river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Firmstone <j...@zeus.net.au>
Subject Re: [jira] Updated: (RIVER-320) Prebuilt hello example certificates have expired - need to provide new ones
Date Mon, 28 Sep 2009 23:01:12 GMT
Sounds like a good proposal +1

Jonathan Costers (JIRA) wrote:
>      [ https://issues.apache.org/jira/browse/RIVER-320?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
>
> Jonathan Costers updated RIVER-320:
> -----------------------------------
>
>     Description: 
> When running the Hello example in SSL mode, errors are thrown about the used certificate
being expired:
>
> + java -Djava.security.manager= -Djava.security.policy=config/ssl-server.policy -Djava.security.auth.login.config=config/ssl-server.login
-Djava.security.properties=config/dynamic-policy.security-properties -Djavax.net.ssl.trustStore=prebuiltkeys/truststore
-Djava.protocol.handler.pkgs=net.jini.url -Djava.rmi.server.RMIClassLoaderSpi=com.sun.jini.example.hello.MdClassAnnotationProvider
-Dexport.codebase.source.app=lib -Dexport.codebase.app=httpmd://calisto:8080/server-dl.jar;sha=0
-Dexport.codebase.source.jsk=../../lib-dl -Dexport.codebase.jsk=httpmd://calisto:8080/jsk-dl.jar;sha=0
-jar lib/server.jar config/ssl-server.config
> Exception in thread "main" java.security.PrivilegedActionException: java.rmi.server.ExportException:
listen failed; nested exception is: 
> 	net.jini.io.UnsupportedConstraintException: Problem with certificates: CN=Server
> java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 14:22:36 CEST 2008
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
> 	at com.sun.jini.example.hello.Server.init(Unknown Source)
> 	at com.sun.jini.example.hello.Server.main(Unknown Source)
> Caused by: java.rmi.server.ExportException: listen failed; nested exception is: 
> 	net.jini.io.UnsupportedConstraintException: Problem with certificates: CN=Server
> java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 14:22:36 CEST 2008
> 	at com.sun.jini.jeri.internal.runtime.BasicExportTable.export(Unknown Source)
> 	at net.jini.jeri.BasicJeriExporter.export(Unknown Source)
> 	at com.sun.jini.example.hello.Server.initAsSubject(Unknown Source)
> 	at com.sun.jini.example.hello.Server$1.run(Unknown Source)
> 	... 4 more
> Caused by: net.jini.io.UnsupportedConstraintException: Problem with certificates: CN=Server
> java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 14:22:36 CEST 2008
> 	at net.jini.jeri.ssl.SslServerEndpointImpl$SslListenEndpoint.checkCredentials(Unknown
Source)
> 	at net.jini.jeri.ssl.SslServerEndpointImpl$SslListenEndpoint.listen(Unknown Source)
> 	at com.sun.jini.jeri.internal.runtime.BasicExportTable$Binding$2.run(Unknown Source)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at net.jini.security.Security$5.run(Unknown Source)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at net.jini.security.Security.doPrivileged(Unknown Source)
> 	at com.sun.jini.jeri.internal.runtime.BasicExportTable$Binding.<init>(Unknown
Source)
> 	at com.sun.jini.jeri.internal.runtime.BasicExportTable.getBinding(Unknown Source)
> 	at com.sun.jini.jeri.internal.runtime.BasicExportTable.access$000(Unknown Source)
> 	at com.sun.jini.jeri.internal.runtime.BasicExportTable$LC.addListenEndpoint(Unknown
Source)
> 	at net.jini.jeri.ssl.SslServerEndpointImpl.enumerateListenEndpoints(Unknown Source)
> 	at net.jini.jeri.ssl.SslServerEndpoint.enumerateListenEndpoints(Unknown Source)
> 	... 8 more
> Caused by: java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 14:22:36
CEST 2008
> 	at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:273)
> 	at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:587)
> 	at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:560)
> 	at net.jini.jeri.ssl.Utilities.checkValidity(Unknown Source)
> 	... 21 more
>
> The certificates in question are located in ./examples/hello/prebuiltkeys
>
> We need to supply new certificates.
>
> Code (macros) for generating certificates and keystores is already available in the qa/build.xml
file. 
> This could be used to generate new certificates.
>
> Proposal is to remove the expired prebuilt keys from version control and replace with
a generation mechanism.
>
>   was:
> When running the Hello example in SSL mode, errors are thrown about the used certificate
being expired:
>
> + java -Djava.security.manager= -Djava.security.policy=config/ssl-server.policy -Djava.security.auth.login.config=config/ssl-server.login
-Djava.security.properties=config/dynamic-policy.security-properties -Djavax.net.ssl.trustStore=prebuiltkeys/truststore
-Djava.protocol.handler.pkgs=net.jini.url -Djava.rmi.server.RMIClassLoaderSpi=com.sun.jini.example.hello.MdClassAnnotationProvider
-Dexport.codebase.source.app=lib -Dexport.codebase.app=httpmd://calisto:8080/server-dl.jar;sha=0
-Dexport.codebase.source.jsk=../../lib-dl -Dexport.codebase.jsk=httpmd://calisto:8080/jsk-dl.jar;sha=0
-jar lib/server.jar config/ssl-server.config
> Exception in thread "main" java.security.PrivilegedActionException: java.rmi.server.ExportException:
listen failed; nested exception is: 
> 	net.jini.io.UnsupportedConstraintException: Problem with certificates: CN=Server
> java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 14:22:36 CEST 2008
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
> 	at com.sun.jini.example.hello.Server.init(Unknown Source)
> 	at com.sun.jini.example.hello.Server.main(Unknown Source)
> Caused by: java.rmi.server.ExportException: listen failed; nested exception is: 
> 	net.jini.io.UnsupportedConstraintException: Problem with certificates: CN=Server
> java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 14:22:36 CEST 2008
> 	at com.sun.jini.jeri.internal.runtime.BasicExportTable.export(Unknown Source)
> 	at net.jini.jeri.BasicJeriExporter.export(Unknown Source)
> 	at com.sun.jini.example.hello.Server.initAsSubject(Unknown Source)
> 	at com.sun.jini.example.hello.Server$1.run(Unknown Source)
> 	... 4 more
> Caused by: net.jini.io.UnsupportedConstraintException: Problem with certificates: CN=Server
> java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 14:22:36 CEST 2008
> 	at net.jini.jeri.ssl.SslServerEndpointImpl$SslListenEndpoint.checkCredentials(Unknown
Source)
> 	at net.jini.jeri.ssl.SslServerEndpointImpl$SslListenEndpoint.listen(Unknown Source)
> 	at com.sun.jini.jeri.internal.runtime.BasicExportTable$Binding$2.run(Unknown Source)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at net.jini.security.Security$5.run(Unknown Source)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at net.jini.security.Security.doPrivileged(Unknown Source)
> 	at com.sun.jini.jeri.internal.runtime.BasicExportTable$Binding.<init>(Unknown
Source)
> 	at com.sun.jini.jeri.internal.runtime.BasicExportTable.getBinding(Unknown Source)
> 	at com.sun.jini.jeri.internal.runtime.BasicExportTable.access$000(Unknown Source)
> 	at com.sun.jini.jeri.internal.runtime.BasicExportTable$LC.addListenEndpoint(Unknown
Source)
> 	at net.jini.jeri.ssl.SslServerEndpointImpl.enumerateListenEndpoints(Unknown Source)
> 	at net.jini.jeri.ssl.SslServerEndpoint.enumerateListenEndpoints(Unknown Source)
> 	... 8 more
> Caused by: java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 14:22:36
CEST 2008
> 	at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:273)
> 	at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:587)
> 	at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:560)
> 	at net.jini.jeri.ssl.Utilities.checkValidity(Unknown Source)
> 	... 21 more
>
> The certificates in question are located in ./examples/hello/prebuiltkeys
>
> We need to supply new certificates.
>
> Code (macros) for generating certificates and keystores is already available in the qa/build.xml
file. This could be used to generate new certificates, which are then put in version control,
updating the original expired ones.
>
>
>   
>> Prebuilt hello example certificates have expired - need to provide new ones 
>> ----------------------------------------------------------------------------
>>
>>                 Key: RIVER-320
>>                 URL: https://issues.apache.org/jira/browse/RIVER-320
>>             Project: River
>>          Issue Type: Bug
>>          Components: com_sun_jini_example
>>    Affects Versions: AR1
>>            Reporter: Jonathan Costers
>>
>> When running the Hello example in SSL mode, errors are thrown about the used certificate
being expired:
>> + java -Djava.security.manager= -Djava.security.policy=config/ssl-server.policy -Djava.security.auth.login.config=config/ssl-server.login
-Djava.security.properties=config/dynamic-policy.security-properties -Djavax.net.ssl.trustStore=prebuiltkeys/truststore
-Djava.protocol.handler.pkgs=net.jini.url -Djava.rmi.server.RMIClassLoaderSpi=com.sun.jini.example.hello.MdClassAnnotationProvider
-Dexport.codebase.source.app=lib -Dexport.codebase.app=httpmd://calisto:8080/server-dl.jar;sha=0
-Dexport.codebase.source.jsk=../../lib-dl -Dexport.codebase.jsk=httpmd://calisto:8080/jsk-dl.jar;sha=0
-jar lib/server.jar config/ssl-server.config
>> Exception in thread "main" java.security.PrivilegedActionException: java.rmi.server.ExportException:
listen failed; nested exception is: 
>> 	net.jini.io.UnsupportedConstraintException: Problem with certificates: CN=Server
>> java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 14:22:36 CEST
2008
>> 	at java.security.AccessController.doPrivileged(Native Method)
>> 	at javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
>> 	at com.sun.jini.example.hello.Server.init(Unknown Source)
>> 	at com.sun.jini.example.hello.Server.main(Unknown Source)
>> Caused by: java.rmi.server.ExportException: listen failed; nested exception is: 
>> 	net.jini.io.UnsupportedConstraintException: Problem with certificates: CN=Server
>> java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 14:22:36 CEST
2008
>> 	at com.sun.jini.jeri.internal.runtime.BasicExportTable.export(Unknown Source)
>> 	at net.jini.jeri.BasicJeriExporter.export(Unknown Source)
>> 	at com.sun.jini.example.hello.Server.initAsSubject(Unknown Source)
>> 	at com.sun.jini.example.hello.Server$1.run(Unknown Source)
>> 	... 4 more
>> Caused by: net.jini.io.UnsupportedConstraintException: Problem with certificates:
CN=Server
>> java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 14:22:36 CEST
2008
>> 	at net.jini.jeri.ssl.SslServerEndpointImpl$SslListenEndpoint.checkCredentials(Unknown
Source)
>> 	at net.jini.jeri.ssl.SslServerEndpointImpl$SslListenEndpoint.listen(Unknown Source)
>> 	at com.sun.jini.jeri.internal.runtime.BasicExportTable$Binding$2.run(Unknown Source)
>> 	at java.security.AccessController.doPrivileged(Native Method)
>> 	at net.jini.security.Security$5.run(Unknown Source)
>> 	at java.security.AccessController.doPrivileged(Native Method)
>> 	at net.jini.security.Security.doPrivileged(Unknown Source)
>> 	at com.sun.jini.jeri.internal.runtime.BasicExportTable$Binding.<init>(Unknown
Source)
>> 	at com.sun.jini.jeri.internal.runtime.BasicExportTable.getBinding(Unknown Source)
>> 	at com.sun.jini.jeri.internal.runtime.BasicExportTable.access$000(Unknown Source)
>> 	at com.sun.jini.jeri.internal.runtime.BasicExportTable$LC.addListenEndpoint(Unknown
Source)
>> 	at net.jini.jeri.ssl.SslServerEndpointImpl.enumerateListenEndpoints(Unknown Source)
>> 	at net.jini.jeri.ssl.SslServerEndpoint.enumerateListenEndpoints(Unknown Source)
>> 	... 8 more
>> Caused by: java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 14:22:36
CEST 2008
>> 	at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:273)
>> 	at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:587)
>> 	at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:560)
>> 	at net.jini.jeri.ssl.Utilities.checkValidity(Unknown Source)
>> 	... 21 more
>> The certificates in question are located in ./examples/hello/prebuiltkeys
>> We need to supply new certificates.
>> Code (macros) for generating certificates and keystores is already available in the
qa/build.xml file. 
>> This could be used to generate new certificates.
>> Proposal is to remove the expired prebuilt keys from version control and replace
with a generation mechanism.
>>     
>
>   


Mime
View raw message