You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@river.apache.org by Peter Firmstone <ji...@zeus.net.au> on 2009/09/29 01:01:12 UTC
Re: [jira] Updated: (RIVER-320) Prebuilt hello example certificates
have expired - need to provide new ones
Sounds like a good proposal +1
Jonathan Costers (JIRA) wrote:
> [ https://issues.apache.org/jira/browse/RIVER-320?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
>
> Jonathan Costers updated RIVER-320:
> -----------------------------------
>
> Description:
> When running the Hello example in SSL mode, errors are thrown about the used certificate being expired:
>
> + java -Djava.security.manager= -Djava.security.policy=config/ssl-server.policy -Djava.security.auth.login.config=config/ssl-server.login -Djava.security.properties=config/dynamic-policy.security-properties -Djavax.net.ssl.trustStore=prebuiltkeys/truststore -Djava.protocol.handler.pkgs=net.jini.url -Djava.rmi.server.RMIClassLoaderSpi=com.sun.jini.example.hello.MdClassAnnotationProvider -Dexport.codebase.source.app=lib -Dexport.codebase.app=httpmd://calisto:8080/server-dl.jar;sha=0 -Dexport.codebase.source.jsk=../../lib-dl -Dexport.codebase.jsk=httpmd://calisto:8080/jsk-dl.jar;sha=0 -jar lib/server.jar config/ssl-server.config
> Exception in thread "main" java.security.PrivilegedActionException: java.rmi.server.ExportException: listen failed; nested exception is:
> net.jini.io.UnsupportedConstraintException: Problem with certificates: CN=Server
> java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 14:22:36 CEST 2008
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
> at com.sun.jini.example.hello.Server.init(Unknown Source)
> at com.sun.jini.example.hello.Server.main(Unknown Source)
> Caused by: java.rmi.server.ExportException: listen failed; nested exception is:
> net.jini.io.UnsupportedConstraintException: Problem with certificates: CN=Server
> java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 14:22:36 CEST 2008
> at com.sun.jini.jeri.internal.runtime.BasicExportTable.export(Unknown Source)
> at net.jini.jeri.BasicJeriExporter.export(Unknown Source)
> at com.sun.jini.example.hello.Server.initAsSubject(Unknown Source)
> at com.sun.jini.example.hello.Server$1.run(Unknown Source)
> ... 4 more
> Caused by: net.jini.io.UnsupportedConstraintException: Problem with certificates: CN=Server
> java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 14:22:36 CEST 2008
> at net.jini.jeri.ssl.SslServerEndpointImpl$SslListenEndpoint.checkCredentials(Unknown Source)
> at net.jini.jeri.ssl.SslServerEndpointImpl$SslListenEndpoint.listen(Unknown Source)
> at com.sun.jini.jeri.internal.runtime.BasicExportTable$Binding$2.run(Unknown Source)
> at java.security.AccessController.doPrivileged(Native Method)
> at net.jini.security.Security$5.run(Unknown Source)
> at java.security.AccessController.doPrivileged(Native Method)
> at net.jini.security.Security.doPrivileged(Unknown Source)
> at com.sun.jini.jeri.internal.runtime.BasicExportTable$Binding.<init>(Unknown Source)
> at com.sun.jini.jeri.internal.runtime.BasicExportTable.getBinding(Unknown Source)
> at com.sun.jini.jeri.internal.runtime.BasicExportTable.access$000(Unknown Source)
> at com.sun.jini.jeri.internal.runtime.BasicExportTable$LC.addListenEndpoint(Unknown Source)
> at net.jini.jeri.ssl.SslServerEndpointImpl.enumerateListenEndpoints(Unknown Source)
> at net.jini.jeri.ssl.SslServerEndpoint.enumerateListenEndpoints(Unknown Source)
> ... 8 more
> Caused by: java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 14:22:36 CEST 2008
> at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:273)
> at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:587)
> at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:560)
> at net.jini.jeri.ssl.Utilities.checkValidity(Unknown Source)
> ... 21 more
>
> The certificates in question are located in ./examples/hello/prebuiltkeys
>
> We need to supply new certificates.
>
> Code (macros) for generating certificates and keystores is already available in the qa/build.xml file.
> This could be used to generate new certificates.
>
> Proposal is to remove the expired prebuilt keys from version control and replace with a generation mechanism.
>
> was:
> When running the Hello example in SSL mode, errors are thrown about the used certificate being expired:
>
> + java -Djava.security.manager= -Djava.security.policy=config/ssl-server.policy -Djava.security.auth.login.config=config/ssl-server.login -Djava.security.properties=config/dynamic-policy.security-properties -Djavax.net.ssl.trustStore=prebuiltkeys/truststore -Djava.protocol.handler.pkgs=net.jini.url -Djava.rmi.server.RMIClassLoaderSpi=com.sun.jini.example.hello.MdClassAnnotationProvider -Dexport.codebase.source.app=lib -Dexport.codebase.app=httpmd://calisto:8080/server-dl.jar;sha=0 -Dexport.codebase.source.jsk=../../lib-dl -Dexport.codebase.jsk=httpmd://calisto:8080/jsk-dl.jar;sha=0 -jar lib/server.jar config/ssl-server.config
> Exception in thread "main" java.security.PrivilegedActionException: java.rmi.server.ExportException: listen failed; nested exception is:
> net.jini.io.UnsupportedConstraintException: Problem with certificates: CN=Server
> java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 14:22:36 CEST 2008
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
> at com.sun.jini.example.hello.Server.init(Unknown Source)
> at com.sun.jini.example.hello.Server.main(Unknown Source)
> Caused by: java.rmi.server.ExportException: listen failed; nested exception is:
> net.jini.io.UnsupportedConstraintException: Problem with certificates: CN=Server
> java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 14:22:36 CEST 2008
> at com.sun.jini.jeri.internal.runtime.BasicExportTable.export(Unknown Source)
> at net.jini.jeri.BasicJeriExporter.export(Unknown Source)
> at com.sun.jini.example.hello.Server.initAsSubject(Unknown Source)
> at com.sun.jini.example.hello.Server$1.run(Unknown Source)
> ... 4 more
> Caused by: net.jini.io.UnsupportedConstraintException: Problem with certificates: CN=Server
> java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 14:22:36 CEST 2008
> at net.jini.jeri.ssl.SslServerEndpointImpl$SslListenEndpoint.checkCredentials(Unknown Source)
> at net.jini.jeri.ssl.SslServerEndpointImpl$SslListenEndpoint.listen(Unknown Source)
> at com.sun.jini.jeri.internal.runtime.BasicExportTable$Binding$2.run(Unknown Source)
> at java.security.AccessController.doPrivileged(Native Method)
> at net.jini.security.Security$5.run(Unknown Source)
> at java.security.AccessController.doPrivileged(Native Method)
> at net.jini.security.Security.doPrivileged(Unknown Source)
> at com.sun.jini.jeri.internal.runtime.BasicExportTable$Binding.<init>(Unknown Source)
> at com.sun.jini.jeri.internal.runtime.BasicExportTable.getBinding(Unknown Source)
> at com.sun.jini.jeri.internal.runtime.BasicExportTable.access$000(Unknown Source)
> at com.sun.jini.jeri.internal.runtime.BasicExportTable$LC.addListenEndpoint(Unknown Source)
> at net.jini.jeri.ssl.SslServerEndpointImpl.enumerateListenEndpoints(Unknown Source)
> at net.jini.jeri.ssl.SslServerEndpoint.enumerateListenEndpoints(Unknown Source)
> ... 8 more
> Caused by: java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 14:22:36 CEST 2008
> at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:273)
> at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:587)
> at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:560)
> at net.jini.jeri.ssl.Utilities.checkValidity(Unknown Source)
> ... 21 more
>
> The certificates in question are located in ./examples/hello/prebuiltkeys
>
> We need to supply new certificates.
>
> Code (macros) for generating certificates and keystores is already available in the qa/build.xml file. This could be used to generate new certificates, which are then put in version control, updating the original expired ones.
>
>
>
>> Prebuilt hello example certificates have expired - need to provide new ones
>> ----------------------------------------------------------------------------
>>
>> Key: RIVER-320
>> URL: https://issues.apache.org/jira/browse/RIVER-320
>> Project: River
>> Issue Type: Bug
>> Components: com_sun_jini_example
>> Affects Versions: AR1
>> Reporter: Jonathan Costers
>>
>> When running the Hello example in SSL mode, errors are thrown about the used certificate being expired:
>> + java -Djava.security.manager= -Djava.security.policy=config/ssl-server.policy -Djava.security.auth.login.config=config/ssl-server.login -Djava.security.properties=config/dynamic-policy.security-properties -Djavax.net.ssl.trustStore=prebuiltkeys/truststore -Djava.protocol.handler.pkgs=net.jini.url -Djava.rmi.server.RMIClassLoaderSpi=com.sun.jini.example.hello.MdClassAnnotationProvider -Dexport.codebase.source.app=lib -Dexport.codebase.app=httpmd://calisto:8080/server-dl.jar;sha=0 -Dexport.codebase.source.jsk=../../lib-dl -Dexport.codebase.jsk=httpmd://calisto:8080/jsk-dl.jar;sha=0 -jar lib/server.jar config/ssl-server.config
>> Exception in thread "main" java.security.PrivilegedActionException: java.rmi.server.ExportException: listen failed; nested exception is:
>> net.jini.io.UnsupportedConstraintException: Problem with certificates: CN=Server
>> java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 14:22:36 CEST 2008
>> at java.security.AccessController.doPrivileged(Native Method)
>> at javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
>> at com.sun.jini.example.hello.Server.init(Unknown Source)
>> at com.sun.jini.example.hello.Server.main(Unknown Source)
>> Caused by: java.rmi.server.ExportException: listen failed; nested exception is:
>> net.jini.io.UnsupportedConstraintException: Problem with certificates: CN=Server
>> java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 14:22:36 CEST 2008
>> at com.sun.jini.jeri.internal.runtime.BasicExportTable.export(Unknown Source)
>> at net.jini.jeri.BasicJeriExporter.export(Unknown Source)
>> at com.sun.jini.example.hello.Server.initAsSubject(Unknown Source)
>> at com.sun.jini.example.hello.Server$1.run(Unknown Source)
>> ... 4 more
>> Caused by: net.jini.io.UnsupportedConstraintException: Problem with certificates: CN=Server
>> java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 14:22:36 CEST 2008
>> at net.jini.jeri.ssl.SslServerEndpointImpl$SslListenEndpoint.checkCredentials(Unknown Source)
>> at net.jini.jeri.ssl.SslServerEndpointImpl$SslListenEndpoint.listen(Unknown Source)
>> at com.sun.jini.jeri.internal.runtime.BasicExportTable$Binding$2.run(Unknown Source)
>> at java.security.AccessController.doPrivileged(Native Method)
>> at net.jini.security.Security$5.run(Unknown Source)
>> at java.security.AccessController.doPrivileged(Native Method)
>> at net.jini.security.Security.doPrivileged(Unknown Source)
>> at com.sun.jini.jeri.internal.runtime.BasicExportTable$Binding.<init>(Unknown Source)
>> at com.sun.jini.jeri.internal.runtime.BasicExportTable.getBinding(Unknown Source)
>> at com.sun.jini.jeri.internal.runtime.BasicExportTable.access$000(Unknown Source)
>> at com.sun.jini.jeri.internal.runtime.BasicExportTable$LC.addListenEndpoint(Unknown Source)
>> at net.jini.jeri.ssl.SslServerEndpointImpl.enumerateListenEndpoints(Unknown Source)
>> at net.jini.jeri.ssl.SslServerEndpoint.enumerateListenEndpoints(Unknown Source)
>> ... 8 more
>> Caused by: java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 14:22:36 CEST 2008
>> at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:273)
>> at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:587)
>> at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:560)
>> at net.jini.jeri.ssl.Utilities.checkValidity(Unknown Source)
>> ... 21 more
>> The certificates in question are located in ./examples/hello/prebuiltkeys
>> We need to supply new certificates.
>> Code (macros) for generating certificates and keystores is already available in the qa/build.xml file.
>> This could be used to generate new certificates.
>> Proposal is to remove the expired prebuilt keys from version control and replace with a generation mechanism.
>>
>
>