-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Akos--
You may want to take this question to the Apache Airavata dev list: [email protected] (cc'd). Marlon On 10/2/13 5:37 AM, Akos Hajnal wrote: > I don't know what "OA4MP" is, but I guess we use the > same cog-jglobus-1.8.jar-bcprov-jdk14-140.jar libs (downloaded my maven), > and get > the same Exception. > > What is amazing the exception is thrown > in BouncyCastleUtil.getIdentity(X509Certificate cert), in a line silimar to > > if (! (cert instanceof > org.bouncycastle.jce.provider.X509CertificateObject) ) { > System.out.println(cert.getClass()); throw new Exception(); } > > and the classname printed is: > "org.bouncycastle.jce.provider.X509CertificateObject". Another X-file... > > Regards, Akos Hajnal > > > > 2013. október 1., kedd 17:42:05 UTC+2 időpontban Jeff Gaynor a következőt > írta: >> >> What version of OA4MP are you using and where did you get it from? >> >> Jeff >> >> On 09/30/2013 08:43 AM, Akos Hajnal wrote: >> >> Dear Jeff,ďż˝ >> I tried: >> Security.addProvider(new BouncyCastleProvider()); >> setProvider("BC"); >> installSecureRandomProvider(); >> >> (the same as static code ofďż˝CertUtil) >> at the very beginning when my webapp is deployed, but I get the same >> exception. >> Maybe something stucked earlier. On the first deploy it works without >> exception, but never after redeploy. >> I use v1.8. >> >> Regards, Akos Hajnal >> >> 2013. mďż˝jus 22., szerda 22:58:39 UTC+2 idďż˝pontban Jeff Gaynor a >> kďż˝vetkezďż˝t ďż˝rta: >>> >>> Hmmm. You might try the following two lines of code >>> >>> Security.addProvider(new >>> org.bouncycastle.jce.provider.BouncyCastleProvider()); >>> CertUtil.setCertFactory(CertificateFactory.getInstance("X.509", "BC")); >>> >>> The first call is from java.security and the CertUtil is in OA4MP.ďż˝ >>> This will require that the bouncy castle provider be used. This should be >>> used as early in your code as possible, before any OA4MP calls. >>> >>> There is also a chance this might be a class loader issue, but it would >>> be good to check this possibility out first since it is easy. >>> >>> Jeff >>> >>> >>> On 05/22/2013 03:26 PM, Amila Jayasekara wrote: >>> >>> Hi All, >>> >>> I am getting following error when trying to communicate with MyProxy >>> server to create credentials. >>> >>> *An error occurred while retrieving credentials from credential store. >>> But continuing with password credentials.ďż˝* >>> *java.lang.IllegalArgumentException: [JGLOBUS-35] Unexpected certificate >>> type: "class sun.security.x509.X509CertImpl"* >>> * at >>> org.globus.gsi.bc.BouncyCastleUtil.getIdentity(BouncyCastleUtil.java:453) >>> * >>> * at >>> org.globus.gsi.bc.BouncyCastleUtil.getIdentity(BouncyCastleUtil.java:470) >>> * >>> * at >>> org.globus.gsi.GlobusCredential.getIdentity(GlobusCredential.java:401)* >>> * at >>> org.globus.gsi.gssapi.GlobusGSSCredentialImpl.<init>(GlobusGSSCredentialImpl.java:70) >>> * >>> * at >>> org.apache.airavata.gfac.utils.MyProxyManager.getCredentialsFromStore(MyProxyManager.java:231) >>> * >>> at >>> org.apache.airavata.gfac.context.security.GSISecurityContext.getGssCredentials(GSISecurityContext.java:82) >>> at >>> org.apache.airavata.gfac.handler.GramDirectorySetupHandler.invoke(GramDirectorySetupHandler.java:80) >>> at >>> org.apache.airavata.gfac.GFacAPI.invokeInFlowHandlers(GFacAPI.java:132) >>> at org.apache.airavata.gfac.GFacAPI.schedule(GFacAPI.java:63) >>> at org.apache.airavata.gfac.GFacAPI.submitJob(GFacAPI.java:53) >>> at >>> org.apache.airavata.xbaya.invoker.EmbeddedGFacInvoker.invoke(EmbeddedGFacInvoker.java:334) >>> at >>> org.apache.airavata.xbaya.interpretor.WorkflowInterpreter.handleWSComponent(WorkflowInterpreter.java:710) >>> at >>> org.apache.airavata.xbaya.interpretor.WorkflowInterpreter.executeDynamically(WorkflowInterpreter.java:530) >>> at >>> org.apache.airavata.xbaya.interpretor.WorkflowInterpreter.access$000(WorkflowInterpreter.java:89) >>> at >>> org.apache.airavata.xbaya.interpretor.WorkflowInterpreter$1.run(WorkflowInterpreter.java:197) >>> >>> Inďż˝*org.apache.airavata.gfac.utils.MyProxyManager*ďż˝I have following >>> code; >>> >>> X509Certificate[] certificates = new X509Certificate[1]; >>> certificates[0] = <certificate from oa4mp> >>> >>> >>> GlobusCredential newCredential = new GlobusCredential(<privateKey >>> from oa4mp>, >>> ďż˝ ďż˝ ďż˝ ďż˝ ďż˝ ďż˝ ďż˝ ďż˝ ďż˝ ďż˝ ďż˝ ďż˝ certificates); >>> >>> return new GlobusGSSCredentialImpl(newCredential, >>> ďż˝ ďż˝ ďż˝ ďż˝ ďż˝ ďż˝ ďż˝GSSCredential.INITIATE_AND_ACCEPT); >>> >>> >>> I debugged and confirmed that the assetResponse returned by OA4MP >>> server has "*sun.security.x509.X509CertImpl" *object type. >>> >>> What am I doing wrong here ? >>> Any help to resolve this issue is appreciated. >>> >>> Thanks in advance. >>> Regards, >>> Amilaďż˝ >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "science gateway security discussion" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected]. >>> Visit this group at >>> http://groups.google.com/a/sciencegatewaysecurity.org/group/discuss/?hl=en-US >>> . >>> ďż˝ >>> ďż˝ >>> >>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "science gateway security discussion" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> Visit this group at >> http://groups.google.com/a/sciencegatewaysecurity.org/group/discuss/. >> >> >> > -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSTBUTAAoJEOEgD2XReDo5zskH/jebarHRrjMG2XBCB43PEH0A 2MY+zfrS1YieGGeFggRUV1j10iirn2doDPtvIfek1P8hXWbzHd7AAX0vMwvaVi+4 05J0Ydj3a+wGObGqd3h6rYmr535jmkWvgL7NhnSqvQfYbAi/0SxrUjW8fTadFNvg d139jrKsmYEpnRg2gWxERfi1jqQoJw1ZrXgbvytoL7+nXNC4/z6YoEQy8EwwG3LC oW6H480imcQGQOlCnW1ZrOIz8M2RecR/rvlt+0Cic1565e0GyzkUReHCnSgOPU5v hi9+ZguHPl6oEFfwn+3BpoAhD/2+1evqzefm9rw2Bs9G2OiooqFKfmHFvzjVYQA= =d026 -----END PGP SIGNATURE-----
