cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Harika Punna <harika.pu...@accelerite.com>
Subject Issue with Opensaml and Self-Signed Certificates
Date Mon, 27 Nov 2017 10:56:31 GMT
Hi,


When I use Opensaml on 4.10 with the self-signed certificates I get the following error, though
the configuration for the opensaml and ssl is proper. It works fine if I debug and supply
the password of the keystore in KeyStoreBuilder class, which is in not-yet-commons-ssl.jar.


Has anyone faced this issue, I tried with different versions of opensaml but nothing worked.
Found similar issue on SO at [1], but none of them helped.



java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.

at sun.security.util.DerInputStream.getLength(DerInputStream.java:561)

at sun.security.util.DerValue.init(DerValue.java:365)

at sun.security.util.DerValue.<init>(DerValue.java:320)

at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1914)

at java.security.KeyStore.load(KeyStore.java:1445)

at org.apache.commons.ssl.KeyStoreBuilder.tryJKS(KeyStoreBuilder.java:450)

at org.apache.commons.ssl.KeyStoreBuilder.parse(KeyStoreBuilder.java:416)

at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:207)

at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:160)

at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:165)

at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:170)

at org.apache.commons.ssl.TrustMaterial.<clinit>(TrustMaterial.java:83)

at org.opensaml.xml.security.x509.X509Util.decodeCertificate(X509Util.java:359)

at org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificate(KeyInfoHelper.java:201)

at org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(KeyInfoHelper.java:176)

at org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(KeyInfoHelper.java:150)

at org.apache.cloudstack.saml.SAML2AuthManagerImpl.addIdpToMap(SAML2AuthManagerImpl.java:293)

at org.apache.cloudstack.saml.SAML2AuthManagerImpl.discoverAndAddIdp(SAML2AuthManagerImpl.java:323)

at org.apache.cloudstack.saml.SAML2AuthManagerImpl.access$200(SAML2AuthManagerImpl.java:92)

at org.apache.cloudstack.saml.SAML2AuthManagerImpl$MetadataRefreshTask.run(SAML2AuthManagerImpl.java:349)

at java.util.TimerThread.mainLoop(Timer.java:555)

at java.util.TimerThread.run(Timer.java:505)

java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.

at sun.security.util.DerInputStream.getLength(DerInputStream.java:561)

at sun.security.util.DerValue.init(DerValue.java:365)

at sun.security.util.DerValue.<init>(DerValue.java:320)

at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1914)

at java.security.KeyStore.load(KeyStore.java:1445)

at org.apache.commons.ssl.KeyStoreBuilder.tryJKS(KeyStoreBuilder.java:450)

at org.apache.commons.ssl.KeyStoreBuilder.parse(KeyStoreBuilder.java:416)

at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:207)

at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:160)

at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:165)

at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:170)

at org.apache.commons.ssl.TrustMaterial.<clinit>(TrustMaterial.java:83)

at org.opensaml.xml.security.x509.X509Util.decodeCertificate(X509Util.java:359)

at org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificate(KeyInfoHelper.java:201)

at org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(KeyInfoHelper.java:176)

at org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(KeyInfoHelper.java:150)

at org.apache.cloudstack.saml.SAML2AuthManagerImpl.addIdpToMap(SAML2AuthManagerImpl.java:293)

at org.apache.cloudstack.saml.SAML2AuthManagerImpl.discoverAndAddIdp(SAML2AuthManagerImpl.java:323)

at org.apache.cloudstack.saml.SAML2AuthManagerImpl.access$200(SAML2AuthManagerImpl.java:92)

at org.apache.cloudstack.saml.SAML2AuthManagerImpl$MetadataRefreshTask.run(SAML2AuthManagerImpl.java:349)

at java.util.TimerThread.mainLoop(Timer.java:555)

at java.util.TimerThread.run(Timer.java:505)

java.security.KeyStoreException: failed to extract any certificates or private keys - maybe
bad password?

at org.apache.commons.ssl.KeyStoreBuilder.parse(KeyStoreBuilder.java:436)

at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:207)

at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:160)

at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:165)

at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:170)

at org.apache.commons.ssl.TrustMaterial.<clinit>(TrustMaterial.java:83)

at org.opensaml.xml.security.x509.X509Util.decodeCertificate(X509Util.java:359)

at org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificate(KeyInfoHelper.java:201)

at org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(KeyInfoHelper.java:176)

at org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(KeyInfoHelper.java:150)

at org.apache.cloudstack.saml.SAML2AuthManagerImpl.addIdpToMap(SAML2AuthManagerImpl.java:293)

at org.apache.cloudstack.saml.SAML2AuthManagerImpl.discoverAndAddIdp(SAML2AuthManagerImpl.java:323)

at org.apache.cloudstack.saml.SAML2AuthManagerImpl.access$200(SAML2AuthManagerImpl.java:92)

at org.apache.cloudstack.saml.SAML2AuthManagerImpl$MetadataRefreshTask.run(SAML2AuthManagerImpl.java:349)

at java.util.TimerThread.mainLoop(Timer.java:555)

at java.util.TimerThread.run(Timer.java:505)

Exception in thread "Timer-4" java.lang.ExceptionInInitializerError

at org.opensaml.xml.security.x509.X509Util.decodeCertificate(X509Util.java:359)

at org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificate(KeyInfoHelper.java:201)

at org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(KeyInfoHelper.java:176)

at org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(KeyInfoHelper.java:150)

at org.apache.cloudstack.saml.SAML2AuthManagerImpl.addIdpToMap(SAML2AuthManagerImpl.java:293)

at org.apache.cloudstack.saml.SAML2AuthManagerImpl.discoverAndAddIdp(SAML2AuthManagerImpl.java:323)

at org.apache.cloudstack.saml.SAML2AuthManagerImpl.access$200(SAML2AuthManagerImpl.java:92)

at org.apache.cloudstack.saml.SAML2AuthManagerImpl$MetadataRefreshTask.run(SAML2AuthManagerImpl.java:349)

at java.util.TimerThread.mainLoop(Timer.java:555)

at java.util.TimerThread.run(Timer.java:505)

Caused by: java.lang.NullPointerException

at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:127)

at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:118)

at org.apache.commons.ssl.TrustMaterial.<clinit>(TrustMaterial.java:108)

... 10 more


[1]
https://stackoverflow.com/questions/27792138/spring-saml-sample-application-returns-could-not-initialize-class-org-apache-com


Thanks,

Harika.

DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite,
a Persistent Systems business. It is intended only for the use of the individual or entity
to which it is addressed. If you are not the intended recipient, you are not authorized to
read, retain, copy, print, distribute or use this message. If you have received this communication
in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent
Systems business does not accept any liability for virus infected mails.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message