airavata-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marlon Pierce <marpi...@iu.edu>
Subject Re: Error retrieving credentials using certificates/private keys returned by OA4MP service
Date Wed, 02 Oct 2013 12:44:03 GMT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Akos--

You may want to take this question to the Apache Airavata dev list:
dev@airavata.apache.org (cc'd).


Marlon

On 10/2/13 5:37 AM, Akos Hajnal wrote:
> I don't know what "OA4MP" is, but I guess we use the
> same cog-jglobus-1.8.jar-bcprov-jdk14-140.jar libs (downloaded my maven),
> and get
> the same Exception.
>
> What is amazing the exception is thrown
> in BouncyCastleUtil.getIdentity(X509Certificate cert), in a line
silimar to
>
>   if (! (cert instanceof
> org.bouncycastle.jce.provider.X509CertificateObject) ) {
> System.out.println(cert.getClass()); throw new Exception(); }
>
> and the classname printed is:
> "org.bouncycastle.jce.provider.X509CertificateObject". Another X-file...
>
> Regards, Akos Hajnal
>
>
>
> 2013. október 1., kedd 17:42:05 UTC+2 időpontban Jeff Gaynor a következőt
> írta:
>>
>>  What version of OA4MP are you using and where did you get it from?
>>
>> Jeff
>>
>> On 09/30/2013 08:43 AM, Akos Hajnal wrote:
>> 
>> Dear Jeff,ďż˝
>> I tried:
>>  Security.addProvider(new BouncyCastleProvider());
>>  setProvider("BC");
>>  installSecureRandomProvider();
>>
>>  (the same as static code of�CertUtil)
>> at the very beginning when my webapp is deployed, but I get the same
>> exception.
>> Maybe something stucked earlier. On the first deploy it works without
>> exception, but never after redeploy.
>> I use v1.8.
>>
>>  Regards, Akos Hajnal
>>
>> 2013. m�jus 22., szerda 22:58:39 UTC+2 id�pontban Jeff Gaynor a
>> k�vetkez�t �rta:
>>>
>>>  Hmmm. You might try the following two lines of code
>>>
>>> Security.addProvider(new
>>> org.bouncycastle.jce.provider.BouncyCastleProvider());
>>> CertUtil.setCertFactory(CertificateFactory.getInstance("X.509", "BC"));
>>>
>>> The first call is from java.security and the CertUtil is in OA4MP.ďż˝
>>> This will require that the bouncy castle provider be used. This
should be
>>> used as early in your code as possible, before any OA4MP calls.
>>>
>>> There is also a chance this might be a class loader issue, but it would
>>> be good to check this possibility out first since it is easy.
>>>
>>> Jeff
>>>
>>>
>>> On 05/22/2013 03:26 PM, Amila Jayasekara wrote:
>>> 
>>> Hi All,
>>>
>>>  I am getting following error when trying to communicate with MyProxy
>>> server to create credentials.
>>>
>>>  *An error occurred while retrieving credentials from credential store.
>>> But continuing with password credentials.ďż˝*
>>> *java.lang.IllegalArgumentException: [JGLOBUS-35] Unexpected
certificate
>>> type: "class sun.security.x509.X509CertImpl"*
>>> * at
>>>
org.globus.gsi.bc.BouncyCastleUtil.getIdentity(BouncyCastleUtil.java:453)
>>> *
>>> * at
>>>
org.globus.gsi.bc.BouncyCastleUtil.getIdentity(BouncyCastleUtil.java:470)
>>> *
>>> * at
>>> org.globus.gsi.GlobusCredential.getIdentity(GlobusCredential.java:401)*
>>> * at
>>>
org.globus.gsi.gssapi.GlobusGSSCredentialImpl.<init>(GlobusGSSCredentialImpl.java:70)
>>> *
>>> * at
>>>
org.apache.airavata.gfac.utils.MyProxyManager.getCredentialsFromStore(MyProxyManager.java:231)
>>> *
>>>  at
>>>
org.apache.airavata.gfac.context.security.GSISecurityContext.getGssCredentials(GSISecurityContext.java:82)
>>>  at
>>>
org.apache.airavata.gfac.handler.GramDirectorySetupHandler.invoke(GramDirectorySetupHandler.java:80)
>>>  at
>>> org.apache.airavata.gfac.GFacAPI.invokeInFlowHandlers(GFacAPI.java:132)
>>>  at org.apache.airavata.gfac.GFacAPI.schedule(GFacAPI.java:63)
>>>  at org.apache.airavata.gfac.GFacAPI.submitJob(GFacAPI.java:53)
>>>  at
>>>
org.apache.airavata.xbaya.invoker.EmbeddedGFacInvoker.invoke(EmbeddedGFacInvoker.java:334)
>>>  at
>>>
org.apache.airavata.xbaya.interpretor.WorkflowInterpreter.handleWSComponent(WorkflowInterpreter.java:710)
>>>  at
>>>
org.apache.airavata.xbaya.interpretor.WorkflowInterpreter.executeDynamically(WorkflowInterpreter.java:530)
>>>  at
>>>
org.apache.airavata.xbaya.interpretor.WorkflowInterpreter.access$000(WorkflowInterpreter.java:89)
>>>  at
>>>
org.apache.airavata.xbaya.interpretor.WorkflowInterpreter$1.run(WorkflowInterpreter.java:197)
>>>
>>>  In�*org.apache.airavata.gfac.utils.MyProxyManager*�I have
following
>>> code;
>>>
>>>    X509Certificate[] certificates = new X509Certificate[1];
>>>   certificates[0] = <certificate from oa4mp>
>>>  
>>>   
>>>    GlobusCredential newCredential = new GlobusCredential(<privateKey
>>> from oa4mp>,
>>>   ďż˝ ďż˝ ďż˝ ďż˝ ďż˝ ďż˝ ďż˝ ďż˝ ďż˝ ďż˝ ďż˝
ďż˝ certificates);
>>>  
>>>    return new GlobusGSSCredentialImpl(newCredential,
>>>   � � � � � � �GSSCredential.INITIATE_AND_ACCEPT);
>>> 
>>> 
>>>  I debugged and confirmed that the assetResponse returned by OA4MP
>>> server has "*sun.security.x509.X509CertImpl" *object type.
>>>
>>>  What am I doing wrong here ?
>>> Any help to resolve this issue is appreciated.
>>>
>>>  Thanks in advance.
>>> Regards,
>>>  Amilaďż˝
>>>
>>>   --
>>> You received this message because you are subscribed to the Google
Groups
>>> "science gateway security discussion" group.
>>> To unsubscribe from this group and stop receiving emails from it,
send an
>>> email to discuss+u...@sciencegatewaysecurity.org.
>>> Visit this group at
>>>
http://groups.google.com/a/sciencegatewaysecurity.org/group/discuss/?hl=en-US
>>> .
>>> ďż˝
>>> ďż˝
>>>
>>>
>>>   --
>> You received this message because you are subscribed to the Google
Groups
>> "science gateway security discussion" group.
>> To unsubscribe from this group and stop receiving emails from it,
send an
>> email to discuss+u...@sciencegatewaysecurity.org <javascript:>.
>> Visit this group at
>> http://groups.google.com/a/sciencegatewaysecurity.org/group/discuss/.
>>
>>
>>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSTBUTAAoJEOEgD2XReDo5zskH/jebarHRrjMG2XBCB43PEH0A
2MY+zfrS1YieGGeFggRUV1j10iirn2doDPtvIfek1P8hXWbzHd7AAX0vMwvaVi+4
05J0Ydj3a+wGObGqd3h6rYmr535jmkWvgL7NhnSqvQfYbAi/0SxrUjW8fTadFNvg
d139jrKsmYEpnRg2gWxERfi1jqQoJw1ZrXgbvytoL7+nXNC4/z6YoEQy8EwwG3LC
oW6H480imcQGQOlCnW1ZrOIz8M2RecR/rvlt+0Cic1565e0GyzkUReHCnSgOPU5v
hi9+ZguHPl6oEFfwn+3BpoAhD/2+1evqzefm9rw2Bs9G2OiooqFKfmHFvzjVYQA=
=d026
-----END PGP SIGNATURE-----


Mime
View raw message