Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
River_2.1.1
-
None
-
none available
Description
When running the Hello example in SSL mode, errors are thrown about the used certificate being expired:
+ java -Djava.security.manager= -Djava.security.policy=config/ssl-server.policy -Djava.security.auth.login.config=config/ssl-server.login -Djava.security.properties=config/dynamic-policy.security-properties -Djavax.net.ssl.trustStore=prebuiltkeys/truststore -Djava.protocol.handler.pkgs=net.jini.url -Djava.rmi.server.RMIClassLoaderSpi=com.sun.jini.example.hello.MdClassAnnotationProvider -Dexport.codebase.source.app=lib -Dexport.codebase.app=httpmd://calisto:8080/server-dl.jar;sha=0 -Dexport.codebase.source.jsk=../../lib-dl -Dexport.codebase.jsk=httpmd://calisto:8080/jsk-dl.jar;sha=0 -jar lib/server.jar config/ssl-server.config
Exception in thread "main" java.security.PrivilegedActionException: java.rmi.server.ExportException: listen failed; nested exception is:
net.jini.io.UnsupportedConstraintException: Problem with certificates: CN=Server
java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 14:22:36 CEST 2008
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
at com.sun.jini.example.hello.Server.init(Unknown Source)
at com.sun.jini.example.hello.Server.main(Unknown Source)
Caused by: java.rmi.server.ExportException: listen failed; nested exception is:
net.jini.io.UnsupportedConstraintException: Problem with certificates: CN=Server
java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 14:22:36 CEST 2008
at com.sun.jini.jeri.internal.runtime.BasicExportTable.export(Unknown Source)
at net.jini.jeri.BasicJeriExporter.export(Unknown Source)
at com.sun.jini.example.hello.Server.initAsSubject(Unknown Source)
at com.sun.jini.example.hello.Server$1.run(Unknown Source)
... 4 more
Caused by: net.jini.io.UnsupportedConstraintException: Problem with certificates: CN=Server
java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 14:22:36 CEST 2008
at net.jini.jeri.ssl.SslServerEndpointImpl$SslListenEndpoint.checkCredentials(Unknown Source)
at net.jini.jeri.ssl.SslServerEndpointImpl$SslListenEndpoint.listen(Unknown Source)
at com.sun.jini.jeri.internal.runtime.BasicExportTable$Binding$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at net.jini.security.Security$5.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at net.jini.security.Security.doPrivileged(Unknown Source)
at com.sun.jini.jeri.internal.runtime.BasicExportTable$Binding.<init>(Unknown Source)
at com.sun.jini.jeri.internal.runtime.BasicExportTable.getBinding(Unknown Source)
at com.sun.jini.jeri.internal.runtime.BasicExportTable.access$000(Unknown Source)
at com.sun.jini.jeri.internal.runtime.BasicExportTable$LC.addListenEndpoint(Unknown Source)
at net.jini.jeri.ssl.SslServerEndpointImpl.enumerateListenEndpoints(Unknown Source)
at net.jini.jeri.ssl.SslServerEndpoint.enumerateListenEndpoints(Unknown Source)
... 8 more
Caused by: java.security.cert.CertificateExpiredException: NotAfter: Sat Apr 05 14:22:36 CEST 2008
at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:273)
at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:587)
at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:560)
at net.jini.jeri.ssl.Utilities.checkValidity(Unknown Source)
... 21 more
The certificates in question are located in ./examples/hello/prebuiltkeys
We need to supply new certificates.
Code (macros) for generating certificates and keystores is already available in the qa/build.xml file.
This could be used to generate new certificates.
Proposal is to remove the expired prebuilt keys from version control and replace with a generation mechanism.