UnrecoverableKeyException on trying to read key using alias from keystore - websphere-liberty

I am getting the following error on Line #4 of code below in IBM Websphere
Liberty Profile 16.0.0
InputStream keystoreStream = EncryptionUtility.class.getResourceAsStream(keyStoreLocation);
KeyStore keystore = KeyStore.getInstance("JCEKS");
keystore.load(keystoreStream, storePass.toCharArray());
Key key = keystore.getKey(alias, keyPass.toCharArray());
Which results in the following exception:
Caused by: java.security.UnrecoverableKeyException: com.ibm.crypto.provider.AESSecretKey
at com.sun.crypto.provider.KeyProtector.unseal(KeyProtector.java:358)
at com.sun.crypto.provider.JceKeyStore.engineGetKey(JceKeyStore.java:133)
at java.security.KeyStore.getKey(KeyStore.java:804)
at com.comdata.base.helper.EncryptionUtility.initSymmetricKey(EncryptionUtility.java:134)
Any ideas why this is happening? Is anything need to be configured for cryptography?
I poked through the code of keyProtector.java in JDK 7 and UnrecoverableKeyException is triggered by ClassNotFoundException
com.ibm.crypto.provider.AESSecretKey
Do we need to install any feature via installUtility?

Any ideas why this is happening? Is anything need to be configured for cryptography?
The class not being found (com.ibm.crypto.provider.AESSecretKey) is from the IBM JDK.
It looks like your keystore was created using the IBM JDK and thus has a key packaged in it that uses the AESSecretKey from the IBM JDK.
At runtime, your Liberty server is probably using a non-IBM JDK, which would not have this IBM JDK specific class in it.
Do we need to install any feature via installUtility?
Nope. The missing class should be provided by the JDK, as opposed to a Liberty feature.

Related

JDBC connection fails to SAP Hana Cloud: "RTEException: -708 Receive of connect failed."

Similar to https://answers.sap.com/questions/12675326/sap-dbtech-jdbc-708-receive-of-connect-fail.html
Connection to SAP Hana Cloud fails with the error "RTEException: -708 Receive of connect failed."
Steps to reproduce:
java -version
OpenJDK Runtime Environment (build 11.0.15+10-Ubuntu-0ubuntu0.20.04.1)
java -jar ngdbc.jar -V
package package com.sap.db.jdbc, Java Platform API Specification, version 1.4, SAP HANA JDBC Driver, SAP SE, 1.120.05-8c23c50e159e9883edab0e2ebdd4e02c5919cd08
java -jar ngdbc.jar -u DBADMIN,PASSWORD -n BIG-IDENTIFIER.hana.trial-us10.hanacloud.ondemand.com:443 -d test -o encrypt=true -o validatecertificate=false
(the certificate is imported, and the error occurs even without the parameters encrypt and validatecertificate)
Contents of trace log:
ClassLoader: jdk.internal.loader.ClassLoaders$AppClassLoader#55054057
Process-ID: 320850
package package com.sap.db.jdbc, Java Platform API Specification, version 1.4, SAP HANA JDBC Driver, SAP SE, 1.120.05-8c23c50e159e9883edab0e2ebdd4e02c5919cd08 on Java 11.0.15
---- Thread 1eb44e46 main Timestamp: 2022-09-29 09:50:03.162
new Connection 'jdbc:sap://BIG-IDENTIFIER.hana.trial-us10.hanacloud.ondemand.com:443'
password=****
databaseName=test
host=BIG-IDENTIFIER....
options=
cmd=Select top 1 42 as "connect test" fro...
user=DBADMIN
HOSTLIST: [BIG-IDENTIFIER.hana.trial-us10.hanacloud.ondemand.com:443,]
new RTEException: -708 Receive of connect failed.
whereAmIjava.lang.Throwable
at com.sap.db.util.Tracer.whereAmI(Tracer.java:280)
at com.sap.db.rte.comm.RTEException.(RTEException.java:51)
at com.sap.db.rte.comm.BasicSocketComm.receiveInfoRequest(BasicSocketComm.java:587)
at com.sap.db.rte.comm.BasicSocketComm.doInfoRequest(BasicSocketComm.java:84)
at com.sap.db.rte.comm.BasicSocketComm.connectDB(BasicSocketComm.java:187)
at com.sap.db.rte.comm.SocketComm$1.open(SocketComm.java:47)
at com.sap.db.jdbc.topology.Topology.getSession(Topology.java:88)
at com.sap.db.jdbc.Driver.openByURL(Driver.java:1216)
at com.sap.db.jdbc.Driver.connect(Driver.java:313)
at com.sap.db.jdbc.Driver.main(Driver.java:858)
using null
=> FAILED
any thoughts on the why and how to solve it?
Since this is HANA Cloud Trial, I don't think, that you should use -d to specify a tenant database name. Please try to remove this parameter as you may be trying to connect to a non-existing tenant database. You can also refer to this tutorial.
Second thing to consider is the allowlist for IP addresses. Per default connections are blocked if you have not added your client ip to the allowlist. More details can be found in this blog.
Last but not least, please check if your are using the latest version of ngdb.jar. It can be obtained on this site.

Failing to connect MQ with java 11

After upgrading to JDK 11 from JDK 8 and MQ 9.2.0.5 (from 9.2.0.4), i'm getting the below error when trying to open JMS connection.
I'm running on WLS 14.
I also upgraded allclient.jar to 9.2.0.5.
I tried running it with previous MQ (9.2.0.4) which worked fine with java 8, i get the same issue.
Same code works fine with MQ 9.2.0.4, JDK 8 and WLS 12.
I verified that method exists in jar and verified no other versions of allclient jars exists.
com.ibm.mq.jmqi.JmqiException: CC=2;RC=2195;AMQ9546: Error return code
received.
[1=java.lang.NoSuchMethodException[com.ibm.mq.jmqi.remote.api.RemoteFAP.(com.ibm.mq.jmqi.JmqiEnvironment,
int)],3=Class.getConstructor0]
at com.ibm.mq.jmqi.JmqiEnvironment.getInstance(JmqiEnvironment.java:857)
at com.ibm.mq.jmqi.JmqiEnvironment.getMQI(JmqiEnvironment.java:702)
at com.ibm.msg.client.wmq.factories.WMQConnectionFactory.createV7ProviderConnection(WMQConnectionFactory.java:8437)
at com.ibm.msg.client.wmq.factories.WMQConnectionFactory.createProviderConnection(WMQConnectionFactory.java:7815)
at com.ibm.msg.client.jms.admin.JmsConnectionFactoryImpl._createConnection(JmsConnectionFactoryImpl.java:322)
at com.ibm.msg.client.jms.admin.JmsConnectionFactoryImpl.createConnection(JmsConnectionFactoryImpl.java:242)
at com.ibm.mq.jms.MQConnectionFactory.createCommonConnection(MQConnectionFactory.java:6026)
at com.ibm.mq.jms.MQConnectionFactory.createConnection(MQConnectionFactory.java:6086)
at org.springframework.jms.connection.UserCredentialsConnectionFactoryAdapter.doCreateConnection(UserCredentialsConnectionFactoryAdapter.java:188)
at . Caused by: java.lang.NoSuchMethodException: com.ibm.mq.jmqi.remote.api.RemoteFAP.(com.ibm.mq.jmqi.JmqiEnvironment,
int)
at java.base/java.lang.Class.getConstructor0(Class.java:3349)
at java.base/java.lang.Class.getConstructor(Class.java:2151)
at com.ibm.mq.jmqi.JmqiEnvironment.getInstance(JmqiEnvironment.java:764)
Remove if you have com.ibm.* related packages in prefer-application-packages section in weblogic.xml.
I just ran a couple of Java/JMS applications using OpenJDK 11 and they ran fine. I agree with Doug Grove that you probably have a mismatch of MQ JAR files.
Add the following line to your code and then update your question with the output:
System.out.println("java.class.path="+System.getProperty("java.class.path"));
If you want to get fancy then you can do:
if (null != System.getProperty("java.class.path"))
{
if (System.getProperty("os.name").startsWith("Windows"))
System.out.println("java.class.path=\n"+(System.getProperty("java.class.path")).replace(';', '\n'));
else
System.out.println("java.class.path\n="+(System.getProperty("java.class.path")).replace(':', '\n'));
}

Spring Boot - Liquibase - WebSphere - Cannot create filesystem for url file xxx/jsf-nls.jar

Configuration
My Spring Boot/Liquibase specifications & configuration is as per this question.
Issue
Everything goes well in my local environment with embedded Tomcat. When i migrate the war file to IBM WebSphere 8.5.5.15, i see this warning:
[7/29/20 11:04:17:302] 000002ff database I liquibase.database Could not set remarks reporting on OracleDatabase: com.zaxxer.hikari.pool.HikariProxyConnection.setRemarksReporting(boolean)
[7/29/20 11:04:18:066] 000002ff lockservice I liquibase.lockservice Successfully acquired change log lock
[7/29/20 11:04:18:090] 000002ff integration W liquibase.integration Cannot create filesystem for url file:/opt/IBM/WebSphere/AppServer/lib/jsf-nls.jar: /opt/IBM/WebSphere/AppServer/lib/jsf-nls.jar
java.nio.file.FileSystemNotFoundException: /opt/IBM/WebSphere/AppServer/lib/jsf-nls.jar
at com.sun.nio.zipfs.ZipFileSystem.<init>(ZipFileSystem.java:120)
at com.sun.nio.zipfs.ZipFileSystemProvider.newFileSystem(ZipFileSystemProvider.java:139)
at java.nio.file.FileSystems.newFileSystem(FileSystems.java:390)
at liquibase.resource.ClassLoaderResourceAccessor.loadRootPaths(ClassLoaderResourceAccessor.java:63)
:
I have checked and the jar file is not there at the location that it is looking for it.
Question
It's only a warning, everything else is working as expected, should i be concerned about this warning?

Need help in deploying warn using WSAdmin install with JNDI

I am trying to deploy a web application using WSAdmin tool. But it is throwing an error.
JACl script that I am using is :
$AdminApp install /opt/www/temp/SampleApp.war {-nopreCompileJSPs -nodeployejb -server delivery -cell delivery_cell -node delivery_node -appname SampleApp -contextroot SampleApp -MapWebModToVH {{"SampleApp" SampleApp.war,WEB-INF/web.xml default_host}}}
Error I am getting is:
com.ibm.ws.scripting.ScriptingException: WASX7109E: Insufficient data for install task "MapResRefToEJB
ADMA0007E: A validation error occurred in task Mapping resource references to resources. The Java Naming and Directory Interface (JNDI) name is not specified for resource reference jdbc/app_DB in module SampleApp with EJB name.
From the error above I understand that I need to configure my JNDI with -MapResRefToEJB. I tried to understand this option but getting too confused.
Can anyone help me to resolve this issue?
These errors appear to be caused by the MapResRefToEJB option in
the wsadmin command not being set correctly, or the resource it is pointing to
not existing correctly in the web.xml file.
Additional information on MapResRefToEJB
Options for the AdminApp object install, installInteractive, edit,
editInteractive, update, and updateInteractive commands
http://pic.dhe.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/rxml_taskoptions.html
Thank you
Note : Opinions are my own.

Crystal reports - connection to JDBC failed

I am trying to make a connection to JDBC(JNDI) in Crystal Reports and I get the following error :
Invalid Argument provided.
Details: Java Server startup failure. Please verify the PATH (JDK), CLASSPATH and IORFileLocation properties in the CRConfig.xml file. In addition, please verify you are using JDK 1.4.
I am using the connector : mysql-connector-java-5.1.6-bin.jar, jDK 1.6.
Thank you!
I finally found the problem!
The directory associated to IORFileLocation (which is C:\Windows\temp for me) was for some reason readOnly.
So, problem fixed.
Thank you, anyway!

Resources