You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomee.apache.org by Ian Hunter <ia...@aicorporation.com> on 2014/02/04 11:06:34 UTC
Problems with TomEE and bouncycastle...
System: Win7
TC: Tomcat 7.0.47
OpenEJB: Standalone 4.6.0
Java: Java 7
BouncyCastle: bcpg-jdk16-146.jar and bcprov-ext-jdk16-150.jar placed in <TC_ROOT>/lib
[I have also tried the combined TomEE 1.6.0]
Hi Folks,
I've been tasked with moving our project from TC6/OpenEJB to TC7/OpenEJB.
The original installation is somewhat customized, undocumented and unsupported, so I'm taking the approach of start again with fresh installation - pulling stuff over to try and get it running
My current problem is that in trying to use bouncy castle to read a private key, where the old installation succeeds, my new installation fails with the following exception...
-----------------
SEVERE: 1759 - Unable to properly read keys.
Feb 04, 2014 9:40:56 AM com.xxxxx.scheduler.SchedulerProcess schedularStartup
SEVERE: (SecSrvMsg) 1729 - There is some issue in scheduler process.
com.xxxxx.XXXXXException: (SecSrvMsg) 1253 - An error has occurred while trying to extract the private key. Cause: Error making private key from a string
at com.xxx.utilities.PCIUtility.getPrivateKey(Utility.java:336)
at com.xxx.utilities.PCIUtility.readSAF(Utility.java:382)
at com.xxx.context.SecInstance.<init>(SecInstance.java:79)
at com.xxx.context.SecInstance.getInstance(SecInstance.java:68)
at com.xxx.utilities.Utility.getSAF(Utility.java:271)
at com.xxx.scheduler.SchedulerProcess.schedularStartup(SchedulerProcess.java:94)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
-----------------
Searched around and the only issue I can find is that of not setting up Java unlimited encryption. I've double/triple checked and the correct policies are in place, and just before the attempt to get the key, I've printed out java.home and it points to the correct JRE.
I'm a bit lost on what to look at or try next.
Any help appreciated
Thanks
Ian Hunter
Re: Problems with TomEE and bouncycastle...
Posted by Romain Manni-Bucau <rm...@gmail.com>.
there is no magic, take you app and remove thing step by step until it
works ot share the whole app byt if it is too big nobody will look it
quickly i think
Romain Manni-Bucau
Twitter: @rmannibucau
Blog: http://rmannibucau.wordpress.com/
LinkedIn: http://fr.linkedin.com/in/rmannibucau
Github: https://github.com/rmannibucau
2014-02-11 14:54 GMT+01:00 ihunter <ih...@hotmail.com>:
> I appreciate that Romain.
>
> My last post is really asking questions in order to help me understand how I
> might reproduce it.
>
> KR
> Ian Hunter
>
>
>
> --
> View this message in context: http://openejb.979440.n4.nabble.com/Problems-with-TomEE-and-bouncycastle-tp4667472p4667657.html
> Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: Problems with TomEE and bouncycastle...
Posted by ihunter <ih...@hotmail.com>.
I appreciate that Romain.
My last post is really asking questions in order to help me understand how I
might reproduce it.
KR
Ian Hunter
--
View this message in context: http://openejb.979440.n4.nabble.com/Problems-with-TomEE-and-bouncycastle-tp4667472p4667657.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: Problems with TomEE and bouncycastle...
Posted by Romain Manni-Bucau <rm...@gmail.com>.
you need to reproduce your issue to get help I think
Romain Manni-Bucau
Twitter: @rmannibucau
Blog: http://rmannibucau.wordpress.com/
LinkedIn: http://fr.linkedin.com/in/rmannibucau
Github: https://github.com/rmannibucau
2014-02-11 11:02 GMT+01:00 ihunter <ih...@hotmail.com>:
> Bump this issue up.
>
> Anybody able to give me insight?
>
> Many Thanks
> Ian Hunter
>
>
>
> --
> View this message in context: http://openejb.979440.n4.nabble.com/Problems-with-TomEE-and-bouncycastle-tp4667472p4667647.html
> Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: Problems with TomEE and bouncycastle...
Posted by ihunter <ih...@hotmail.com>.
Bump this issue up.
Anybody able to give me insight?
Many Thanks
Ian Hunter
--
View this message in context: http://openejb.979440.n4.nabble.com/Problems-with-TomEE-and-bouncycastle-tp4667472p4667647.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: Problems with TomEE and bouncycastle...
Posted by ihunter <ih...@hotmail.com>.
Finally got some time to pursue, and I have some progress, and some
questions...
1. Managed to get a simple piece of code (EJB/SCheduledProcess) which
performs the BC API call as per the 'failing' application. In this case it
succeeds. So good news.
2. However, if I place failing EJB app in the same container as the new
'minimal' app., the 'minimal' app also fails in the same way.
So, the 'bad' seems to be doing something which messes up BC access for
other apps in same container !!!!
There's no clues so far in the code of the bad app.
The bad app also uses ws4j which is itself dependant on BC, and this
dependency has been removed in the later versions of TomEE (in favour of
'Merlin').
Questions...
1. I'm not a BC/JavaSec expert, but is it possible that the 'bad' app relies
on BC as the provider, which is setup by ws4j by default?
2. Can BC & Merlin co-exist. Is there possible confusion between the two
here?
4. Any ideas on how to proceed?
Thanks very much for any help
Ian Hunter
--
View this message in context: http://openejb.979440.n4.nabble.com/Problems-with-TomEE-and-bouncycastle-tp4667472p4667545.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: Problems with TomEE and bouncycastle...
Posted by ihunter <ih...@hotmail.com>.
Thanks. I'll develop a small servlet and try to reproduce.
--
View this message in context: http://openejb.979440.n4.nabble.com/Problems-with-TomEE-and-bouncycastle-tp4667472p4667493.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: Problems with TomEE and bouncycastle...
Posted by Romain Manni-Bucau <rm...@gmail.com>.
Yes it is.
I propose you to start with TomEE then maybe see with the webapp it is
still failling.
If you can try to reproduce the issue in a smaller project it could help a lot
Romain Manni-Bucau
Twitter: @rmannibucau
Blog: http://rmannibucau.wordpress.com/
LinkedIn: http://fr.linkedin.com/in/rmannibucau
Github: https://github.com/rmannibucau
2014-02-04 ihunter <ih...@hotmail.com>:
> I'm trying 2 installations...
>
> 1) TC7 & drop in tomee-webapp-1.6.0.war into webapps
> 2) TomEE apache-tomee-1.6.0-plus.tar.gz
>
> I'm a bit confused about the versioning, but I *think* this is OpenEJB 4.6.0
> as per the current download pages
>
> Thx
> Ian
>
>
>
>
>
> --
> View this message in context: http://openejb.979440.n4.nabble.com/Problems-with-TomEE-and-bouncycastle-tp4667472p4667479.html
> Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: Problems with TomEE and bouncycastle...
Posted by ihunter <ih...@hotmail.com>.
I'm trying 2 installations...
1) TC7 & drop in tomee-webapp-1.6.0.war into webapps
2) TomEE apache-tomee-1.6.0-plus.tar.gz
I'm a bit confused about the versioning, but I *think* this is OpenEJB 4.6.0
as per the current download pages
Thx
Ian
--
View this message in context: http://openejb.979440.n4.nabble.com/Problems-with-TomEE-and-bouncycastle-tp4667472p4667479.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: Problems with TomEE and bouncycastle...
Posted by Romain Manni-Bucau <rm...@gmail.com>.
yes tomee webapp is merging tomcat and tomee conf folders.
btw you use which openejb version? tomee-webapp-4.x.y right?
Romain Manni-Bucau
Twitter: @rmannibucau
Blog: http://rmannibucau.wordpress.com/
LinkedIn: http://fr.linkedin.com/in/rmannibucau
Github: https://github.com/rmannibucau
2014-02-04 ihunter <ih...@hotmail.com>:
> Thanks for the replies...
>
> By printing the raw exception, I get 2 additional lines...
>
> java.lang.Exception: Error making private key from a string
> at org.bouncycastle.util.KeyUtil.getCKey(Unknown Source)
> at org.bouncycastle.jce.KeyProcessor.getPrivateKey(Unknown Source)
>
> :-)
>
> I also tried putting the BC jars into <JRE>/lib/ext and this time
> catalina.log was clean, but openejb.log indicated a problem accessing
> common-codec.jar (Base64) (which is in the TC/lib directory). So I guess I
> *could* put more into JRE/lib/ext, but this feels wrong. I've withdrawn
> this, and I'm back to same exception in catalina.log
>
> As for checking class filtering...
>
> I can see system.properties in the TomEE/conf, but I see no equivalent in
> TC/conf - can I copy across same file? I presume I would just add comma
> separated class names of BC classes that can't be found?
>
>
>
>
>
> --
> View this message in context: http://openejb.979440.n4.nabble.com/Problems-with-TomEE-and-bouncycastle-tp4667472p4667475.html
> Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: Problems with TomEE and bouncycastle...
Posted by ihunter <ih...@hotmail.com>.
Thanks for the replies...
By printing the raw exception, I get 2 additional lines...
java.lang.Exception: Error making private key from a string
at org.bouncycastle.util.KeyUtil.getCKey(Unknown Source)
at org.bouncycastle.jce.KeyProcessor.getPrivateKey(Unknown Source)
:-)
I also tried putting the BC jars into <JRE>/lib/ext and this time
catalina.log was clean, but openejb.log indicated a problem accessing
common-codec.jar (Base64) (which is in the TC/lib directory). So I guess I
*could* put more into JRE/lib/ext, but this feels wrong. I've withdrawn
this, and I'm back to same exception in catalina.log
As for checking class filtering...
I can see system.properties in the TomEE/conf, but I see no equivalent in
TC/conf - can I copy across same file? I presume I would just add comma
separated class names of BC classes that can't be found?
--
View this message in context: http://openejb.979440.n4.nabble.com/Problems-with-TomEE-and-bouncycastle-tp4667472p4667475.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: Problems with TomEE and bouncycastle...
Posted by Andy <an...@orprovision.com>.
Hi Ian,
The stacktrace and error you are presenting seems to be masked by your
own code at
com.xxx.utilities.PCIUtility.getPrivateKey(Utility.java:336). Can you
provide the actual JCE exception?
Andy.
Re: Problems with TomEE and bouncycastle...
Posted by Romain Manni-Bucau <rm...@gmail.com>.
Hi
can be due to some filtering of classes, maybe have a look to
openejb.classloader.forced-load=the.package.you.want.to.be.sure.to.load.from.webapp
Romain Manni-Bucau
Twitter: @rmannibucau
Blog: http://rmannibucau.wordpress.com/
LinkedIn: http://fr.linkedin.com/in/rmannibucau
Github: https://github.com/rmannibucau
2014-02-04 Ian Hunter <ia...@aicorporation.com>:
> System: Win7
> TC: Tomcat 7.0.47
> OpenEJB: Standalone 4.6.0
> Java: Java 7
> BouncyCastle: bcpg-jdk16-146.jar and bcprov-ext-jdk16-150.jar placed in <TC_ROOT>/lib
>
> [I have also tried the combined TomEE 1.6.0]
>
> Hi Folks,
>
> I've been tasked with moving our project from TC6/OpenEJB to TC7/OpenEJB.
>
> The original installation is somewhat customized, undocumented and unsupported, so I'm taking the approach of start again with fresh installation - pulling stuff over to try and get it running
>
> My current problem is that in trying to use bouncy castle to read a private key, where the old installation succeeds, my new installation fails with the following exception...
>
> -----------------
> SEVERE: 1759 - Unable to properly read keys.
> Feb 04, 2014 9:40:56 AM com.xxxxx.scheduler.SchedulerProcess schedularStartup
> SEVERE: (SecSrvMsg) 1729 - There is some issue in scheduler process.
> com.xxxxx.XXXXXException: (SecSrvMsg) 1253 - An error has occurred while trying to extract the private key. Cause: Error making private key from a string
> at com.xxx.utilities.PCIUtility.getPrivateKey(Utility.java:336)
> at com.xxx.utilities.PCIUtility.readSAF(Utility.java:382)
> at com.xxx.context.SecInstance.<init>(SecInstance.java:79)
> at com.xxx.context.SecInstance.getInstance(SecInstance.java:68)
> at com.xxx.utilities.Utility.getSAF(Utility.java:271)
> at com.xxx.scheduler.SchedulerProcess.schedularStartup(SchedulerProcess.java:94)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
> at java.lang.reflect.Method.invoke(Unknown Source)
> -----------------
>
> Searched around and the only issue I can find is that of not setting up Java unlimited encryption. I've double/triple checked and the correct policies are in place, and just before the attempt to get the key, I've printed out java.home and it points to the correct JRE.
>
> I'm a bit lost on what to look at or try next.
>
> Any help appreciated
>
> Thanks
> Ian Hunter
>
>
>
>