Re: [geclipse-dev] Grid Certificates Problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [geclipse-dev] Grid Certificates Problem

From: Nicholas Loulloudes <loulloudes.n@xxxxxxxxxxxx>
Date: Thu, 12 May 2011 10:06:24 +0300
Delivered-to: geclipse-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/geclipse-dev>
List-help: <mailto:geclipse-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/geclipse-dev>, <mailto:geclipse-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/geclipse-dev>, <mailto:geclipse-dev-request@eclipse.org?subject=unsubscribe>
User-agent: Thunderbird 2.0.0.24 (X11/20100623)

Hi Mathias, all,

How are you?

I wanted to add-up on Antriani's email. We recently discovered that EuGridPMA changed the distribution format of CA certs. This change was due to the wake of OpenSSL v1, and become effective after CA cert distribution v1.33. At v1.34, the new format become the default format. As Antriani mentioned, the EuGridPMA so far provides the CA cert distribution in both formats, but I am not sure how long this transition phase will last.

I had a quick look into our code that makes the cert import, and it seems that our parser does not work for the new format. If someone can verify this as well, then we can go ahead and provide the necessary patch.

Best,
Nicholas.

Mathias Stümpert wrote:

Dear Antriani,

I can think of two reasons for your problem:

1) The standard JCE is not "strong" enough to decrypt the certs you are trying to import
2) One of the certs you are trying to import may be corrupt or may contain unsupported extensions

For a solution of 1) see the help content for g-Eclipse:

<cite>

download the "Java Cryptography Extension Unlimited Strength Jurisdiction Policy Files" from http://java.sun.com/javase/downloads (or the corresponding site if you have another Java version)

unpack that file and follow the instructions in the README. You only need to copy the two policy files into the right path in your Java installation, namely: $JAVA_HOME/jre/lib/security

</cite>

For a solution of 2) I recommend to try to import one cert after the other to see if the problem is a general one or only occurs for one specific cert.

Cheers, Mathias
Hi all,

I have been using g-Eclipse to extend it with social functionality.

I had a problem with the importing of the grid certificates -
I was getting a parsing error after the change of the certificate format.
I temporally solved the problem by using http://dist.eugridpma.info/distribution/igtf/current-old/accredited/tgz/ instead of
http://dist.eugridpma.info/distribution/igtf/current/accredited/tgz/.

Now the current-old fails for some certificates giving :

Plug-In:

eu.geclipse.core

Contact Address:

N/A

Description:

Unable to load certificate

Reasons:

N/A

Proposed Solutions:

N/A

Stacktrace:

eu.geclipse.core.reporting.ProblemException: Unable to load certificate

at eu.geclipse.core.security.X509Util.loadCertificate(X509Util.java:163)

at eu.geclipse.ui.internal.preference.SecurityPreferencePage.addCertificates(SecurityPreferencePage.java:335)

at eu.geclipse.ui.internal.preference.SecurityPreferencePage$11.run(SecurityPreferencePage.java:373)

at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)

Caused by: java.security.cert.CertificateException: Could not parse certificate: java.io.IOException: DerInputStream.getLength(): lengthTag=11, too big.

at sun.security.provider.X509Factory.engineGenerateCertificate(Unknown Source)

at java.security.cert.CertificateFactory.generateCertificate(Unknown Source)

at eu.geclipse.core.security.X509Util.loadCertificate(X509Util.java:159)

... 3 more

Caused by: java.io.IOException: DerInputStream.getLength(): lengthTag=11, too big.

at sun.security.util.DerInputStream.getLength(Unknown Source)

at sun.security.util.DerValue.init(Unknown Source)

at sun.security.util.DerValue.<init>(Unknown Source)

... 6 more

when i try to import them.

Thanks,
Antriani Stylianou
University of Cyprus
_______________________________________________
geclipse-dev mailing list
geclipse-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/geclipse-dev
    
_______________________________________________
geclipse-dev mailing list
geclipse-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/geclipse-dev
  

________________________________________________________
Nicholas Loulloudes
PhD Candidate,
Department of Computer Science,
University of Cyprus,
Nicosia, Cyprus

Tel: +357-22892663
Email: loulloudes.n[at]cs.ucy.ac.cy
Web: www.cs.ucy.ac.cy/~nickl
VSense: vsense.cs.ucy.ac.cy
________________________________________________________

Follow-Ups:
- Re: [geclipse-dev] Grid Certificates Problem
  - From: Mateusz Pabiś

References:
- [geclipse-dev] Grid Certificates Problem
  - From: Antriani Stylianou
- Re: [geclipse-dev] Grid Certificates Problem
  - From: Mathias Stümpert

Prev by Date: Re: [geclipse-dev] Grid Certificates Problem
Next by Date: Re: [geclipse-dev] Grid Certificates Problem
Previous by thread: Re: [geclipse-dev] Grid Certificates Problem
Next by thread: Re: [geclipse-dev] Grid Certificates Problem
Index(es):
- Date
- Thread

Breadcrumbs