OK, I tried to figure this out (this was the only help I found: http://community.mendelson-e-c.com/node/317). I can see that it's using the SunJSSE provider when trying to find the SSL algorithm (right?), and it should be using BC, right? But how do I go about changing that?
This is with 1.1b27. 1.1b29 gives a much more vague failure: Connection problem, failed to transmit data.
[5:44:10 PM] mendelson_opensource_AS2-1255038250395-0@transfertest.mydomain.com_THEMGISAPPIT1: Outgoing message signed with the algorithm SHA-1,using keystore alias "transfertest".
[5:44:11 PM] mendelson_opensource_AS2-1255038250395-0@transfertest.mydomain.com_THEMGISAPPIT1: Outgoing message encrypted with the algorithm 3DES, using keystore alias "themntechit".
[5:44:11 PM] mendelson_opensource_AS2-1255038250395-0@transfertest.mydomain.com_THEMGISAPPIT1: Outbound AS2 message created from "portecle-1.4.zip" for the receiver "Them" in 1.20s, raw message size: 1.82 MB
[5:44:13 PM] mendelson_opensource_AS2-1255038250395-0@transfertest.mydomain.com_THEMGISAPPIT1: Sending message to https://b2bqa.them.com/as2/inbound, sync MDN requested.
[5:44:13 PM] mendelson_opensource_AS2-1255038250395-0@transfertest.mydomain.com_THEMGISAPPIT1: [SocketException]@MessageHttpUploader.performUpload java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
[5:44:13 PM] mendelson_opensource_AS2-1255038250395-0@transfertest.mydomain.com_THEMGISAPPIT1: Transaction state written to /opt/as2/1.1b27/messages/Them/sent/transfertest_mydomain_com/20091008/portecle-1.4.zip_mendelson_opensource_AS2_1255038250395_0@transfertest_m....
[5:44:15 PM] mendelson_opensource_AS2-1255038250395-0@transfertest.mydomain.com_THEMGISAPPIT1: A transaction error notification mail has been sent to tcontact@mydomain.com.
[5:44:15 PM] mendelson_opensource_AS2-1255038250395-0@transfertest.mydomain.com_THEMGISAPPIT1: Connection problem, failed to transmit data.
[5:44:15 PM] mendelson_opensource_AS2-1255038250395-0@transfertest.mydomain.com_THEMGISAPPIT1: Message payload stored to "/opt/as2/1.1b27/messages/Them/error/transfertest_mydomain_com/20091008/AS2Message6659985011877062354.as2".
[5:44:15 PM] mendelson_opensource_AS2-1255038250395-0@transfertest.mydomain.com_THEMGISAPPIT1: Raw outgoing message stored to "/opt/as2/1.1b27/messages/Them/error/transfertest_mydomain_com/20091008/raw/error250875245372504236.raw".
[5:44:15 PM] mendelson_opensource_AS2-1255038250395-0@transfertest.mydomain.com_THEMGISAPPIT1: Transaction state written to /opt/as2/1.1b27/messages/Them/sent/transfertest_mydomain_com/20091008/portecle-1.4.zip_mendelson_opensource_AS2_1255038250395_0@transfertest_m....
[5:44:18 PM] mendelson_opensource_AS2-1255038250395-0@transfertest.mydomain.com_THEMGISAPPIT1: A transaction error notification mail has been sent to tcontact@mydomain.com.
Thanks,
Chaz
This may help. See Heller's last comment in
http://community.mendelson-e-c.com/node/359
Yes, the partner's URL is https://b2bqa.them.com/as2/inbound. I originally had an issue because they gave it to me as http://, which redirected to https:// and MEC was choking on the redirection. See here: http://community.mendelson-e-c.com/node/428
This is the block you're talking about, right?
"sorry, havent seen that you are using ssl. Please check the keystore (defaults to jetty/etc/keystore). The keys must be in JKS format and all root certs should be in, too. Please check the path settings to the keystore in the AS2 server config."
I checked the format; it's JKS. The password on the actual store is "test". I did notice that in the AS2 config, the hidden password was much longer than 4 characters, so I reset it to "test" and restarted MEC. Now the hidden password stays at 4 chars, same as the one for certificates.p12. I also changed it from the relative path of jetty/etc/keystore to the full path of /opt/as2/1.1b27/jetty/etc/keystore. I then changed the password for that keystore in the AS2 config to "the wrong password". None of that made a difference and I've never seen anything in the logs about having trouble opening that keystore, which all makes me wonder, does it even matter? When is that keystore used? Would it ever come into play for outbound connections?
I opened up that keystore and added all of the certs/keys that I had added to the certificates.p12 in the MEC directory, as well as the Equifax Secure Certificate Authority, which is the CA for the SSL cert that our partner is using and which I would expect to already be in the trusted roots (the cert being used for the internal signing and encryption is self-signed by them) and it didn't help. I was then able to import the partner's wildcard cert (the fact that it's a wildcard shouldn't be a problem, right?) without being prompted to trust it, so we know there's a match and the cert chaining process works.
Are we sure that that error is referring to the SSL cert? Could it have anything to do with the internal self-signed encryption and signing cert? It certainly seems from the log like that all goes swimmingly and then chokes when it first tries to open up the outside SSL connection.
Thanks,
Chaz
mccachar,
If this is an SSL issue - its possible to debug the whole SSL communication by setting the JVM parameter "-Djavax.net.debug=ssl,session".
Could you try this?
Regards
Heller
Oct 9, 2009 12:07:16 PM sun.reflect.NativeMethodAccessorImpl invoke0
INFO: Logging to org.slf4j.impl.JDK14LoggerAdapter(org.mortbay.log) via org.mortbay.log.Slf4jLog
Oct 9, 2009 12:07:17 PM sun.reflect.NativeMethodAccessorImpl invoke0
INFO: jetty-6.1.1
Oct 9, 2009 12:07:17 PM sun.reflect.NativeMethodAccessorImpl invoke0
INFO: Extract jar:file:/opt/as2/1.1b27/jetty/webapps/as2.war!/ to /tmp/Jetty_0_0_0_0_8080_as2.war__as2__4x5vr/webapp
Oct 9, 2009 12:07:18 PM org.directwebremoting.util.CommonsLoggingOutput info
INFO: DWR Version 2.0.rc2 starting.
Oct 9, 2009 12:07:18 PM org.directwebremoting.util.CommonsLoggingOutput info
INFO: - Servlet Engine: jetty-6.1.1
Oct 9, 2009 12:07:18 PM org.directwebremoting.util.CommonsLoggingOutput info
INFO: - Java Version: 1.6.0_16
Oct 9, 2009 12:07:18 PM org.directwebremoting.util.CommonsLoggingOutput info
INFO: - Java Vendor: Sun Microsystems Inc.
Oct 9, 2009 12:07:18 PM org.directwebremoting.util.CommonsLoggingOutput info
INFO: Probably not an issue: org.jdom.Document is not available so the jdom converter will not load. This is only an problem if you wanted to use it.
Oct 9, 2009 12:07:18 PM org.directwebremoting.util.CommonsLoggingOutput info
INFO: Probably not an issue: org.jdom.Element is not available so the jdom converter will not load. This is only an problem if you wanted to use it.
Oct 9, 2009 12:07:18 PM sun.reflect.NativeMethodAccessorImpl invoke0
INFO: Started SelectChannelConnector @ 0.0.0.0:8080
Oct 9, 2009 12:07:18 PM de.mendelson.comm.as2.server.AS2Server
INFO: mendelson opensource AS2 1.1 build 27
Oct 9, 2009 12:07:18 PM de.mendelson.comm.as2.server.AS2Server
INFO: (c) 2000-2009 mendelson-e-commerce GmbH Berlin, Germany
[Server@2c35e]: [Thread[pool-1-thread-1,5,main]]: putPropertiesFromString(): [port=3333;database.0=file:AS2_DB;dbname.0=as2db;silent=true;trace=false;hsqldb.cache_scale=15;hsqldb.cache_file_scale=8;no_system_exit=true;shutdownarg=COMPACT;]
[Server@2c35e]: [Thread[pool-1-thread-1,5,main]]: checkRunning(false) entered
[Server@2c35e]: [Thread[pool-1-thread-1,5,main]]: checkRunning(false) exited
Oct 9, 2009 12:07:20 PM de.mendelson.comm.as2.database.DBServer run
INFO: HSQL Database Engine 1.8.0 started.
AgentServer#0 started: OK
Oct 9, 2009 12:07:20 PM de.mendelson.comm.as2.jms.MessageQueueServer startup
INFO: Message queue server is started at localhost.
Oct 9, 2009 12:07:22 PM de.mendelson.comm.as2.jms.MessageQueueServer setupQueue
INFO: Message queue set up: #0.0.1085
Oct 9, 2009 12:07:24 PM de.mendelson.comm.as2.cert.CertificateManager loadKeystoreCertificates
INFO: Keys and certificates loaded from "/opt/as2/1.1b27/certificates.p12".
Oct 9, 2009 12:07:24 PM de.mendelson.comm.as2.server.AS2Server
INFO: Server startup in 7331 ms.
Oct 9, 2009 12:07:24 PM de.mendelson.comm.as2.send.DirPollManager
INFO: Directory poll manager started.
Oct 9, 2009 12:07:24 PM de.mendelson.util.clientserver.AbstractServer start
INFO: Starting mendelson opensource AS2 1.1 build 27 client-server interface, listening on port 1235
Oct 9, 2009 12:07:24 PM de.mendelson.util.clientserver.AbstractServer start
INFO: mendelson opensource AS2 1.1 build 27 client-server interface started.
Oct 9, 2009 12:07:24 PM de.mendelson.comm.as2.send.DirPollManager addPartnerPollThread
INFO: Directory poll manager: Poll for relationship "transfertest.ME.com/THEMTHEM" started. Ignore files: "--". Poll interval: 10s
Oct 9, 2009 12:07:29 PM de.mendelson.comm.as2.cert.CertificateManager loadKeystoreCertificates
INFO: Keys and certificates loaded from "/opt/as2/1.1b27/certificates.p12".
Oct 9, 2009 12:07:37 PM de.mendelson.comm.as2.message.AS2MessagePacker createMessage
INFO: mendelson_opensource_AS2-1255104457158-0@transfertest.ME.com_THEMGISAPPIT1: Outgoing message signed with the algorithm SHA-1,using keystore alias "transfertest".
Oct 9, 2009 12:07:38 PM de.mendelson.comm.as2.message.AS2MessagePacker createMessage
INFO: mendelson_opensource_AS2-1255104457158-0@transfertest.ME.com_THEMGISAPPIT1: Outgoing message encrypted with the algorithm 3DES, using keystore alias "THEMTHEMit".
Oct 9, 2009 12:07:38 PM de.mendelson.comm.as2.jms.JMSMessageSender send
INFO: mendelson_opensource_AS2-1255104457158-0@transfertest.ME.com_THEMGISAPPIT1: Outbound AS2 message created from "portecle-1.4.zip" for the receiver "THEMTHEM" in 1.23s, raw message size: 1.82 MB
Oct 9, 2009 12:07:39 PM de.mendelson.comm.as2.send.MessageHttpUploader performUpload
INFO: mendelson_opensource_AS2-1255104457158-0@transfertest.ME.com_THEMGISAPPIT1: Sending message to https://b2bqa.THEM.com/as2/inbound, sync MDN requested.
keyStore is : /opt/as2/1.1b27/jetty/etc/keystore
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
***
found key for : key1
chain [0] = [
[
Version: V1
Subject: CN=mend, OU=mendelson-e-commerce GmbH, O=mendelson-e-commerce GmbH, L=Berlin, ST=Berlin, C=DE, EMAILADDRESS=rosettanet@mendelson.de
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 133684073607911857887556521896853856007731026752226734359132207131744659173466825025786637528130280554298894787375771808991559349514891173805383800323037828754683836295051784080676154126786466096364360960328708158453234897844197391671786606611362944138783152252481636545132745560241609846191742613990532168069
public exponent: 65537
Validity: [From: Thu Dec 01 08:42:19 EST 2005,
To: Sat Aug 10 09:42:19 EDT 2019]
Issuer: CN=mend, OU=mendelson-e-commerce GmbH, O=mendelson-e-commerce GmbH, L=Berlin, ST=Berlin, C=DE, EMAILADDRESS=rosettanet@mendelson.de
SerialNumber: [ 438efdbb]
]
Algorithm: [SHA1withRSA]
Signature:
0000: BC 0E 21 CF EB 58 C0 00 35 D1 21 FC 68 0E FC 34 ..!..X..5.!.h..4
0010: A4 54 CC 31 33 95 01 AF 74 E4 61 B2 D4 FF 98 E0 .T.13...t.a.....
0020: D0 BC 23 DD 8F BE 2A 1B A6 61 2A F1 9D 87 B0 48 ..#...*..a*....H
0030: BA 8A F8 95 C0 E0 EB 3D 34 9F 9B DD E6 51 66 79 .......=4....Qfy
0040: D8 43 D7 8A 79 46 60 74 4F D0 3F D5 C4 D3 8C BC .C..yF`tO.?.....
0050: 58 BE 99 1C B0 78 B0 39 E6 B2 05 5A 4D 4F A9 D2 X....x.9...ZMO..
0060: 51 72 1F 44 DE F4 DC 8F 04 6D 09 F3 CD 74 F4 25 Qr.D.....m...t.%
0070: CA 75 70 93 48 DE 60 AB 44 B5 09 F6 27 D2 CB 5A .up.H.`.D...'..Z
]
***
default context init failed: java.security.UnrecoverableKeyException: Cannot recover key
Oct 9, 2009 12:07:40 PM de.mendelson.comm.as2.send.MessageHttpUploader performUpload
SEVERE: mendelson_opensource_AS2-1255104457158-0@transfertest.ME.com_THEMGISAPPIT1: [SocketException]@MessageHttpUploader.performUpload java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
Oct 9, 2009 12:07:40 PM de.mendelson.comm.as2.message.store.MessageStoreHandler storeSentMessageState
INFO: mendelson_opensource_AS2-1255104457158-0@transfertest.ME.com_THEMGISAPPIT1: Transaction state written to /opt/as2/1.1b27/messages/THEMTHEM/sent/transfertest_ME_com/20091009/portecle-1.4.zip_mendelson_opensource_AS2_1255104457158_0@transfertest_M....
Oct 9, 2009 12:07:42 PM de.mendelson.comm.as2.jms.JMSMessageReceiver run
SEVERE: mendelson_opensource_AS2-1255104457158-0@transfertest.ME.com_THEMGISAPPIT1: Connection problem, failed to transmit data.
Oct 9, 2009 12:07:42 PM de.mendelson.comm.as2.message.store.MessageStoreHandler storeSentErrorMessage
SEVERE: mendelson_opensource_AS2-1255104457158-0@transfertest.ME.com_THEMGISAPPIT1: Message payload stored to "/opt/as2/1.1b27/messages/THEMTHEM/error/transfertest_ME_com/20091009/AS2Message8990060157655231449.as2".
Oct 9, 2009 12:07:42 PM de.mendelson.comm.as2.message.store.MessageStoreHandler storeSentErrorMessage
SEVERE: mendelson_opensource_AS2-1255104457158-0@transfertest.ME.com_THEMGISAPPIT1: Raw outgoing message stored to "/opt/as2/1.1b27/messages/THEMTHEM/error/transfertest_ME_com/20091009/raw/error6974309137440346359.raw".
Oct 9, 2009 12:07:42 PM de.mendelson.comm.as2.message.store.MessageStoreHandler storeSentMessageState
INFO: mendelson_opensource_AS2-1255104457158-0@transfertest.ME.com_THEMGISAPPIT1: Transaction state written to /opt/as2/1.1b27/messages/THEMTHEM/sent/transfertest_ME_com/20091009/portecle-1.4.zip_mendelson_opensource_AS2_1255104457158_0@transfertest_M....
Thanks,
Chaz
The output from 1.1b29 is the same, and I never modified that jetty/etc/keystore.
So let me ask a stupid question . . . I *do* have to be running a separate JDK installation for this, right? I mean, from the Linux package, we don't have all the stuff we need already in the AS2 directory, right?
Thanks,
Chaz
I solicited some help from one of the developers here who's done some Java and here's our exchange:
=================================
In other words, if the keystore file (jetty/etc/keystore) is secured with "passwordA" and one of the certs inside (transfertest.ME.com) is secured with "passwordB", it won't work? In other other words, all the certs and the keystore have to have the same password? That's borderline retarded, but I'll give it a shot.
Thanks,
Chaz
-----Original Message-----
From: Tim XXXX
Sent: Fri 10/9/2009 1:17 PM
To: Charles McCabe
Subject: RE: Java error from Mendelson AS2
Quick glance I found this, not sure if it helps at all. I can take a look at it again a little later.
The error "java.security.UnrecoverableKeyException: Cannot recover key" occurs when the keystore and keyEntry passwords are different. To resolve this issue, you must remove all traces of the past certificate and request file.
You must generate a new keystore, keyEntry and CSR and specify the same password for the keystore and the keyEntry.
=================================
Thanks,
Chaz
mccachar,
There are 2 keystores in the application. The first one is certificates.p12. Its used for signatures and encryption. The 2nd is by default jetty/etc/keystore. This one is used for the SSL.
In the SSL keystore (JKS format) there may be only one key (yours) and several certificates (your partners). And it has to be the key your partners have the certificate of else a send and receipt will not work.
You could see in the debug output that the key in jetty/etc/keystore could be accessed, that means passwd and path are setup right. But the key that is used is "key1" (and its untrusted, that is the reason of the error), this is the default key. Please replace it by your key.
Regards
Heller
There is a manual for setting up SSL for the underlaying jetty, please have a look at http://docs.codehaus.org/display/JETTY/How+to+configure+SSL
Regards
Heller
I deleted the key1 key from the keystore (leaving only transfertest.ME.com) and it didn't make any difference, except that you never see anything about key1 in the output.
Then I deleted the transfertest.xxx key and re-imported it using "test" as the password. And guess what? It worked. So I deleted that key again and re-imported it using "not test" as the password. Guess what? It gave me the error again. I'd be happy to clone my existing setup (a VM) and test this with you further, if you'd like.
For the moment, on to the "The Message Integrity Code (MIC) does not match the sent AS2 message" in a new thread.
Thanks,
Chaz
If you used Portecle to create or modify certificates.p12, the simplest thing to do is to create a new keystore file and import all the same certs and keys that you imported into certificates.p12. Save it in JKS format as jetty/etc/keystore.
That way your trading partners can specify either http or https and they'll work the same way.
UPDATE: Partner's end sent clean, as well.
==================================================
The MIC error was this issue: http://community.mendelson-e-c.com/node/396
I imported my keystores into the 1.1b29 directory and everything worked a treat. Waiting for the partner to try sending [crosses fingers].
Many thanks for the help and all the work on the application.
Thanks,
Chaz
mccachar,
If this is an SSL issue - its possible to debug the whole SSL communication by setting the JVM parameter "-Djavax.net.debug=ssl,session".
Could you try this?
Regards
Heller
--------------------------------------
Hi -
Where and how can i set this JVM parameter? and where will i find the debug logs?
Regards
Rahul
Rahul,
you have to start the server using a script, then set the parameter with the option java -Djavax.net.debug=ssl,session ...
Regards
Heller
ERROR:
@MessageHTTPUploader.performUpload: [SocketException]: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
SOLUTION:
You must insert correct keystore password into
File - Preferences - Security - Keystore password (https send)
then restart the program.
hopefully useful
Eclipses
Running : mendelson opensource AS2 1.1 build 33
works with http between two server -
per insturction on The definitive guide to setup on Windows
Get following erros with https :
mendelson_opensource_AS2-1305054315202-0@mainsystem_testsystem: Sending AS2 message to https://xxxx:8443/as2/HttpReceiver, sync MDN requested.
mendelson_opensource_AS2-1305054315202-0@mainsystem_testsystem@MessageHTTPUploader.performUpload: [SocketException]: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
[May 10, 2011 3:05:15 PM] mendelson_opensource_AS2-1305054315202-0@mainsystem_testsystem: Connection problem, failed to transmit data.
used Portecle 1.7 set passwords to test1 for ssl keystore..
my jetty xml entry for ssl follows :
443
30000
/etc/new-keystore.jks
test1
test1
help appriciated
David Marcillo
David,
a really cryptic exception but it means that there is a password problem with your keystore. Please check if you have set the keystore password and the key password to the same value in the keystore. Please check if you have a typo in the password field.
Regards
Heller
Hi Heller,
I made sure both passwords are test1, I created JKS keystore multiple times with 1024 and 2048. I can process JKS with both Portecle and java keystore tool. How do I start the MEC server in windows with a script to enable JVM debug "-Djavax.net.debug=ssl,session".
David
found start script in zip file and added -Djavax.net.debug=ssl,session
"keystore" content in "jetty\etc" follows
keytool -list -keystore keystore -storepass test1 -v > keystore.log
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
Alias name: opslaptop6.boyletransport.com
Creation date: May 11, 2011
Entry type: trustedCertEntry
Owner: CN=opslaptop6.boyletransport.com, OU=OPS, O=Boyle Transportation, L=Billerica, ST=Massachusetts, C=US, EMAILADDRESS=david@marcillo.com
Issuer: CN=opslaptop6.boyletransport.com, OU=OPS, O=Boyle Transportation, L=Billerica, ST=Massachusetts, C=US, EMAILADDRESS=david@marcillo.com
Serial number: 4dca87df
Valid from: Wed May 11 08:58:07 EDT 2011 until: Sun Jul 28 08:58:07 EDT 2019
Certificate fingerprints:
MD5: 40:F7:FA:A2:15:C8:B1:FF:EA:3F:87:4D:B4:D9:3D:BC
SHA1: B1:42:A2:14:E4:40:10:38:7D:92:E2:23:3C:B4:B1:7F:82:9F:9B:79
Signature algorithm name: SHA1withRSA
Version: 1
*******************************************
*******************************************
Alias name: main system
Creation date: May 11, 2011
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=dmarcillo-pc.boyletransport.com, OU=OPS, O=Boyle Transportation, L=Billerica, ST=Massachusetts, C=US, EMAILADDRESS=dmarcillo@marcillo.com
Issuer: CN=dmarcillo-pc.boyletransport.com, OU=OPS, O=Boyle Transportation, L=Billerica, ST=Massachusetts, C=US, EMAILADDRESS=dmarcillo@marcillo.com
Serial number: 4dca8f2f
Valid from: Wed May 11 09:29:19 EDT 2011 until: Sun Jul 28 09:29:19 EDT 2019
Certificate fingerprints:
MD5: A9:9E:4B:25:E4:47:A4:2F:AF:FD:E9:29:45:CB:5B:40
SHA1: 51:F2:D3:CA:A7:62:3D:A7:19:F7:E8:8D:89:18:26:90:48:89:C3:30
Signature algorithm name: SHA1withRSA
Version: 1
*******************************************
*******************************************
console output follows from start script:
C:\mendelson\opensource\as2>as2start2.bat
mendelson opensource AS2 1.1 build 33
May 11, 2011 12:55:21 PM de.mendelson.comm.as2.server.AS2Server
INFO: mendelson opensource AS2 1.1 build 33
May 11, 2011 12:55:21 PM de.mendelson.comm.as2.server.AS2Server
INFO: (c) 2000-2010 mendelson-e-commerce GmbH Berlin, Germany
[Server@1777b1]: [Thread[main,5,main]]: putPropertiesFromString(): [port=3333;da
tabase.0=file:AS2_DB;dbname.0=as2db;silent=true;trace=false;hsqldb.cache_scale=1
5;hsqldb.cache_file_scale=8;no_system_exit=true;shutdownarg=COMPACT;]
[Server@1777b1]: [Thread[main,5,main]]: checkRunning(false) entered
[Server@1777b1]: [Thread[main,5,main]]: checkRunning(false) exited
May 11, 2011 12:55:21 PM de.mendelson.comm.as2.database.DBServer startup
INFO: HSQL Database Engine 1.8.1 started.
May 11, 2011 12:55:21 PM org.mortbay.log.Slf4jLog info
INFO: Logging to org.slf4j.impl.JDK14LoggerAdapter(org.mortbay.log) via org.mort
bay.log.Slf4jLog
May 11, 2011 12:55:22 PM org.mortbay.log.Slf4jLog info
INFO: jetty-6.1.22
May 11, 2011 12:55:22 PM org.mortbay.log.Slf4jLog info
INFO: Extract file:/C:/mendelson/opensource/as2/jetty/webapps/as2.war to C:\User
s\DMARCI~1.BOY\AppData\Local\Temp\Jetty_0_0_0_0_8083_as2.war__as2__3whb62\webapp
May 11, 2011 12:55:22 PM org.mortbay.log.Slf4jLog info
INFO: NO JSP Support for /as2, did not find org.apache.jasper.servlet.JspServlet
May 11, 2011 12:55:22 PM org.directwebremoting.util.CommonsLoggingOutput info
INFO: DWR Version 2.0.rc2 starting.
May 11, 2011 12:55:22 PM org.directwebremoting.util.CommonsLoggingOutput info
INFO: - Servlet Engine: jetty/6.1.22
May 11, 2011 12:55:22 PM org.directwebremoting.util.CommonsLoggingOutput info
INFO: - Java Version: 1.6.0_20
May 11, 2011 12:55:22 PM org.directwebremoting.util.CommonsLoggingOutput info
INFO: - Java Vendor: Sun Microsystems Inc.
May 11, 2011 12:55:22 PM org.directwebremoting.util.CommonsLoggingOutput info
INFO: Probably not an issue: org.jdom.Document is not available so the jdom conv
erter will not load. This is only an problem if you wanted to use it.
May 11, 2011 12:55:22 PM org.directwebremoting.util.CommonsLoggingOutput info
INFO: Probably not an issue: org.jdom.Element is not available so the jdom conve
rter will not load. This is only an problem if you wanted to use it.
May 11, 2011 12:55:22 PM org.mortbay.log.Slf4jLog info
INFO: Opened C:\mendelson\opensource\as2\log\2011_05_11.request.log
May 11, 2011 12:55:23 PM org.mortbay.log.Slf4jLog info
INFO: Started SelectChannelConnector@0.0.0.0:8083
***
found key for : main system
chain [0] = [
[
Version: V1
Subject: CN=dmarcillo-pc.boyletransport.com, OU=OPS, O=Boyle Transportation, L
=Billerica, ST=Massachusetts, C=US, EMAILADDRESS=dmarcillo@marcillo.com
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 231893605255745536034383985735263022798458481484451347225794270108614
11959355039069746462342699222852994106552779386972168434293870375554436086057152
02164261258510061617872495303146206506612705942813462827600418336873331457157463
47828622451533466766711363359013841372668283627232559097484389070843944865715716
82011054253241762218156254588024348039248440844496907887269916798699120701542404
04191228061782752692686261165973871596835494216821742175185055012350680489026043
82513289067046389922177241473125946269700836641113394784711486961198568637299085
98457210052820641122809355110259791479139168683067050500166269142897
public exponent: 65537
Validity: [From: Wed May 11 09:29:19 EDT 2011,
To: Sun Jul 28 09:29:19 EDT 2019]
Issuer: CN=dmarcillo-pc.boyletransport.com, OU=OPS, O=Boyle Transportation, L=
Billerica, ST=Massachusetts, C=US, EMAILADDRESS=dmarcillo@marcillo.com
SerialNumber: [ 4dca8f2f]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 04 6F E3 2F 4E 5D DD 8B 4C E9 03 A5 0F 25 61 BC .o./N]..L....%a.
0010: 41 A3 88 93 83 22 92 BE B9 E4 87 B8 D7 13 B9 6D A....".........m
0020: 46 91 9B BE F0 8A 64 D4 BB 91 73 5A D9 05 3E D3 F.....d...sZ..>.
0030: 67 85 03 2E E0 18 18 DF D7 15 48 5F DD B0 F8 7D g.........H_....
0040: 87 84 74 FD 18 67 32 36 F1 09 18 2C C0 9E E1 1B ..t..g26...,....
0050: 40 79 05 B1 2B C3 E9 21 C3 70 B3 2D 75 F7 88 CB @y..+..!.p.-u...
0060: 7B AA 31 86 C6 5C 46 A7 2C 40 2C 6A 89 AE AB 96 ..1..\F.,@,j....
0070: A5 2C EB 59 94 DA F0 54 8C 2E C5 B2 6D BC AD BF .,.Y...T....m...
0080: 73 7B 86 77 A3 DE 68 FE A2 23 E3 05 70 EF 69 84 s..w..h..#..p.i.
0090: 46 91 65 80 54 71 CE 9A 1B 3A 81 91 A7 DD 98 D0 F.e.Tq...:......
00A0: 4E A2 95 E1 1D 46 8B F6 E2 8B 63 B5 14 70 55 C8 N....F....c..pU.
00B0: 4B 90 EE C4 78 47 13 9E A9 CC BA 69 EE 5C 8C 08 K...xG.....i.\..
00C0: 63 9B 6C FB 52 94 2E 2C 25 8E B5 38 BE EE A9 37 c.l.R..,%..8...7
00D0: B4 E0 1D 97 E2 A8 CD A7 EA 7A E7 89 DF 91 D9 B7 .........z......
00E0: 49 58 48 36 4A 96 68 BD 79 6C CC 00 46 0F 37 AA IXH6J.h.yl..F.7.
00F0: BD 21 02 4F 8A 20 65 32 BF 34 38 59 91 74 07 16 .!.O. e2.48Y.t..
]
***
adding as trusted cert:
Subject: CN=dmarcillo-pc.boyletransport.com, OU=OPS, O=Boyle Transportation, L
=Billerica, ST=Massachusetts, C=US, EMAILADDRESS=dmarcillo@marcillo.com
Issuer: CN=dmarcillo-pc.boyletransport.com, OU=OPS, O=Boyle Transportation, L
=Billerica, ST=Massachusetts, C=US, EMAILADDRESS=dmarcillo@marcillo.com
Algorithm: RSA; Serial number: 0x4dca8f2f
Valid from Wed May 11 09:29:19 EDT 2011 until Sun Jul 28 09:29:19 EDT 2019
adding as trusted cert:
Subject: CN=opslaptop6.boyletransport.com, OU=OPS, O=Boyle Transportation, L=B
illerica, ST=Massachusetts, C=US, EMAILADDRESS=david@marcillo.com
Issuer: CN=opslaptop6.boyletransport.com, OU=OPS, O=Boyle Transportation, L=B
illerica, ST=Massachusetts, C=US, EMAILADDRESS=david@marcillo.com
Algorithm: RSA; Serial number: 0x4dca87df
Valid from Wed May 11 08:58:07 EDT 2011 until Sun Jul 28 08:58:07 EDT 2019
trigger seeding of SecureRandom
done seeding SecureRandom
May 11, 2011 12:55:23 PM org.mortbay.log.Slf4jLog info
INFO: Started SslSocketConnector@0.0.0.0:443
matching alias: main system
btpool0-7 - Acceptor0 SslSocketConnector@0.0.0.0:443, called closeSocket()
Finalizer, called close()
Finalizer, called closeInternal(true)
May 11, 2011 12:55:24 PM de.mendelson.util.security.cert.CertificateManager load
KeystoreCertificates
INFO: Keys and certificates loaded.
AgentServer#0 started: OK
keyStore is : jetty/etc/keystore
keyStore type is : jks
keyStore provider is :
init keystore
default context init failed: java.io.IOException: Keystore was tampered with, or
password was incorrect
java.net.SocketException: java.security.NoSuchAlgorithmException: Error construc
ting implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.s
sl.internal.ssl.DefaultSSLContextImpl)
at javax.net.ssl.DefaultSSLSocketFactory.throwException(Unknown Source)
at javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown Source)
at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFacto
ry.java:288)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnect
ion(DefaultClientConnectionOperator.java:119)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.ja
va:147)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPool
edConnAdapter.java:108)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultReq
uestDirector.java:415)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpCl
ient.java:641)
at de.mendelson.comm.as2.send.MessageHttpUploader.performUpload(MessageH
ttpUploader.java:527)
at de.mendelson.comm.as2.send.MessageHttpUploader.performUpload(MessageH
ttpUploader.java:363)
at de.mendelson.comm.as2.send.MessageHttpUploader.upload(MessageHttpUplo
ader.java:189)
at de.mendelson.comm.as2.jms.JMSMessageReceiver.run(JMSMessageReceiver.j
ava:128)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source
)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementa
tion (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl
.DefaultSSLContextImpl)
at java.security.Provider$Service.newInstance(Unknown Source)
at sun.security.jca.GetInstance.getInstance(Unknown Source)
at sun.security.jca.GetInstance.getInstance(Unknown Source)
at javax.net.ssl.SSLContext.getInstance(Unknown Source)
at javax.net.ssl.SSLContext.getDefault(Unknown Source)
at javax.net.ssl.SSLSocketFactory.getDefault(Unknown Source)
at javax.net.ssl.HttpsURLConnection.getDefaultSSLSocketFactory(Unknown S
ource)
at org.apache.http.conn.ssl.SSLSocketFactory.(SSLSocketFactory.jav
a:255)
at org.apache.http.conn.ssl.SSLSocketFactory.(SSLSocketFactory.j
ava:166)
at org.apache.http.impl.client.DefaultHttpClient.createClientConnectionM
anager(DefaultHttpClient.java:219)
at org.apache.http.impl.client.AbstractHttpClient.getConnectionManager(A
bstractHttpClient.java:312)
at de.mendelson.comm.as2.send.MessageHttpUploader.performUpload(MessageH
ttpUploader.java:376)
... 9 more
Caused by: java.io.IOException: Keystore was tampered with, or password was inco
rrect
at sun.security.provider.JavaKeyStore.engineLoad(Unknown Source)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(Unknown Source)
at java.security.KeyStore.load(Unknown Source)
at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.getDefaultKeyManag
er(Unknown Source)
at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.(Unknown Sou
rce)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Sou
rce)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.lang.Class.newInstance0(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
... 21 more
Caused by: java.security.UnrecoverableKeyException: Password verification failed
David,
In my opinion this is still a password problem of the SSL keystore.
"keyStore provider is :
init keystore
default context init failed: java.io.IOException: Keystore was tampered with, or
password was incorrect"
"Caused by: java.security.UnrecoverableKeyException: Password verification failed"
Send:
Please visit the preferences in the user interface and recheck the password for the ssl keystore. JKS keystores also have key passwords, this has to be the same as the keystore password.
Receipt:
Please check the settings in the file jetty/etc/jetty.xml, the password for the SSL keystore has to be in there.
Regards
Heller
Hi Heller,
I beleive I figured it out. Both keystores must be maintained with the same pertner certificates. AS2 uses keystore "certificates.p12" and Jetty uses keystore in jetty\etc folder. I imported the same ssl partner certificates into both keystores, made sure password is same on both keystore and the "NoSuchAlgorithmException" errors gone. I see the AS2 server initiate a socket connection to the test system. I will do the same in the test system and let you know the result, but I beleive this is the problem. I was getting ready to debug the whole server under eclipse, but...
David
other problems:
both keystores have same certificates, get following errors:
C:\mendelson\opensource\as2>as2start2.bat
mendelson opensource AS2 1.1 build 33
May 12, 2011 11:15:02 AM de.mendelson.comm.as2.server.AS2Server
INFO: mendelson opensource AS2 1.1 build 33
May 12, 2011 11:15:02 AM de.mendelson.comm.as2.server.AS2Server
INFO: (c) 2000-2010 mendelson-e-commerce GmbH Berlin, Germany
[Server@1eb0]: [Thread[main,5,main]]: putPropertiesFromString(): [port=3333;data
base.0=file:AS2_DB;dbname.0=as2db;silent=true;trace=false;hsqldb.cache_scale=15;
hsqldb.cache_file_scale=8;no_system_exit=true;shutdownarg=COMPACT;]
[Server@1eb0]: [Thread[main,5,main]]: checkRunning(false) entered
[Server@1eb0]: [Thread[main,5,main]]: checkRunning(false) exited
May 12, 2011 11:15:03 AM de.mendelson.comm.as2.database.DBServer startup
INFO: HSQL Database Engine 1.8.1 started.
May 12, 2011 11:15:03 AM org.mortbay.log.Slf4jLog info
INFO: Logging to org.slf4j.impl.JDK14LoggerAdapter(org.mortbay.log) via org.mort
bay.log.Slf4jLog
May 12, 2011 11:15:03 AM org.mortbay.log.Slf4jLog info
INFO: jetty-6.1.22
May 12, 2011 11:15:03 AM org.mortbay.log.Slf4jLog info
...
INFO: Started SelectChannelConnector@0.0.0.0:8083
***
found key for : main system
chain [0] = [
[
Version: V1 ...
Key: Sun RSA public key, 2048 bits
public exponent: 65537
Validity: [From: Thu May 12 10:26:38 EDT 2011,
To: Mon Jul 29 10:26:38 EDT 2019]
Algorithm: [SHA1withRSA] ...
adding as trusted cert:
Subject: CN=opslaptop6.boyletransport.com ...
Algorithm: RSA; Serial number: 0x4dcbef15
trigger seeding of SecureRandom
done seeding SecureRandom
May 12, 2011 11:15:04 AM org.mortbay.log.Slf4jLog info
INFO: Started SslSocketConnector@0.0.0.0:443
matching alias: main system
btpool0-5 - Acceptor0 SslSocketConnector@0.0.0.0:443, called closeSocket()
Finalizer, called close()
Finalizer, called closeInternal(true)
May 12, 2011 11:15:05 AM de.mendelson.util.security.cert.CertificateManager load
KeystoreCertificates
INFO: Keys and certificates loaded.
AgentServer#0 started: OK
java.lang.NullPointerException
at de.mendelson.util.security.cert.CertificateManager.getPrivateKeyBySer
ial(CertificateManager.java:110)
at de.mendelson.comm.as2.message.AS2MessageCreation.signContent(AS2Messa
geCreation.java:576)
at de.mendelson.comm.as2.message.AS2MessageCreation.signContentPart(AS2M
essageCreation.java:542)
at de.mendelson.comm.as2.message.AS2MessageCreation.enwrappInMessageAndS
ign(AS2MessageCreation.java:201)
at de.mendelson.comm.as2.message.AS2MessageCreation.createMessage(AS2Mes
sageCreation.java:419)
at de.mendelson.comm.as2.message.AS2MessageCreation.createMessage(AS2Mes
sageCreation.java:284)
at de.mendelson.comm.as2.message.AS2MessageCreation.createMessage(AS2Mes
sageCreation.java:261)
at de.mendelson.comm.as2.jms.JMSMessageSender.send(JMSMessageSender.java
:151)
at de.mendelson.comm.as2.client.JDialogManualSend.performSend(JDialogMan
ualSend.java:122)
...
David
David,
this is a bug in the open source version. Please visit the partner panel and click on all comboboxes again that deal with the certificates/keys, this should fix it.
Regards
Heller