4:45 a.m.
Bad Padding Exception with Unified Invoker and SSL
--------------------------------------------------
Key: JBREM-878
URL: http://jira.jboss.com/jira/browse/JBREM-878
Project: JBoss Remoting
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: unifiedinvoker
Affects Versions: UnifiedInvoker 1.0.1
Reporter: Andrew Oliver
After following: http://wiki.jboss.org/wiki/Wiki.jsp?page=SSLEJB2.1
05:25:05,241 WARN [ServiceController] Problem starting service
jboss.remoting:service=ServerSocketFactory,type=SSL
java.io.IOException: Error initializing server socket factory SSL context: failed to
decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not
properly padded
at
com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1275)
at java.security.KeyStore.load(KeyStore.java:1150)
at
org.jboss.remoting.security.SSLSocketBuilder.loadKeyStore(SSLSocketBuilder.java:1548)
at
org.jboss.remoting.security.SSLSocketBuilder.loadKeyManagers(SSLSocketBuilder.java:1442)
at
org.jboss.remoting.security.SSLSocketBuilder.initializeServerSocketFactorySSLContext(SSLSocketBuilder.java:1250)
at
org.jboss.remoting.security.SSLSocketBuilder.createCustomServerSocketFactory(SSLSocketBuilder.java:366)
at
org.jboss.remoting.security.SSLSocketBuilder.createSSLServerSocketFactory(SSLSocketBuilder.java:346)
at
org.jboss.remoting.security.SSLSocketBuilder.createSSLServerSocketFactory(SSLSocketBuilder.java:325)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at
org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
at $Proxy9.createSSLServerSocketFactory(Unknown Source)
at
org.jboss.remoting.security.SSLServerSocketFactoryService.start(SSLServerSocketFactoryService.java:61)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at
org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
at
org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:995)
at $Proxy0.start(Unknown Source)
at org.jboss.system.ServiceController.start(ServiceController.java:417)
at org.jboss.system.ServiceController.start(ServiceController.java:435)
at sun.reflect.GeneratedMethodAccessor5.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at
org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
at $Proxy4.start(Unknown Source)
at org.jboss.deployment.SARDeployer.start(SARDeployer.java:302)
at org.jboss.deployment.MainDeployer.start(MainDeployer.java:1025)
at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:819)
at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:782)
at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:766)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at
org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
at
org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
at
org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
at $Proxy5.deploy(Unknown Source)
at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:482)
at org.jboss.system.server.ServerImpl.start(ServerImpl.java:362)
at org.jboss.Main.boot(Main.java:200)
at org.jboss.Main$1.run(Main.java:508)
at java.lang.Thread.run(Thread.java:595)
<!-- This section is for custom (SSL) server socket factory -->
<mbean code="org.jboss.remoting.security.SSLSocketBuilder"
name="jboss.remoting:service=SocketBuilder,type=SSL"
display-name="SSL Server Socket Factory Builder">
<attribute name="UseSSLServerSocketFactory">false</attribute>
<attribute name="KeyStoreURL">ourcorp.keystore</attribute>
<attribute name="KeyStorePassword">sslsocket</attribute>
<attribute name="KeyPassword">ourcorp999</attribute>
<attribute name="SecureSocketProtocol">TLS</attribute>
<!-- attribute name="KeyManagementAlgorithm">SunX509</attribute
-->
<attribute name="KeyStoreType">PKCS12</attribute>
</mbean>
<mbean code="org.jboss.remoting.security.SSLServerSocketFactoryService"
name="jboss.remoting:service=ServerSocketFactory,type=SSL"
display-name="SSL Server Socket Factory">
<depends optional-attribute-name="SSLSocketBuilder"
proxy-type="attribute">jboss.remoting:service=SocketBuilder,type=SSL</depends>
</mbean>
<mbean code="org.jboss.remoting.transport.Connector"
name="jboss.remoting:service=Connector,transport=sslsocket">
display-name="SSL Socket transport Connector">
<attribute name="Configuration">
<config>
<invoker transport="sslsocket">
<attribute
name="serverSocketFactory">jboss.remoting:service=ServerSocketFactory,type=SSL</attribute>
<attribute
name="serverBindAddress">${jboss.bind.address}</attribute>
<attribute name="serverBindPort">3843</attribute>
</invoker>
<handlers>
<handler
subsystem="invoker">jboss:service=invoker,type=unified</handler>
</handlers>
</config>
</attribute>
<!--If you specify the keystore and password in the command line and you're
not using the custom ServerSocketFactory, you should take out the following line-->
<depends>jboss.remoting:service=ServerSocketFactory,type=SSL</depends>
<depends>jboss.remoting:service=NetworkRegistry</depends>
</mbean>
(ourcorp was a find and replace)
Note that the KeyManagementAlgoyrythm attribute doesn't exist and was commented out.
This very same keystore works with the JRPM/SSL/SecurityDomain setup with JBoss 4.0.2 etc
without error. Multiple different ways were used to reference the keystore file, a bad
filename results in a different error.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
5:11 a.m.
New subject: [JBoss JIRA] Resolved: (JBREM-878) Bad Padding Exception with Unified Invoker and SSL
[ http://jira.jboss.com/jira/browse/JBREM-878?page=all ]
Andrew Oliver resolved JBREM-878.
---------------------------------
Resolution: Rejected
Assignee: Andrew Oliver
nevermind figured it out, was the KeyPassword vs KeyStorePassword. . . Just switched to
specifying correct KeyStorePassword only and not having KeyPassword and the error went
away.
Bad Padding Exception with Unified Invoker and SSL
--------------------------------------------------
Key: JBREM-878
URL: http://jira.jboss.com/jira/browse/JBREM-878
Project: JBoss Remoting
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: unifiedinvoker
Affects Versions: UnifiedInvoker 1.0.1
Reporter: Andrew Oliver
Assigned To: Andrew Oliver
After following: http://wiki.jboss.org/wiki/Wiki.jsp?page=SSLEJB2.1
05:25:05,241 WARN [ServiceController] Problem starting service
jboss.remoting:service=ServerSocketFactory,type=SSL
java.io.IOException: Error initializing server socket factory SSL context: failed to
decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not
properly padded
at
com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1275)
at java.security.KeyStore.load(KeyStore.java:1150)
at
org.jboss.remoting.security.SSLSocketBuilder.loadKeyStore(SSLSocketBuilder.java:1548)
at
org.jboss.remoting.security.SSLSocketBuilder.loadKeyManagers(SSLSocketBuilder.java:1442)
at
org.jboss.remoting.security.SSLSocketBuilder.initializeServerSocketFactorySSLContext(SSLSocketBuilder.java:1250)
at
org.jboss.remoting.security.SSLSocketBuilder.createCustomServerSocketFactory(SSLSocketBuilder.java:366)
at
org.jboss.remoting.security.SSLSocketBuilder.createSSLServerSocketFactory(SSLSocketBuilder.java:346)
at
org.jboss.remoting.security.SSLSocketBuilder.createSSLServerSocketFactory(SSLSocketBuilder.java:325)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at
org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
at
org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
at $Proxy9.createSSLServerSocketFactory(Unknown Source)
at
org.jboss.remoting.security.SSLServerSocketFactoryService.start(SSLServerSocketFactoryService.java:61)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at
org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
at
org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
at
org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:995)
at $Proxy0.start(Unknown Source)
at org.jboss.system.ServiceController.start(ServiceController.java:417)
at org.jboss.system.ServiceController.start(ServiceController.java:435)
at sun.reflect.GeneratedMethodAccessor5.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at
org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
at
org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
at $Proxy4.start(Unknown Source)
at org.jboss.deployment.SARDeployer.start(SARDeployer.java:302)
at org.jboss.deployment.MainDeployer.start(MainDeployer.java:1025)
at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:819)
at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:782)
at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:766)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at
org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
at
org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
at
org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
at
org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
at $Proxy5.deploy(Unknown Source)
at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:482)
at org.jboss.system.server.ServerImpl.start(ServerImpl.java:362)
at org.jboss.Main.boot(Main.java:200)
at org.jboss.Main$1.run(Main.java:508)
at java.lang.Thread.run(Thread.java:595)
<!-- This section is for custom (SSL) server socket factory -->
<mbean code="org.jboss.remoting.security.SSLSocketBuilder"
name="jboss.remoting:service=SocketBuilder,type=SSL"
display-name="SSL Server Socket Factory Builder">
<attribute
name="UseSSLServerSocketFactory">false</attribute>
<attribute name="KeyStoreURL">ourcorp.keystore</attribute>
<attribute name="KeyStorePassword">sslsocket</attribute>
<attribute name="KeyPassword">ourcorp999</attribute>
<attribute name="SecureSocketProtocol">TLS</attribute>
<!-- attribute name="KeyManagementAlgorithm">SunX509</attribute
-->
<attribute name="KeyStoreType">PKCS12</attribute>
</mbean>
<mbean code="org.jboss.remoting.security.SSLServerSocketFactoryService"
name="jboss.remoting:service=ServerSocketFactory,type=SSL"
display-name="SSL Server Socket Factory">
<depends optional-attribute-name="SSLSocketBuilder"
proxy-type="attribute">jboss.remoting:service=SocketBuilder,type=SSL</depends>
</mbean>
<mbean code="org.jboss.remoting.transport.Connector"
name="jboss.remoting:service=Connector,transport=sslsocket">
display-name="SSL Socket transport Connector">
<attribute name="Configuration">
<config>
<invoker transport="sslsocket">
<attribute
name="serverSocketFactory">jboss.remoting:service=ServerSocketFactory,type=SSL</attribute>
<attribute
name="serverBindAddress">${jboss.bind.address}</attribute>
<attribute name="serverBindPort">3843</attribute>
</invoker>
<handlers>
<handler
subsystem="invoker">jboss:service=invoker,type=unified</handler>
</handlers>
</config>
</attribute>
<!--If you specify the keystore and password in the command line and you're
not using the custom ServerSocketFactory, you should take out the following line-->
<depends>jboss.remoting:service=ServerSocketFactory,type=SSL</depends>
<depends>jboss.remoting:service=NetworkRegistry</depends>
</mbean>
(ourcorp was a find and replace)
Note that the KeyManagementAlgoyrythm attribute doesn't exist and was commented out.
This very same keystore works with the JRPM/SSL/SecurityDomain setup with JBoss 4.0.2 etc
without error. Multiple different ways were used to reference the keystore file, a bad
filename results in a different error.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
6224
days inactive
6224
days old
1 comments
1 participants
participants (1)
-
Andrew Oliver (JIRA)