java.security.NoSuchAlgorithmException:Algorithm PBKDF2WithHmacSHA1 not available - security

My webserver, orion 1.5.4, run on jre 1.4.2, when I run
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
the following exception is thrown
java.security.NoSuchAlgorithmException:Algorithm PBKDF2WithHmacSHA1 not available
I google and find need to add Bouncy Castle provider, so I download bcprov-jdk14-150.jar and placed it in classpath, and download the unlimited policy files in the JVM, then when I run the program code, error thrown in line
aesCipher.init(Cipher.DECRYPT_MODE,secretKey, new IvParameterSpec(ivByte));
the error message is
Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
at javax.crypto.SunJCE_b.(DashoA12275)
... 15 more
Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!
at javax.crypto.SunJCE_b.a(DashoA12275)
at javax.crypto.SunJCE_b.g(DashoA12275)
at javax.crypto.SunJCE_b.f(DashoA12275)
at javax.crypto.SunJCE_t.run(DashoA12275)
at java.security.AccessController.doPrivileged(Native Method)
... 16 more
how to solve it?

I found the problem, I download the unlimited policy files for java 1.6 wrongly, should download for java 1.4.
thanks

Related

Azure DefaultCredentials with IntelliJ not working because no AuthMethodDetails.json is written

I am trying to use Default Azure credential to connect to a Service Bus Queue from my Spring Boot application (Kotlin) and have trouble getting the setup to work locally with the IntelliJ plugin.
I am trying to connect to a Service Bus queue to send a message, if I use a connection string it works fine but I would like to handle access with the default credentials.
val predictionRequestsClient = ServiceBusClientBuilder()
.credential(topicModelingProperties.namespace, credential)
.sender()
.queueName(topicModelingProperties.predictionQueue.requests)
.buildClient()
I've tried using the IntellijCredentials directly:
val credential = IntelliJCredentialBuilder()
.keePassDatabasePath("<MY PATH TO PWD STORAGE>")
.build()
or the default credentials (long term goal):
val credential = DefaultAzureCredentialBuilder()
.intelliJKeePassDatabasePath("<MY PATH TO PWD STORAGE>")
.build()
I did install the Azure Toolkit plugin in IntelliJ, logged in in my IDE, the plugin tells me even so in this screenshot:
Nevertheless when I try to send something to the queue I get the following error using the IntelliJCredentials:
[2022-06-28 08:47:13.285] ERROR [task-4] --- o.s.a.i.SimpleAsyncUncaughtExceptionHandler: Unexpected exception occurred invoking async method: public void at.teamecho.topic.CommentClassifier.addToClassificationQueue(at.teamecho.comment.CommentSubmissionEvent)
com.azure.messaging.servicebus.ServiceBusException: IntelliJ Authentication not available. Please log in with Azure Tools for IntelliJ plugin in the IDE.
at com.azure.messaging.servicebus.ServiceBusSenderAsyncClient.mapError(ServiceBusSenderAsyncClient.java:820)
at reactor.core.publisher.Mono.lambda$onErrorMap$31(Mono.java:3733)
at reactor.core.publisher.FluxOnErrorResume$ResumeSubscriber.onError(FluxOnErrorResume.java:94)
at reactor.core.publisher.MonoFlatMap$FlatMapMain.onError(MonoFlatMap.java:172)
at reactor.core.publisher.MonoPeekTerminal$MonoTerminalPeekSubscriber.onError(MonoPeekTerminal.java:258)
at reactor.core.publisher.SerializedSubscriber.onError(SerializedSubscriber.java:124)
at reactor.core.publisher.FluxRetryWhen$RetryWhenMainSubscriber.whenError(FluxRetryWhen.java:225)
at reactor.core.publisher.FluxRetryWhen$RetryWhenOtherSubscriber.onError(FluxRetryWhen.java:274)
at reactor.core.publisher.FluxConcatMap$ConcatMapImmediate.drain(FluxConcatMap.java:415)
at reactor.core.publisher.FluxConcatMap$ConcatMapImmediate.onNext(FluxConcatMap.java:251)
at reactor.core.publisher.EmitterProcessor.drain(EmitterProcessor.java:491)
at reactor.core.publisher.EmitterProcessor.tryEmitNext(EmitterProcessor.java:299)
at reactor.core.publisher.SinkManySerialized.tryEmitNext(SinkManySerialized.java:100)
at reactor.core.publisher.InternalManySink.emitNext(InternalManySink.java:27)
at reactor.core.publisher.FluxRetryWhen$RetryWhenMainSubscriber.onError(FluxRetryWhen.java:190)
at reactor.core.publisher.SerializedSubscriber.onError(SerializedSubscriber.java:124)
at reactor.core.publisher.SerializedSubscriber.onError(SerializedSubscriber.java:124)
at reactor.core.publisher.FluxTimeout$TimeoutMainSubscriber.onError(FluxTimeout.java:219)
at reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.onError(FluxPeekFuseable.java:234)
at reactor.core.publisher.MonoFlatMap$FlatMapMain.secondError(MonoFlatMap.java:192)
at reactor.core.publisher.MonoFlatMap$FlatMapInner.onError(MonoFlatMap.java:259)
at reactor.core.publisher.MonoFlatMap$FlatMapMain.secondError(MonoFlatMap.java:192)
at reactor.core.publisher.MonoFlatMap$FlatMapInner.onError(MonoFlatMap.java:259)
at reactor.core.publisher.FluxMap$MapSubscriber.onError(FluxMap.java:132)
at reactor.core.publisher.FluxMap$MapSubscriber.onError(FluxMap.java:132)
at reactor.core.publisher.MonoIgnoreThen$ThenIgnoreMain.onError(MonoIgnoreThen.java:278)
at reactor.core.publisher.MonoWhen$WhenCoordinator.signalError(MonoWhen.java:172)
at reactor.core.publisher.MonoWhen$WhenInner.onError(MonoWhen.java:288)
at reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.onError(FluxMapFuseable.java:140)
at reactor.core.publisher.MonoFlatMap$FlatMapMain.secondError(MonoFlatMap.java:192)
at reactor.core.publisher.MonoFlatMap$FlatMapInner.onError(MonoFlatMap.java:259)
at reactor.core.publisher.MonoFlatMap$FlatMapMain.secondError(MonoFlatMap.java:192)
at reactor.core.publisher.MonoFlatMap$FlatMapInner.onError(MonoFlatMap.java:259)
at reactor.core.publisher.MonoFlatMap$FlatMapMain.onError(MonoFlatMap.java:172)
at reactor.core.publisher.MonoPeekTerminal$MonoTerminalPeekSubscriber.onError(MonoPeekTerminal.java:258)
at reactor.core.publisher.FluxPeekFuseable$PeekConditionalSubscriber.onError(FluxPeekFuseable.java:903)
at reactor.core.publisher.FluxMap$MapConditionalSubscriber.onError(FluxMap.java:259)
at reactor.core.publisher.Operators$MultiSubscriptionSubscriber.onError(Operators.java:2063)
at reactor.core.publisher.Operators.error(Operators.java:198)
at reactor.core.publisher.MonoError.subscribe(MonoError.java:53)
at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:52)
at reactor.core.publisher.Mono.subscribe(Mono.java:4400)
at reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onComplete(FluxSwitchIfEmpty.java:82)
at reactor.core.publisher.Operators.complete(Operators.java:137)
at reactor.core.publisher.MonoEmpty.subscribe(MonoEmpty.java:46)
at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:52)
at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:64)
at reactor.core.publisher.MonoFlatMap$FlatMapMain.onNext(MonoFlatMap.java:157)
at reactor.core.publisher.Operators$MonoSubscriber.complete(Operators.java:1816)
at com.azure.core.amqp.implementation.AmqpChannelProcessor$ChannelSubscriber.onNext(AmqpChannelProcessor.java:398)
at com.azure.core.amqp.implementation.AmqpChannelProcessor.lambda$onNext$0(AmqpChannelProcessor.java:112)
at java.base/java.util.concurrent.ConcurrentLinkedDeque.forEach(ConcurrentLinkedDeque.java:1650)
at com.azure.core.amqp.implementation.AmqpChannelProcessor.onNext(AmqpChannelProcessor.java:112)
at reactor.core.publisher.FluxRepeatPredicate$RepeatPredicateSubscriber.onNext(FluxRepeatPredicate.java:86)
at reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.onNext(FluxPeekFuseable.java:210)
at reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.onNext(FluxMapFuseable.java:127)
at reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.onNext(FluxMapFuseable.java:127)
at reactor.core.publisher.Operators$MonoSubscriber.complete(Operators.java:1816)
at reactor.core.publisher.MonoFlatMap$FlatMapInner.onNext(MonoFlatMap.java:249)
at reactor.core.publisher.MonoIgnoreThen$ThenIgnoreMain.complete(MonoIgnoreThen.java:292)
at reactor.core.publisher.MonoIgnoreThen$ThenIgnoreMain.onNext(MonoIgnoreThen.java:187)
at reactor.core.publisher.MonoIgnoreThen$ThenIgnoreMain.subscribeNext(MonoIgnoreThen.java:236)
at reactor.core.publisher.MonoIgnoreThen$ThenIgnoreMain.onComplete(MonoIgnoreThen.java:203)
at reactor.core.publisher.SerializedSubscriber.onComplete(SerializedSubscriber.java:146)
at reactor.core.publisher.SerializedSubscriber.onComplete(SerializedSubscriber.java:146)
at reactor.core.publisher.FluxTimeout$TimeoutMainSubscriber.onComplete(FluxTimeout.java:234)
at reactor.core.publisher.MonoNext$NextSubscriber.onComplete(MonoNext.java:102)
at reactor.core.publisher.MonoNext$NextSubscriber.onNext(MonoNext.java:83)
at reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.onNext(FluxFilterFuseable.java:118)
at reactor.core.publisher.FluxReplay$SizeBoundReplayBuffer.replayNormal(FluxReplay.java:856)
at reactor.core.publisher.FluxReplay$SizeBoundReplayBuffer.replay(FluxReplay.java:944)
at reactor.core.publisher.FluxReplay$ReplaySubscriber.onNext(FluxReplay.java:1323)
at reactor.core.publisher.FluxPeek$PeekSubscriber.onNext(FluxPeek.java:200)
at reactor.core.publisher.FluxPeek$PeekSubscriber.onNext(FluxPeek.java:200)
at reactor.core.publisher.FluxMap$MapSubscriber.onNext(FluxMap.java:120)
at reactor.core.publisher.FluxDistinctUntilChanged$DistinctUntilChangedSubscriber.tryOnNext(FluxDistinctUntilChanged.java:149)
at reactor.core.publisher.FluxDistinctUntilChanged$DistinctUntilChangedSubscriber.onNext(FluxDistinctUntilChanged.java:102)
at reactor.core.publisher.FluxReplay$SizeBoundReplayBuffer.replayNormal(FluxReplay.java:856)
at reactor.core.publisher.FluxReplay$SizeBoundReplayBuffer.replay(FluxReplay.java:944)
at reactor.core.publisher.ReplayProcessor.tryEmitNext(ReplayProcessor.java:508)
at reactor.core.publisher.SinkManySerialized.tryEmitNext(SinkManySerialized.java:100)
at reactor.core.publisher.InternalManySink.emitNext(InternalManySink.java:27)
at com.azure.core.amqp.implementation.handler.Handler.onNext(Handler.java:89)
at com.azure.core.amqp.implementation.handler.SessionHandler.onSessionRemoteOpen(SessionHandler.java:87)
at org.apache.qpid.proton.engine.BaseHandler.handle(BaseHandler.java:146)
at org.apache.qpid.proton.engine.impl.EventImpl.dispatch(EventImpl.java:108)
at org.apache.qpid.proton.reactor.impl.ReactorImpl.dispatch(ReactorImpl.java:324)
at org.apache.qpid.proton.reactor.impl.ReactorImpl.process(ReactorImpl.java:291)
at com.azure.core.amqp.implementation.ReactorExecutor.run(ReactorExecutor.java:91)
at reactor.core.scheduler.SchedulerTask.call(SchedulerTask.java:68)
at reactor.core.scheduler.SchedulerTask.call(SchedulerTask.java:28)
at java.base/java.util.concurrent.FutureTask.run$$$capture(FutureTask.java:264)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java)
at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)
Suppressed: java.lang.Exception: #block terminated with an error
at reactor.core.publisher.BlockingSingleSubscriber.blockingGet(BlockingSingleSubscriber.java:139)
at reactor.core.publisher.Mono.block(Mono.java:1731)
at com.azure.messaging.servicebus.ServiceBusSenderClient.sendMessage(ServiceBusSenderClient.java:178)
at at.teamecho.topic.CommentClassifier.addToClassificationQueue(CommentClassificationService.kt:41)
at at.teamecho.topic.CommentClassifier$$FastClassBySpringCGLIB$$8be0e530.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:783)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753)
at net.bull.javamelody.MonitoringSpringInterceptor.invoke(MonitoringSpringInterceptor.java:76)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753)
at org.springframework.aop.interceptor.AsyncExecutionInterceptor.lambda$invoke$0(AsyncExecutionInterceptor.java:115)
at java.base/java.util.concurrent.FutureTask.run$$$capture(FutureTask.java:264)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java)
... 3 common frames omitted
Caused by: com.azure.identity.CredentialUnavailableException: IntelliJ Authentication not available. Please log in with Azure Tools for IntelliJ plugin in the IDE.
at com.azure.identity.implementation.IdentityClient.authenticateWithIntelliJ(IdentityClient.java:358)
at com.azure.identity.IntelliJCredential.lambda$getToken$2(IntelliJCredential.java:87)
at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:44)
... 56 common frames omitted
[2022-06-28 08:47:13.328] INFO [reactor-executor-5] --- c.a.c.a.i.h.SendLinkHandler: {"az.sdk.message":"onLinkRemoteOpen","connectionId":"MF_4ff63d_1656398832884","linkName":"cbs:sender","entityPath":"$cbs","remoteTarget":"Target{address='$cbs', durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false, dynamicNodeProperties=null, capabilities=null}"}
[2022-06-28 08:47:13.328] INFO [reactor-executor-5] --- c.a.c.a.i.AmqpChannelProcessor: {"az.sdk.message":"Channel is now active.","connectionId":"MF_4ff63d_1656398832884","entityPath":"$cbs"}
[2022-06-28 08:47:13.328] INFO [reactor-executor-5] --- c.a.c.a.i.h.ReceiveLinkHandler: {"az.sdk.message":"onLinkRemoteOpen","connectionId":"MF_4ff63d_1656398832884","entityPath":"$cbs","linkName":"cbs:receiver","remoteSource":"Source{address='$cbs', durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false, dynamicNodeProperties=null, distributionMode=null, filter=null, defaultOutcome=null, outcomes=null, capabilities=null}"}
Which basically tells me IntelliJ Authentication not available. Please log in with Azure Tools for IntelliJ plugin in the IDE, but in the IDE I am logged in.
After googling and debugging a bit it seems I am missing the AuthMethodDetails.json file, that should be written by the plugin - it does not exist on my machine.
I have tried to log in with OAuth 2.0 and the Device Login already but none of the options were writing the AuthMethodDetails / making the connection work.
TLDR;
Do I need the AuthMethodDetails.json for the Intellij plugin to work?
What could be a reason for it not being written for me and how can I get it written?
Versions:
com.azure:azure-identity:1.5.2
com.azure:azure-messaging-servicebus:7.9.1
IntelliJ IDEA 2022.1.3 (Ultimate Edition) - Build #IU-221.5921.22, built on June 21, 2022

SSL problems running azure-webapp-maven-plugin config

when running:
mvn com.microsoft.azure:azure-webapp-maven-plugin:1.14.0:config
I end up with
[ERROR] Failed to execute goal com.microsoft.azure:azure-webapp-maven-plugin:1.14.0:config (default-cli) on project storingen-api: Max retries 0 times exceeded. Error Details: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal com.microsoft.azure:azure-webapp-maven-plugin:1.14.0:config (default-cli) on project storingen-api: Max retries 0 times exceeded. Error Details: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Clearly this is a certificate problem that cannot be found. I have however no clue what certificate is needed nor in which keystore it needs to be. I suppose in the cacerts of my java distribution but it's not clear in any way.
Does anyone know which cert and where to put it ?
I just running into the same problem following Azure Learn Java Azure
Basically, this error ocurred because Java is trying to connect with your Azure Subscription at Azure Console. I saw the origin of this problem executing Maven command with -X. The log trace can be visualized over here, like this:
mvn com.microsoft.azure:azure-webapp-maven-plugin:1.12.0:config -X
What I did to solve:
I tried inserting Azure certifications inside Java cacerts - following the explanation here. But it didn't change or solved the problem.
I searched for a new one version of azure-webapp-maven-plugin. Nowadays, the version is 2.3.0. You can check at Maven repository the last version. It fixed my problem and no more throws the error caused by Java.
before: mvn com.microsoft.azure:azure-webapp-maven-plugin:1.12.0:config
after (I think so, that version fixes the problem): mvn com.microsoft.azure:azure-webapp-maven-plugin:2.3.0:config
Thanks

Spark ElasticSearch EsHadoopIllegalArgumentException unable to find keystore with valid URI

I'm trying to connect spark to my elasticsearch with SSL.
Setup
Spark 2.4.0 from CDH 6.3.2 (Cloudera)
ElasticSearch 7.6.1 (Open Distro)
elasticsearch-hadoop-7.6.1.jar
Considering
1) I already managed to authenticate logstash with SSL and pkcs12 keystore manually created
2) Connexion Spark to ES works without security
Here spark conf provided :
spark.es.nodes=node1
spark.es.port=9200
spark.es.net.ssl=true
spark.es.net.ssl.keystore.location= ===> See below what i tried
spark.es.net.ssl.keystore.type=PKCS12
spark.es.net.ssl.cert.allow.self.signed=true
spark.es.net.http.auth.user=admin
spark.es.net.http.auth.pass=admin
spark.es.nodes.wan.only=false //tried true
Doing
spark.read.format("org.elasticsearch.spark.sql")
.option("es.query", "?q=*:*")
.load("spark/docs")
.show
====================================================
FileSystem Values tried with spark.es.net.ssl.keystore.location (after copying admin.pkcs12 on all nodes)
file:///PATH/certs/admin.pkcs12
Error :
org.elasticsearch.hadoop.EsHadoopIllegalArgumentException: Cannot detect ES version - typically this happens if the network/Elasticsearch cluster is not accessible or when targeting a WAN/Cloud instance without the proper setting 'es.nodes.wan.only'
... elided
Caused by: org.elasticsearch.hadoop.EsHadoopIllegalStateException: Cannot initialize SSL - Get Key failed: null
at org.elasticsearch.hadoop.rest.commonshttp.SSLSocketFactory.createSSLContext(SSLSocketFactory.java:175)
at org.elasticsearch.hadoop.rest.commonshttp.SSLSocketFactory.getSSLContext(SSLSocketFactory.java:160)
at org.elasticsearch.hadoop.rest.commonshttp.SSLSocketFactory.createSocket(SSLSocketFactory.java:129)
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
at org.elasticsearch.hadoop.rest.commonshttp.CommonsHttpTransport.doExecute(CommonsHttpTransport.java:685)
at org.elasticsearch.hadoop.rest.commonshttp.CommonsHttpTransport.execute(CommonsHttpTransport.java:664)
at org.elasticsearch.hadoop.rest.NetworkClient.execute(NetworkClient.java:116)
at org.elasticsearch.hadoop.rest.RestClient.execute(RestClient.java:432)
at org.elasticsearch.hadoop.rest.RestClient.execute(RestClient.java:428)
at org.elasticsearch.hadoop.rest.RestClient.execute(RestClient.java:388)
at org.elasticsearch.hadoop.rest.RestClient.execute(RestClient.java:392)
at org.elasticsearch.hadoop.rest.RestClient.get(RestClient.java:168)
at org.elasticsearch.hadoop.rest.RestClient.mainInfo(RestClient.java:745)
at org.elasticsearch.hadoop.rest.InitializationUtils.discoverClusterInfo(InitializationUtils.java:330)
... 61 more
Caused by: java.security.UnrecoverableKeyException: Get Key failed: null
at sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:435)
at java.security.KeyStore.getKey(KeyStore.java:1023)
at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:133)
at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:70)
at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256)
at org.elasticsearch.hadoop.rest.commonshttp.SSLSocketFactory.loadKeyManagers(SSLSocketFactory.java:217)
at org.elasticsearch.hadoop.rest.commonshttp.SSLSocketFactory.createSSLContext(SSLSocketFactory.java:173)
... 78 more
Caused by: java.lang.NullPointerException
at sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:374)
... 84 more
====================================================
I copied a keystore a valid admin.pkcs12 to hdfs => /user/company/ with 777 rights, (as i'm writing, is it too permissive, like ssh ?)
//returns true
FileSystem.get(spark.sparkContext.hadoopConfiguration).exists(new Path("hdfs://namenode:8020/user/company/admin.pkcs12"))
HDFS Values tried with spark.es.net.ssl.keystore.location
hdfs:///namenode:8020/user/company/admin.pkcs12
hdfs://namenode:8020/user/company/admin.pkcs12
/user/company/admin.pkcs12
Error :
org.elasticsearch.hadoop.EsHadoopIllegalArgumentException: Cannot detect ES version - typically this happens if the network/Elasticsearch cluster is not accessible or when targeting a WAN/Cloud instance without the proper setting 'es.nodes.wan.only'
... elided
Caused by: org.elasticsearch.hadoop.EsHadoopIllegalStateException: Cannot initialize SSL - Expected to find keystore file at [...] but was unable to. Make sure that it is available on the classpath, or if not, that you have specified a valid URI.
at org.elasticsearch.hadoop.rest.commonshttp.SSLSocketFactory.createSSLContext(SSLSocketFactory.java:175)
at org.elasticsearch.hadoop.rest.commonshttp.SSLSocketFactory.getSSLContext(SSLSocketFactory.java:160)
at org.elasticsearch.hadoop.rest.commonshttp.SSLSocketFactory.createSocket(SSLSocketFactory.java:129)
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
at org.elasticsearch.hadoop.rest.commonshttp.CommonsHttpTransport.doExecute(CommonsHttpTransport.java:685)
at org.elasticsearch.hadoop.rest.commonshttp.CommonsHttpTransport.execute(CommonsHttpTransport.java:664)
at org.elasticsearch.hadoop.rest.NetworkClient.execute(NetworkClient.java:116)
at org.elasticsearch.hadoop.rest.RestClient.execute(RestClient.java:432)
at org.elasticsearch.hadoop.rest.RestClient.execute(RestClient.java:428)
at org.elasticsearch.hadoop.rest.RestClient.execute(RestClient.java:388)
at org.elasticsearch.hadoop.rest.RestClient.execute(RestClient.java:392)
at org.elasticsearch.hadoop.rest.RestClient.get(RestClient.java:168)
at org.elasticsearch.hadoop.rest.RestClient.mainInfo(RestClient.java:745)
at org.elasticsearch.hadoop.rest.InitializationUtils.discoverClusterInfo(InitializationUtils.java:330)
... 61 more
Caused by: org.elasticsearch.hadoop.EsHadoopIllegalArgumentException: Expected to find keystore file at [...] but was unable to. Make sure that it is available on the classpath, or if not, that you have specified a valid URI.
at org.elasticsearch.hadoop.rest.commonshttp.SSLSocketFactory.loadKeyStore(SSLSocketFactory.java:195)
at org.elasticsearch.hadoop.rest.commonshttp.SSLSocketFactory.loadKeyManagers(SSLSocketFactory.java:215)
at org.elasticsearch.hadoop.rest.commonshttp.SSLSocketFactory.createSSLContext(SSLSocketFactory.java:173)
I tried JKS too.
What am I missing ?
//Works
file:///PATH/certs/admin.pkcs12
I was getting this error because of the missing password.
spark.es.net.ssl.keystore.pass=PASSWORD

Why is Wildfly 17 complaining about missing BearerTokenAuthenticationMechanism ctor?

we're trying to upgrade from Wildfly 15 to Wildfly 17. When starting the application under 17 we get lot's of DEBUGs in log as follows:
2019-07-16 08:30:41,031|DEBUG| org.jboss.as.domain.management|Identification of operation not progressing after [15000000000] ns has been requested
2019-07-16 08:30:51,029|DEBUG| io.undertow.request|Matched prefix path /management for path /management
2019-07-16 08:30:51,029|DEBUG| io.undertow.request.security|Setting authentication required for exchange HttpServerExchange{ POST /management}
2019-07-16 08:30:51,029|DEBUG| org.wildfly.security|Unable to create instance
java.security.NoSuchAlgorithmException: ELY00011: Unable to create service for 'HttpServerAuthenticationMechanismFactory.BEARER_TOKEN'
at org.wildfly.security.WildFlyElytronProvider$ProviderService.newInstance(WildFlyElytronProvider.java:342)
at org.wildfly.security.http.util.SecurityProviderServerMechanismFactory.getMechanismNames(SecurityProviderServerMechanismFactory.java:79)
at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory.getMechanismNames(SetMechanismInformationMechanismFactory.java:58)
at org.wildfly.security.http.util.FilterServerMechanismFactory.getMechanismNames(FilterServerMechanismFactory.java:100)
at org.wildfly.security.http.util.SortedServerMechanismFactory.getMechanismNames(SortedServerMechanismFactory.java:50)
at org.wildfly.security.auth.server.HttpAuthenticationFactory.getAllSupportedMechNames(HttpAuthenticationFactory.java:65)
at org.wildfly.security.auth.server.AbstractMechanismAuthenticationFactory.getMechanismNames(AbstractMechanismAuthenticationFactory.java:77)
at org.jboss.as.domain.http.server.ManagementHttpServer.lambda$secureDomainAccess$3(ManagementHttpServer.java:447)
at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:253)
at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$800(HttpAuthenticator.java:242)
at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:97)
at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:96)
at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:364)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.NoSuchMethodException: org.wildfly.security.http.bearer.BearerTokenAuthenticationMechanism.<init>(java.security.Provider)
at java.lang.Class.getConstructor0(Class.java:3082)
at java.lang.Class.getConstructor(Class.java:1825)
at org.wildfly.security.WildFlyElytronProvider$ProviderService.newInstance(WildFlyElytronProvider.java:339)
Why is this and how can I get rid of these log entries?
Best regards
Mark.
This appears to be a bug in the WildFlyElytronProvider, I have created the following so we can implement a fix - https://issues.jboss.org/browse/ELY-1847
As this is just a DEBUG message you should be able to ignore in the meantime if you are not trying to use this mechanism.

Provider is not supported, or was incorrectly entered

I have installed gerrit server setup in localhost. And after making the successful connection the Web UI has been launched. There i have registered with my gmail id in "Sign in with a Launchpad ID" option.
Its worked earlier, but now it shows the error "Provider is not supported, or was incorrectly entered." when i try to login. I had searched a lot and found some solution regarding the security issues in the installed java in the system. I have Oracle Jdk8 not OpenJdk in my system. so should i have to switch to Open Jdk. Here is my error log messages from log file.
Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:90)
at sun.security.validator.Validator.getInstance(Validator.java:179)
at sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:312)
at sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:171)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:184)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
... 66 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120)
at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104)
at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:88)
... 78 more
Issue Fixed !
As i have been using Oracle Java 8, i have installed Open Jdk 7 with the following commnad.
sudo apt-get install ca-certificates-java
But issue resolved only when i have changed java home variable in gerrit.config file.
javaHome = /usr/lib/jvm/java-7-openjdk-amd64/jre
Now the issues fixed for me..

Resources