Akos,
Try to find this class in your tomcat webapps folder and if the jar is in
multiple projects then delete them and have a single copy of the jar to lib
folder of tomcat (tomcat 6+ does not have shared lib added to configuration).
Its a class loading issue and this may help. If you want we can have a Skype
session to debug this together. My Skype id is sandhu_raman1.
find apache-tomcat-7.0.39/webapps/ -name "*.jar" -exec grep -Hls
org.bouncycastle.jce.provider.X509CertificateObject {} \;
Thanks
Raminder
On Oct 3, 2013, at 7:42 AM, Akos Hajnal <[email protected]> wrote:
> Dear Raminder,
>
> I've tried the patched version together with bcprov16, but the same exception
> after redeploy.
>
> Now it seems that on tomcat removes class
> org.bouncycastle.jce.provider.X509CertificateObject on undeploy, and cannot
> re-load this class
> on redeploy. If I put bcprov-jdk14-140.jar into tomcat/lib,
> X509CertificateObject is not unloaded, and it seems to work without exception.
> I don't know why, and how to fix it.
>
> I don't know Airavata. Maybe I search for it...
>
> Regards, Akos Hajnal
>
> ps.
> //test proxy file exception
> GlobusCredential cred = new GlobusCredential("x509up");
> for (X509Certificate cert: cred.getCertificateChain()) {
> Class<? extends X509Certificate> c = cert.getClass();
> log.info(c.getName() + " class is from jar " +
> c.getResource('/'+ c.getName().replace('.', '/')+".class")); // <- see error
> below
> ...
> }
>
> Oct 03, 2013 1:20:03 PM org.apache.catalina.loader.WebappClassLoader
> findResourceInternal
> INFO: Illegal access: this web application instance has been stopped already.
> Could not load org/bouncycastle/jce/provider/X509CertificateO
> bject.class. The eventual following stack trace is caused by an error thrown
> for debugging purposes as well as to attempt to terminate the
> thread which caused the illegal access, and has no functional impact.
>
> Raminder Singh wrote:
>
>> Hi Akos,
>>
>> I faced similar problem with cog-jglobus and patched a version of
>> cog-jglobus. You can be download patched version from
>> http://community.ucs.indiana.edu:9090/archiva/repository/ogce.m2.all/cog-jglobus/cog-jglobus/1.8.0_bc/
>> repository. You need to update bouncycastle version to jdk1.6.1.46. I will
>> not recommend you to go this path. If you can use Airavata 0.9 release you
>> don't need cog-jgloubs. Airavata 0.9 and later uses Jglobus 2.0.6 and is a
>> better library to use to handle grid security and job submission.
>> <dependency>
>> <groupId>cog-jglobus</groupId>
>> <artifactId>cog-jglobus</artifactId>
>> <version>1.8.0_bc</version>
>> </dependency>
>> <dependency>
>> <groupId>org.bouncycastle</groupId>
>> <artifactId>bcprov-jdk16</artifactId>
>> <version>1.46</version>
>> </dependency>
>>
>> Please let us know if you need any help with Airavata. Thanks
>> Raminder
>>
>> On Oct 2, 2013, at 8:44 AM, Marlon Pierce <[email protected]
>> <mailto:[email protected]>> wrote:
>>
>>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Hi Akos--
>>>
>>> You may want to take this question to the Apache Airavata dev list:
>>> [email protected] <mailto:[email protected]> (cc'd).
>>>
>>>
>>> Marlon
>>>
>>> On 10/2/13 5:37 AM, Akos Hajnal wrote:
>>>
>>>> I don't know what "OA4MP" is, but I guess we use the
>>>> same cog-jglobus-1.8.jar-bcprov-jdk14-140.jar libs (downloaded my maven),
>>>> and get
>>>> the same Exception.
>>>>
>>>> What is amazing the exception is thrown
>>>> in BouncyCastleUtil.getIdentity(X509Certificate cert), in a line
>>>
>>> silimar to
>>>
>>>>
>>>> if (! (cert instanceof
>>>> org.bouncycastle.jce.provider.X509CertificateObject) ) {
>>>> System.out.println(cert.getClass()); throw new Exception(); }
>>>>
>>>> and the classname printed is:
>>>> "org.bouncycastle.jce.provider.X509CertificateObject". Another X-file...
>>>>
>>>> Regards, Akos Hajnal
>>>>
>>>>
>>>>
>>>> 2013. október 1., kedd 17:42:05 UTC+2 időpontban Jeff Gaynor a következőt
>>>> írta:
>>>>
>>>>>
>>>>> What version of OA4MP are you using and where did you get it from?
>>>>>
>>>>> Jeff
>>>>>
>>>>> On 09/30/2013 08:43 AM, Akos Hajnal wrote:
>>>>>
>>>>> Dear Jeff,ďż˝
>>>>> I tried:
>>>>> Security.addProvider(new BouncyCastleProvider());
>>>>> setProvider("BC");
>>>>> installSecureRandomProvider();
>>>>>
>>>>> (the same as static code of�CertUtil)
>>>>> at the very beginning when my webapp is deployed, but I get the same
>>>>> exception.
>>>>> Maybe something stucked earlier. On the first deploy it works without
>>>>> exception, but never after redeploy.
>>>>> I use v1.8.
>>>>>
>>>>> Regards, Akos Hajnal
>>>>>
>>>>> 2013. m�jus 22., szerda 22:58:39 UTC+2 id�pontban Jeff Gaynor a
>>>>> k�vetkez�t �rta:
>>>>>
>>>>>>
>>>>>> Hmmm. You might try the following two lines of code
>>>>>>
>>>>>> Security.addProvider(new
>>>>>> org.bouncycastle.jce.provider.BouncyCastleProvider());
>>>>>> CertUtil.setCertFactory(CertificateFactory.getInstance("X.509", "BC"));
>>>>>>
>>>>>> The first call is from java.security and the CertUtil is in OA4MP.ďż˝
>>>>>> This will require that the bouncy castle provider be used. This
>>>>>
>>> should be
>>>
>>>>>> used as early in your code as possible, before any OA4MP calls.
>>>>>>
>>>>>> There is also a chance this might be a class loader issue, but it would
>>>>>> be good to check this possibility out first since it is easy.
>>>>>>
>>>>>> Jeff
>>>>>>
>>>>>>
>>>>>> On 05/22/2013 03:26 PM, Amila Jayasekara wrote:
>>>>>>
>>>>>> Hi All,
>>>>>>
>>>>>> I am getting following error when trying to communicate with MyProxy
>>>>>> server to create credentials.
>>>>>>
>>>>>> *An error occurred while retrieving credentials from credential store.
>>>>>> But continuing with password credentials.ďż˝*
>>>>>> *java.lang.IllegalArgumentException: [JGLOBUS-35] Unexpected
>>>>>
>>> certificate
>>>
>>>>>> type: "class sun.security.x509.X509CertImpl"*
>>>>>> * at
>>>>>>
>>> org.globus.gsi.bc.BouncyCastleUtil.getIdentity(BouncyCastleUtil.java:453)
>>>
>>>>>> *
>>>>>> * at
>>>>>>
>>> org.globus.gsi.bc.BouncyCastleUtil.getIdentity(BouncyCastleUtil.java:470)
>>>
>>>>>> *
>>>>>> * at
>>>>>> org.globus.gsi.GlobusCredential.getIdentity(GlobusCredential.java:401)*
>>>>>> * at
>>>>>>
>>> org.globus.gsi.gssapi.GlobusGSSCredentialImpl.<init>(GlobusGSSCredentialImpl.java:70)
>>>
>>>>>> *
>>>>>> * at
>>>>>>
>>> org.apache.airavata.gfac.utils.MyProxyManager.getCredentialsFromStore(MyProxyManager.java:231)
>>>
>>>>>> *
>>>>>> at
>>>>>>
>>> org.apache.airavata.gfac.context.security.GSISecurityContext.getGssCredentials(GSISecurityContext.java:82)
>>>
>>>>>> at
>>>>>>
>>> org.apache.airavata.gfac.handler.GramDirectorySetupHandler.invoke(GramDirectorySetupHandler.java:80)
>>>
>>>>>> at
>>>>>> org.apache.airavata.gfac.GFacAPI.invokeInFlowHandlers(GFacAPI.java:132)
>>>>>> at org.apache.airavata.gfac.GFacAPI.schedule(GFacAPI.java:63)
>>>>>> at org.apache.airavata.gfac.GFacAPI.submitJob(GFacAPI.java:53)
>>>>>> at
>>>>>>
>>> org.apache.airavata.xbaya.invoker.EmbeddedGFacInvoker.invoke(EmbeddedGFacInvoker.java:334)
>>>
>>>>>> at
>>>>>>
>>> org.apache.airavata.xbaya.interpretor.WorkflowInterpreter.handleWSComponent(WorkflowInterpreter.java:710)
>>>
>>>>>> at
>>>>>>
>>> org.apache.airavata.xbaya.interpretor.WorkflowInterpreter.executeDynamically(WorkflowInterpreter.java:530)
>>>
>>>>>> at
>>>>>>
>>> org.apache.airavata.xbaya.interpretor.WorkflowInterpreter.access$000(WorkflowInterpreter.java:89)
>>>
>>>>>> at
>>>>>>
>>> org.apache.airavata.xbaya.interpretor.WorkflowInterpreter$1.run(WorkflowInterpreter.java:197)
>>>
>>>>>>
>>>>>> In�*org.apache.airavata.gfac.utils.MyProxyManager*�I have
>>>>>
>>> following
>>>
>>>>>> code;
>>>>>>
>>>>>> X509Certificate[] certificates = new X509Certificate[1];
>>>>>> certificates[0] = <certificate from oa4mp>
>>>>>>
>>>>>>
>>>>>> GlobusCredential newCredential = new GlobusCredential(<privateKey
>>>>>> from oa4mp>,
>>>>>> ďż˝ ďż˝ ďż˝ ďż˝ ďż˝ ďż˝ ďż˝ ďż˝ ďż˝ ďż˝ ďż˝ ďż˝ certificates);
>>>>>>
>>>>>> return new GlobusGSSCredentialImpl(newCredential,
>>>>>> � � � � � � �GSSCredential.INITIATE_AND_ACCEPT);
>>>>>>
>>>>>>
>>>>>> I debugged and confirmed that the assetResponse returned by OA4MP
>>>>>> server has "*sun.security.x509.X509CertImpl" *object type.
>>>>>>
>>>>>> What am I doing wrong here ?
>>>>>> Any help to resolve this issue is appreciated.
>>>>>>
>>>>>> Thanks in advance.
>>>>>> Regards,
>>>>>> Amilaďż˝
>>>>>>
>>>>>> --
>>>>>> You received this message because you are subscribed to the Google
>>>>>
>>> Groups
>>>
>>>>>> "science gateway security discussion" group.
>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>
>>> send an
>>>
>>>>>> email to [email protected]
>>>>>> <http://sciencegatewaysecurity.org>.
>>>>>> Visit this group at
>>>>>>
>>> http://groups.google.com/a/sciencegatewaysecurity.org/group/discuss/?hl=en-US
>>>
>>>>>> .
>>>>>> ďż˝
>>>>>> ďż˝
>>>>>>
>>>>>>
>>>>>> --
>>>>>
>>>>> You received this message because you are subscribed to the Google
>>>>
>>> Groups
>>>
>>>>> "science gateway security discussion" group.
>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>
>>> send an
>>>
>>>>> email to [email protected] <javascript:>.
>>>>> Visit this group at
>>>>> http://groups.google.com/a/sciencegatewaysecurity.org/group/discuss/.
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
>>> Comment: GPGTools - http://gpgtools.org
>>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>>>
>>> iQEcBAEBAgAGBQJSTBUTAAoJEOEgD2XReDo5zskH/jebarHRrjMG2XBCB43PEH0A
>>> 2MY+zfrS1YieGGeFggRUV1j10iirn2doDPtvIfek1P8hXWbzHd7AAX0vMwvaVi+4
>>> 05J0Ydj3a+wGObGqd3h6rYmr535jmkWvgL7NhnSqvQfYbAi/0SxrUjW8fTadFNvg
>>> d139jrKsmYEpnRg2gWxERfi1jqQoJw1ZrXgbvytoL7+nXNC4/z6YoEQy8EwwG3LC
>>> oW6H480imcQGQOlCnW1ZrOIz8M2RecR/rvlt+0Cic1565e0GyzkUReHCnSgOPU5v
>>> hi9+ZguHPl6oEFfwn+3BpoAhD/2+1evqzefm9rw2Bs9G2OiooqFKfmHFvzjVYQA=
>>> =d026
>>> -----END PGP SIGNATURE-----
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "science gateway security discussion" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an
>>> email to [email protected].
>>> Visit this group at
>>> http://groups.google.com/a/sciencegatewaysecurity.org/group/discuss/.
>>
>>
>
