Hello Paul,
I've had no luck with this issue. We are still getting the same error
no matter what SSL cert we use. 1024 or 2048 size certificates
generate the same error. Here are the exact steps we are taking to
generate the certificates. This is a java environment on a windows
platform:
keytool -genkey -v -alias d1google -dname "CN=careopinion.com,
OU=Corporate, O=DiagnosisONE, L=Nashua, S=New Hampshire, C=US" -alias
d1google -keypass xxxxx -keystore d1google2010b.jks -storepass xxxxx -
keyalg "RSA" -sigalg SHA1withRSA -validity 1825 -keysize 1024
keytool -certreq -v -alias d1google -sigalg "SHA1withRSA" -file
d1google2010b.csr -keystore d1google2010b.jks -storepass xxxxx -
keypass xxxxx
Once I receive the cert back from the provider, I append it using a
test editor to the bottom of the certificate chain file also received
from the provider.
keytool -import -v -file careopinion_com.txt -keypass xxxxx -keystore
d1google2010b.jks -storepass xxxxx -trustcacerts -alias d1google
I then export the certificate from the keystore:
keytool -export -v -rfc -alias d1google -file d1google2010b.pem -
keystore d1google2010b.jks -storepass xxxxx
And use the resulting file to upload to the manage domain tool for our
domain:
Testing the application still results in the following exception:
com.google.gdata.util.AuthenticationException: 401: Invalid AuthSub
header.
at
com.google.gdata.client.http.AuthSubUtil.exchangeForSessionToken(Unknown
Source)
at
com.google.gdata.client.http.AuthSubUtil.exchangeForSessionToken(Unknown
Source)
at
d1.process.HealthSample.exchangeAuthSubToken(HealthSample.java:91)
at hlink.GoogleHandler.AddProfile(GoogleHandler.java:1017)
at sun.reflect.GeneratedMethodAccessor377.invoke(Unknown
Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:
25)
at java.lang.reflect.Method.invoke(Method.java:585)
at
org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:
879)
at
org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:
809)
at
org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:
478)
at
org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:
306)
at
org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:
336)
at
org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(FlowControllerAction.java:
52)
at
org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:
431)
at
org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access
$201(PageFlowRequestProcessor.java:97)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor
$ActionRunner.execute(PageFlowRequestProcessor.java:2044)
at
org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors
$WrapActionInterceptorChain.continueChain(ActionInterceptors.java:64)
at
org.apache.beehive.netui.pageflow.interceptor.action.ActionInterceptor.wrapAction(ActionInterceptor.java:
184)
at
org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors
$WrapActionInterceptorChain.invoke(ActionInterceptors.java:50)
at
org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors
$WrapActionInterceptorChain.continueChain(ActionInterceptors.java:58)
at
org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:
87)
at
org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:
2116)
at
org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:
236)
at
org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:
556)
at
org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:
853)
at
org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:
631)
at
org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:
158)
at
org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:
727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:
820)
at weblogic.servlet.internal.StubSecurityHelper
$ServletServiceAction.run(StubSecurityHelper.java:226)
at
weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:
124)
at
weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:
283)
at
weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at
weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:
42)
at
com.bea.portal.tools.servlet.http.HttpContextFilter.doFilter(HttpContextFilter.java:
60)
at
weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:
42)
at
com.bea.p13n.servlets.PortalServletFilter.doFilter(PortalServletFilter.java:
336)
at
weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:
42)
at
com.bea.jsptools.servlet.PagedResultServiceFilter.doFilter(PagedResultServiceFilter.java:
82)
at
weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:
42)
at weblogic.servlet.internal.WebAppServletContext
$ServletInvocationAction.run(WebAppServletContext.java:3393)
at
weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:
321)
at weblogic.security.service.SecurityManager.runAs(Unknown
Source)
at
weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:
2140)
at
weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:
2046)
at
weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:
1366)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:200)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:172)
Add Profile exception: Problem while exchanging AuthSub token.
Any ideas on what is going wrong here? Am I missing something very
basic? This is very frustrating....
Thanks,
-Dave-
On Jun 24, 8:43 pm, "Paul (Google)" <[email protected]> wrote:
> Hi Dave,
>
> I'm still investigating 2048 bit key support. I'll definitely post an
> update once I have a definitive answer.
>
> When you click the link for the domains management test using Google
> Calendar, you'll be directed to the Calendar authorization page, and
> then back to your app with an authorized single-use token in the URL.
> You will be redirected back to the URL you have specified in the
> "Target URL path prefix" field, and the token will be a GET parameter
> on the URL. To verify that the signature was successful, you'll need
> to have your web application retrieve the token from the URL and
> attempt to upgrade it to a session token, which is what you're
> currently doing with Health. If you're able to exchange the single-
> use token for an session token, then the 2048 bit key should be
> useable. If you get same error that's in the initial post, then it's
> unlikely that the 2048 bit key can be used at this time.
>
> In any event, I'll let you know what I find out about 2048 bit keys!
>
> Paul
>
> On Jun 22, 12:08 pm, Dave <[email protected]> wrote:
>
>
>
> > Hi Paul,
>
> > It won't be possible to get a 1024 length key now. All of the key
> > issuers are using 2048 as the default key size now.
>
> > Is there any way for you to verify if google will support the 2048
> > key?
>
> > Also, I'm not clear how to test the key using the google calendar
> > link. When I click on it, it asks:
>
> > The site CareOpinion is requesting access to your Google Account
> > for the product(s) listed below.
> > Google Calendar
>
> > When I click "Grant Access" it immediately takes me to my
> > caropinion.com application page. Does this mean that the certificate
> > works?
>
> > I am still getting the following error after I try to connect to
> > google health through our application: I've imported the google
> > health cert into our IIS store...
>
> > <Jun 22, 2010 2:58:59 PM EDT> <Warning> <Security> <BEA-090477>
> > <Certificate chain received fromwww.google.com-72.14.204.147 was
> > not trusted causing SSL handshake failure.>
> > javax.net.ssl.SSLKeyException: [Security:090477]Certificate chain
> > received fromwww.google.com-72.14.204.147 was not trusted causing
> > SSL handshake failure.
>
> > Thanks in advance for your help....
>
> > -Dave-
>
> > On Jun 18, 1:45 pm, "Paul (Google)" <[email protected]> wrote:
>
> > > Hi Dave,
>
> > > Is it possible to test with a 1024 bit key? This should be the
> > > default when generating a key using Java keytool. The keytool example
> > > at the following link produces a 1024 bit key.
>
> > >http://code.google.com/apis/gdata/docs/auth/authsub.html#keytool
>
> > > There should be an option to test your key on the domain management
> > > tool (next link). Are you able to link to Google Calendar with your
> > > current key?
>
> > >https://www.google.com/accounts/ManageDomain
>
> > > Paul
>
> > > On Jun 18, 6:49 am, Dave <[email protected]> wrote:
>
> > > > Can anyone help with this? Thanks.
>
> > > > On Jun 14, 11:21 am, Dave <[email protected]> wrote:
>
> > > > > Hello,
>
> > > > > We are still experiencing the same issue. The only change that we
> > > > > have made recently was the renewal of our SSL certificate for our
> > > > > application. We have exported a .PEM file and uploaded it to the
> > > > > manage domains page. Here is the command we used to extract the key:
>
> > > > > keytool -export -v -rfc -alias d1google -file d1google5.pem -keystore
> > > > > d1google3.jks -storepass xxxxxx
>
> > > > > The key has a a size of 2048. Is this supported? The help page
> > > > > mentions that the key must be 1024, however, we did not have the
> > > > > option to renew the key with a size of 1024. Is there something else
> > > > > we are missing here? This process worked fine last year when we
> > > > > renewed our cert then.
>
> > > > > Thanks,
>
> > > > > -Dave-
>
> > > > > On May 27, 5:29 pm, "Paul (Google)" <[email protected]> wrote:
>
> > > > > > Hello Ahmad,
>
> > > > > > I'm not aware of any issues with the AuthSub authentication at the
> > > > > > moment, and since you're using the AuthSubUtil class to get the
> > > > > > session token, the AuthSub header should be correct. Is it
> > > > > > therefore
> > > > > > possible that the token you're passing into
> > > > > > AuthSubUtil.exchangeForSessionToken() is somehow incorrect? Can you
> > > > > > post the code that you're using to get the single-use token and
> > > > > > exchanging it for the session token?
>
> > > > > > Paul (Google)
>
> > > > > > On May 25, 1:11 pm, AK <[email protected]> wrote:
>
> > > > > > > We started getting this exception from Google Health recently
> > > > > > > although
> > > > > > > we made no changes in our code. We appreciate your feedback.
> > > > > > > Please
> > > > > > > excuse the length of the exception.
>
> > > > > > > com.google.gdata.util.AuthenticationException: 401: Invalid
> > > > > > > AuthSub
> > > > > > > header.
> > > > > > > at
> > > > > > > com.google.gdata.client.http.AuthSubUtil.exchangeForSessionToken(Unknown
> > > > > > > Source)
> > > > > > > at
> > > > > > > com.google.gdata.client.http.AuthSubUtil.exchangeForSessionToken(Unknown
> > > > > > > Source)
> > > > > > > at
> > > > > > > d1.process.HealthSample.exchangeAuthSubToken(HealthSample.java:91)
> > > > > > > at hlink.GoogleHandler.AddProfile(GoogleHandler.java:1017)
> > > > > > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> > > > > > > Method)
> > > > > > > at
> > > > > > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
> > > > > > > 39)
> > > > > > > at
> > > > > > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImp
> > > > > > > l.java:
> > > > > > > 25)
> > > > > > > at java.lang.reflect.Method.invoke(Method.java:585)
> > > > > > > at
> > > > > > > org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowCon
> > > > > > > troller.java:
> > > > > > > 879)
> > > > > > > at
> > > > > > > org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(Flo
> > > > > > > wController.java:
> > > > > > > 809)
> > > > > > > at
> > > > > > > org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowContro
> > > > > > > ller.java:
> > > > > > > 478)
> > > > > > > at
> > > > > > > org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFl
> > > > > > > owController.java:
> > > > > > > 306)
> > > > > > > at
> > > > > > > org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.jav
> > > > > > > a:
> > > > > > > 336)
> > > > > > > at
> > > > > > > org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(Flo
> > > > > > > wControllerAction.java:
> > > > > > > 52)
> > > > > > > at
> > > > > > > org.apache.struts.action.RequestProcessor.processActionPerform(RequestProce
> > > > > > > ssor.java:
> > > > > > > 431)
> > > > > > > at
> > > > > > > org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access
> > > > > > > $201(PageFlowRequestProcessor.java:97)
> > > > > > > at
> > > > > > > org.apache.beehive.netui.pageflow.PageFlowRequestProcessor
> > > > > > > $ActionRunner.execute(PageFlowRequestProcessor.java:2044)
> > > > > > > at
> > > > > > > org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterce
> > > > > > > ptors
> > > > > > > $WrapActionInterceptorChain.continueChain(ActionInterceptors.java:64)
> > > > > > > at
> > > > > > > org.apache.beehive.netui.pageflow.interceptor.action.ActionInterceptor.wrap
> > > > > > > Action(ActionInterceptor.java:
> > > > > > > 184)
> > > > > > > at
> > > > > > > org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterce
> > > > > > > ptors
> > > > > > > $WrapActionInterceptorChain.invoke(ActionInterceptors.java:50)
> > > > > > > at
> > > > > > > org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterce
> > > > > > > ptors
> > > > > > > $WrapActionInterceptorChain.continueChain(ActionInterceptors.java:58)
> > > > > > > at
> > > > > > > org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterce
> > > > > > > ptors.wrapAction(ActionInterceptors.java:
> > > > > > > 87)
> > > > > > > at
> > > > > > > org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPer
> > > > > > > form(PageFlowRequestProcessor.java:
> > > > > > > 2116)
> > > > > > > at
> > > > > > > org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:
> > > > > > > 236)
> > > > > > > at
> > > > > > > org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(
> > > > > > > PageFlowRequestProcessor.java:
> > > > > > > 556)
> > > > > > > at
> > > > > > > org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlow
> > > > > > > RequestProcessor.java:
> > > > > > > 853)
> > > > > > > at
> > > > > > > org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoReg
> > > > > > > isterActionServlet.java:
> > > > > > > 631)
> > > > > > > at
> > > > > > > org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowAct
> > > > > > > ionServlet.java:
> > > > > > > 158)
> > > > > > > at
> > > > > > > org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)
> > > > > > > at
> > > > > > > javax.servlet.http.HttpServlet.service(HttpServlet.java:
> > > > > > > 727)
> > > > > > > at
> > > > > > > javax.servlet.http.HttpServlet.service(HttpServlet.java:
> > > > > > > 820)
> > > > > > > at weblogic.servlet.internal.StubSecurityHelper
> > > > > > > $ServletServiceAction.run(StubSecurityHelper.java:226)
> > > > > > > at
> > > > > > > weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelp
> > > > > > > er.java:
> > > > > > > 124)
> > > > > > > at
> > > > > > > weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:
> > > > > > > 283)
> > > > > > > at
> > > > > > > weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
> > > > > > > at- Hide quoted text -
>
> - Show quoted text -...
>
> read more »
--
You received this message because you are subscribed to the Google Groups
"Google Health Developers" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/googlehealthdevelopers?hl=en.
