I was trying to deploy Signal Server according to the guidelines here.
Link
Everything was success in the build part. But when i run the service using this command
java -jar service/target/TextSecureServer-3.21.jar server service/config/config.yml
I am getting below errors.
INFO [2020-09-10 04:52:48,319] io.dropwizard.server.DefaultServerFactory: Registering jersey handler with root path prefix: /
INFO [2020-09-10 04:52:48,320] io.dropwizard.server.DefaultServerFactory: Registering admin handler with root path prefix: /
org.bouncycastle.openssl.PEMException: problem parsing cert: java.security.cert.CertificateException: java.lang.IllegalArgumentException: unknown object in factory: org.bouncycastle.asn1.DERUnknownTag
at org.bouncycastle.openssl.PEMReader$X509CertificateParser.parseObject(Unknown Source)
at org.bouncycastle.openssl.PEMReader.readObject(Unknown Source)
at org.whispersystems.textsecuregcm.push.RetryingApnsClient.initializeCertificate(RetryingApnsClient.java:76)
at org.whispersystems.textsecuregcm.push.RetryingApnsClient.<init>(RetryingApnsClient.java:49)
at org.whispersystems.textsecuregcm.push.APNSender.<init>(APNSender.java:70)
at org.whispersystems.textsecuregcm.WhisperServerService.run(WhisperServerService.java:246)
at org.whispersystems.textsecuregcm.WhisperServerService.run(WhisperServerService.java:151)
at io.dropwizard.cli.EnvironmentCommand.run(EnvironmentCommand.java:44)
at io.dropwizard.cli.ConfiguredCommand.run(ConfiguredCommand.java:87)
at io.dropwizard.cli.Cli.run(Cli.java:78)
at io.dropwizard.Application.run(Application.java:94)
at org.whispersystems.textsecuregcm.WhisperServerService.main(WhisperServerService.java:406)
Caused by: java.security.cert.CertificateException: java.lang.IllegalArgumentException: unknown object in factory: org.bouncycastle.asn1.DERUnknownTag
at org.bouncycastle.jce.provider.JDKX509CertificateFactory.engineGenerateCertificate(Unknown Source)
at java.base/java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:355)
... 12 more
Caused by: java.lang.IllegalArgumentException: unknown object in factory: org.bouncycastle.asn1.DERUnknownTag
at org.bouncycastle.asn1.x509.AlgorithmIdentifier.getInstance(Unknown Source)
at org.bouncycastle.asn1.x509.TBSCertificateStructure.<init>(Unknown Source)
at org.bouncycastle.asn1.x509.TBSCertificateStructure.getInstance(Unknown Source)
at org.bouncycastle.asn1.x509.X509CertificateStructure.<init>(Unknown Source)
at org.bouncycastle.asn1.x509.X509CertificateStructure.getInstance(Unknown Source)
at org.bouncycastle.jce.provider.JDKX509CertificateFactory.readDERCertificate(Unknown Source)
... 14 more
Anyone know the exact issue here ?
Also i didnt change serverSecret & serverPublic under zkConfig. (I dont know how to get these). What it does mean by * # zkgroup config, run using your build jar * as in the documentation ?
Problem solved. This exception came due to improper PEM format of reading cerKey file. Anyhow current crtKey form is PEM only, but it need a extended form of PEM.
i used below command to generate it.
openssl rsa -in cert.key -outform PEM -out cert.key
Then all above errors were disappeared.
I did enter the above command but i got this error
Can't open cert.key for reading, No such file or directory
140021811573184:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:72:fopen('cert.key','r')
140021811573184:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:79:
unable to load Private Key
and I did everything I could I generated all kind of certificate I could find on Internet but no change in result. could you please tell me what to do it's so important to me. thanks alot
Related
I am trying to connect a Java client to a non-Java server via GRPC-SSL. I am able to connect to the server when not using SSL. When I try to create the ManagedChannel using a SSL context (using the provided pem file), I get the exception below (same pem file works with a NodeJS client).
ManagedChannel channel = NettyChannelBuilder.forAddress("localhost", 10010)
.sslContext(GrpcSslContexts.forClient().trustManager(new File("./test/myprivkey.pem")).build())
.build();
Exception from trustManager call:
Exception in thread "main" java.lang.IllegalArgumentException: File does not contain valid certificates: /Users/continue/IdeaProjects/git/test/build/resources/main/keys/myprivkey.pem
at io.netty.handler.ssl.SslContextBuilder.trustManager(SslContextBuilder.java:162)
at com.test.io.grpc.test.client.Connection.getSslContext(Connection.java:65)
at com.test.io.grpc.test.client.Connection.getSecure(Connection.java:41)
at com.test.io.grpc.mgcs.client.TestClient.<init>(TestClient.java:36)
at com.test.io.grpc.test.client.TestClient.main(TestClient.java:89)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:147)
Caused by: java.security.cert.CertificateException: found no certificates in input stream
at io.netty.handler.ssl.PemReader.readCertificates(PemReader.java:98)
at io.netty.handler.ssl.PemReader.readCertificates(PemReader.java:64)
at io.netty.handler.ssl.SslContext.toX509Certificates(SslContext.java:999)
at io.netty.handler.ssl.SslContextBuilder.trustManager(SslContextBuilder.java:160)
build.gradle relevant section
compile 'io.netty:netty-tcnative-boringssl-static:1.1.33.Fork26'
Any ideas what might be causing the issue or how to troubleshoot this further?
I was reading the wrong file as the certificate file for building the SslContext. Replacing the incorrect input with the right certificate file fixed the issue.
If your cert is from DNSSimple I found I needed to do
openssl pkcs8 -topk8 -nocrypt -in original.key -out new_key.key.pcks8
To convert the format of the key. :(
I am getting this below error when trying to access an WSDL endpoint.
First I have created the client jar using cliengen ant task and then created a simple java class to test the wsdl end point and I am getting below error-
javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
at java.io.BufferedOutputStream.write(BufferedOutputStream.java:105)
at java.io.FilterOutputStream.write(FilterOutputStream.java:80)
at weblogic.webservice.binding.soap.HttpClientBinding.writeToStream(HttpClientBinding.java:430)
at weblogic.webservice.binding.soap.HttpClientBinding.send(HttpClientBinding.java:219)
at weblogic.webservice.core.handler.ClientHandler.handleRequest(ClientHandler.java:37)
at weblogic.webservice.core.HandlerChainImpl.handleRequest(HandlerChainImpl.java:143)
at weblogic.webservice.core.ClientDispatcher.send(ClientDispatcher.java:231)
at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:143)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:471)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:457)
at weblogic.webservice.core.rpc.StubImpl._invoke(StubImpl.java:303)
Can anyone help?
I was able to get resolve the exception by updating \Oracle\Middleware\user_projects\domains\my_domain\bin\setDomainEnv.cmd with below commands
set JAVA_OPTIONS=%JAVA_OPTIONS% -DUseSunHttpHandler=true -Dssl.SocketFactory.provider=sun.security.ssl.SSLSocketFactoryImpl -Dssl.ServerSocketFactory.provider=sun.security.ssl.SSLSocketFactoryImpl
Fixed this issue by adding following lines in JVM arguments.
-Dweblogic.security.SSL.nojce=true
-Dweblogic.ssl.JSSEEnabled=true
-Dweblogic.security.SSL.enableJSSE=true
Don't forget to recycle JVM. :)
I was getting similar when trying to upload a file to an S3 Bucket on AWS from a WebLogic application. I added the following lines
JAVA_OPTIONS="${JAVA_OPTIONS} -DUseSunHttpHandler=true -Dssl.SocketFactory.provider=sun.security.ssl.SSLSocketFactoryImpl -Dssl.ServerSocketFactory.provider=sun.security.ssl.SSLSocketFactoryImpl"
just before this command
JAVA_OPTIONS="${JAVA_OPTIONS}"
export JAVA_OPTIONS
in
\Oracle\Middleware\user_projects\domains\my_domain\bin\setDomainEnv.cmd
and my issue was resolved. Just make sure to restart WebLogic after the amendment.
Add this in startup params
-DUseSunHttpHandler=true
-Dssl.SocketFactory.provider=sun.security.ssl.SSLSocketFactoryImpl
-Dssl.ServerSocketFactory.provider=sun.security.ssl.SSLSocketFactoryImpl
I have an applet which depends with many jars. After I update the java to 7.45 the applet generate message saying “This application will be blocked in a future Java security update because the JAR file manifest does not contain the Permissions attribute”
I added permission attribute “Permissions: all-permissions” to all manifest files after that I resigned all these jars by our "6NRJ" certificate.
All jars was well signed but unfortunately the applet generate an exception only in "bcprov-ext-jdk16-140.jar".
Here the exception details:
java.security.NoSuchProviderException: JCE cannot authenticate the provider BC
at javax.crypto.JceSecurity.getInstance(JceSecurity.java:101)
at javax.crypto.KeyGenerator.getInstance(KeyGenerator.java:249)
at org.bouncycastle.cms.CMSEnvelopedHelper.createKeyGenerator(Unknown Source)
at org.bouncycastle.cms.CMSEnvelopedHelper.createSymmetricKeyGenerator(Unknown Source)
at org.bouncycastle.cms.CMSEnvelopedDataGenerator.generate(Unknown Source)
at com.atexo.mpe.applet.AppletDiagnostic.init(AppletDiagnostic.java:142)
at com.sun.deploy.uitoolkit.impl.awt.AWTAppletAdapter.init(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.util.jar.JarException: http://wma-migration.whitecapetech.local/ressources/applet/bcprov-ext-jdk16-140.jar is not signed by a trusted signer.
at javax.crypto.JarVerifier.verifySingleJar(JarVerifier.java:503)
at javax.crypto.JarVerifier.verifyJars(JarVerifier.java:322)
at javax.crypto.JarVerifier.verify(JarVerifier.java:250)
at javax.crypto.JceSecurity.verifyProviderJar(JceSecurity.java:161)
at javax.crypto.JceSecurity.getVerificationResult(JceSecurity.java:187)
at javax.crypto.JceSecurity.getInstance(JceSecurity.java:98)
... 8 more
I think that bcprov-ext-jdk16-140.jar was signed before by bouncy castle.
Is there a way to re-sign "bcprov-ext-jdk16-140.jar" after adding the permission attribute ?
Thanks in advance for help
"I think that bcprov-ext-jdk16-140.jar was signed before by bouncy castle."
No, you can verify this opening the jar. You Will find no signature in it.
"Is there a way to re-sign "bcprov-ext-jdk16-140.jar" after adding the permission attribute ? "
yes. Open the bcprov jar. Add the permission attribuite using a text editor. Sign using jarsigner.
We have a proprietary software to run the load testing. When I try to run the tool, I am getting the following exception in my logs. I am running out of ideas how to resolve it. I seen most of the answers and they got it working uninstalling and installing the java and setting the classpath in the command line while running the application . I tried those work around, but still no luck.
Java version: JDK 1.6.0_24
Already tried the answers mentioned in this forum,
Click here
C:\lt>"C:\Program Files\Java\jdk1.6.0_24"\bin\java -Djava.class.path="C:/lt/lib/base12.jar;C:/lt/lib/cldcapi11.jar;C:/lt/lib/commons-codec-1.3.jar;C:/lt/lib/commons-dbcp-1.1.jar;C:/lt/lib/commons-pool-1.1.jar;C:/lt/lib/com_dexterra_platform_midp_base.jar;C:/lt/lib/incubator-activemq-4.1.jar;C:/lt/lib/jargs.jar;C:/lt/lib/javassist-3.12.0.GA.jar;C:/lt/lib/javax.jms.jar;C:/lt/lib/joda-time-1.6.jar;C:/lt/lib/log4j-extension.jar;C:/lt/lib/log4j.jar;C:/lt/lib/messaging-base12.jar;C:/lt/lib/midpapi20.jar;C:/lt/lib/spring-1.2.6.jar;C:/lt/lib/tstdevice12.jar;C:/lt/lib/wma20.jar;C:/lt/lib/xbean-spring-2.2.jar;C:/lt/lib/lt.jar;C:/lt/lib/test.jar;C:/lt/lib/jsr75.jar""-Dtestclient.cfg.file=lib\TestClientConfig.xml" -DNUM_CLIENTS=2 -DCLIENT_START_ID=0 -DSTART_DELAY=0 -DUSERS_FILE=C:/lt/xmlapitool/bin/newsubscribers.csv-Djava.ext.dirs=lib -classpath "C:\Program Files\Java\jdk1.6.0_24\lib\ext\*" -jar TestDevice.jar -t data -a ConfigurableApp -n -b -d psr -p password -u psr -s KickOff
Any help is greatly appreciated!
Wed Oct 16 15:59:22 MDT 2013 ERROR [main-tstdevice-0] SSL IOExceptionjavax.net.ssl.SSLKeyException: RSA premaster secret error
Terminate client due to exception: javax.net.ssl.SSLKeyException: RSA premaster secret error
at com.sun.net.ssl.internal.ssl.RSAClientKeyExchange.<init>(RSAClientKeyExchange.java:97)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:744)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:238)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:632)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:73)
at java.io.DataOutputStream.writeShort(DataOutputStream.java:150)
at com.octanewave.platform.messaging.OW_SSLLoginRequest.writeTo(OW_SSLLoginRequest.java:174)
at com.octanewave.platform.SystemManagerBase.login(SystemManagerBase.java:865)
at com.octanewave.platform.OW_DeviceSecurityManager.login(OW_DeviceSecurityManager.java:786)
at com.octanewave.platform.ApplicationStartupBase.run(ApplicationStartupBase.java:268)
at com.octanewave.test.midp.TestClient.run(TestClient.java:779)
at com.octanewave.test.midp.TestClient.runClient(TestClient.java:441)
at com.octanewave.test.midp.TestClient.main(TestClient.java:266)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javassist.Loader.run(Loader.java:290)
at com.octanewave.test.midp.TestClient$1.run(TestClient.java:341)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Caused by: java.security.NoSuchAlgorithmException: SunTlsRsaPremasterSecret KeyGenerator not available
at javax.crypto.KeyGenerator.<init>(DashoA13*..)
at javax.crypto.KeyGenerator.getInstance(DashoA13*..)
at com.sun.net.ssl.internal.ssl.JsseJce.getKeyGenerator(JsseJce.java:223)
at com.sun.net.ssl.internal.ssl.RSAClientKeyExchange.<init>(RSAClientKeyExchange.java:89)
... 26 more
Let me know, if you need any more details.
Thanks,
Ramesh
Check this java https networking issue
https://forums.oracle.com/thread/1533888
This could be a problem with your java installation and missing jar files.. https://java.net/jira/browse/GLASSFISH-15653
I'm executing the W3C CSS validator jar from the command line, built from the latest-available source. Exceptions are raised when the jar requests some HTTPS urls.
Some HTTPS urls are fine, others are not. Of those that cause exceptions to be raised of which I am aware (just one), the SSL cert appears to be fine when requesting the relevant URL in Chrome.
I call the CSS validator as follows:
java -jar css-validator.jar "https://example.com/"
And get the following error output:
javax.net.ssl.SSLException: Server key
at sun.security.ssl.Handshaker.throwSSLException(Handshaker.java:1274)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1032)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1328)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:515)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
at org.w3c.css.util.HTTPURL.getConnection(HTTPURL.java:257)
at org.w3c.css.util.HTTPURL.getConnection(HTTPURL.java:312)
at org.w3c.css.css.DocumentParser.<init>(DocumentParser.java:124)
at org.w3c.css.css.CssValidator.main(CssValidator.java:154)
Caused by: java.security.spec.InvalidKeySpecException: Could not create EC public key
at sun.security.pkcs11.P11ECKeyFactory.engineGeneratePublic(P11ECKeyFactory.java:169)
at java.security.KeyFactory.generatePublic(KeyFactory.java:334)
at sun.security.ssl.HandshakeMessage$ECDH_ServerKeyExchange.<init>(HandshakeMessage.java:1057)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:218)
... 13 more
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID
at sun.security.pkcs11.wrapper.PKCS11.C_CreateObject(Native Method)
at sun.security.pkcs11.P11ECKeyFactory.generatePublic(P11ECKeyFactory.java:233)
at sun.security.pkcs11.P11ECKeyFactory.engineGeneratePublic(P11ECKeyFactory.java:164)
... 16 more
I'd ideally like to ignore absolutely all such SSL errors that could be raised when executing this jar from the command line using something along the lines of:
java -ignore-all-of-these-ssl-errors-please -jar css-validator.jar "https://example.com/"
Clearly ignore-all-of-these-ssl-errors-please is not a valid command line flag.
Is there a flag that will do this?
Not possible. It's that way for a reason, and that reason is to prevent you from writing code that someone else implicitly trusts to ensure that the SSL session is secure and genuine. The reason it works in Chrome and not from Java is that Java comes with a very sparse set of root CAs.
The only way around this if you don't control the code is to add the necessary CA certificates to the local keystore. I believe you can export Chrome's CAs in a form you can import into the keystore.