but we can only offer you, your money back, NO MORE EXCHANGES FOR YOU"
I said why?... i dont want my money back! i want an UNLOCKED iphone!, but they refuse to give me another iphone.
When i asked techincal support, why my unefon sim card worked great on all three of my brothers iphone but not on mine, he just told me, "I really dont know, i guess they just got lucky" ****, this answer put all my trust i had on apple products for years, right on the garbage.
Since they refused to give me another iphone, i accepted my money back, and inmediatly after i finished the call, i asked my brother to buy me one more time an iphone 4 using his name, and his credit card. Now i have to wait until November 8-12 to recieve my new iphone, hoping this time i get a REAL UNLOCKED iphone, and not a partially unlocked iphone.
btw. i even went to Unefon costumer service and bought a new prepiad line, with a new microsim, just to be 100% sure that this problem is not because of the sim. And again didnt worked on my iphone, but it worked on any of my brothers iphone4.
Serial numbers of the 3 iphones:
79039C0U* (this one worked great with Unefon, only problem was yellow screen)
85042GR4*
81042FJB*
What do you suggest me? any info would be really aprecciated
FYI i also restore 4 times the last iphone and nothing seemed to work, i use 3 different computers, Macbook Pro, iMac, and an Hp with Windows 7, and the same message on all three computers.
Wierd thing also, one of my brothers bougth an iphone 4 this last week too, but he bought the 16Gb not the 32Gb. His iphone production week is 42 also! and when i put my Unefon sim in his iphone works great!
I dont know what else i can do, I just need to have faith that my new iphone coming this november will be real unlocked, but what if i'll recieve an iphone and then the same problem?? time for android? just kidding really guys, what can i do? anyone with similar problem like me? i dont wanna use Telcel or Movistar, i wanna use Unefon, and thats why i bought an Unlocked iphone
btw: jailbreak is not a solution for me, because i always like to use legal software on all my apple products, and because of the warranty.According to http://support.apple.com/kb/HT1937, there are two official carriers in Mexico (Movistar and Telcel) and neither carrier offers an unlocked phone.
-
AD Password Sync connector 9.1.1 With OIM 11g R2 - ERROR OVER SSL
I have set up AD password sync with from AD to OIM 11G R2
The password syncs from AD to OIM 11G R2 on non ssl port 389.
But if fails on SSL Port 636.
Errors in OIMMain.Log:_
Debug [10/11/2012 10:49:34 AM] Inside ConnectToADSI
Debug [10/11/2012 10:49:34 AM]
ldap_connect failed with
Debug [10/11/2012 10:49:34 AM] Server Down
Debug [10/11/2012 10:49:34 AM]
Steps Carried Out thus far:_
AD is up and running.
Configured AD Password Sync Connector on 636 and selected ssl.
Created Certificate on OIM host, configured custom identity key store on weblogic. Restarted Weblogic.
Imported Certificate to AD. After this, restarted the AD
I can Telnet port 636 from OIM Box and also connect to AD through LDAP Browser on 636 and view OU and CN, so this seems fine.
Provisioning from OIM through Connector Server to AD works over SSL and this works fine.
Help would be appreciated.
Many ThanksThis question is now been fixed.
Instead of explicitly stating 636 for SSL,
Use the same port 389 for ssl and also configured oim port to be 140001 which is the ssl port for oim in the configuration of OIM Password Sync.
Export Certificates from AD to java security keystore and to weblogic keystore
Export .pem certificate created on OIM host machine to AD.
Restart weblogic, oim and AD
Everything would work fine.
For all the other information, refer to doc.
Thanks -
HT4589 Problems with FX Factory after updating
I just updated to FCPX 10.0.6, but as soon as I did it I started having some problems with third party plugins, such as Luca's Visual Effects by FX Factory. This both on my MAcBook Retina 15" and my MacPro Early 2008. After rendering, strange things happen to the clips: black gaps, transitions out of sync, etc. Does the same happen to someone else?
Thank You
FilippoFilippo,
Yes, I made several posts to another thread about seeing pink and green flashes on the screen. I too use (and love) Tonalizer and have been in touch with them. I am using Lion 10.7.5 on a mid year 2011 MacBook Pro with 256mb of video memory. The Tonalizer people said that they haven't seen this on machines with 512mb of video memory, but since it work for me and others before it should work now unless Apple has made some changes and not informed their third party vendors. I'm not working on a paying project, but I am not happy about this. -
Problems with open an Indesign-Document over Network
Hallo,
we have a specialized problem with opening indesign-documents over network. Our users works with windows-pc (windows7) and adobe CS5 and CS6 and they will use there documents which are on our macserver 4.0 which works on OS X 10.10.2.
Sometimes the usurers become this Message
Wouldn't work indesign proberly on windows with documents which are on a macserver?
Please help me.
best regards
chris mueller@Naga Sai J – you cannot open an InDesign CS4 file in the previous version.
But you can export an exchange file format for InDesign CS3.
Go to File/Export and chose INX for export: "InDesign CS3 Interchange-Format (INX)"
That .inx file could be opened with InDesign CS3.
After opening the .inx file, examine it well!
Some things might have changed (things regarding to newer or changed features from InDesign CS4).
Uwe -
Problems with FLAC 5.1 audio over HDMI and mpv
The last mpv update (0.7) seems to have changed the way it gets info about the audio playback device.
Last week, I could play videos with FLAC 5.1 audio over HDMI without any problem. My .asoundrc was just:
pcm.!default {
type hw
card 0
device 3
But after the last update, if I try to play a video while the default pcm device is set to HDMI, I get this error:
mpv: ../audio/chmap_sel.c:89: mp_chmap_sel_add_map: Assertion `s->num_chmaps < (sizeof(s->chmaps) / sizeof((s->chmaps)[0]))' failed.
Aborted (core dumped)
I tried downmixing, since the problem seems the number of channels.
I added this to my .asoundrc:
pcm.!surround51 {
type vdownmix
slave.pcm "default"
pcm.!surround40 {
type vdownmix
slave.pcm "default" {
Now mpv starts without errors but I hear no sound.
Everything is fine in mplayer, even without the downmixing in .asoundrc
What should I add to my .asoundrc so that mpv recognises the playback device correctly?
Last edited by x_nik2468 (2014-11-29 12:10:40)andreyv wrote:It will be fixed in mpv 0.7.1.
So this is merely a mpv problem.
Good to know, I'll just wait for the update -
Problem with socket cross domain
Hi guys,
This is my cross domain file:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for xmlsocket://socks.example.com -->
<cross-domain-policy>
<site-control permitted-cross-domain-policies="*"/>
<allow-access-from domain="localhost" to-ports="80" />
</cross-domain-policy>
I am placing it in my server.
From flex i am running this:
Security.loadPolicyFile("my server address");
And yet I am getting this event:
SecurityErrorEvent type="securityError" bubbles=false cancelable=false eventPhase=2 text="Error #2048"
What can I do?Hello ILikeMyScreenNameNdCoffee,
I had the same problem with XMLSocket and I used a policy server that runs
on the remote server on port 843 and from Flex I load file before connecting
the xmlsocket Security.loadPolicyFile("my server address:843"). If you want
I can upload a version of my policy server or you can use the server policy
from here
http://www.broculos.net/tutorials/how_to_make_a_multi_client_flash_java_server/20080320/en
Also you can read here more about file policy:
http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_04.html.
On Thu, Aug 19, 2010 at 5:40 PM, ILikeMyScreenNameNdCoffee <[email protected] -
Problem with socket permissions!
Hi All!
I'm developing an applet that displays an image after downlading it from a server; this server is different from the server I download the applet from, so I have problems with security. In fact I get the following exception:
java.security.AccessControlException: access denied (java.net.SocketPermission 172.16.1.22:8080 connect,resolve)
I'm using:
- Java Plugin 1.3;
- Netscape 7.0;
- IE 6;
I've tried to self-sign the applet but with no results (maybe I cannot use selfsigned certificate with java plugin 1.3);
After that I've created a new policy file ("MyPolicy" file)and mentioned it into:
C:\Program Files\JavaSoft\JRE\1.3.1_03\lib\security\java.policy
but it didn't resolve my problem (maybe I'm doing something wrong in creating my policy file??!!).
Which steps do I have to follow in order to make my applet connect to images server without security problems?
Thanks so much in advance,
Carlo1. Compile the applet
2. Create a JAR file
3. Generate Keys
4. Sign the JAR file
5. Export the Public Key Certificate
6. Import the Certificate as a Trusted Certificate
7. Create the policy file
8. Run the applet
Susan
Susan bundles the applet executable in a JAR file, signs the JAR file, and exports the public key certificate.
1. Compile the Applet
In her working directory, Susan uses the javac command to compile the SignedAppletDemo.java class. The output from the javac command is the SignedAppletDemo.class.
javac SignedAppletDemo.java
2. Make a JAR File
Susan then makes the compiled SignedAppletDemo.class file into a JAR file. The -cvf option to the jar command creates a new archive (c), using verbose mode (v), and specifies the archive file name (f). The archive file name is SignedApplet.jar.
jar cvf SignedApplet.jar SignedAppletDemo.class
3. Generate Keys
Susan creates a keystore database named susanstore that has an entry for a newly generated public and private key pair with the public key in a certificate. A JAR file is signed with the private key of the creator of the JAR file and the signature is verified by the recipient of the JAR file with the public key in the pair. The certificate is a statement from the owner of the private key that the public key in the pair has a particular value so the person using the public key can be assured the public key is authentic. Public and private keys must already exist in the keystore database before jarsigner can be used to sign or verify the signature on a JAR file.
In her working directory, Susan creates a keystore database and generates the keys:
keytool -genkey -alias signFiles -keystore susanstore -keypass kpi135 -dname "cn=jones" -storepass ab987c
This keytool -genkey command invocation generates a key pair that is identified by the alias signFiles. Subsequent keytool command invocations use this alias and the key password (-keypass kpi135) to access the private key in the generated pair.
The generated key pair is stored in a keystore database called susanstore (-keystore susanstore) in the current directory, and accessed with the susanstore password (-storepass ab987c).
The -dname "cn=jones" option specifies an X.500 Distinguished Name with a commonName (cn) value. X.500 Distinguished Names identify entities for X.509 certificates.
You can view all keytool options and parameters by typing:
keytool -help
4. Sign the JAR File
JAR Signer is a command line tool for signing and verifying the signature on JAR files. In her working directory, Susan uses jarsigner to make a signed copy of the SignedApplet.jar file.
jarsigner -keystore susanstore -storepass ab987c -keypass kpi135 -signedjar SSignedApplet.jar SignedApplet.jar signFiles
The -storepass ab987c and -keystore susanstore options specify the keystore database and password where the private key for signing the JAR file is stored. The -keypass kpi135 option is the password to the private key, SSignedApplet.jar is the name of the signed JAR file, and signFiles is the alias to the private key. jarsigner extracts the certificate from the keystore whose entry is signFiles and attaches it to the generated signature of the signed JAR file.
5. Export the Public Key Certificate
The public key certificate is sent with the JAR file to the whoever is going to use the applet. That person uses the certificate to authenticate the signature on the JAR file. To send a certificate, you have to first export it.
The -storepass ab987c and -keystore susanstore options specify the keystore database and password where the private key for signing the JAR file is stored. The -keypass kpi135 option is the password to the private key, SSignedApplet.jar is the name of the signed JAR file, and signFiles is the alias to the private key. jarsigner extracts the certificate from the keystore whose entry is signFiles and attaches it to the generated signature of the signed JAR file.
5: Export the Public Key Certificate
The public key certificate is sent with the JAR file to the whoever is going to use the applet. That person uses the certificate to authenticate the signature on the JAR file. To send a certificate, you have to first export it.
In her working directory, Susan uses keytool to copy the certificate from susanstore to a file named SusanJones.cer as follows:
keytool -export -keystore susanstore -storepass ab987c -alias signFiles -file SusanJones.cer
Ray
Ray receives the JAR file from Susan, imports the certificate, creates a policy file granting the applet access, and runs the applet.
6. Import Certificate as a Trusted Certificate
Ray has received SSignedApplet.jar and SusanJones.cer from Susan. He puts them in his home directory. Ray must now create a keystore database (raystore) and import the certificate into it. Ray uses keytool in his home directory /home/ray to import the certificate:
keytool -import -alias susan -file SusanJones.cer -keystore raystore -storepass abcdefgh
7. Create the Policy File
The policy file grants the SSignedApplet.jar file signed by the alias susan permission to create newfile (and no other file) in the user's home directory.
Ray creates the policy file in his home directory using either policytool or an ASCII editor.
keystore "/home/ray/raystore";
// A sample policy file that lets a JavaTM program
// create newfile in user's home directory
// Satya N Dodda
grant SignedBy "susan"
permission java.security.AllPermission;
8. Run the Applet in Applet Viewer
Applet Viewer connects to the HTML documents and resources specified in the call to appletviewer, and displays the applet in its own window. To run the example, Ray copies the signed JAR file and HTML file to /home/aURL/public_html and invokes Applet viewer from his home directory as follows:
Html code :
</body>
</html>
<OBJECT classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93"
width="600" height="400" align="middle"
codebase="http://java.sun.com/products/plugin/1.3/jinstall-13-win32.cab#Version=1,3,1,2">
<PARAM NAME="code" VALUE="SignedAppletDemo.class">
<PARAM NAME="archive" VALUE="SSignedApplet.jar">
<PARAM NAME="type" VALUE="application/x-java-applet;version=1.3">
</OBJECT>
</body>
</html>
appletviewer -J-Djava.security.policy=Write.jp
http://aURL.com/SignedApplet.html
Note: Type everything on one line and put a space after Write.jp
The -J-Djava.security.policy=Write.jp option tells Applet Viewer to run the applet referenced in the SignedApplet.html file with the Write.jp policy file.
Note: The Policy file can be stored on a server and specified in the appletviewer invocation as a URL.
9. Run the Applet in Browser
Download JRE 1.3 from Javasoft -
Problem with socket connection in midp 2.0
hello everyone.
I'm new one in j2me and I am learning socket connection in j2me. I'm using basic socket,datagram example wich is come with sun java wireless toolkit 2.5. for it i wrote small socket server program on c# and tested it example on my pc and its working fine. also socket server from another computer via internet working fine. But when i instal this socket example into my phone on nokia n78 (Also on nokia 5800) it's not working didn't connect to socket server.. On phone I'm using wi-fi internet. Can anybody help me with this problem? I hear it's need to modify manifest file and set appreciate pressions like this
MIDlet-Permissions: javax.microedition.io.Connector.socket,javax.microedition.io.Connector.file.write,javax.microedition.io.Connector.ssl,javax.microedition.io.Connector.file.read,javax.microedition.io.Connector.http,javax.microedition.io.Connector.https
is it true?
can anybody suggest me how can i solve this problem?
where can I read full information about socket connection specifiecs in j2me?
Thanks.Maybe this can be helpful:
[http://download-llnw.oracle.com/javame/config/cldc/ref-impl/midp2.0/jsr118/index.html]
you can check there the Datagram interface anda DatagramConnection interface and learn a little about that.
If the client example runs fine in the wireless toolkit emulator, it should run the same way in your phone; i suggest to try to catch some exception that maybe is hapenning and display it on a Alert screen, this in the phone.
Maybe you are looking for
-
Which GUI elements do I need to use in this example?
Hi, I'm new to J2ME development, and i'm looking to make a simple MIDlet which retrieves a list of items via Bluetooth. The Bluetooth part of this is irrelevant for the time being, I would like to make a skeletal GUI for this system first. I know the
-
GUI_DOWNLOAD field seperator not appering in downloaded data
Hi Experts, I am dowladong data on presentation server using GUI_DOWNLOAD fm . the write fieldseperator i have passed is '|' which is no appearing at end of each record . below is my code CALL FUNCTION 'GUI_DOWNLOAD' EXPORTING filenam
-
Reliable SCSI card for G4 tower (Quicksilver or other G4 tower) with OS 9 ?
Good morning. I am trying to setup a G4 Quicksilver (or another slower G4 tower) under OS 9 to be able to use a very nice Epson wide format scanner (no OS X drivers available). It has only a SCSI Centronics 50 pin connector. 1. Is there a reliable an
-
Vmware tools for fc10 fail to compile some modules
I'm running esxi 3.5 u3 - when I try to install vmware tools on fedora core 10 (linux kernel 2.6.27.5). vmmemctl breaks: os.c: 590 erro struct proc_dir_entry has no member named get_info vmghfs breaks: bdhandler.c:29:27: erro: asm/semaphore.h : no
-
When I sync my devices its starts to sync then it says "canceling sync" how do I fix this problem?, I am running iOS7 on my devices and the newest version of iTunes on my MacBook Pro with Mavericks.