java.net.SocketException: java.security.NoSuchAlgorithmException Java refuses to connect - java

I am writing a program for work and I have been stumped on this issue for almost a week now. The program keeps throwing the same exception no matter what I do.
I have looked up every known resource and every question related to this problem and every attempt and suggestion has failed. According to 90% of posts I've come across, it says that I should use keytool to add the certificate to my keystore. This is what I have attempted:
keytool -import -alias abc -file ~/Downloads/\*.gcsip.nl #=> gcsip.nl is the certificate I downloaded from the browser.
It asked me for a password, I added it, and my app still doesn't work when I run it. I looked into "How to import certificates into Eclipse project" and they recommended that I do the same command. I have never dealt with Java certificates before, but it's been a true absolute nightmare.
The weird part was that the app was working perfectly fine one day, and when I came into work, this exception started happening. I literally changed nothing.
I've also looked into the other Caused by: exceptions including Invalid keystore format and have had no luck solving that either. Honestly, even after reading the Oracle docs throughly, I still have no idea what a keystore is, does, and is supposed to look like.
I am just looking for someone who's had experience with this issue who can elaborate (like I'm 5) on how keystore works and how I can fix it. Any help is extremely appreciated.
I should note that I am not very Java savvy.
Here's my StackTrace:
java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
at javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:248)
at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:255)
at sun.net.www.protocol.https.HttpsClient.createSocket(HttpsClient.java:409)
at sun.net.NetworkClient.doConnect(NetworkClient.java:162)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:527)
at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:275)
at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1104)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:998)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
at GCollect.authorize(GCollect.java:102)
at TestCase.main(TestCase.java:20)
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
at java.security.Provider$Service.newInstance(Provider.java:1617)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
at javax.net.ssl.SSLContext.getDefault(SSLContext.java:96)
at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:122)
at javax.net.ssl.HttpsURLConnection.getDefaultSSLSocketFactory(HttpsURLConnection.java:332)
at javax.net.ssl.HttpsURLConnection.<init>(HttpsURLConnection.java:289)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.<init>(HttpsURLConnectionImpl.java:85)
at sun.net.www.protocol.https.Handler.openConnection(Handler.java:62)
at sun.net.www.protocol.https.Handler.openConnection(Handler.java:57)
at java.net.URL.openConnection(URL.java:972)
at GCollect.authorize(GCollect.java:100)
... 1 more
Caused by: java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:650)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
at java.security.KeyStore.load(KeyStore.java:1445)
at sun.security.ssl.TrustManagerFactoryImpl.getCacertsKeyStore(TrustManagerFactoryImpl.java:226)
at sun.security.ssl.SSLContextImpl$DefaultSSLContext.getDefaultTrustManager(SSLContextImpl.java:767)
at sun.security.ssl.SSLContextImpl$DefaultSSLContext.<init>(SSLContextImpl.java:733)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
at java.security.Provider$Service.newInstance(Provider.java:1595)
... 13 more

Related

javax.net.ssl.SSLHandshakeException: Even after adding certificate [duplicate]

This question already has answers here:
"PKIX path building failed" and "unable to find valid certification path to requested target"
(53 answers)
Unable to find valid certification path to requested target - error even after cert imported
(17 answers)
Java: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
(29 answers)
Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?
(33 answers)
Closed 7 months ago.
I am using weblogic server which has keystores in use like :
Now when my application running on this server tries to download images from another server, it throws
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
I have added server certificates to these both DemoTrust.jks and JDK CACERTS using this link :
after adding certificates, it looks like :
And java certs has
As suggested by different posts, I have also added to startWeblogic.cmd
set JAVA_OPTIONS=%JAVA_OPTIONS% -Dweblogic.security.SSL.verbose=true
set JAVA_OPTIONS=%JAVA_OPTIONS% -Dweblogic.security.SSL.enable.renegotiation=true
set JAVA_OPTIONS=%JAVA_OPTIONS% -Dsun.security.ssl.allowUnsafeRenegotiation=true
Am I missing something ? Any Suggestions ?
Edit 1 : Adding exception stacktrace
vax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1529)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)
at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1214)
at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1186)
at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)
at weblogic.security.SSL.jsseadapter.JaSSLEngine$1.run(JaSSLEngine.java:69)
at weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngine.java:743)
at weblogic.security.SSL.jsseadapter.JaSSLEngine.wrap(JaSSLEngine.java:67)
at weblogic.socket.JSSEFilterImpl.wrapAndWrite(JSSEFilterImpl.java:771)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:119)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:87)
at weblogic.socket.JSSESocket.startHandshake(JSSESocket.java:250)
at weblogic.net.http.HttpsClient.New(HttpsClient.java:577)
at weblogic.net.http.HttpsClient.New(HttpsClient.java:557)
at weblogic.net.http.HttpsURLConnection.connect(HttpsURLConnection.java:265)
at org.jsoup.helper.HttpConnection$Response.execute(HttpConnection.java:651)
at org.jsoup.helper.HttpConnection$Response.execute(HttpConnection.java:628)
at org.jsoup.helper.HttpConnection.execute(HttpConnection.java:260)
at org.jsoup.helper.HttpConnection.get(HttpConnection.java:249)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at com.oracle.pitchfork.intercept.MethodInvocationInvocationContext.proceed(MethodInvocationInvocationContext.java:101)
at com.oracle.pitchfork.intercept.JeeInterceptorInterceptor.invoke(JeeInterceptorInterceptor.java:101)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at com.oracle.pitchfork.intercept.MethodInvocationInvocationContext.proceed(MethodInvocationInvocationContext.java:101)
at org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:73)
at org.jboss.weld.ejb.SessionBeanInterceptor.aroundInvoke(SessionBeanInterceptor.java:52)
at sun.reflect.GeneratedMethodAccessor235.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.oracle.pitchfork.intercept.JeeInterceptorInterceptor.invoke(JeeInterceptorInterceptor.java:94)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213)
at com.sun.proxy.$Proxy254.execute(Unknown Source)
at weblogic.ejb.container.internal.SessionLocalMethodInvoker.invoke(SessionLocalMethodInvoker.java:33)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:330)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:992)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:989)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1467)
at weblogic.socket.JSSEFilterImpl.doTasks(JSSEFilterImpl.java:223)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:123)
... 44 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:105)
at weblogic.security.SSL.jsseadapter.JaTrustManager.checkServerTrusted(JaTrustManager.java:128)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:999)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1601)
... 52 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
... 60 more
Hello to whoever still looking for an answer,
Hope this helps you.
I also had similar issue in running my application in Jdeveloper 12.2.1.4.0.
Let me explain my situation and solution.
My application in Jdeveloper calls a REST api running in remote server.
I downloaded the cert from browser by loading the remote server URL. I uploaded to Demotrust.jks file in oracle middleware folder.
While running the application, I can see remote server cert appearing in Jdev logs (after turning on ssl debugging), but still the application was facing javax.net.ssl.SSLHandshakeException: General SSLEngine error while calling remote server REST api. I verified that the certificate is not expired.
In Weblogic admin console, I turned off Use KSS demo flag (Under Domain -> Security -> Advanced).
I have also set Hostname verification to None in SSL because its a wildcard certificate (Servers -> DefaultServer -> SSL -> advanced). Still getting the SSLEngine problem. I found one more thing that needs to be set correctly.
The remote server is running within corp network.
I found that proxy in Jdeveloper preferences is set to automatic. I set it to None (ofcourse test connection will fail and its ok) and restarted the server. With all of these configuration in place, the application is able to connect to REST API.

Problem with Big Sur 11.0.1 and PC/SC library

I have a problem with the newest version of macOS (BigSur 11.0.1) and the library PC/SC; before BigSur the program the uses the library worked fine but after the update isn't working anymore. I am using the java version 1.8.0_271
In the code, I use the method TerminalFactory.getDefaultType() to get the default type of Terminal Factory. Before the update I was receiving "PC/SC" but after the update I am receiving None.
If I want force to connect to an instance with this line
TerminalFactory factory = TerminalFactory.getInstance("PC/SC", null);
It will return the following error:
java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: PC/SC, provider: SunPCSC, class: sun.security.smartcardio.SunPCSC$Factory)
at java.security.Provider$Service.newInstance(Provider.java:1711)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:243)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:190)
at javax.smartcardio.TerminalFactory.getInstance(TerminalFactory.java:245)
at prueba.Prueba.isConnected(Prueba.java:165)
at prueba.Prueba.main(Prueba.java:63)
Caused by: java.lang.UnsupportedOperationException: PC/SC not available on this platform
at sun.security.smartcardio.PCSC.checkAvailable(PCSC.java:46)
at sun.security.smartcardio.SunPCSC$Factory.<init>(SunPCSC.java:59)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at java.security.Provider$Service.newInstance(Provider.java:1703)
... 5 more
Caused by: java.io.IOException: No PC/SC library found on this system
at sun.security.smartcardio.PlatformPCSC.getLibraryName(PlatformPCSC.java:122)
at sun.security.smartcardio.PlatformPCSC.access$000(PlatformPCSC.java:43)
at sun.security.smartcardio.PlatformPCSC$1.run(PlatformPCSC.java:64)
at sun.security.smartcardio.PlatformPCSC$1.run(PlatformPCSC.java:60)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.smartcardio.PlatformPCSC.<clinit>(PlatformPCSC.java:60)
at sun.security.smartcardio.SunPCSC$Factory.<init>(SunPCSC.java:59)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at java.security.Provider$Service.newInstance(Provider.java:1703)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:243)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:190)
at javax.smartcardio.TerminalFactory.getInstance(TerminalFactory.java:245)
at javax.smartcardio.TerminalFactory.<clinit>(TerminalFactory.java:106)
at prueba.Prueba.isConnected(Prueba.java:164)
... 1 more
entro isConnected--2
Exception in thread "main" java.lang.NullPointerException
at prueba.Prueba.isConnected(Prueba.java:173)
at prueba.Prueba.main(Prueba.java:63)
I found that Big Sur eliminates the library PC/SC and it is no possible to install it.
I donĀ“t know if there is someone with the same error or someone that has already fix it.
Thanks for the help.
Because of the changes in macOS Big Sur, Java PC/SC implementation no longer works correctly:
https://bugs.openjdk.java.net/browse/JDK-8255877
The workaround is to set the system property:
sun.security.smartcardio.library=/System/Library/Frameworks/PCSC.framework/Versions/Current/PCSC
before trying to use TerminalFactory.

TextSecure Signal Server - Certificate Error

I was trying to deploy Signal Server according to the guidelines here.
Link
Everything was success in the build part. But when i run the service using this command
java -jar service/target/TextSecureServer-3.21.jar server service/config/config.yml
I am getting below errors.
INFO [2020-09-10 04:52:48,319] io.dropwizard.server.DefaultServerFactory: Registering jersey handler with root path prefix: /
INFO [2020-09-10 04:52:48,320] io.dropwizard.server.DefaultServerFactory: Registering admin handler with root path prefix: /
org.bouncycastle.openssl.PEMException: problem parsing cert: java.security.cert.CertificateException: java.lang.IllegalArgumentException: unknown object in factory: org.bouncycastle.asn1.DERUnknownTag
at org.bouncycastle.openssl.PEMReader$X509CertificateParser.parseObject(Unknown Source)
at org.bouncycastle.openssl.PEMReader.readObject(Unknown Source)
at org.whispersystems.textsecuregcm.push.RetryingApnsClient.initializeCertificate(RetryingApnsClient.java:76)
at org.whispersystems.textsecuregcm.push.RetryingApnsClient.<init>(RetryingApnsClient.java:49)
at org.whispersystems.textsecuregcm.push.APNSender.<init>(APNSender.java:70)
at org.whispersystems.textsecuregcm.WhisperServerService.run(WhisperServerService.java:246)
at org.whispersystems.textsecuregcm.WhisperServerService.run(WhisperServerService.java:151)
at io.dropwizard.cli.EnvironmentCommand.run(EnvironmentCommand.java:44)
at io.dropwizard.cli.ConfiguredCommand.run(ConfiguredCommand.java:87)
at io.dropwizard.cli.Cli.run(Cli.java:78)
at io.dropwizard.Application.run(Application.java:94)
at org.whispersystems.textsecuregcm.WhisperServerService.main(WhisperServerService.java:406)
Caused by: java.security.cert.CertificateException: java.lang.IllegalArgumentException: unknown object in factory: org.bouncycastle.asn1.DERUnknownTag
at org.bouncycastle.jce.provider.JDKX509CertificateFactory.engineGenerateCertificate(Unknown Source)
at java.base/java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:355)
... 12 more
Caused by: java.lang.IllegalArgumentException: unknown object in factory: org.bouncycastle.asn1.DERUnknownTag
at org.bouncycastle.asn1.x509.AlgorithmIdentifier.getInstance(Unknown Source)
at org.bouncycastle.asn1.x509.TBSCertificateStructure.<init>(Unknown Source)
at org.bouncycastle.asn1.x509.TBSCertificateStructure.getInstance(Unknown Source)
at org.bouncycastle.asn1.x509.X509CertificateStructure.<init>(Unknown Source)
at org.bouncycastle.asn1.x509.X509CertificateStructure.getInstance(Unknown Source)
at org.bouncycastle.jce.provider.JDKX509CertificateFactory.readDERCertificate(Unknown Source)
... 14 more
Anyone know the exact issue here ?
Also i didnt change serverSecret & serverPublic under zkConfig. (I dont know how to get these). What it does mean by * # zkgroup config, run using your build jar * as in the documentation ?
Problem solved. This exception came due to improper PEM format of reading cerKey file. Anyhow current crtKey form is PEM only, but it need a extended form of PEM.
i used below command to generate it.
openssl rsa -in cert.key -outform PEM -out cert.key
Then all above errors were disappeared.
I did enter the above command but i got this error
Can't open cert.key for reading, No such file or directory
140021811573184:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:72:fopen('cert.key','r')
140021811573184:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:79:
unable to load Private Key
and I did everything I could I generated all kind of certificate I could find on Internet but no change in result. could you please tell me what to do it's so important to me. thanks alot

JMXConnector failed to connect with ssl keystore

I am trying to connect to an MBean Server on another machine with a ssl keystore but im seeing this error. I have a keystore and truststore on the other server as well. I also noticed that both machines have different java versions. Im not sure if thats the problem or if im missing something.
java.rmi.ConnectIOException: Exception creating connection to: 10.1.7.259; nested exception is:
java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:631)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:216)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:202)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:130)
at javax.management.remote.rmi.RMIServerImpl_Stub.newClient(Unknown Source)
at javax.management.remote.rmi.RMIConnector.getConnection(RMIConnector.java:2432)
at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:308)
at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:270)
at com.stop.monitor.giab.JMXListenerClient.connect(JMXListenerClient.java:153)
at com.stop.monitor.giab.JMXListenerClient.main(JMXListenerClient.java:72)
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
at javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:248)
at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:262)
at javax.rmi.ssl.SslRMIClientSocketFactory.createSocket(SslRMIClientSocketFactory.java:121)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:613)
... 9 more
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
at java.security.Provider$Service.newInstance(Provider.java:1617)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
at javax.net.ssl.SSLContext.getDefault(SSLContext.java:96)
at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:122)
at javax.rmi.ssl.SslRMIClientSocketFactory.getDefaultClientSocketFactory(SslRMIClientSocketFactory.java:207)
at javax.rmi.ssl.SslRMIClientSocketFactory.createSocket(SslRMIClientSocketFactory.java:117)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:613)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:216)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:202)
at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:342)
at sun.rmi.transport.DGCImpl_Stub.dirty(Unknown Source)
at sun.rmi.transport.DGCClient$EndpointEntry.makeDirtyCall(DGCClient.java:361)
at sun.rmi.transport.DGCClient$EndpointEntry.registerRefs(DGCClient.java:303)
at sun.rmi.transport.DGCClient.registerRefs(DGCClient.java:139)
at sun.rmi.transport.ConnectionInputStream.registerRefs(ConnectionInputStream.java:94)
at sun.rmi.transport.StreamRemoteCall.releaseInputStream(StreamRemoteCall.java:157)
at sun.rmi.transport.StreamRemoteCall.done(StreamRemoteCall.java:313)
at sun.rmi.server.UnicastRef.done(UnicastRef.java:451)
at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
at com.sun.jndi.rmi.registry.RegistryContext.lookup(RegistryContext.java:118)
at com.sun.jndi.toolkit.url.GenericURLContext.lookup(GenericURLContext.java:205)
at javax.naming.InitialContext.lookup(InitialContext.java:417)
at javax.management.remote.rmi.RMIConnector.findRMIServerJNDI(RMIConnector.java:1957)
at javax.management.remote.rmi.RMIConnector.findRMIServer(RMIConnector.java:1924)
at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:287)
... 3 more
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
at java.security.KeyStore.load(KeyStore.java:1445)
at sun.security.ssl.TrustManagerFactoryImpl.getCacertsKeyStore(TrustManagerFactoryImpl.java:226)
at sun.security.ssl.SSLContextImpl$DefaultSSLContext.getDefaultTrustManager(SSLContextImpl.java:767)
at sun.security.ssl.SSLContextImpl$DefaultSSLContext.<init>(SSLContextImpl.java:733)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
at java.security.Provider$Service.newInstance(Provider.java:1595)
... 29 more
Caused by: java.security.UnrecoverableKeyException: Password verification failed
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)
... 39 more
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
from TrustManagerFactoryImpl
from SSLContextImpl$DefaultSSLContext.getDefaultTrustManager
Make sure your truststore is valid by doing keytool -list with password (don't hit return to bypass it). I don't think it's possible to create trustedcert entries in a JKS that are incompatible between Java versions (it is in some cases for privatekey entries) but to be on the safe side use the keytool of the JRE the problematic client uses -- and of course the same file.
Make sure system property javax.net.ssl.trustStore has the filename (if not the default, JRE/lib/security/[jsse]cacerts) and javax.net.ssl.trustStorePassword has the correct password (always).
Also if the truststore format is not JKS (or PKCS12 in a sufficiently recent Java 8 JRE with keystore.type.compat left at its default) specify javax.net.ssl.trustStoreType. But people who know how to create unusual stores like that don't ask questions like yours.
The Problem was an issue with the firewall. It was because the url used to connect did not specify the second port. So, it just used a random port.
//did not use second port. resulted in using random second port
String url = "service:jmx:rmi://somehost:9010/jndi/rmi://somehost/jmxrmi";
final JMXConnector jmxConnector = JMXConnectorFactory.connect(url);
//this worked because now we are using 1 port
String url="service:jmx:rmi://somehost:9010/jndi/rmi://somehost:9010/jmxrmi";
final JMXConnector jmxConnector = JMXConnectorFactory.connect(url);

Execute Third-Party Jar From Command Line, Flag To Ignore SSL Issues?

I'm executing the W3C CSS validator jar from the command line, built from the latest-available source. Exceptions are raised when the jar requests some HTTPS urls.
Some HTTPS urls are fine, others are not. Of those that cause exceptions to be raised of which I am aware (just one), the SSL cert appears to be fine when requesting the relevant URL in Chrome.
I call the CSS validator as follows:
java -jar css-validator.jar "https://example.com/"
And get the following error output:
javax.net.ssl.SSLException: Server key
at sun.security.ssl.Handshaker.throwSSLException(Handshaker.java:1274)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1032)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1328)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:515)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
at org.w3c.css.util.HTTPURL.getConnection(HTTPURL.java:257)
at org.w3c.css.util.HTTPURL.getConnection(HTTPURL.java:312)
at org.w3c.css.css.DocumentParser.<init>(DocumentParser.java:124)
at org.w3c.css.css.CssValidator.main(CssValidator.java:154)
Caused by: java.security.spec.InvalidKeySpecException: Could not create EC public key
at sun.security.pkcs11.P11ECKeyFactory.engineGeneratePublic(P11ECKeyFactory.java:169)
at java.security.KeyFactory.generatePublic(KeyFactory.java:334)
at sun.security.ssl.HandshakeMessage$ECDH_ServerKeyExchange.<init>(HandshakeMessage.java:1057)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:218)
... 13 more
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID
at sun.security.pkcs11.wrapper.PKCS11.C_CreateObject(Native Method)
at sun.security.pkcs11.P11ECKeyFactory.generatePublic(P11ECKeyFactory.java:233)
at sun.security.pkcs11.P11ECKeyFactory.engineGeneratePublic(P11ECKeyFactory.java:164)
... 16 more
I'd ideally like to ignore absolutely all such SSL errors that could be raised when executing this jar from the command line using something along the lines of:
java -ignore-all-of-these-ssl-errors-please -jar css-validator.jar "https://example.com/"
Clearly ignore-all-of-these-ssl-errors-please is not a valid command line flag.
Is there a flag that will do this?
Not possible. It's that way for a reason, and that reason is to prevent you from writing code that someone else implicitly trusts to ensure that the SSL session is secure and genuine. The reason it works in Chrome and not from Java is that Java comes with a very sparse set of root CAs.
The only way around this if you don't control the code is to add the necessary CA certificates to the local keystore. I believe you can export Chrome's CAs in a form you can import into the keystore.

Categories

Resources