Re: [Identity-dev] WSO2 Identity Solution - Project Mailing Lists

Fri, 02 May 2008 09:24:30 -0700 

Hi Miles;

One cause of the InvalidKeyException is, the certificate you used for
encryption includes the KeyUsage extension and does *not* contain "dataEncipherment". Make sure it includes "dataEncipherment". 


Another cause of the InvalidKeyException is that, the key size of the 
public key in your certificate has a key size that exceeds the maximum 
key size allowed.



Please  download Java Cryptography Extension (JCE) Unlimited Strength 
Jurisdiction Policy Files 5.0 from [1] and copy the two jar files from 
the extracted jce directory (local_policy.jar and US_export_policy.jar) 
to $JAVA_HOME/jre/lib/security.


Thanks & regards.
- Prabath

[1]: http://java.sun.com/javase/downloads/index_jdk5.jsp


Miles Metcalfe wrote:

Hi


I am trying to follow the steps here: 
http://wso2.org/project/solutions/identity/1.5/docs/idp_production.html and 
have added a test CA and server certificate, however, I am now unable to 
start the Identity Solution (all works fine in the localhost 
configuration). Here is the error thrown:



INFO [2008-05-02 13:06:51,423]  Starting WSO2 Identity Solution 1.5 
(Powered by Apache Axis2)
 INFO [2008-05-02 13:06:51,424]  Using Java Home        : 
/usr/lib/jvm/java-1.5.0-sun-1.5.0.15/jre

 INFO [2008-05-02 13:06:51,424]  Using Java Version     : 1.5.0_15
 INFO [2008-05-02 13:06:51,425]  Using WSO2 Identity Solution Home   : .

 INFO [2008-05-02 13:06:55,467]  Using Server Info Class: 
org.wso2.wsas.serverinfo.EmbeddedTomcatServerInfo

java.security.InvalidKeyException: Wrong key usage
    at javax.crypto.Cipher.init(DashoA12275)
    at javax.crypto.Cipher.init(DashoA12275)
    at org.wso2.utils.security.CryptoUtil.encrypt(CryptoUtil.java:76)

    at 
org.wso2.utils.security.CryptoUtil.encryptAndBase64Encode(CryptoUtil.java:97) 

    at 
org.wso2.wsas.util.KeyStoreUtil.persistKeyStore(KeyStoreUtil.java:85)
    at 
org.wso2.wsas.ServerManager.persistSecurityKeyStore(ServerManager.java:147)

    at org.wso2.wsas.ServerManager.start(ServerManager.java:101)
    at org.wso2.wsas.MainServlet.start(MainServlet.java:249)
    at org.wso2.wsas.MainServlet.init(MainServlet.java:185)

    at 
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1105) 

    at 
org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:932)
    at 
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3915) 

    at 
org.apache.catalina.core.StandardContext.start(StandardContext.java:4176)
    at 
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:759) 

    at 
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:739)
    at 
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:524)
    at 
org.wso2.wsas.TomcatRepositoryListener.run(TomcatRepositoryListener.java:111) 


    at java.lang.Thread.run(Thread.java:595)
FATAL [2008-05-02 13:07:08,378]  Cannot start WSO2 WSAS

org.wso2.utils.ServerException: Cannot encrypt WSO2 WSAS store and/or 
private key passwords
    at 
org.wso2.wsas.util.KeyStoreUtil.persistKeyStore(KeyStoreUtil.java:90)
    at 
org.wso2.wsas.ServerManager.persistSecurityKeyStore(ServerManager.java:147)

    at org.wso2.wsas.ServerManager.start(ServerManager.java:101)
    at org.wso2.wsas.MainServlet.start(MainServlet.java:249)
    at org.wso2.wsas.MainServlet.init(MainServlet.java:185)

    at 
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1105) 

    at 
org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:932)
    at 
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3915) 

    at 
org.apache.catalina.core.StandardContext.start(StandardContext.java:4176)
    at 
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:759) 

    at 
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:739)
    at 
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:524)
    at 
org.wso2.wsas.TomcatRepositoryListener.run(TomcatRepositoryListener.java:111) 


    at java.lang.Thread.run(Thread.java:595)
Caused by: org.wso2.utils.security.CryptoException: Error during encryption
    at org.wso2.utils.security.CryptoUtil.encrypt(CryptoUtil.java:82)

    at 
org.wso2.utils.security.CryptoUtil.encryptAndBase64Encode(CryptoUtil.java:97) 

    at 
org.wso2.wsas.util.KeyStoreUtil.persistKeyStore(KeyStoreUtil.java:85)

    ... 13 more
Caused by: java.security.InvalidKeyException: Wrong key usage
    at javax.crypto.Cipher.init(DashoA12275)
    at javax.crypto.Cipher.init(DashoA12275)
    at org.wso2.utils.security.CryptoUtil.encrypt(CryptoUtil.java:76)
    ... 15 more
FATAL [2008-05-02 13:07:08,380]  Could not start WSO2 Identity Solution
org.wso2.utils.ServerException: WSO2 Identity Solution startup failed.
    at org.wso2.wsas.MainServlet.start(MainServlet.java:260)
    at org.wso2.wsas.MainServlet.init(MainServlet.java:185)

    at 
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1105) 

    at 
org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:932)
    at 
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3915) 

    at 
org.apache.catalina.core.StandardContext.start(StandardContext.java:4176)
    at 
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:759) 

    at 
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:739)
    at 
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:524)
    at 
org.wso2.wsas.TomcatRepositoryListener.run(TomcatRepositoryListener.java:111) 


    at java.lang.Thread.run(Thread.java:595)
Caused by: org.wso2.utils.ServerException: Cannot start WSO2 WSAS
    at org.wso2.wsas.ServerManager.start(ServerManager.java:138)
    at org.wso2.wsas.MainServlet.start(MainServlet.java:249)
    ... 10 more

Caused by: org.wso2.utils.ServerException: Cannot encrypt WSO2 WSAS 
store and/or private key passwords
    at 
org.wso2.wsas.util.KeyStoreUtil.persistKeyStore(KeyStoreUtil.java:90)
    at 
org.wso2.wsas.ServerManager.persistSecurityKeyStore(ServerManager.java:147)

    at org.wso2.wsas.ServerManager.start(ServerManager.java:101)
    ... 11 more
Caused by: org.wso2.utils.security.CryptoException: Error during encryption
    at org.wso2.utils.security.CryptoUtil.encrypt(CryptoUtil.java:82)

    at 
org.wso2.utils.security.CryptoUtil.encryptAndBase64Encode(CryptoUtil.java:97) 

    at 
org.wso2.wsas.util.KeyStoreUtil.persistKeyStore(KeyStoreUtil.java:85)

    ... 13 more
Caused by: java.security.InvalidKeyException: Wrong key usage
    at javax.crypto.Cipher.init(DashoA12275)
    at javax.crypto.Cipher.init(DashoA12275)
    at org.wso2.utils.security.CryptoUtil.encrypt(CryptoUtil.java:76)
    ... 15 more
ERROR [2008-05-02 13:07:08,412]  Servlet /wsas threw load() exception
javax.servlet.ServletException: Could not start WSO2 Identity Solution
    at org.wso2.wsas.MainServlet.init(MainServlet.java:189)

    at 
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1105) 

    at 
org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:932)
    at 
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3915) 

    at 
org.apache.catalina.core.StandardContext.start(StandardContext.java:4176)
    at 
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:759) 

    at 
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:739)
    at 
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:524)
    at 
org.wso2.wsas.TomcatRepositoryListener.run(TomcatRepositoryListener.java:111) 


    at java.lang.Thread.run(Thread.java:595)
ERROR [2008-05-02 13:07:08,412]  Servlet /wsas threw load() exception
javax.servlet.ServletException: Could not start WSO2 Identity Solution
    at org.wso2.wsas.MainServlet.init(MainServlet.java:189)

    at 
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1105) 

    at 
org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:932)
    at 
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3915) 

    at 
org.apache.catalina.core.StandardContext.start(StandardContext.java:4176)
    at 
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:759) 

    at 
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:739)
    at 
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:524)
    at 
org.wso2.wsas.TomcatRepositoryListener.run(TomcatRepositoryListener.java:111) 


    at java.lang.Thread.run(Thread.java:595)


This error occurs whether I add my test certificates to the existing 
wso2is.jks store, or whether I create a new store holding just my test 
keys. I have tried this several times to (hopefully) eliminate idiocies 
like mistyping keystore passwords. My test CA has a 2048 bit RSA public 
key - could this be the source of the problem?


Cheers

Miles

_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev





_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev






















					Reply via email to