airavata-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Raminder Singh <rsand...@gmail.com>
Subject Re: Error retrieving credentials using certificates/private keys returned by OA4MP service
Date Wed, 02 Oct 2013 14:51:52 GMT
Hi Akos,

I faced similar problem with cog-jglobus and patched a version of cog-jglobus. You can be
download patched version from http://community.ucs.indiana.edu:9090/archiva/repository/ogce.m2.all/cog-jglobus/cog-jglobus/1.8.0_bc/
repository. You need to update bouncycastle version to jdk1.6.1.46. I will not recommend you
to go this path. If you can use Airavata 0.9 release you don't need cog-jgloubs. Airavata
0.9 and later uses Jglobus 2.0.6 and is a better library to use to handle grid security and
job submission. 

<dependency>
    <groupId>cog-jglobus</groupId>
    <artifactId>cog-jglobus</artifactId>
    <version>1.8.0_bc</version>
</dependency>
<dependency>
    <groupId>org.bouncycastle</groupId>
    <artifactId>bcprov-jdk16</artifactId>
    <version>1.46</version>
</dependency>

Please let us know if you need any help with Airavata.  
Thanks
Raminder

On Oct 2, 2013, at 8:44 AM, Marlon Pierce <marpierc@iu.edu> wrote:

> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi Akos--
> 
> You may want to take this question to the Apache Airavata dev list:
> dev@airavata.apache.org (cc'd).
> 
> 
> Marlon
> 
> On 10/2/13 5:37 AM, Akos Hajnal wrote:
>> I don't know what "OA4MP" is, but I guess we use the
>> same cog-jglobus-1.8.jar-bcprov-jdk14-140.jar libs (downloaded my maven),
>> and get
>> the same Exception.
>> 
>> What is amazing the exception is thrown
>> in BouncyCastleUtil.getIdentity(X509Certificate cert), in a line
> silimar to
>> 
>>  if (! (cert instanceof
>> org.bouncycastle.jce.provider.X509CertificateObject) ) {
>> System.out.println(cert.getClass()); throw new Exception(); }
>> 
>> and the classname printed is:
>> "org.bouncycastle.jce.provider.X509CertificateObject". Another X-file...
>> 
>> Regards, Akos Hajnal
>> 
>> 
>> 
>> 2013. október 1., kedd 17:42:05 UTC+2 időpontban Jeff Gaynor a következőt
>> írta:
>>> 
>>> What version of OA4MP are you using and where did you get it from?
>>> 
>>> Jeff
>>> 
>>> On 09/30/2013 08:43 AM, Akos Hajnal wrote:
>>> 
>>> Dear Jeff,ďż˝
>>> I tried:
>>> Security.addProvider(new BouncyCastleProvider());
>>> setProvider("BC");
>>> installSecureRandomProvider();
>>> 
>>> (the same as static code of�CertUtil)
>>> at the very beginning when my webapp is deployed, but I get the same
>>> exception.
>>> Maybe something stucked earlier. On the first deploy it works without
>>> exception, but never after redeploy.
>>> I use v1.8.
>>> 
>>> Regards, Akos Hajnal
>>> 
>>> 2013. m�jus 22., szerda 22:58:39 UTC+2 id�pontban Jeff Gaynor a
>>> k�vetkez�t �rta:
>>>> 
>>>> Hmmm. You might try the following two lines of code
>>>> 
>>>> Security.addProvider(new
>>>> org.bouncycastle.jce.provider.BouncyCastleProvider());
>>>> CertUtil.setCertFactory(CertificateFactory.getInstance("X.509", "BC"));
>>>> 
>>>> The first call is from java.security and the CertUtil is in OA4MP.ďż˝
>>>> This will require that the bouncy castle provider be used. This
> should be
>>>> used as early in your code as possible, before any OA4MP calls.
>>>> 
>>>> There is also a chance this might be a class loader issue, but it would
>>>> be good to check this possibility out first since it is easy.
>>>> 
>>>> Jeff
>>>> 
>>>> 
>>>> On 05/22/2013 03:26 PM, Amila Jayasekara wrote:
>>>> 
>>>> Hi All,
>>>> 
>>>> I am getting following error when trying to communicate with MyProxy
>>>> server to create credentials.
>>>> 
>>>> *An error occurred while retrieving credentials from credential store.
>>>> But continuing with password credentials.ďż˝*
>>>> *java.lang.IllegalArgumentException: [JGLOBUS-35] Unexpected
> certificate
>>>> type: "class sun.security.x509.X509CertImpl"*
>>>> * at
>>>> 
> org.globus.gsi.bc.BouncyCastleUtil.getIdentity(BouncyCastleUtil.java:453)
>>>> *
>>>> * at
>>>> 
> org.globus.gsi.bc.BouncyCastleUtil.getIdentity(BouncyCastleUtil.java:470)
>>>> *
>>>> * at
>>>> org.globus.gsi.GlobusCredential.getIdentity(GlobusCredential.java:401)*
>>>> * at
>>>> 
> org.globus.gsi.gssapi.GlobusGSSCredentialImpl.<init>(GlobusGSSCredentialImpl.java:70)
>>>> *
>>>> * at
>>>> 
> org.apache.airavata.gfac.utils.MyProxyManager.getCredentialsFromStore(MyProxyManager.java:231)
>>>> *
>>>> at
>>>> 
> org.apache.airavata.gfac.context.security.GSISecurityContext.getGssCredentials(GSISecurityContext.java:82)
>>>> at
>>>> 
> org.apache.airavata.gfac.handler.GramDirectorySetupHandler.invoke(GramDirectorySetupHandler.java:80)
>>>> at
>>>> org.apache.airavata.gfac.GFacAPI.invokeInFlowHandlers(GFacAPI.java:132)
>>>> at org.apache.airavata.gfac.GFacAPI.schedule(GFacAPI.java:63)
>>>> at org.apache.airavata.gfac.GFacAPI.submitJob(GFacAPI.java:53)
>>>> at
>>>> 
> org.apache.airavata.xbaya.invoker.EmbeddedGFacInvoker.invoke(EmbeddedGFacInvoker.java:334)
>>>> at
>>>> 
> org.apache.airavata.xbaya.interpretor.WorkflowInterpreter.handleWSComponent(WorkflowInterpreter.java:710)
>>>> at
>>>> 
> org.apache.airavata.xbaya.interpretor.WorkflowInterpreter.executeDynamically(WorkflowInterpreter.java:530)
>>>> at
>>>> 
> org.apache.airavata.xbaya.interpretor.WorkflowInterpreter.access$000(WorkflowInterpreter.java:89)
>>>> at
>>>> 
> org.apache.airavata.xbaya.interpretor.WorkflowInterpreter$1.run(WorkflowInterpreter.java:197)
>>>> 
>>>> In�*org.apache.airavata.gfac.utils.MyProxyManager*�I have
> following
>>>> code;
>>>> 
>>>>   X509Certificate[] certificates = new X509Certificate[1];
>>>>  certificates[0] = <certificate from oa4mp>
>>>> 
>>>> 
>>>>   GlobusCredential newCredential = new GlobusCredential(<privateKey
>>>> from oa4mp>,
>>>>  ďż˝ ďż˝ ďż˝ ďż˝ ďż˝ ďż˝ ďż˝ ďż˝ ďż˝ ďż˝ ďż˝
ďż˝ certificates);
>>>> 
>>>>   return new GlobusGSSCredentialImpl(newCredential,
>>>>  � � � � � � �GSSCredential.INITIATE_AND_ACCEPT);
>>>> 
>>>> 
>>>> I debugged and confirmed that the assetResponse returned by OA4MP
>>>> server has "*sun.security.x509.X509CertImpl" *object type.
>>>> 
>>>> What am I doing wrong here ?
>>>> Any help to resolve this issue is appreciated.
>>>> 
>>>> Thanks in advance.
>>>> Regards,
>>>> Amilaďż˝
>>>> 
>>>>  --
>>>> You received this message because you are subscribed to the Google
> Groups
>>>> "science gateway security discussion" group.
>>>> To unsubscribe from this group and stop receiving emails from it,
> send an
>>>> email to discuss+u...@sciencegatewaysecurity.org.
>>>> Visit this group at
>>>> 
> http://groups.google.com/a/sciencegatewaysecurity.org/group/discuss/?hl=en-US
>>>> .
>>>> ďż˝
>>>> ďż˝
>>>> 
>>>> 
>>>>  --
>>> You received this message because you are subscribed to the Google
> Groups
>>> "science gateway security discussion" group.
>>> To unsubscribe from this group and stop receiving emails from it,
> send an
>>> email to discuss+u...@sciencegatewaysecurity.org <javascript:>.
>>> Visit this group at
>>> http://groups.google.com/a/sciencegatewaysecurity.org/group/discuss/.
>>> 
>>> 
>>> 
>> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> 
> iQEcBAEBAgAGBQJSTBUTAAoJEOEgD2XReDo5zskH/jebarHRrjMG2XBCB43PEH0A
> 2MY+zfrS1YieGGeFggRUV1j10iirn2doDPtvIfek1P8hXWbzHd7AAX0vMwvaVi+4
> 05J0Ydj3a+wGObGqd3h6rYmr535jmkWvgL7NhnSqvQfYbAi/0SxrUjW8fTadFNvg
> d139jrKsmYEpnRg2gWxERfi1jqQoJw1ZrXgbvytoL7+nXNC4/z6YoEQy8EwwG3LC
> oW6H480imcQGQOlCnW1ZrOIz8M2RecR/rvlt+0Cic1565e0GyzkUReHCnSgOPU5v
> hi9+ZguHPl6oEFfwn+3BpoAhD/2+1evqzefm9rw2Bs9G2OiooqFKfmHFvzjVYQA=
> =d026
> -----END PGP SIGNATURE-----
> 
> -- 
> You received this message because you are subscribed to the Google Groups "science gateway
security discussion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to discuss+unsubscribe@sciencegatewaysecurity.org.
> Visit this group at http://groups.google.com/a/sciencegatewaysecurity.org/group/discuss/.


Mime
View raw message