[ https://issues.apache.org/jira/browse/QPID-7160?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15224033#comment-15224033 ]
ASF subversion and git services commented on QPID-7160: ------------------------------------------------------- Commit 1737678 from oru...@apache.org in branch 'java/trunk' [ https://svn.apache.org/r1737678 ] QPID-7160: Fix typos in exception messages > No X509TrustManager implementation available when using truststore captured > by SiteSpecificTrustStore > ----------------------------------------------------------------------------------------------------- > > Key: QPID-7160 > URL: https://issues.apache.org/jira/browse/QPID-7160 > Project: Qpid > Issue Type: Bug > Components: Java Broker > Affects Versions: qpid-java-6.0, qpid-java-6.0.1 > Reporter: Keith Wall > Assignee: Alex Rudyy > Fix For: qpid-java-6.1 > > > I am testing the Java Broker with ApacheDS as an authentication provider. I > find secure connections to the Directory secured with a self signed > certificate fail if the truststore was captured using > {{SiteSpecificTrustStore}}. If I upload the truststore as a PEM, the > exception does not occur. > Keystore for ApacheDS was generated like so: > {{keytool -genkey -keyalg RSA -alias selfsigned -keystore apacheds.jks > -storepass password -validity 360 -keysize 2048}} > Truststore captured by pointing SiteSpecificTrustStore at > https://localhost:10636 > Alternative approach (that works), export the PEM from the ApacheDS UI, then > import into Java Broker as NonJavaTrustStore. > {noformat} > 2016-03-23 22:49:14,464 WARN [HttpManagement-myhttps-150] > (o.a.q.s.s.a.m.SimpleLDAPAuthenticationManagerImpl) - SASL Authentication > Exception > javax.naming.CommunicationException: simple bind failed: Oslo.local:10636 > at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219) > ~[na:1.8.0_45] > at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2788) ~[na:1.8.0_45] > at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) ~[na:1.8.0_45] > at > com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) > ~[na:1.8.0_45] > at > com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) > ~[na:1.8.0_45] > at > com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) > ~[na:1.8.0_45] > at > com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) > ~[na:1.8.0_45] > at > javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) > ~[na:1.8.0_45] > at > javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) > ~[na:1.8.0_45] > at javax.naming.InitialContext.init(InitialContext.java:244) > ~[na:1.8.0_45] > at javax.naming.InitialContext.<init>(InitialContext.java:216) > ~[na:1.8.0_45] > at > javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101) > ~[na:1.8.0_45] > at > org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl.createInitialDirContext(SimpleLDAPAuthenticationManagerImpl.java:344) > ~[classes/:na] > at > org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl.getNameFromId(SimpleLDAPAuthenticationManagerImpl.java:491) > ~[classes/:na] > at > org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl.access$100(SimpleLDAPAuthenticationManagerImpl.java:72) > ~[classes/:na] > at > org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl$SimpleLDAPPlainCallbackHandler.handle(SimpleLDAPAuthenticationManagerImpl.java:448) > ~[classes/:na] > at > org.apache.qpid.server.security.auth.sasl.plain.PlainSaslServer.evaluateResponse(PlainSaslServer.java:83) > [classes/:na] > at > org.apache.qpid.server.management.plugin.servlet.rest.SaslServlet.evaluateSaslResponse(SaslServlet.java:217) > [classes/:na] > at > org.apache.qpid.server.management.plugin.servlet.rest.SaslServlet.doPostWithSubjectAndActor(SaslServlet.java:135) > [classes/:na] > at > org.apache.qpid.server.management.plugin.servlet.rest.AbstractServlet$2.run(AbstractServlet.java:118) > [classes/:na] > at > org.apache.qpid.server.management.plugin.servlet.rest.AbstractServlet$2.run(AbstractServlet.java:114) > [classes/:na] > at java.security.AccessController.doPrivileged(Native Method) > [na:1.8.0_45] > at javax.security.auth.Subject.doAs(Subject.java:422) [na:1.8.0_45] > at > org.apache.qpid.server.management.plugin.servlet.rest.AbstractServlet.doWithSubjectAndActor(AbstractServlet.java:215) > [classes/:na] > at > org.apache.qpid.server.management.plugin.servlet.rest.AbstractServlet.doPost(AbstractServlet.java:112) > [classes/:na] > at javax.servlet.http.HttpServlet.service(HttpServlet.java:595) > [geronimo-servlet_3.0_spec-1.0.jar:1.0] > at javax.servlet.http.HttpServlet.service(HttpServlet.java:668) > [geronimo-servlet_3.0_spec-1.0.jar:1.0] > at > org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:684) > [jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415] > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1496) > [jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415] > at > org.apache.qpid.server.management.plugin.filter.ForbiddingAuthorisationFilter.doFilter(ForbiddingAuthorisationFilter.java:90) > [classes/:na] > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467) > [jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415] > at > org.apache.qpid.server.management.plugin.filter.ForbiddingTraceFilter.doFilter(ForbiddingTraceFilter.java:65) > [classes/:na] > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467) > [jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415] > at > org.apache.qpid.server.management.plugin.filter.LoggingFilter.doFilter(LoggingFilter.java:70) > [classes/:na] > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467) > [jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415] > at > org.apache.qpid.server.management.plugin.filter.ExceptionHandlingFilter.doFilter(ExceptionHandlingFilter.java:56) > [classes/:na] > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467) > [jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415] > at > org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:501) > [jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415] > at > org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:229) > [jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415] > at > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086) > [jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415] > at > org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:429) > [jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415] > at > org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193) > [jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415] > at > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020) > [jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415] > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135) > [jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415] > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) > [jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415] > at org.eclipse.jetty.server.Server.handle(Server.java:370) > [jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415] > at > org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494) > [jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415] > at > org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:982) > [jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415] > at > org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1043) > [jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415] > at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865) > [jetty-http-8.1.17.v20150415.jar:8.1.17.v20150415] > at > org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240) > [jetty-http-8.1.17.v20150415.jar:8.1.17.v20150415] > at > org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) > [jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415] > at > org.eclipse.jetty.io.nio.SslConnection.handle(SslConnection.java:196) > [jetty-io-8.1.17.v20150415.jar:8.1.17.v20150415] > at > org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:696) > [jetty-io-8.1.17.v20150415.jar:8.1.17.v20150415] > at > org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:53) > [jetty-io-8.1.17.v20150415.jar:8.1.17.v20150415] > at > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608) > [jetty-util-8.1.17.v20150415.jar:8.1.17.v20150415] > at > org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543) > [jetty-util-8.1.17.v20150415.jar:8.1.17.v20150415] > at java.lang.Thread.run(Thread.java:745) [na:1.8.0_45] > Caused by: javax.net.ssl.SSLHandshakeException: > java.security.cert.CertificateException: No X509TrustManager implementation > available > at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) > ~[na:1.8.0_45] > at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937) > ~[na:1.8.0_45] > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) > ~[na:1.8.0_45] > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) > ~[na:1.8.0_45] > at > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1478) > ~[na:1.8.0_45] > at > sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212) > ~[na:1.8.0_45] > at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) > ~[na:1.8.0_45] > at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) > ~[na:1.8.0_45] > at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050) > ~[na:1.8.0_45] > at > sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363) > ~[na:1.8.0_45] > at > sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:916) > ~[na:1.8.0_45] > at sun.security.ssl.AppInputStream.read(AppInputStream.java:105) > ~[na:1.8.0_45] > at java.io.BufferedInputStream.fill(BufferedInputStream.java:246) > ~[na:1.8.0_45] > at java.io.BufferedInputStream.read1(BufferedInputStream.java:286) > ~[na:1.8.0_45] > at java.io.BufferedInputStream.read(BufferedInputStream.java:345) > ~[na:1.8.0_45] > at com.sun.jndi.ldap.Connection.run(Connection.java:851) ~[na:1.8.0_45] > ... 1 common frames omitted > Caused by: java.security.cert.CertificateException: No X509TrustManager > implementation available > at > sun.security.ssl.DummyX509TrustManager.checkServerTrusted(SSLContextImpl.java:1119) > ~[na:1.8.0_45] > at > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1460) > ~[na:1.8.0_45] > ... 12 common frames omitted > {noformat} > config.json snippet: > {noformat} > "authenticationproviders" : [ { > "id" : "fba490fc-3329-4a2d-90db-4add4e050ba3", > "name" : "myldap", > "type" : "SimpleLDAP", > "bindWithoutSearch" : false, > "providerAuthUrl" : "ldaps://Oslo.local:10636", > "providerUrl" : "ldaps://Oslo.local:10636", > "searchContext" : "ou=people,o=sevenSeas", > "searchFilter" : "(uid={0})", > "searchPassword" : "secret", > "searchUsername" : "uid=admin,ou=system ", > "trustStore" : "apacheds_sniff", > "lastUpdatedBy" : "admin", > "lastUpdatedTime" : 1458773319290, > "createdBy" : null, > "createdTime" : 0 > } > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org