Does Java 8 Jsse provider support sha224withRSA Algorithm? - java-8

jdk1.8.0.91 works fine here, but the latest revision (111) gives below error:
*handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Algorithm constraints check failed: SHA224withRSA*
Clients accept the certificate when using jdk1.8.0.91, or jsse.jar of that distribution. But when I upgrade to the latest revision of Java, I see above error. So which one is the correct behaviour?

This is an update from Java on windows, see below bug link for details
https://bugs.openjdk.java.net/browse/JDK-8064330

Related

When I run the example code of openai-java in my machine, SSLHandshakeException error happens

I tried to run the example of openai-java, but SSLHandshakeException error happens.
here is my code
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at io.reactivex.internal.util.ExceptionHelper.wrapOrThrow(ExceptionHelper.java:45)
at io.reactivex.internal.observers.BlockingMultiObserver.blockingGet(BlockingMultiObserver.java:91)
at io.reactivex.Single.blockingGet(Single.java:2585)
at com.theokanning.openai.OpenAiService.createCompletion(OpenAiService.java:116)
Also, I used postman to send post requests to https://api.openai.com/v1/completions with my secret-key, it gives "You exceeded your current quota, please check your plan and billing details"
I guess it may because of https Certificate, and I followed How to Resolve Error message "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target", and put certificate of https://openai.com/ into my JDK. And It doesn't work. I wanna ask how to fix this problem

SpringBoot in IntelliJ. unable to find valid certification path to requested target

IntelliJ Community Edition, Java8, Spring Boot 2.1.11
Trying to do a basic linkedIn course (Building Reactive apps with Spring Boot2 by Chris Anatalio)
I am unable to run the application. It uses an embedded Mongo DB.
failed
:ReactivespringApplication.main()
org.springframework.beans.BeanInstantiationException: Failed to instantiate [de.flapdoodle.embed.mongo.MongodExecutable]: Factory method 'embeddedMongoServer' threw exception; nested exception is de.flapdoodle.embed.process.exceptions.DistributionException: prepare executable
de.flapdoodle.embed.process.exceptions.DistributionException: prepare executable
java.io.IOException: Could not open inputStream for https://downloads.mongodb.org/win32/mongodb-win32-x86_64-3.5.5.zip
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Update:
I found that LinkedIn provides an 'end' code set for each lecture. I downloaded and imported it and it ran fine. I dont know what is different. Did a WinMerge but no obvious differences.
Been in the same situation, Root cause is that you are behind a proxy server which requires ssl certificate to communicate/download.
Resolution:
1. Try different network, this worked for me when I connected to a mobile hotspot.
2. import/create a ssl certificate or bypass ssl, am also still exploring this path.

gradlew.bat (and gradlew) SSLHandShakeException

I'm new to Gradle and was going through this Spring Tutorial found here:
http://spring.io/guides/gs/gradle/
I get to the part where it tells me to add this task:
task wrapper(type: Wrapper) {
gradleVersion = '2.3'
}
I run gradle wrapper which creates the gradlew and gradlew.bat files.
Trying to run both of this I get this exception:
Downloading https://services.gradle.org/distributions/gradle-2.3-bin.zip
Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.val
idator.ValidatorException: PKIX path building failed: sun.security.provider.cert
path.SunCertPathBuilderException: unable to find valid certification path to req
uested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.
java:1341)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.jav
a:153)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.
java:1312)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339
)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323
)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:
563)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect
(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLCon
nection.java:1300)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Http
sURLConnectionImpl.java:254)
at org.gradle.wrapper.Download.downloadInternal(Download.java:56)
at org.gradle.wrapper.Download.download(Download.java:42)
at org.gradle.wrapper.Install$1.call(Install.java:57)
at org.gradle.wrapper.Install$1.call(Install.java:44)
at org.gradle.wrapper.ExclusiveFileAccessManager.access(ExclusiveFileAcc
essManager.java:65)
at org.gradle.wrapper.Install.createDist(Install.java:44)
at org.gradle.wrapper.WrapperExecutor.execute(WrapperExecutor.java:126)
at org.gradle.wrapper.GradleWrapperMain.main(GradleWrapperMain.java:56)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find vali
d certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.jav
a:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.j
ava:326)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerIm
pl.java:231)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustMan
agerImpl.java:126)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.
java:1323)
... 19 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCert
PathBuilder.java:196)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
... 25 more
I try to hit the webserver at https://services.gradle.org/distributions/gradle-2.3-bin.zip and I'm not getting any sort of error. I'm I missing some sort of config? Any help would be appreciated. Thanks!
if you could not fix anyway. and if you are inside firewall.
then.
you may can not download https.
should fix that Edit gradle-wrapper.properties file.
vi [project]/gradle/wrapper/gradle-wrapper.properties
#distributionUrl=https\://services.gradle.org/distributions/gradle-2.8-bin.zip
distributionUrl=http\://services.gradle.org/distributions/gradle-2.8-bin.zip
change from https to http...
http://blog.cjred.net/gradlew-bat-and-gradlew-sslhandshakeexception/
After I modified, it says: Server returned HTTP response code: 403 for URL: http://services.gradle.org/distributions/gradle-6.0.1-all.zip
I experienced the same problem, however my symptoms were that my Ubuntu machine couldn't resolve any SSL hosts unless I specifically added them to Java's certificate authority (cacert) file.
I stumbled upon this Debian bug, and found a fairly straight-forward resolution: remove ca-certificates-java and install it again:
sudo dpkg --purge --force-depends ca-certificates-java
sudo apt-get install ca-certificates-java
I did a ./gradlew clean for good measure, and everything sprung to life again.
It seems, that the certificates for the gradle site were messed up. Doing a gradlew clean should fix this. See this thread on the Gradle forum: http://discuss.gradle.org/t/urgent-ssl-apache-configuration-for-services-gradle-org-is-bad/8808/4
Steps:
Run gradlew -Djavax.net.debug=all tasks
Go through the debug logs, and see if you find anything out of the ordinary.
In my case, seeing something like Zscaler did the trick, as i know i have Zscaler on(which by the way rewrites the TLS traffic blablabla), and it was trying to find the valid certification path to requested target, which obviously it couldn't find.
2 Options:
Exit Zscaler
If exiting Zscaler is not an option, go to your browser, export Zscaler Root Certificate
If you are using Brave browser, here are the steps:
Settings > Privacy and security > Manage device certificates > Trusted Root Certification Authorities > Find Zscaler Root CA > Export
and import it in the JVM truststore gradle is using, something like:
keytool -import -trustcacerts -alias Zscaler -file "Zscaler Root CA.cer" -keystore "%JAVA_HOME%"\jre\lib\security\cacerts
IMPORTANT: Do a gradlew clean before retrying any command.
In my case the problem was caused by an obsolete (7 years old) version of Java. Even gradlew clean did fail. After a Java update it worked fine.
In my case I was on a company network and behind a proxy, which as I understand it rewrites the SSL certificates, making the Java installation not trust any of them.
To solve it I had to create a gradle.properties file in my home directory under .gradle (~/.gradle/gradle.properties) and add the following line:
org.gradle.jvmargs=-DsystemProp.https.proxyHost=<myProxyHost> -DsystemProp.https.proxyPort=<myProxyPort> -DsystemProp.https.proxyUser=<myProxyUsername> -DsystemProp.https.proxyPassword=<myProxyPassword>
That solution was based on this SO answer: Gradle use certificate authentication for repository
This is because, Gradle tries to find the installed package in your local machine.
If you have the installed location:
D:\apps\gradle-3.3
Follow these steps in eclipse:
New Project
Gradle Project
Enter project Name
Local Installation Directory
Click Finish.
You are good to go.
Create this profile in user home:
$ vi ~/.yarnrc
# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1
strict-ssl false

kinit errors - authentication to AD 2008

I am trying to have my application authenticate using AD credentials. I am using kinit to test after creating the krb5.ini file. I believe all the realm information is correct in the ini file but continue to receive the below error when testing with kinit.
Exception: krb_error 0 Cannot find any provider supporting ARCFOUR No error
KrbException: Cannot find any provider supporting ARCFOUR
at
sun.security.krb5.internal.crypto.ArcFourHmacEType.encrypt(ArcFourHm
cEType.java:68)
at
sun.security.krb5.internal.crypto.ArcFourHmacEType.encrypt(ArcFourHm
cEType.java:60)
at sun.security.krb5.EncryptedData.<init>(EncryptedData.java:122)
at sun.security.krb5.KrbAsReq.init(KrbAsReq.java:355)
at sun.security.krb5.KrbAsReq.<init>(KrbAsReq.java:180)
at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:253)
at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:107)
Caused by: java.security.NoSuchAlgorithmException: Cannot find any provider
suporting ARCFOUR
at javax.crypto.Cipher.getInstance(DashoA13*..)
at
sun.security.krb5.internal.crypto.dk.ArcFourCrypto.encrypt(ArcFourCrpto.java:279)
You need to enable RC4-HMAC in both your krb5.ini config and the conf/security/java.security
I think RC4 got blacklisted in Oracle JDK (>= 1.8.u060) for known insecurities together with MD5, but it is strictly required for key exchange by the MS Active Directory Kerberos implementation.
Maybe you have to re-enable it by removing RC4 from jdk.tls.disabledAlgorithms and jdk.certpath.disabledAlgorithms of your JDKs conf/security/java.security.
See https://www.java.com/en/configure_crypto.html for more information.

Apple Push Notification, PKCS12 in java-apns

I try to send a push notification from a java application to an iphone. there is the source code :
PayLoad payLoad = new PayLoad();
payLoad.addAlert("My alert message");
payLoad.addBadge(45);
payLoad.addSound("default");
PushNotificationManager pushManager = PushNotificationManager.getInstance();
pushManager.addDevice("iPhone", "f4201f5d8278fe39545349d0868a24a3b60ed732");
log.warn("Initializing connectiong with APNS...");
// Connect to APNs
pushManager.initializeConnection(HOST, PORT,
"/etc/Certificates.p12", "password",
SSLConnectionHelper.KEYSTORE_TYPE_PKCS12);
Device client = pushManager.getDevice("iPhone");
// Send Push
log.warn("Sending push notification...");
PushNotificationManager.getInstance().sendNotification(client, payLoad);
I receive an exception in the line :
pushManager.initializeConnection(HOST, PORT,
"/etc/Certificates.p12", "password",
SSLConnectionHelper.KEYSTORE_TYPE_PKCS12);
Here is the exception :
java.io.IOException: failed to decrypt safe contents entry: java.io.IOException: getSecretKey failed: PBE SecretKeyFactory not available
at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(Unknown Source)
at java.security.KeyStore.load(Unknown Source)
at com.anthil.apns.service.ExtractFile.main(ExtractFile.java)
Caused by: java.io.IOException: getSecretKey failed: PBE SecretKeyFactory not available
at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.getPBEKey(Unknown Source)
... 3 more
Caused by: java.security.NoSuchAlgorithmException: PBE SecretKeyFactory not available
at javax.crypto.SecretKeyFactory.(DashoA13*..)
at javax.crypto.SecretKeyFactory.getInstance(DashoA13*..)
... 4 more
can any one help me with this ?
I have recently encountered the same exception. It turned out to occur only when I ran my code through Eclipse (version 3.7.0 Indigo), using the new Sun JDK 1.7.0. Running the code either outside of Eclipse, or using a JDK 1.6.x fixed the problem for me.
I had a similar problem that was resolved by removing the '-Djava.ext.dirs' flag from my java command. See: http://www.scottmcmaster365.com/2009/03/perils-of-abusing-javaextdirs-property.html
Btw, from the code you provided, you seem to be using an old version of JavaPNS (1.6?). You might want to upgrade to the latest version (2.0 public, or even the latest 2.1-level build) from http://code.google.com/p/javapns/, as you will get MANY reliability improvements and you will be able to push notifications with a single line of code instead of all these "complicated" steps.

Resources