I have run into an issue after updating my JRE to 7u51. Prior to this, things were working fine.
I have a web application that runs on Tomcat and it uses the mozilla NSS libraries to achieve FIPS 140-2 compliance when using SSL/TLS. To do this, I had to change the default SunJSSE provider to my custom SunPKCS11-NSSFIPS provider.
Everything starts up fine. The server shows it is ready, but when I try to hit it from a web browser, I get a "The connection was interrupted" error.
Looking at the logs on the server, I see this:
Feb 09, 2014 3:00:16 AM org.apache.tomcat.util.net.NioEndpoint$SocketProcessor run
SEVERE:
java.lang.RuntimeException: Could not generate dummy secret
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1287)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:513)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:790)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:335)
at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:193)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1642)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
Caused by: java.lang.RuntimeException: Could not generate dummy secret
at sun.security.ssl.RSAClientKeyExchange.generatePreMasterSecret(RSAClientKeyExchange.java:281)
at sun.security.ssl.RSAClientKeyExchange.polishPreMasterSecretKey(RSAClientKeyExchange.java:245)
at sun.security.ssl.RSAClientKeyExchange.<init>(RSAClientKeyExchange.java:167)
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:190)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:808)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:806)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1227)
at org.apache.tomcat.util.net.SecureNioChannel.tasks(SecureNioChannel.java:285)
at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:343)
... 5 more
Caused by: java.security.NoSuchAlgorithmException: no such algorithm: SunTls12RsaPremasterSecret for provider SunPKCS11-NSSFIPS
at sun.security.jca.GetInstance.getService(GetInstance.java:100)
at javax.crypto.JceSecurity.getInstance(JceSecurity.java:109)
at javax.crypto.KeyGenerator.getInstance(KeyGenerator.java:287)
at sun.security.ssl.JsseJce.getKeyGenerator(JsseJce.java:269)
at sun.security.ssl.RSAClientKeyExchange.generatePreMasterSecret(RSAClientKeyExchange.java:270)
... 15 more
I belive this is happening because the browser is trying to perform the handshake with TLSv1.2 but my security provider can't handle it. Is there a way to resolve this while still using my custom provider?
Immediately after that stack trace, there is another in the log file:
Feb 09, 2014 3:00:16 AM org.apache.tomcat.util.net.NioEndpoint$SocketProcessor run
SEVERE:
java.lang.RuntimeException: java.security.InvalidAlgorithmParameterException: init() failed
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1287)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:513)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:790)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:335)
at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:193)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1642)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
Caused by: java.security.ProviderException: java.security.InvalidAlgorithmParameterException: init() failed
at sun.security.ssl.Handshaker.calculateMasterSecret(Handshaker.java:1064)
at sun.security.ssl.Handshaker.calculateKeys(Handshaker.java:999)
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:234)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:808)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:806)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1227)
at org.apache.tomcat.util.net.SecureNioChannel.tasks(SecureNioChannel.java:285)
at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:343)
... 5 more
Caused by: java.security.InvalidAlgorithmParameterException: init() failed
at sun.security.pkcs11.P11TlsMasterSecretGenerator.engineInit(P11TlsMasterSecretGenerator.java:89)
at javax.crypto.KeyGenerator.init(KeyGenerator.java:431)
at javax.crypto.KeyGenerator.init(KeyGenerator.java:414)
at sun.security.ssl.Handshaker.calculateMasterSecret(Handshaker.java:1052)
... 14 more
Caused by: java.security.InvalidKeyException: Could not create key
at sun.security.pkcs11.P11SecretKeyFactory.createKey(P11SecretKeyFactory.java:270)
at sun.security.pkcs11.P11SecretKeyFactory.convertKey(P11SecretKeyFactory.java:175)
at sun.security.pkcs11.P11SecretKeyFactory.convertKey(P11SecretKeyFactory.java:111)
at sun.security.pkcs11.P11TlsMasterSecretGenerator.engineInit(P11TlsMasterSecretGenerator.java:87)
... 17 more
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ATTRIBUTE_VALUE_INVALID
at sun.security.pkcs11.wrapper.PKCS11.C_CreateObject(Native Method)
at sun.security.pkcs11.P11SecretKeyFactory.createKey(P11SecretKeyFactory.java:265)
... 20 more
Any help will be appreciated.
If i am not wrong NSS donot support tls1.2 yet. So you shouldnot initialize the handshake for tls1.2. Some browsers have changed the default TLS version to 1.2. You have to change that to TLS 1.1 and try again.
Related
I'm getting the following error when I launch the android studio
my android studio version is android-studio-2020.3.1.25
I have tried uninstalling the and re-installing and have also tried to delete local and roaming files too.
I'm also not finding any solution on the site
java.util.concurrent.CompletionException: java.lang.IllegalStateException: failed to create a child event loop
at java.base/java.util.concurrent.CompletableFuture.encodeThrowable(CompletableFuture.java:314)
at java.base/java.util.concurrent.CompletableFuture.completeThrowable(CompletableFuture.java:319)
at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1702)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:668)
at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:665)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1.run(Executors.java:665)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: java.lang.IllegalStateException: failed to create a child event loop
at io.netty.util.concurrent.MultithreadEventExecutorGroup.<init>(MultithreadEventExecutorGroup.java:88)
at io.netty.util.concurrent.MultithreadEventExecutorGroup.<init>(MultithreadEventExecutorGroup.java:58)
at io.netty.util.concurrent.MultithreadEventExecutorGroup.<init>(MultithreadEventExecutorGroup.java:47)
at io.netty.channel.MultithreadEventLoopGroup.<init>(MultithreadEventLoopGroup.java:59)
at io.netty.channel.nio.NioEventLoopGroup.<init>(NioEventLoopGroup.java:86)
at io.netty.channel.nio.NioEventLoopGroup.<init>(NioEventLoopGroup.java:81)
at io.netty.channel.nio.NioEventLoopGroup.<init>(NioEventLoopGroup.java:68)
at org.jetbrains.io.BuiltInServerKt.multiThreadEventLoopGroup(BuiltInServer.kt:144)
at org.jetbrains.io.BuiltInServerKt.access$multiThreadEventLoopGroup(BuiltInServer.kt:1)
at org.jetbrains.io.BuiltInServer$Companion.start(BuiltInServer.kt:54)
at org.jetbrains.io.BuiltInServer.start(BuiltInServer.kt)
at com.intellij.idea.SocketLock.lambda$lockAndTryActivate$2(SocketLock.java:171)
at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1700)
... 7 more
Caused by: io.netty.channel.ChannelException: failed to open a new selector
at io.netty.channel.nio.NioEventLoop.openSelector(NioEventLoop.java:175)
at io.netty.channel.nio.NioEventLoop.<init>(NioEventLoop.java:142)
at io.netty.channel.nio.NioEventLoopGroup.newChild(NioEventLoopGroup.java:146)
at io.netty.channel.nio.NioEventLoopGroup.newChild(NioEventLoopGroup.java:37)
at io.netty.util.concurrent.MultithreadEventExecutorGroup.<init>(MultithreadEventExecutorGroup.java:84)
... 19 more
Caused by: java.io.IOException: Unable to establish loopback connection
at java.base/sun.nio.ch.PipeImpl$Initializer.run(PipeImpl.java:94)
at java.base/sun.nio.ch.PipeImpl$Initializer.run(PipeImpl.java:61)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/sun.nio.ch.PipeImpl.<init>(PipeImpl.java:171)
at java.base/sun.nio.ch.SelectorProviderImpl.openPipe(SelectorProviderImpl.java:50)
at java.base/java.nio.channels.Pipe.open(Pipe.java:155)
at java.base/sun.nio.ch.WindowsSelectorImpl.<init>(WindowsSelectorImpl.java:142)
at java.base/sun.nio.ch.WindowsSelectorProvider.openSelector(WindowsSelectorProvider.java:44)
at io.netty.channel.nio.NioEventLoop.openSelector(NioEventLoop.java:173)
... 23 more
Caused by: java.net.BindException: Cannot assign requested address: connect
at java.base/sun.nio.ch.Net.connect0(Native Method)
at java.base/sun.nio.ch.Net.connect(Net.java:476)
at java.base/sun.nio.ch.Net.connect(Net.java:468)
at java.base/sun.nio.ch.SocketChannelImpl.connect(SocketChannelImpl.java:694)
at java.base/java.nio.channels.SocketChannel.open(SocketChannel.java:194)
at java.base/sun.nio.ch.PipeImpl$Initializer$LoopbackConnector.run(PipeImpl.java:127)
at java.base/sun.nio.ch.PipeImpl$Initializer.run(PipeImpl.java:76)
... 31 more
-----
Your JRE: 11.0.10+0-b96-7249189 amd64 (Oracle Corporation)
C:\Program Files\Android\Android Studio\jre
The log shows that there is a problem with establishing loopback connection . please check your firewall / network connections (e.g. VPN etc).
I am trying to deploy a war file which creates IEnterpriseSession. I am able to successfully run on tomcat, but when I run it on JBoss i get the below error at this step sessionMgr.logon(trustedPrincipal);
Caused by: java.lang.ExceptionInInitializerError
at com.businessobjects.bcm.BCM.<clinit>(BCM.java:1144)
at com.crystaldecisions.sdk.framework.internal.TrustedPrincipal.getRandomString(TrustedPrincipal.java:252)
at com.crystaldecisions.sdk.framework.internal.TrustedPrincipal.getPassword(TrustedPrincipal.java:195)
at com.crystaldecisions.sdk.framework.internal.SessionMgr.logon_aroundBody22(SessionMgr.java:850)
at com.crystaldecisions.sdk.framework.internal.SessionMgr.logon(SessionMgr.java:1)
at com.crystaldecisions.sdk.framework.internal.SessionMgr.logon_aroundBody20(SessionMgr.java:818)
at com.crystaldecisions.sdk.framework.internal.SessionMgr.logon_aroundBody21$advice(SessionMgr.java:512)
at com.crystaldecisions.sdk.framework.internal.SessionMgr.logon(SessionMgr.java:1)
I tried with the solution mentioned in the ExceptionInInitializerError - JBoss 7.0.2, but I still couldn't get through.
I was digging more into the error and this is where I am stuck
Caused by: java.lang.SecurityException: An internal FIPS 140 self-verification test has failed. Algorithm HMAC has been disabled
at com.rsa.cryptoj.f.ug.d(Unknown Source)
at com.rsa.cryptoj.f.ug.b(Unknown Source)
at com.rsa.cryptoj.f.nd.b(Unknown Source)
at com.rsa.cryptoj.f.nd.c(Unknown Source)
at com.rsa.jsafe.CryptoJ.isFIPS140Compliant(Unknown Source)
at com.businessobjects.bcm.internal.BcmRsaLib.initialize(BcmRsaLib.java:214)
at com.businessobjects.bcm.internal.BcmRsaLib.<clinit>(BcmRsaLib.java:289)
Can someone help me to get it working on JBoss?
Java newbie here.
Working on a some java App that uses the RSA SDK 8.2. All applications work fine when run as a console application. We're need to put a Web front end on it but we error out as shows below.
We've tried running it on both Wildfly 10 and Tomcat 8.0. Using Java 1.8
Below is error received when running on Tomcat. The error of NoSuchMethodException below from org.glassfish.tyrus.server.TyrusServerConfiguration.()
This exists in one of the Jars provided in the SDK. If we remove the jar Tomcat will serve up the page but will fail when a call to the SDK is made. If we include the jar, we get the error below.
SEVERE: Error during ServletContainerInitializer processing<br>
javax.servlet.ServletException: java.lang.InstantiationException: org.glassfish.tyrus.server.TyrusServerConfiguration<br>
at org.apache.tomcat.websocket.server.WsSci.onStartup(WsSci.java:88)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5303)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1408)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1398)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.InstantiationException: org.glassfish.tyrus.server.TyrusServerConfiguration
at java.lang.Class.newInstance(Class.java:427)
at org.apache.tomcat.websocket.server.WsSci.onStartup(WsSci.java:74)
... 8 more
Caused by: java.lang.NoSuchMethodException: org.glassfish.tyrus.server.TyrusServerConfiguration.<init>()
at java.lang.Class.getConstructor0(Class.java:3082)
at java.lang.Class.newInstance(Class.java:412)
... 9 more
Sep 26, 2017 3:00:39 PM org.apache.catalina.core.StandardContext startInternal
SEVERE: Context [/tomcattest3] startup failed due to previous errors
I was able to duplicate this problem using Tomcat 9. I added websocket-ri-bundle-1.1.jar to Tomcat's lib without realizing that it already contained websocket-api-jar. When I removed the ri bundle I no longer got the error.
I want to specify th slImplementationName class name in tomcat(version 8) connector so that the default order in java.security is not considered for SSL handshake part.
From tomcat documentation:-
"The class name of the SSL implementation to use. If not specified,
the default of org.apache.tomcat.util.net.jsse.JSSEImplementation will
be used which wraps JVM's default JSSE provider. Note that the JVM can
be configured to use a different JSSE provider as the default"
But this does not specify the implementing class from java that can be used with this attribute.
While trying to start tomcat by chnaging the attribut i am getting exception:-
06-Jun-2016 12:05:15.639 SEVERE [main] org.apache.catalina.core.StandardService.initInternal Failed to initialize connector [Connector[HTTP/1.1-9443]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-9443]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:567)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:851)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:576)
at org.apache.catalina.startup.Catalina.load(Catalina.java:599)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:310)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:484)
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:962)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
... 12 more
Caused by: java.lang.ClassNotFoundException: Error loading SSL Implementation com.sun.security.sasl.Provider :java.lang.ClassCastException: com.sun.security.sasl.Provider cannot be cast to org.apache.tomcat.util.net.SSLImplementation
at org.apache.tomcat.util.net.SSLImplementation.getInstance(SSLImplementation.java:75)
at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:960)
... 13 more
I have tried using "com.sun.net.ssl.internal.ssl.Provider" and "com.sun.security.sasl.Provider", with no luck.
Any pointer will be very helpful.
The class of sslImplementationName must extend org.apache.tomcat.util.net.SSLImplementation. So Exception is thrown when you specify a class which does not satisfy this condition.
Since your intention is changing the default order of Cryptographic Service Provider. You should override security configuration per JVM instance. Make sure security.overridePropertiesFile=true in $JRE_HOME/lib/security/java.security.
Then modify Tomcat startup command and add system property:
-Djava.security.properties=_path_to_your_config_
For Java8, it could append or override the settings in $JRE_HOME/lib/security/java.security. For older version, it will completely override all settings.
I am following this to set up the Oauth.
I have set up the the public key , downloaded the jar :
rest-oauth-client-1.0.one-jar.jar
rest-oauth-client-1.0-sources.jar
mentioned on the page,
but when trying to execute :
java -jar rest-oauth-client-1.0.one-jar.jar requestToken https://mycompanyname.atlassian.net
I am getting a weird error.. I have set up the consumer key .
Error is :
Jul 01, 2015 3:38:26 PM org.apache.http.impl.client.DefaultRequestDirector handleResponse
WARNING: Authentication error: Unable to respond to any of these challenges: {oauth=WWW-Authenticate: OAuth realm="https%3A%2F%2Fmycompanyname.atlassian.net", oauth_problem="consumer_key_unknown"}
Exception in thread "main" java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at com.simontuffs.onejar.Boot.run(Boot.java:340)
at com.simontuffs.onejar.Boot.main(Boot.java:166)
Caused by: java.lang.RuntimeException: Failed to obtain request token
at com.atlassian.oauth.client.example.AtlassianOAuthClient.getRequestToken(AtlassianOAuthClient.java:66)
at com.atlassian.oauth.client.example.JIRAOAuthClient.main(JIRAOAuthClient.java:52)
... 6 more
Caused by: net.oauth.OAuthProblemException: consumer_key_unknown
at net.oauth.client.OAuthResponseMessage.toOAuthProblemException(OAuthResponseMessage.java:83)
at net.oauth.client.OAuthClient.invoke(OAuthClient.java:306)
at net.oauth.client.OAuthClient.invoke(OAuthClient.java:260)
at net.oauth.client.OAuthClient.getRequestTokenResponse(OAuthClient.java:190)
at com.atlassian.oauth.client.example.AtlassianOAuthClient.getRequestToken(AtlassianOAuthClient.java:57)
... 7 more
Can somebody help me to resolve this error..
Please Don't suggest me this link. I've been to this document couple of times.
I've been trying the same with python , but in that I'm not getting how to fetch consumer secret.
Your consumer key must be "hardcoded-consumer" if you are trying to get token with jar rest-oauth-client-1.0.one-jar.jar.
Thanks!