Re: [jira] Commented: (RIVER-320) Prebuilt hello example certificates have expired - need to provide new ones

Peter Firmstone Tue, 29 Sep 2009 15:25:06 -0700

Good work Jonathan,

AR2's looking much better.


Thanks,

Peter.

Jonathan Costers (JIRA) wrote:

[ https://issues.apache.org/jira/browse/RIVER-320?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12760738#action_12760738 ]

Jonathan Costers commented on RIVER-320:
----------------------------------------

expired certificates have been removed from version control and a generation 
machanism has been added instead.
the binary distribution will contain freshly generated certificates.

Prebuilt hello example certificates have expired - need to provide new ones----------------------------------------------------------------------------


                Key: RIVER-320
                URL: https://issues.apache.org/jira/browse/RIVER-320
            Project: River
         Issue Type: Bug
         Components: com_sun_jini_example
   Affects Versions: AR1
           Reporter: Jonathan Costers

When running the Hello example in SSL mode, errors are thrown about the used 
certificate being expired:
+ java -Djava.security.manager= -Djava.security.policy=config/ssl-server.policy 
-Djava.security.auth.login.config=config/ssl-server.login 
-Djava.security.properties=config/dynamic-policy.security-properties 
-Djavax.net.ssl.trustStore=prebuiltkeys/truststore 
-Djava.protocol.handler.pkgs=net.jini.url 
-Djava.rmi.server.RMIClassLoaderSpi=com.sun.jini.example.hello.MdClassAnnotationProvider
 -Dexport.codebase.source.app=lib 
-Dexport.codebase.app=httpmd://calisto:8080/server-dl.jar;sha=0 
-Dexport.codebase.source.jsk=../../lib-dl 
-Dexport.codebase.jsk=httpmd://calisto:8080/jsk-dl.jar;sha=0 -jar 
lib/server.jar config/ssl-server.config

Exception in thread "main" java.security.PrivilegedActionException: java.rmi.server.ExportException: listen failed; nested exception is:net.jini.io.UnsupportedConstraintException: Problem with certificates: CN=Server

java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 14:22:36 
CEST 2008
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
        at com.sun.jini.example.hello.Server.init(Unknown Source)
        at com.sun.jini.example.hello.Server.main(Unknown Source)

Caused by: java.rmi.server.ExportException: listen failed; nested exception is:net.jini.io.UnsupportedConstraintException: Problem with certificates: CN=Server

java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 14:22:36 
CEST 2008
        at com.sun.jini.jeri.internal.runtime.BasicExportTable.export(Unknown 
Source)
        at net.jini.jeri.BasicJeriExporter.export(Unknown Source)
        at com.sun.jini.example.hello.Server.initAsSubject(Unknown Source)
        at com.sun.jini.example.hello.Server$1.run(Unknown Source)
        ... 4 more
Caused by: net.jini.io.UnsupportedConstraintException: Problem with 
certificates: CN=Server
java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 14:22:36 
CEST 2008
        at 
net.jini.jeri.ssl.SslServerEndpointImpl$SslListenEndpoint.checkCredentials(Unknown
 Source)
        at 
net.jini.jeri.ssl.SslServerEndpointImpl$SslListenEndpoint.listen(Unknown Source)
        at 
com.sun.jini.jeri.internal.runtime.BasicExportTable$Binding$2.run(Unknown 
Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at net.jini.security.Security$5.run(Unknown Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at net.jini.security.Security.doPrivileged(Unknown Source)
        at 
com.sun.jini.jeri.internal.runtime.BasicExportTable$Binding.<init>(Unknown 
Source)
        at 
com.sun.jini.jeri.internal.runtime.BasicExportTable.getBinding(Unknown Source)
        at 
com.sun.jini.jeri.internal.runtime.BasicExportTable.access$000(Unknown Source)
        at 
com.sun.jini.jeri.internal.runtime.BasicExportTable$LC.addListenEndpoint(Unknown
 Source)
        at 
net.jini.jeri.ssl.SslServerEndpointImpl.enumerateListenEndpoints(Unknown Source)
        at net.jini.jeri.ssl.SslServerEndpoint.enumerateListenEndpoints(Unknown 
Source)
        ... 8 more
Caused by: java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 
14:22:36 CEST 2008
        at 
sun.security.x509.CertificateValidity.valid(CertificateValidity.java:273)
        at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:587)
        at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:560)
        at net.jini.jeri.ssl.Utilities.checkValidity(Unknown Source)
        ... 21 more
The certificates in question are located in ./examples/hello/prebuiltkeys
We need to supply new certificates.

Code (macros) for generating certificates and keystores is already available in the qa/build.xml file.This could be used to generate new certificates.

Proposal is to remove the expired prebuilt keys from version control and 
replace with a generation mechanism.

Re: [jira] Commented: (RIVER-320) Prebuilt hello example certificates have expired - need to provide new ones

Reply via email to