Server certificate problems after update to 3.2.0beta

Klaus_Weidenbach · January 19, 2007, 10:48pm

I have update from 3.1.0 to 3.2.0 on a test server.

I have copied my old truststore and keystore files like I also always did with earlier updates and I had no problems in the past.

When I go to the Server Certificates configuration I get only this error message:

java.lang.NullPointerException

at org.jivesoftware.wildfire.admin.ssl_002dcertificates_jsp._jspService(ssl_002dce rtificates_jsp.java:344)

at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)

at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:491)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1074)

at com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:11 8)

at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1065)

at org.jivesoftware.util.LocaleFilter.doFilter(LocaleFilter.java:65)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1065)

at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingF ilter.java:41)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1065)

at org.jivesoftware.admin.PluginFilter.doFilter(PluginFilter.java:69)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1065)

at org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:98)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1065)

at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:365)

at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:185)

at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)

at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:689)

at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:391)

at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollect ion.java:146)

at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)

at org.mortbay.jetty.Server.handle(Server.java:285)

at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:457)

at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.j ava:751)

at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:500)

at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:209)

at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:357)

at org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:217)

at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:475)

I have tested bit around and started with the shipped keystore file and repeated the steps I did when I did it the first time but I come to the same error message after a restart. If I use the instructions to create self signed certificates it is working. But how can I use my old and signed certificates?

Anyone who experienced the same problem or knows what is going wrong here?

Thanks for any hints!

Regards,

Klaus

Gaston_Dombiak · January 20, 2007, 12:12am

Hey Klaus,

Thanks for the bug report. I filed JM-940 for this problem and checked in a possible fix. The problem seems to happen with certificates that have no chain. I don’'t know how you are ending with certs with no chain but that would explain the error in that page. Could you try using the next nightly build? You will need to replace the plugins/admin folder with the one provided in the nightly build.

Thanks,

– Gato

Klaus_Weidenbach · January 20, 2007, 9:23am

Thank you very much for the quick reply.

I just downloaded the nightly build wildfire_2007-01-20. I replaced plugins/admin and started again, but I get no login screen anymore, just this error message.

HTTP ERROR: 503

SERVICE_UNAVAILABLE

RequestURI=/

I tried to use the whole nightly build then, but I don’‘t know yet how to start it, because I can’'t use ./bin/wildwire start. I will try bit more now.

I was bit surprised that the problem are certificates without a chain. Because I actually imported the root certificates from my CA and so on. Okay, but I will take a look on it when I got it running again.

Thanks for your help so far.

Klaus_Weidenbach · January 20, 2007, 9:52am

Okay, I use ./bin/wildfire.sh with the nightly build now, but I get this error:

Exception in thread “main” java.lang.UnsupportedClassVersionError: Bad version number in .class file

at java.lang.ClassLoader.defineClass1(Native Method)

at java.lang.ClassLoader.defineClass(Unknown Source)

at java.security.SecureClassLoader.defineClass(Unknown Source)

at java.net.URLClassLoader.defineClass(Unknown Source)

at java.net.URLClassLoader.access$100(Unknown Source)

at java.net.URLClassLoader$1.run(Unknown Source)

at java.security.AccessController.doPrivileged(Native Method)

at java.net.URLClassLoader.findClass(Unknown Source)

at java.lang.ClassLoader.loadClass(Unknown Source)

at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)

at java.lang.ClassLoader.loadClass(Unknown Source)

at java.lang.ClassLoader.loadClassInternal(Unknown Source)

Is this a problem with the nightly build?

Gaston_Dombiak · January 20, 2007, 5:28pm

Hey Klaus,

I’'m not sure which Java version is being used for building the nightly build version. The problem seems to be related to the Java version that you are using and the one that was used for building the nightly build version. If you are using Java 1.5 could you try using Java 1.6 and see if the problem persists? If you are using 1.6 then try using 1.5 for the test.

Thanks,

– Gato

Klaus_Weidenbach · January 21, 2007, 10:04am

Ah okay, that sounds possible. I am using JDK 1.5.0_09 on a Slackware Linux System. I don’'t think I have time to install Java 1.6 now, so maybe I will wait for the next beta or RC then. Or will they also require Java 1.6?

Thanks for all your help so far! Will let you know when it is working.

Klaus_Weidenbach · January 23, 2007, 2:55pm

Hello,

I have installed JDK1.6.0 for Linux and I can start the nightly builds now trough bin/wildfire.sh. But I have a lot of problems. I can start wildfire, but it does not run. Also when I go back to 3.2.0beta0 that was working with jdk1.5, it fails now with jdk1.6. I think it is related to the new epoll support that I have an too old Linux kernel, but I have not so much clue about it unfortunately.

In logs/info.log I get these entries:

2007.01.23 15:11:18 Wildfire 3.2.0 Beta 0

2007.01.23 15:11:51 Admin console listening at http://127.0.0.1:9090

Here everything looks like it is working, but I can reach no admin console.

In logs/error.log I read this:

2007.01.23 15:11:51 org.jivesoftware.wildfire.container.AdminConsolePlugin.startup(AdminConsolePlugi n.java:134) Could not start admin conosle server

java.io.IOException: Function not implemented

at sun.nio.ch.EPollArrayWrapper.epollCreate(Native Method)

at sun.nio.ch.EPollArrayWrapper.(SelectorManager.java:205)

at org.mortbay.io.nio.SelectorManager.doStart(SelectorManager.java:113)

at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40)

at org.mortbay.jetty.nio.SelectChannelConnector.doStart(SelectChannelConnector.jav a:232)

at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40)

at org.mortbay.jetty.Server.doStart(Server.java:221)

at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40)

at org.jivesoftware.wildfire.container.AdminConsolePlugin.startup(AdminConsolePlug in.java:131)

at org.jivesoftware.wildfire.container.AdminConsolePlugin.initializePlugin(AdminCo nsolePlugin.java:167)

at org.jivesoftware.wildfire.container.PluginManager.loadPlugin(PluginManager.java :404)

at org.jivesoftware.wildfire.container.PluginManager.access$200(PluginManager.java :46)

at org.jivesoftware.wildfire.container.PluginManager$PluginMonitor.run(PluginManag er.java:919)

at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)

at java.util.concurrent.FutureTask$Sync.innerRunAndReset(FutureTask.java:317)

at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:150)

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101 (ScheduledThreadPoolExecutor.java:98)

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.runPeriodi c(ScheduledThreadPoolExecutor.java:181)

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Schedu ledThreadPoolExecutor.java:205)

at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java: 885)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907)

at java.lang.Thread.run(Thread.java:619)

Was just a bit confused that info.log shows everything is allright, but in error.log stands at the same time it failed.

I have installed the same jdk1.6 on another computer with the same Linux System, just with a new linux kernel and here everything works fine! So I guess this bug is related to java and not wildfire. (?) Anyone who has more information or knows more about it? But maybe you can improve the output in info.log if it is really working or not.

Well, but about the problem with the certificates. On the working computer I tested my keystore and I got another error message:

java.security.InvalidKeyException: Supplied key (null) is not a RSAPrivateKey instance

at org.bouncycastle.jce.provider.JDKDigestSignature.engineInitSign(Unknown Source)

at java.security.Signature.initSign(Signature.java:480)

at org.bouncycastle.jce.PKCS10CertificationRequest.(Unknown Source)

at org.jivesoftware.util.CertificateManager.createSigningRequest(CertificateManage r.java:321)

at org.jivesoftware.wildfire.admin.ssl_002dcertificates_jsp._jspService(ssl_002dce rtificates_jsp.java:351)