airavata-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Raminder Singh <raminderjsi...@gmail.com>
Subject Re: Error retrieving credentials using certificates/private keys returned by OA4MP service
Date Thu, 03 Oct 2013 13:44:24 GMT
Akos, 

Try to find this class in your tomcat webapps folder and if the jar is in multiple projects
then delete them and have a single copy of the jar to lib folder of tomcat (tomcat 6+ does
not have shared lib added to configuration). Its a class loading issue and this may help.
If you want we can have a Skype session to debug this together. My Skype id is sandhu_raman1.
 

find apache-tomcat-7.0.39/webapps/  -name "*.jar" -exec grep -Hls org.bouncycastle.jce.provider.X509CertificateObject
{} \;

Thanks
Raminder

On Oct 3, 2013, at 7:42 AM, Akos Hajnal <akos.l.hajnal@gmail.com> wrote:

> Dear Raminder,
> 
> I've tried the patched version together with bcprov16, but the same exception after redeploy.
> 
> Now  it seems that on tomcat removes class org.bouncycastle.jce.provider.X509CertificateObject
on undeploy, and cannot re-load this class
> on redeploy. If I put bcprov-jdk14-140.jar into tomcat/lib, X509CertificateObject is
not unloaded, and it seems to work without exception.
> I don't know why, and how to fix it.
> 
> I don't know Airavata. Maybe I search for it...
> 
> Regards, Akos Hajnal
> 
> ps.
> //test proxy file exception
> GlobusCredential cred = new GlobusCredential("x509up");
> for (X509Certificate cert: cred.getCertificateChain()) {
>               Class<? extends X509Certificate> c = cert.getClass();
>               log.info(c.getName() + " class is from jar " + c.getResource('/'+ c.getName().replace('.',
'/')+".class")); // <- see error below
>               ...
> }
> 
> Oct 03, 2013 1:20:03 PM org.apache.catalina.loader.WebappClassLoader findResourceInternal
> INFO: Illegal access: this web application instance has been stopped already.  Could
not load org/bouncycastle/jce/provider/X509CertificateO
> bject.class.  The eventual following stack trace is caused by an error thrown for debugging
purposes as well as to attempt to terminate the
> thread which caused the illegal access, and has no functional impact.
> 
> Raminder Singh wrote:
> 
>> Hi Akos,
>> 
>> I faced similar problem with cog-jglobus and patched a version of cog-jglobus. You
can be download patched version from http://community.ucs.indiana.edu:9090/archiva/repository/ogce.m2.all/cog-jglobus/cog-jglobus/1.8.0_bc/
repository. You need to update bouncycastle version to jdk1.6.1.46. I will not recommend you
to go this path. If you can use Airavata 0.9 release you don't need cog-jgloubs. Airavata
0.9 and later uses Jglobus 2.0.6 and is a better library to use to handle grid security and
job submission. 
>> <dependency>
>>    <groupId>cog-jglobus</groupId>
>>    <artifactId>cog-jglobus</artifactId>
>>    <version>1.8.0_bc</version>
>> </dependency>
>> <dependency>
>>    <groupId>org.bouncycastle</groupId>
>>    <artifactId>bcprov-jdk16</artifactId>
>>    <version>1.46</version>
>> </dependency>
>> 
>> Please let us know if you need any help with Airavata.  Thanks
>> Raminder
>> 
>> On Oct 2, 2013, at 8:44 AM, Marlon Pierce <marpierc@iu.edu <mailto:marpierc@iu.edu>>
wrote:
>> 
>>> 
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>> 
>>> Hi Akos--
>>> 
>>> You may want to take this question to the Apache Airavata dev list:
>>> dev@airavata.apache.org <mailto:dev@airavata.apache.org> (cc'd).
>>> 
>>> 
>>> Marlon
>>> 
>>> On 10/2/13 5:37 AM, Akos Hajnal wrote:
>>> 
>>>> I don't know what "OA4MP" is, but I guess we use the
>>>> same cog-jglobus-1.8.jar-bcprov-jdk14-140.jar libs (downloaded my maven),
>>>> and get
>>>> the same Exception.
>>>> 
>>>> What is amazing the exception is thrown
>>>> in BouncyCastleUtil.getIdentity(X509Certificate cert), in a line
>>> 
>>> silimar to
>>> 
>>>> 
>>>> if (! (cert instanceof
>>>> org.bouncycastle.jce.provider.X509CertificateObject) ) {
>>>> System.out.println(cert.getClass()); throw new Exception(); }
>>>> 
>>>> and the classname printed is:
>>>> "org.bouncycastle.jce.provider.X509CertificateObject". Another X-file...
>>>> 
>>>> Regards, Akos Hajnal
>>>> 
>>>> 
>>>> 
>>>> 2013. október 1., kedd 17:42:05 UTC+2 időpontban Jeff Gaynor a következőt
>>>> írta:
>>>> 
>>>>> 
>>>>> What version of OA4MP are you using and where did you get it from?
>>>>> 
>>>>> Jeff
>>>>> 
>>>>> On 09/30/2013 08:43 AM, Akos Hajnal wrote:
>>>>> 
>>>>> Dear Jeff,ďż˝
>>>>> I tried:
>>>>> Security.addProvider(new BouncyCastleProvider());
>>>>> setProvider("BC");
>>>>> installSecureRandomProvider();
>>>>> 
>>>>> (the same as static code of�CertUtil)
>>>>> at the very beginning when my webapp is deployed, but I get the same
>>>>> exception.
>>>>> Maybe something stucked earlier. On the first deploy it works without
>>>>> exception, but never after redeploy.
>>>>> I use v1.8.
>>>>> 
>>>>> Regards, Akos Hajnal
>>>>> 
>>>>> 2013. m�jus 22., szerda 22:58:39 UTC+2 id�pontban Jeff Gaynor
a
>>>>> k�vetkez�t �rta:
>>>>> 
>>>>>> 
>>>>>> Hmmm. You might try the following two lines of code
>>>>>> 
>>>>>> Security.addProvider(new
>>>>>> org.bouncycastle.jce.provider.BouncyCastleProvider());
>>>>>> CertUtil.setCertFactory(CertificateFactory.getInstance("X.509", "BC"));
>>>>>> 
>>>>>> The first call is from java.security and the CertUtil is in OA4MP.ďż˝
>>>>>> This will require that the bouncy castle provider be used. This
>>>>> 
>>> should be
>>> 
>>>>>> used as early in your code as possible, before any OA4MP calls.
>>>>>> 
>>>>>> There is also a chance this might be a class loader issue, but it
would
>>>>>> be good to check this possibility out first since it is easy.
>>>>>> 
>>>>>> Jeff
>>>>>> 
>>>>>> 
>>>>>> On 05/22/2013 03:26 PM, Amila Jayasekara wrote:
>>>>>> 
>>>>>> Hi All,
>>>>>> 
>>>>>> I am getting following error when trying to communicate with MyProxy
>>>>>> server to create credentials.
>>>>>> 
>>>>>> *An error occurred while retrieving credentials from credential store.
>>>>>> But continuing with password credentials.ďż˝*
>>>>>> *java.lang.IllegalArgumentException: [JGLOBUS-35] Unexpected
>>>>> 
>>> certificate
>>> 
>>>>>> type: "class sun.security.x509.X509CertImpl"*
>>>>>> * at
>>>>>> 
>>> org.globus.gsi.bc.BouncyCastleUtil.getIdentity(BouncyCastleUtil.java:453)
>>> 
>>>>>> *
>>>>>> * at
>>>>>> 
>>> org.globus.gsi.bc.BouncyCastleUtil.getIdentity(BouncyCastleUtil.java:470)
>>> 
>>>>>> *
>>>>>> * at
>>>>>> org.globus.gsi.GlobusCredential.getIdentity(GlobusCredential.java:401)*
>>>>>> * at
>>>>>> 
>>> org.globus.gsi.gssapi.GlobusGSSCredentialImpl.<init>(GlobusGSSCredentialImpl.java:70)
>>> 
>>>>>> *
>>>>>> * at
>>>>>> 
>>> org.apache.airavata.gfac.utils.MyProxyManager.getCredentialsFromStore(MyProxyManager.java:231)
>>> 
>>>>>> *
>>>>>> at
>>>>>> 
>>> org.apache.airavata.gfac.context.security.GSISecurityContext.getGssCredentials(GSISecurityContext.java:82)
>>> 
>>>>>> at
>>>>>> 
>>> org.apache.airavata.gfac.handler.GramDirectorySetupHandler.invoke(GramDirectorySetupHandler.java:80)
>>> 
>>>>>> at
>>>>>> org.apache.airavata.gfac.GFacAPI.invokeInFlowHandlers(GFacAPI.java:132)
>>>>>> at org.apache.airavata.gfac.GFacAPI.schedule(GFacAPI.java:63)
>>>>>> at org.apache.airavata.gfac.GFacAPI.submitJob(GFacAPI.java:53)
>>>>>> at
>>>>>> 
>>> org.apache.airavata.xbaya.invoker.EmbeddedGFacInvoker.invoke(EmbeddedGFacInvoker.java:334)
>>> 
>>>>>> at
>>>>>> 
>>> org.apache.airavata.xbaya.interpretor.WorkflowInterpreter.handleWSComponent(WorkflowInterpreter.java:710)
>>> 
>>>>>> at
>>>>>> 
>>> org.apache.airavata.xbaya.interpretor.WorkflowInterpreter.executeDynamically(WorkflowInterpreter.java:530)
>>> 
>>>>>> at
>>>>>> 
>>> org.apache.airavata.xbaya.interpretor.WorkflowInterpreter.access$000(WorkflowInterpreter.java:89)
>>> 
>>>>>> at
>>>>>> 
>>> org.apache.airavata.xbaya.interpretor.WorkflowInterpreter$1.run(WorkflowInterpreter.java:197)
>>> 
>>>>>> 
>>>>>> In�*org.apache.airavata.gfac.utils.MyProxyManager*�I have
>>>>> 
>>> following
>>> 
>>>>>> code;
>>>>>> 
>>>>>>  X509Certificate[] certificates = new X509Certificate[1];
>>>>>> certificates[0] = <certificate from oa4mp>
>>>>>> 
>>>>>> 
>>>>>>  GlobusCredential newCredential = new GlobusCredential(<privateKey
>>>>>> from oa4mp>,
>>>>>> ďż˝ ďż˝ ďż˝ ďż˝ ďż˝ ďż˝ ďż˝ ďż˝ ďż˝ ďż˝
ďż˝ ďż˝ certificates);
>>>>>> 
>>>>>>  return new GlobusGSSCredentialImpl(newCredential,
>>>>>> � � � � � � �GSSCredential.INITIATE_AND_ACCEPT);
>>>>>> 
>>>>>> 
>>>>>> I debugged and confirmed that the assetResponse returned by OA4MP
>>>>>> server has "*sun.security.x509.X509CertImpl" *object type.
>>>>>> 
>>>>>> What am I doing wrong here ?
>>>>>> Any help to resolve this issue is appreciated.
>>>>>> 
>>>>>> Thanks in advance.
>>>>>> Regards,
>>>>>> Amilaďż˝
>>>>>> 
>>>>>> --
>>>>>> You received this message because you are subscribed to the Google
>>>>> 
>>> Groups
>>> 
>>>>>> "science gateway security discussion" group.
>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>> 
>>> send an
>>> 
>>>>>> email to discuss+u...@sciencegatewaysecurity.org <http://sciencegatewaysecurity.org>.
>>>>>> Visit this group at
>>>>>> 
>>> http://groups.google.com/a/sciencegatewaysecurity.org/group/discuss/?hl=en-US
>>> 
>>>>>> .
>>>>>> ďż˝
>>>>>> ďż˝
>>>>>> 
>>>>>> 
>>>>>> --
>>>>> 
>>>>> You received this message because you are subscribed to the Google
>>>> 
>>> Groups
>>> 
>>>>> "science gateway security discussion" group.
>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>> 
>>> send an
>>> 
>>>>> email to discuss+u...@sciencegatewaysecurity.org <javascript:>.
>>>>> Visit this group at
>>>>> http://groups.google.com/a/sciencegatewaysecurity.org/group/discuss/.
>>>>> 
>>>>> 
>>>>> 
>>>> 
>>> 
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
>>> Comment: GPGTools - http://gpgtools.org
>>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>>> 
>>> iQEcBAEBAgAGBQJSTBUTAAoJEOEgD2XReDo5zskH/jebarHRrjMG2XBCB43PEH0A
>>> 2MY+zfrS1YieGGeFggRUV1j10iirn2doDPtvIfek1P8hXWbzHd7AAX0vMwvaVi+4
>>> 05J0Ydj3a+wGObGqd3h6rYmr535jmkWvgL7NhnSqvQfYbAi/0SxrUjW8fTadFNvg
>>> d139jrKsmYEpnRg2gWxERfi1jqQoJw1ZrXgbvytoL7+nXNC4/z6YoEQy8EwwG3LC
>>> oW6H480imcQGQOlCnW1ZrOIz8M2RecR/rvlt+0Cic1565e0GyzkUReHCnSgOPU5v
>>> hi9+ZguHPl6oEFfwn+3BpoAhD/2+1evqzefm9rw2Bs9G2OiooqFKfmHFvzjVYQA=
>>> =d026
>>> -----END PGP SIGNATURE-----
>>> 
>>> -- 
>>> You received this message because you are subscribed to the Google Groups "science
gateway security discussion" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an email
to discuss+unsubscribe@sciencegatewaysecurity.org.
>>> Visit this group at http://groups.google.com/a/sciencegatewaysecurity.org/group/discuss/.
>> 
>> 
> 


Mime
View raw message