You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@river.apache.org by "Jonathan Costers (JIRA)" <ji...@apache.org> on 2009/09/30 00:16:08 UTC

[jira] Resolved: (RIVER-320) Prebuilt hello example certificates have expired - need to provide new ones

     [ https://issues.apache.org/jira/browse/RIVER-320?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jonathan Costers resolved RIVER-320.
------------------------------------

    Resolution: Fixed

> Prebuilt hello example certificates have expired - need to provide new ones 
> ----------------------------------------------------------------------------
>
>                 Key: RIVER-320
>                 URL: https://issues.apache.org/jira/browse/RIVER-320
>             Project: River
>          Issue Type: Bug
>          Components: com_sun_jini_example
>    Affects Versions: AR1
>            Reporter: Jonathan Costers
>            Assignee: Jonathan Costers
>             Fix For: AR2
>
>
> When running the Hello example in SSL mode, errors are thrown about the used certificate being expired:
> + java -Djava.security.manager= -Djava.security.policy=config/ssl-server.policy -Djava.security.auth.login.config=config/ssl-server.login -Djava.security.properties=config/dynamic-policy.security-properties -Djavax.net.ssl.trustStore=prebuiltkeys/truststore -Djava.protocol.handler.pkgs=net.jini.url -Djava.rmi.server.RMIClassLoaderSpi=com.sun.jini.example.hello.MdClassAnnotationProvider -Dexport.codebase.source.app=lib -Dexport.codebase.app=httpmd://calisto:8080/server-dl.jar;sha=0 -Dexport.codebase.source.jsk=../../lib-dl -Dexport.codebase.jsk=httpmd://calisto:8080/jsk-dl.jar;sha=0 -jar lib/server.jar config/ssl-server.config
> Exception in thread "main" java.security.PrivilegedActionException: java.rmi.server.ExportException: listen failed; nested exception is: 
> 	net.jini.io.UnsupportedConstraintException: Problem with certificates: CN=Server
> java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 14:22:36 CEST 2008
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
> 	at com.sun.jini.example.hello.Server.init(Unknown Source)
> 	at com.sun.jini.example.hello.Server.main(Unknown Source)
> Caused by: java.rmi.server.ExportException: listen failed; nested exception is: 
> 	net.jini.io.UnsupportedConstraintException: Problem with certificates: CN=Server
> java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 14:22:36 CEST 2008
> 	at com.sun.jini.jeri.internal.runtime.BasicExportTable.export(Unknown Source)
> 	at net.jini.jeri.BasicJeriExporter.export(Unknown Source)
> 	at com.sun.jini.example.hello.Server.initAsSubject(Unknown Source)
> 	at com.sun.jini.example.hello.Server$1.run(Unknown Source)
> 	... 4 more
> Caused by: net.jini.io.UnsupportedConstraintException: Problem with certificates: CN=Server
> java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 14:22:36 CEST 2008
> 	at net.jini.jeri.ssl.SslServerEndpointImpl$SslListenEndpoint.checkCredentials(Unknown Source)
> 	at net.jini.jeri.ssl.SslServerEndpointImpl$SslListenEndpoint.listen(Unknown Source)
> 	at com.sun.jini.jeri.internal.runtime.BasicExportTable$Binding$2.run(Unknown Source)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at net.jini.security.Security$5.run(Unknown Source)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at net.jini.security.Security.doPrivileged(Unknown Source)
> 	at com.sun.jini.jeri.internal.runtime.BasicExportTable$Binding.<init>(Unknown Source)
> 	at com.sun.jini.jeri.internal.runtime.BasicExportTable.getBinding(Unknown Source)
> 	at com.sun.jini.jeri.internal.runtime.BasicExportTable.access$000(Unknown Source)
> 	at com.sun.jini.jeri.internal.runtime.BasicExportTable$LC.addListenEndpoint(Unknown Source)
> 	at net.jini.jeri.ssl.SslServerEndpointImpl.enumerateListenEndpoints(Unknown Source)
> 	at net.jini.jeri.ssl.SslServerEndpoint.enumerateListenEndpoints(Unknown Source)
> 	... 8 more
> Caused by: java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 14:22:36 CEST 2008
> 	at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:273)
> 	at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:587)
> 	at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:560)
> 	at net.jini.jeri.ssl.Utilities.checkValidity(Unknown Source)
> 	... 21 more
> The certificates in question are located in ./examples/hello/prebuiltkeys
> We need to supply new certificates.
> Code (macros) for generating certificates and keystores is already available in the qa/build.xml file. 
> This could be used to generate new certificates.
> Proposal is to remove the expired prebuilt keys from version control and replace with a generation mechanism.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.