Harika,
Can you share what exactly are you doing, perhaps you can submit a PR and ask
for review?
I did not find any usage of a KeyStoreBuilder class in current master, nor
we've a not-yet-commons-ssl dependency in current codebase.
Regard.
________________________________
From: Harika Punna <harika.pu...@accelerite.com>
Sent: Tuesday, November 28, 2017 2:13:33 PM
To: dev@cloudstack.apache.org; Rohit Yadav
Subject: Re: Issue with Opensaml and Self-Signed Certificates
Hi Rohit,
Could you please help me on this?
-Harika.
On 27/11/17, 4:26 PM, "Harika Punna" <harika.pu...@accelerite.com> wrote:
Hi,
When I use Opensaml on 4.10 with the self-signed certificates I get the
following error, though the configuration for the opensaml and ssl is proper.
It works fine if I debug and supply the password of the keystore in
KeyStoreBuilder class, which is in not-yet-commons-ssl.jar.
Has anyone faced this issue, I tried with different versions of opensaml
but nothing worked. Found similar issue on SO at [1], but none of them helped.
java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
at sun.security.util.DerInputStream.getLength(DerInputStream.java:561)
at sun.security.util.DerValue.init(DerValue.java:365)
at sun.security.util.DerValue.<init>(DerValue.java:320)
at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1914)
at java.security.KeyStore.load(KeyStore.java:1445)
at org.apache.commons.ssl.KeyStoreBuilder.tryJKS(KeyStoreBuilder.java:450)
at org.apache.commons.ssl.KeyStoreBuilder.parse(KeyStoreBuilder.java:416)
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:207)
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:160)
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:165)
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:170)
at org.apache.commons.ssl.TrustMaterial.<clinit>(TrustMaterial.java:83)
at
org.opensaml.xml.security.x509.X509Util.decodeCertificate(X509Util.java:359)
at
org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificate(KeyInfoHelper.java:201)
at
org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(KeyInfoHelper.java:176)
at
org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(KeyInfoHelper.java:150)
at
org.apache.cloudstack.saml.SAML2AuthManagerImpl.addIdpToMap(SAML2AuthManagerImpl.java:293)
at
org.apache.cloudstack.saml.SAML2AuthManagerImpl.discoverAndAddIdp(SAML2AuthManagerImpl.java:323)
at
org.apache.cloudstack.saml.SAML2AuthManagerImpl.access$200(SAML2AuthManagerImpl.java:92)
at
org.apache.cloudstack.saml.SAML2AuthManagerImpl$MetadataRefreshTask.run(SAML2AuthManagerImpl.java:349)
at java.util.TimerThread.mainLoop(Timer.java:555)
at java.util.TimerThread.run(Timer.java:505)
java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
at sun.security.util.DerInputStream.getLength(DerInputStream.java:561)
at sun.security.util.DerValue.init(DerValue.java:365)
at sun.security.util.DerValue.<init>(DerValue.java:320)
at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1914)
at java.security.KeyStore.load(KeyStore.java:1445)
at org.apache.commons.ssl.KeyStoreBuilder.tryJKS(KeyStoreBuilder.java:450)
at org.apache.commons.ssl.KeyStoreBuilder.parse(KeyStoreBuilder.java:416)
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:207)
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:160)
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:165)
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:170)
at org.apache.commons.ssl.TrustMaterial.<clinit>(TrustMaterial.java:83)
at
org.opensaml.xml.security.x509.X509Util.decodeCertificate(X509Util.java:359)
at
org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificate(KeyInfoHelper.java:201)
at
org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(KeyInfoHelper.java:176)
at
org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(KeyInfoHelper.java:150)
at
org.apache.cloudstack.saml.SAML2AuthManagerImpl.addIdpToMap(SAML2AuthManagerImpl.java:293)
at
org.apache.cloudstack.saml.SAML2AuthManagerImpl.discoverAndAddIdp(SAML2AuthManagerImpl.java:323)
at
org.apache.cloudstack.saml.SAML2AuthManagerImpl.access$200(SAML2AuthManagerImpl.java:92)
at
org.apache.cloudstack.saml.SAML2AuthManagerImpl$MetadataRefreshTask.run(SAML2AuthManagerImpl.java:349)
at java.util.TimerThread.mainLoop(Timer.java:555)
at java.util.TimerThread.run(Timer.java:505)
java.security.KeyStoreException: failed to extract any certificates or
private keys - maybe bad password?
at org.apache.commons.ssl.KeyStoreBuilder.parse(KeyStoreBuilder.java:436)
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:207)
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:160)
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:165)
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:170)
at org.apache.commons.ssl.TrustMaterial.<clinit>(TrustMaterial.java:83)
at
org.opensaml.xml.security.x509.X509Util.decodeCertificate(X509Util.java:359)
at
org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificate(KeyInfoHelper.java:201)
at
org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(KeyInfoHelper.java:176)
at
org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(KeyInfoHelper.java:150)
at
org.apache.cloudstack.saml.SAML2AuthManagerImpl.addIdpToMap(SAML2AuthManagerImpl.java:293)
at
org.apache.cloudstack.saml.SAML2AuthManagerImpl.discoverAndAddIdp(SAML2AuthManagerImpl.java:323)
at
org.apache.cloudstack.saml.SAML2AuthManagerImpl.access$200(SAML2AuthManagerImpl.java:92)
at
org.apache.cloudstack.saml.SAML2AuthManagerImpl$MetadataRefreshTask.run(SAML2AuthManagerImpl.java:349)
at java.util.TimerThread.mainLoop(Timer.java:555)
at java.util.TimerThread.run(Timer.java:505)
Exception in thread "Timer-4" java.lang.ExceptionInInitializerError
at
org.opensaml.xml.security.x509.X509Util.decodeCertificate(X509Util.java:359)
at
org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificate(KeyInfoHelper.java:201)
at
org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(KeyInfoHelper.java:176)
at
org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(KeyInfoHelper.java:150)
at
org.apache.cloudstack.saml.SAML2AuthManagerImpl.addIdpToMap(SAML2AuthManagerImpl.java:293)
at
org.apache.cloudstack.saml.SAML2AuthManagerImpl.discoverAndAddIdp(SAML2AuthManagerImpl.java:323)
at
org.apache.cloudstack.saml.SAML2AuthManagerImpl.access$200(SAML2AuthManagerImpl.java:92)
at
org.apache.cloudstack.saml.SAML2AuthManagerImpl$MetadataRefreshTask.run(SAML2AuthManagerImpl.java:349)
at java.util.TimerThread.mainLoop(Timer.java:555)
at java.util.TimerThread.run(Timer.java:505)
Caused by: java.lang.NullPointerException
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:127)
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:118)
at org.apache.commons.ssl.TrustMaterial.<clinit>(TrustMaterial.java:108)
... 10 more
[1]
https://stackoverflow.com/questions/27792138/spring-saml-sample-application-returns-could-not-initialize-class-org-apache-com
Thanks,
Harika.
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is
the property of Accelerite, a Persistent Systems business. It is intended only
for the use of the individual or entity to which it is addressed. If you are
not the intended recipient, you are not authorized to read, retain, copy,
print, distribute or use this message. If you have received this communication
in error, please notify the sender and delete all copies of this message.
Accelerite, a Persistent Systems business does not accept any liability for
virus infected mails.
rohit.ya...@shapeblue.comĀ
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
