8 Replies Latest reply on Jul 19, 2011 4:17 AM by duanxz

    RSA Security validation error in jboss-7.0.0.CR1

    duanxz

      When I deploy my aqqfpo.ear to jboss-7.0.0.CR1,appearing  RSA Security validation error , but previously deployed in jboss-5.1.0.GA is ok,
      Dose jboss-7.0.0.CR1 adjust security validation?

      Error.log is as follows:
      ===========================================================

      1309970771690 [11-07-06 09:46:11.690] java.security.InvalidKeyException: No installed provider supports this key: (null)
      1309970771690 [11-07-06 09:46:11.690]  at java.security.Signature$Delegate.chooseProvider(Signature.java:1056)
      1309970771690 [11-07-06 09:46:11.690]  at java.security.Signature$Delegate.engineInitVerify(Signature.java:1088)
      1309970771690 [11-07-06 09:46:11.690]  at java.security.Signature.initVerify(Signature.java:420)
      1309970771690 [11-07-06 09:46:11.690]  at com.aqqfpo.util.mic.ProcessUtil.memCheck(Native Method)
      1309970771690 [11-07-06 09:46:11.690]  at com.aqqfpo.util.mic.ProcessManager.memCheck(ProcessManager.java:261)
      1309970771690 [11-07-06 09:46:11.690]  at com.aqqfpo.util.mic.ProcessManager.memCheck(ProcessManager.java:177)
      1309970771690 [11-07-06 09:46:11.690]  at com.aqqfpo.util.mic.ProcessManager.memCheck(ProcessManager.java:195)
      1309970771690 [11-07-06 09:46:11.690]  at com.aqqfpo.Server.run(Server.java:271)
      1309970771690 [11-07-06 09:46:11.690]  at com.aqqfpo.server.controller.ThreadWrapperImpl.run(ThreadWrapperImpl.java:22)
      1309970771690 [11-07-06 09:46:11.690]  at java.lang.Thread.run(Thread.java:662)
      ===========================================================
      Any help with this will be greatly appreciated.

       

       

      Best regards,
      duanxz

        • 1. Re: RSA Security validation error in jboss-7.0.0.CR1
          duanxz

          hi,all

           

          error is cause by the follow:

          Convert a Objcet with the specifial byte array.
          ===========================================================
          1309992098113 [11-07-06 15:41:38.113] java.io.StreamCorruptedException: invalid type code: BB
          1309992098113 [11-07-06 15:41:38.113]  at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1355)
          1309992098113 [11-07-06 15:41:38.113]  at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1946)
          1309992098113 [11-07-06 15:41:38.113]  at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1870)
          1309992098113 [11-07-06 15:41:38.113]  at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
          1309992098113 [11-07-06 15:41:38.113]  at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
          1309992098113 [11-07-06 15:41:38.113]  at java.io.ObjectInputStream.readObject(ObjectInputStream.java:350)
          ===========================================================

          Any help with this will be greatly appreciated.

           

          Best regards,
          duanxz

          • 2. Re: RSA Security validation error in jboss-7.0.0.CR1
            jaikiran

            These look like 2 different exception stacktraces. Can you please post the entire exception stacktrace(s)? And a bit more details on what your code is doing?

            • 3. Re: RSA Security validation error in jboss-7.0.0.CR1
              duanxz

              Hi,jaikiran
              After a day of analysis I found that error because:
              I use jdk1.4 serialization is written to a file public.key (using RSA algorithm derived files), in the jboss-7.0.0.CR1 (jdk1.6), the deserialization fails.

              Also, I do the test, the above situation is under the jboss-5.1.0.GA is normal.
              The  error message as follow:
              ==========================================================
              14:24:08,108 ERROR [stderr] (http--127.0.0.1-8080-1) java.io.StreamCorruptedException: invalid type code: BC
              14:24:08,108 ERROR [stderr] (http--127.0.0.1-8080-1)  at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1355)
              14:24:08,108 ERROR [stderr] (http--127.0.0.1-8080-1)  at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1946)
              14:24:08,108 ERROR [stderr] (http--127.0.0.1-8080-1)  at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1870)
              14:24:08,118 ERROR [stderr] (http--127.0.0.1-8080-1)  at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
              14:24:08,118 ERROR [stderr] (http--127.0.0.1-8080-1)  at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
              14:24:08,118 ERROR [stderr] (http--127.0.0.1-8080-1)  at java.io.ObjectInputStream.readObject(ObjectInputStream.java:350)
              14:24:08,118 ERROR [stderr] (http--127.0.0.1-8080-1)  at addressbook.Serializable4.unSerializable(Serializable4.java:51)
              14:24:08,118 ERROR [stderr] (http--127.0.0.1-8080-1)  at addressbook.Serializable4.testSerializable4(Serializable4.java:73)
              14:24:08,118 ERROR [stderr] (http--127.0.0.1-8080-1)  at org.apache.jsp.testSerializable4_jsp._jspService(testSerializable4_jsp.java:60)
              14:24:08,118 ERROR [stderr] (http--127.0.0.1-8080-1)  at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
              14:24:08,128 ERROR [stderr] (http--127.0.0.1-8080-1)  at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
              ==========================================================

              the testing class have upload in attach file, if you want to run pay attention to which testSerializable4 () Notes:
              **********************************************************
              public static String testSerializable4(){
                //serializable to file use jdk1.4.2
                /*serializableToFile();
                return null;*/
               
                //unSerializable use jdk1.6.0.24
                return unSerializable();
               
              }
              ***********************************************************


              In addition, I can not change the jdk1.4 version of the application, because it will involve a lot of things, thank you!


              Thanks in advance for your reply!!


              Best regards,
              duanxz

              • 4. Re: RSA Security validation error in jboss-7.0.0.CR1
                duanxz

                Hi,all
                I modified the bin/standalone.bat or bin/standalone.conf, modified as follows, but the error still exists.
                ===============================================
                in standalone.bat:
                rem Setup JBoss specific properties
                set JAVA_OPTS=-Dsun.lang.ClassLoader.allowArraySyntax=true -Dprogram.name=%PROGNAME% %JAVA_OPTS%
                or in standalone.conf:
                if [ "x$JAVA_OPTS" = "x" ]; then
                   JAVA_OPTS="-Xms64m -Xmx512m -XX:MaxPermSize=256m -Djava.net.preferIPv4Stack=true -Dorg.jboss.resolver.warning=true -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Dsun.lang.ClassLoader.allowArraySyntax=true"
                ===============================================

                anyone has any idea?


                Thanks & Regards,
                duanxz

                • 5. Re: RSA Security validation error in jboss-7.0.0.CR1
                  duanxz

                  Hi,jaikiran

                   

                  about "serialization using jdk1.4, deserialization using jdk1.6 (in jboss-as7, this is must) failed" problem, is there any solution?
                  Any help with this will be greatly appreciated.

                  The  error message like this:
                  ==========================================================
                  14:24:08,108 ERROR [stderr] (http--127.0.0.1-8080-1) java.io.StreamCorruptedException: invalid type code: BC
                  14:24:08,108 ERROR [stderr] (http--127.0.0.1-8080-1)  at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1355)
                  14:24:08,108 ERROR [stderr] (http--127.0.0.1-8080-1)  at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1946)
                  14:24:08,108 ERROR [stderr] (http--127.0.0.1-8080-1)  at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1870)
                  14:24:08,118 ERROR [stderr] (http--127.0.0.1-8080-1)  at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
                  14:24:08,118 ERROR [stderr] (http--127.0.0.1-8080-1)  at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
                  14:24:08,118 ERROR [stderr] (http--127.0.0.1-8080-1)  at java.io.ObjectInputStream.readObject(ObjectInputStream.java:350)
                  14:24:08,118 ERROR [stderr] (http--127.0.0.1-8080-1)  at addressbook.Serializable4.unSerializable(Serializable4.java:51)
                  14:24:08,118 ERROR [stderr] (http--127.0.0.1-8080-1)  at addressbook.Serializable4.testSerializable4(Serializable4.java:73)
                  14:24:08,118 ERROR [stderr] (http--127.0.0.1-8080-1)  at org.apache.jsp.testSerializable4_jsp._jspService(testSerializable4_jsp.java:60)
                  14:24:08,118 ERROR [stderr] (http--127.0.0.1-8080-1)  at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
                  14:24:08,128 ERROR [stderr] (http--127.0.0.1-8080-1)  at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)

                  ===============================================

                  Please help me ,Please..Please..Please..

                   

                  Thanks & Regards,
                  duanxz

                  • 6. Re: RSA Security validation error in jboss-7.0.0.CR1
                    jaikiran

                    I actually forgot to look into the details of this. Can you please attach the entire server.log? And please try this against AS 7.0 Final. If it's possible please attach the application to reproduce this too.

                    • 7. Re: RSA Security validation error in jboss-7.0.0.CR1
                      duanxz

                      Hi,jaikiran

                      Thank you for your reply so quickly,
                      I forgot to note in the above test is actually in jboss-as-web-7.0.0.Final carried out to test, I put Serializabe4.class in addressbook.war package, the
                      public.key file generation in jdk1.4, you can complete with the following command line:
                      --------------------------------------------------------------
                      F:\java_space\addressbook\src>set CLASSPATH=.;C:\Java\java14\j2sdk1.4.2_07\lib\tools.jar
                      F:\java_space\addressbook\src>java -version
                      java version "1.4.2_07"
                      Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_07-b05)
                      Java HotSpot(TM) Client VM (build 1.4.2_07-b05, mixed mode)
                      F:\java_space\addressbook\src>cd addressbook
                      F:\java_space\addressbook\src\addressbook>javac Serializable4.java
                      F:\java_space\addressbook\src\addressbook>cd..
                      F:\java_space\addressbook\src>java addressbook.Serializable4 1.4
                      serializableToFile() public.key path===========:e:/test/1.4
                      Generat success.
                      ----------------------------------------------------------------
                      when war deploy  ok,visit http://localhost:8080/addressbook/testSerializable4.jsp will appear the result as follow:

                      --------------------------------------------------------------------------------------------

                      Serializable testing No4 :deSerializable use jdk1.6.0.24
                      use 1.4 serializable into public.key file
                      result:unserializable is error2.
                      use 1.5 serializable into public.key file
                      result:unserializable is ok.
                      use 1.6 serializable into public.key file
                      result:unserializable is ok.

                      addressbook src files in attach.

                      -----------------------------------------------------------------------------------------

                      with this test,jdk1.5,jdk1.6 is ok,only jdk1.4 not right.
                      Thanks & Regards,
                      duanxz

                      • 8. Re: RSA Security validation error in jboss-7.0.0.CR1
                        duanxz

                        Hi,jaikiran

                        about serialization problem, i had uploaded a demo yesterday,  did you look it? and the error can reproduce it?
                        Look forward to your reply...


                        Thanks & Regards,
                        duanxz