So I've moved from Debian Lenny to Debian Squeeze and now I'm having a heck
of a time getting my certificates to work properly. I've been using Sun Java
6, as my luck with openjdk hasn't been really good..
Lenny's Java:
java version "1.6.0_22"
Java(TM) SE Runtime Environment (build 1.6.0_22-b04)
Java HotSpot(TM) 64-Bit Server VM (build 17.1-b03, mixed mode)
Squeeze's Java..
java version "1.6.0_24"
Java(TM) SE Runtime Environment (build 1.6.0_24-b07)
Java HotSpot(TM) 64-Bit Server VM (build 19.1-b02, mixed mode)
I'm using my same configuration as before..
certificate_files =
${wave_server_domain}.crt,sub.class1.server.ca.pem,ca.pem
However, the exception Java is throwing is..
Exception in thread "main" com.google.inject.ProvisionException: Guice
provision errors:
1) could not make wave signer
while locating
org.waveprotocol.box.server.waveserver.SigningSignatureHandler$SigningSignatureHandlerProvider
while locating org.waveprotocol.box.server.waveserver.SignatureHandler
for parameter 1 at
org.waveprotocol.box.server.waveserver.CertificateManagerImpl.<init>(CertificateManagerImpl.java:82)
while locating
org.waveprotocol.box.server.waveserver.CertificateManagerImpl
at
org.waveprotocol.box.server.waveserver.WaveServerModule.configure(WaveServerModule.java:98)
while locating org.waveprotocol.box.server.waveserver.CertificateManager
for parameter 0 at
org.waveprotocol.box.server.waveserver.WaveletNotificationDispatcher.<init>(WaveletNotificationDispatcher.java:104)
at
org.waveprotocol.box.server.waveserver.WaveServerModule.configure(WaveServerModule.java:94)
while locating
org.waveprotocol.box.server.waveserver.WaveletNotificationDispatcher
while locating org.waveprotocol.box.server.waveserver.WaveBus
Caused by: org.waveprotocol.wave.crypto.SignatureException: could not parse
certificate chain
at
org.waveprotocol.wave.crypto.SignerInfo.calculateSignerId(SignerInfo.java:174)
at org.waveprotocol.wave.crypto.SignerInfo.<init>(SignerInfo.java:83)
at
org.waveprotocol.wave.crypto.WaveSignerFactory.getSigner(WaveSignerFactory.java:76)
at
org.waveprotocol.box.server.waveserver.SigningSignatureHandler$SigningSignatureHandlerProvider.get(SigningSignatureHandler.java:94)
at
org.waveprotocol.box.server.waveserver.SigningSignatureHandler$SigningSignatureHandlerProvider.get(SigningSignatureHandler.java:48)
at
com.google.inject.internal.BoundProviderFactory.get(BoundProviderFactory.java:56)
at
com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)
at
com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)
at
com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:83)
at
com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:200)
at com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:53)
at
com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:43)
at
com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:878)
at
com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
at com.google.inject.Scopes$1$1.get(Scopes.java:64)
at
com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40)
at
com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)
at
com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)
at
com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:83)
at
com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:200)
at
com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:43)
at
com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:878)
at
com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
at com.google.inject.Scopes$1$1.get(Scopes.java:64)
at
com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40)
at com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:53)
at com.google.inject.internal.InjectorImpl$4$1.call(InjectorImpl.java:825)
at
com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:871)
at com.google.inject.internal.InjectorImpl$4.get(InjectorImpl.java:821)
at
com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java:860)
at org.waveprotocol.box.server.ServerMain.run(ServerMain.java:113)
at org.waveprotocol.box.server.ServerMain.main(ServerMain.java:82)
Caused by: java.security.cert.CertificateEncodingException: Duplicate
Certificate
at
sun.security.provider.certpath.X509CertPath.encodePKIPATH(X509CertPath.java:272)
at
sun.security.provider.certpath.X509CertPath.getEncoded(X509CertPath.java:326)
at
org.waveprotocol.wave.crypto.SignerInfo.calculateSignerId(SignerInfo.java:168)
... 31 more
2) could not make wave signer
while locating
org.waveprotocol.box.server.waveserver.SigningSignatureHandler$SigningSignatureHandlerProvider
while locating org.waveprotocol.box.server.waveserver.SignatureHandler
for parameter 1 at
org.waveprotocol.box.server.waveserver.CertificateManagerImpl.<init>(CertificateManagerImpl.java:82)
while locating
org.waveprotocol.box.server.waveserver.CertificateManagerImpl
at
org.waveprotocol.box.server.waveserver.WaveServerModule.configure(WaveServerModule.java:98)
while locating org.waveprotocol.box.server.waveserver.CertificateManager
for parameter 1 at
org.waveprotocol.box.server.waveserver.WaveServerImpl.<init>(WaveServerImpl.java:374)
at
org.waveprotocol.box.server.waveserver.WaveServerImpl.class(WaveServerImpl.java:69)
while locating org.waveprotocol.box.server.waveserver.WaveServerImpl
while locating org.waveprotocol.wave.federation.WaveletFederationProvider
annotated with @org.waveprotocol.wave.federation.FederationHostBridge()
for parameter 0 at
org.waveprotocol.wave.federation.xmpp.XmppFederationHost.<init>(XmppFederationHost.java:84)
at
org.waveprotocol.wave.federation.xmpp.XmppFederationModule.configure(XmppFederationModule.java:49)
while locating org.waveprotocol.wave.federation.xmpp.XmppFederationHost
at
org.waveprotocol.wave.federation.xmpp.XmppFederationModule.configure(XmppFederationModule.java:44)
while locating
org.waveprotocol.wave.federation.WaveletFederationListener$Factory annotated
with @org.waveprotocol.wave.federation.FederationHostBridge()
for parameter 1 at
org.waveprotocol.box.server.waveserver.WaveletNotificationDispatcher.<init>(WaveletNotificationDispatcher.java:104)
at
org.waveprotocol.box.server.waveserver.WaveServerModule.configure(WaveServerModule.java:94)
while locating
org.waveprotocol.box.server.waveserver.WaveletNotificationDispatcher
while locating org.waveprotocol.box.server.waveserver.WaveBus
Caused by: org.waveprotocol.wave.crypto.SignatureException: could not parse
certificate chain
at
org.waveprotocol.wave.crypto.SignerInfo.calculateSignerId(SignerInfo.java:174)
at org.waveprotocol.wave.crypto.SignerInfo.<init>(SignerInfo.java:83)
at
org.waveprotocol.wave.crypto.WaveSignerFactory.getSigner(WaveSignerFactory.java:76)
at
org.waveprotocol.box.server.waveserver.SigningSignatureHandler$SigningSignatureHandlerProvider.get(SigningSignatureHandler.java:94)
at
org.waveprotocol.box.server.waveserver.SigningSignatureHandler$SigningSignatureHandlerProvider.get(SigningSignatureHandler.java:48)
at
com.google.inject.internal.BoundProviderFactory.get(BoundProviderFactory.java:56)
at
com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)
at
com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)
at
com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:83)
at
com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:200)
at com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:53)
at
com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:43)
at
com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:878)
at
com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
at com.google.inject.Scopes$1$1.get(Scopes.java:64)
at
com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40)
at
com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)
at
com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)
at
com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:83)
at
com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:200)
at
com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:43)
at
com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:878)
at
com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
at com.google.inject.Scopes$1$1.get(Scopes.java:64)
at
com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40)
at com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:53)
at
com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)
at
com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)
at
com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:83)
at
com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:200)
at
com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:43)
at
com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:878)
at
com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
at com.google.inject.Scopes$1$1.get(Scopes.java:64)
at
com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40)
at com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:53)
at
com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:43)
at
com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:878)
at
com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
at com.google.inject.Scopes$1$1.get(Scopes.java:64)
at
com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40)
at
com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)
at
com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)
at
com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:83)
at
com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:200)
at
com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:43)
at
com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:878)
at
com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
at com.google.inject.Scopes$1$1.get(Scopes.java:64)
at
com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40)
at com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:53)
at com.google.inject.internal.InjectorImpl$4$1.call(InjectorImpl.java:825)
at
com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:871)
at com.google.inject.internal.InjectorImpl$4.get(InjectorImpl.java:821)
at
com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java:860)
at org.waveprotocol.box.server.ServerMain.run(ServerMain.java:113)
at org.waveprotocol.box.server.ServerMain.main(ServerMain.java:82)
Caused by: java.security.cert.CertificateEncodingException: Duplicate
Certificate
at
sun.security.provider.certpath.X509CertPath.encodePKIPATH(X509CertPath.java:272)
at
sun.security.provider.certpath.X509CertPath.getEncoded(X509CertPath.java:326)
at
org.waveprotocol.wave.crypto.SignerInfo.calculateSignerId(SignerInfo.java:168)
... 56 more
2 errors
at com.google.inject.internal.InjectorImpl$4.get(InjectorImpl.java:834)
at
com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java:860)
at org.waveprotocol.box.server.ServerMain.run(ServerMain.java:113)
at org.waveprotocol.box.server.ServerMain.main(ServerMain.java:82)
And if I remove the ca.pem file from my configuration, instead of the
Duplicate Certificate exception I get this one:
Apr 3, 2011 10:22:48 PM
org.waveprotocol.box.server.waveserver.WaveServerImpl <init>
SEVERE: Failed to add our own signer info to the certificate store
org.waveprotocol.wave.crypto.SignatureException: Certificate validation
failure
at
org.waveprotocol.wave.crypto.CachedCertPathValidator.validateNoCache(CachedCertPathValidator.java:103)
at
org.waveprotocol.wave.crypto.CachedCertPathValidator.validate(CachedCertPathValidator.java:65)
at
org.waveprotocol.wave.crypto.WaveSignatureVerifier.verifySignerInfo(WaveSignatureVerifier.java:129)
at
org.waveprotocol.box.server.waveserver.CertificateManagerImpl.storeSignerInfo(CertificateManagerImpl.java:199)
at
org.waveprotocol.box.server.waveserver.WaveServerImpl.<init>(WaveServerImpl.java:387)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at
com.google.inject.internal.DefaultConstructionProxyFactory$2.newInstance(DefaultConstructionProxyFactory.java:84)
at
com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:84)
at
com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:200)
at
com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:43)
at
com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:878)
at
com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
at com.google.inject.Scopes$1$1.get(Scopes.java:64)
at
com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40)
at com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:53)
at
com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)
at
com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)
at
com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:83)
at
com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:200)
at
com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:43)
at
com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:878)
at
com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
at com.google.inject.Scopes$1$1.get(Scopes.java:64)
at
com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40)
at com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:53)
at
com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:43)
at
com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:878)
at
com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
at com.google.inject.Scopes$1$1.get(Scopes.java:64)
at
com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40)
at
com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)
at
com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)
at
com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:83)
at
com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:200)
at
com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:43)
at
com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:878)
at
com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
at com.google.inject.Scopes$1$1.get(Scopes.java:64)
at
com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40)
at com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:53)
at com.google.inject.internal.InjectorImpl$4$1.call(InjectorImpl.java:825)
at
com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:871)
at com.google.inject.internal.InjectorImpl$4.get(InjectorImpl.java:821)
at
com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java:860)
at org.waveprotocol.box.server.ServerMain.run(ServerMain.java:113)
at org.waveprotocol.box.server.ServerMain.main(ServerMain.java:82)
Caused by: java.security.cert.CertPathValidatorException: subject/issuer
name chaining check failed
at
sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:139)
at
sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:328)
at
sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:178)
at
java.security.cert.CertPathValidator.validate(CertPathValidator.java:250)
at
org.waveprotocol.wave.crypto.CachedCertPathValidator.validateNoCache(CachedCertPathValidator.java:101)
... 48 more
Apr 3, 2011 10:22:48 PM com.google.gson.ParameterizedTypeHandlerMap register
I've been looking around and am pretty much out of ideas. If I switch to
openJDK I get similar errors. These same certificates worked fine without
problems on Lenny.
with the configuration
${wave_server_domain}.crt,sub.class1.server.ca.pem,ca.pem..
Anybody have any ideas? From searching the web, the duplicate exception
indicates that my Java environment already trusts StartSSL's Root CA, but if
I leave out the ca.pem it doesn't validate.
--
--Matt
