Hi everyone,
I have updated kapua from 1.0.0-M7 to 1.6.7. The update is done and I get the web ui but I can't connect any kura device to kapua via mqtt (-to kapua broker), there is no certificate on the mqtt port.
The certificates are fine. With version 1.0.0-M7 I had no problems with the certificates. I also recreated the keystore after the update, but the error did not change.
I suspect that the new version of kapua can not read the certificates - but im not sure.
For setting up the certificates I have set these variables in docker-compose file.
- KAPUA_CA='cat /.../CA.crt.pem'
- KAPUA_CRT='cat /.../CA.crt'
- KAPUA_KEY='cat /.../CA.key'
- KAPUA_KEY_PASSWORD=<Password>
- KAPUA_KEYSTORE='base64 /.../CA.jks'
- KAPUA_KEYSTORE_PASSWORD=<Password>
Do I need to add anything in the docker-compose file? Or is the problem somewhere else?
Before I include the variable "djavax.net.ssl..." into docker-compose file, the log files of kapua broker said
:
9:03:01.962 [ActiveMQ BrokerService[message-broker] Task-7] DEBUG o.a.a.broker.TransportConnector - Reason: java.io.IOException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
broker | java.io.IOException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
broker | at org.apache.activemq.transport.nio.NIOSSLTransport.initializeStreams(NIOSSLTransport.java:188)
broker | at org.apache.activemq.transport.mqtt.MQTTNIOSSLTransport.initializeStreams(MQTTNIOSSLTransport.java:52)
broker | at org.apache.activemq.transport.tcp.TcpTransport.connect(TcpTransport.java:543)
broker | at org.apache.activemq.transport.nio.NIOTransport.doStart(NIOTransport.java:174)
broker | at org.apache.activemq.transport.nio.NIOSSLTransport.doStart(NIOSSLTransport.java:462)
broker | at org.apache.activemq.util.ServiceSupport.start(ServiceSupport.java:55)
broker | at org.apache.activemq.transport.TransportFilter.start(TransportFilter.java:64)
broker | at org.apache.activemq.transport.mqtt.MQTTTransportFilter.start(MQTTTransportFilter.java:157)
broker | at org.apache.activemq.transport.mqtt.MQTTInactivityMonitor.start(MQTTInactivityMonitor.java:148)
broker | at org.apache.activemq.transport.TransportFilter.start(TransportFilter.java:64)
broker | at org.apache.activemq.broker.TransportConnection.start(TransportConnection.java:1071)
broker | at org.apache.activemq.broker.TransportConnector$1$1.run(TransportConnector.java:218)
broker | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
broker | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
broker | at java.lang.Thread.run(Thread.java:750)
broker | Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
broker | at java.security.Provider$Service.newInstance(Provider.java:1617)
broker | at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
broker | at sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
broker | at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
broker | at javax.net.ssl.SSLContext.getDefault(SSLContext.java:96)
broker | at org.apache.activemq.transport.nio.NIOSSLTransport.initializeStreams(NIOSSLTransport.java:100)
broker | ... 14 common frames omitted
broker | Caused by: java.security.KeyStoreException: problem accessing trust store
broker | at sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:73)
broker | at javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:250)
broker | at sun.security.ssl.SSLContextImpl$DefaultManagersHolder.getTrustManagers(SSLContextImpl.java:1043)
broker | at sun.security.ssl.SSLContextImpl$DefaultManagersHolder.<clinit>(SSLContextImpl.java:1013)
broker | at sun.security.ssl.SSLContextImpl$DefaultSSLContext.<init>(SSLContextImpl.java:1188)
broker | at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
broker | at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
broker | at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
broker | at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
broker | at java.security.Provider$Service.newInstance(Provider.java:1595)
broker | ... 19 common frames omitted
broker | Caused by: java.io.EOFException: null
broker | at java.io.DataInputStream.readInt(DataInputStream.java:392)
broker | at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:661)
broker | at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:57)
broker | at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
broker | at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:71)
broker | at java.security.KeyStore.load(KeyStore.java:1445)
broker | at sun.security.ssl.TrustStoreManager$TrustAnchorManager.loadKeyStore(TrustStoreManager.java:370)
broker | at sun.security.ssl.TrustStoreManager$TrustAnchorManager.getTrustedCerts(TrustStoreManager.java:318)
broker | at sun.security.ssl.TrustStoreManager.getTrustedCerts(TrustStoreManager.java:55)
broker | at sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:49)
broker | ... 28 common frames omitted
The logs after including djavax.net.ssl in docker-compose file said:
Caused by: java.lang.SecurityException: com.google.inject.ProvisionException: Unable to provision, see the following errors:
broker |
broker | 1) Error injecting constructor, org.eclipse.kapua.service.certificate.exception.KapuaCertificateException: Error:
broker | at org.eclipse.kapua.service.certificate.internal.CertificateServiceImpl.<init>(CertificateServiceImpl.java:73)
broker | while locating org.eclipse.kapua.service.certificate.internal.CertificateServiceImpl
broker | at org.eclipse.kapua.locator.guice.KapuaModule.configure(KapuaModule.java:121)
broker | while locating org.eclipse.kapua.service.certificate.CertificateService
broker | at org.eclipse.kapua.service.authentication.shiro.AuthenticationServiceShiroImpl.<init>(AuthenticationServiceShiroImpl.java:112)
broker | while locating org.eclipse.kapua.service.authentication.shiro.AuthenticationServiceShiroImpl
broker | at org.eclipse.kapua.locator.guice.KapuaModule.configure(KapuaModule.java:121)
broker | while locating org.eclipse.kapua.service.authentication.AuthenticationService
broker |
broker | 1 error
broker | at org.eclipse.kapua.broker.core.KapuaBrokerSecurityPlugin.installPlugin(KapuaBrokerSecurityPlugin.java:68)
broker | at org.apache.activemq.broker.BrokerService.addInterceptors(BrokerService.java:2446)
broker | at org.apache.activemq.broker.BrokerService.createBroker(BrokerService.java:2307)
broker | at org.apache.activemq.broker.BrokerService.getBroker(BrokerService.java:1018)
broker | at org.apache.activemq.broker.BrokerService.getAdminConnectionContext(BrokerService.java:2577)
broker | at org.apache.activemq.broker.BrokerService.startVirtualConsumerDestinations(BrokerService.java:2744)
broker | at org.apache.activemq.broker.BrokerService.startDestinations(BrokerService.java:2568)
broker | at org.apache.activemq.broker.BrokerService.doStartBroker(BrokerService.java:727)
broker | at org.apache.activemq.broker.BrokerService.startBroker(BrokerService.java:721)
broker | at org.apache.activemq.broker.BrokerService.start(BrokerService.java:624)
broker | at org.apache.activemq.xbean.XBeanBrokerService.afterPropertiesSet(XBeanBrokerService.java:73)
broker | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
broker | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
broker | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
broker | at java.lang.reflect.Method.invoke(Method.java:498)
broker | at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1700)
broker | at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1639)
broker | at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1568)
broker | ... 27 more
broker | Caused by: com.google.inject.ProvisionException: Unable to provision, see the following errors:
broker |
broker | 1) Error injecting constructor, org.eclipse.kapua.service.certificate.exception.KapuaCertificateException: Error:
broker | at org.eclipse.kapua.service.certificate.internal.CertificateServiceImpl.<init>(CertificateServiceImpl.java:73)
broker | while locating org.eclipse.kapua.service.certificate.internal.CertificateServiceImpl
broker | at org.eclipse.kapua.locator.guice.KapuaModule.configure(KapuaModule.java:121)
broker | while locating org.eclipse.kapua.service.certificate.CertificateService
broker | at org.eclipse.kapua.service.authentication.shiro.AuthenticationServiceShiroImpl.<init>(AuthenticationServiceShiroImpl.java:112)
broker | while locating org.eclipse.kapua.service.authentication.shiro.AuthenticationServiceShiroImpl
broker | at org.eclipse.kapua.locator.guice.KapuaModule.configure(KapuaModule.java:121)
broker | while locating org.eclipse.kapua.service.authentication.AuthenticationService
broker |
broker | 1 error
broker | at com.google.inject.internal.InjectorImpl$2.get(InjectorImpl.java:1028)
broker | at com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java:1054)
broker | at org.eclipse.kapua.locator.guice.GuiceLocatorImpl.getService(GuiceLocatorImpl.java:58)
broker | at org.eclipse.kapua.broker.core.plugin.KapuaSecurityBrokerFilter.<init>(KapuaSecurityBrokerFilter.java:159)
broker | at org.eclipse.kapua.broker.core.KapuaBrokerSecurityPlugin.installPlugin(KapuaBrokerSecurityPlugin.java:65)
broker | ... 44 more
broker | 08:48:51.037 [main] WARN o.e.kapua.ExceptionMessageUtils - Could not load exception messages for code: CERTIFICATE_ERROR. A generic error message will be printed.
broker | Caused by: org.eclipse.kapua.service.certificate.exception.KapuaCertificateException: Error:
broker | at org.eclipse.kapua.service.certificate.internal.CertificateServiceImpl.lambda$new$0(CertificateServiceImpl.java:82)
broker | at org.eclipse.kapua.commons.security.KapuaSecurityUtils.lambda$doPrivileged$0(KapuaSecurityUtils.java:78)
broker | at org.eclipse.kapua.commons.security.KapuaSecurityUtils.doPrivileged(KapuaSecurityUtils.java:116)
broker | at org.eclipse.kapua.commons.security.KapuaSecurityUtils.doPrivileged(KapuaSecurityUtils.java:77)
broker | at org.eclipse.kapua.service.certificate.internal.CertificateServiceImpl.<init>(CertificateServiceImpl.java:74)
broker | at org.eclipse.kapua.service.certificate.internal.CertificateServiceImpl$$FastClassByGuice$$9956af46.newInstance(<generated>)
broker | at com.google.inject.internal.DefaultConstructionProxyFactory$FastClassProxy.newInstance(DefaultConstructionProxyFactory.java:89)
broker | at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:111)
broker | at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:90)
broker | at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:268)
broker | at com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:56)
broker | at com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:46)
broker | at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1092)
broker | at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
broker | at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:194)
broker | at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:41)
broker | at com.google.inject.internal.InjectorImpl$2$1.call(InjectorImpl.java:1019)
broker | at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1092)
broker | at com.google.inject.internal.InjectorImpl$2.get(InjectorImpl.java:1015)
broker | at com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java:1054)
broker | at org.eclipse.kapua.locator.guice.GuiceLocatorImpl.getService(GuiceLocatorImpl.java:58)
broker | at org.eclipse.kapua.service.authentication.shiro.AuthenticationServiceShiroImpl.<init>(AuthenticationServiceShiroImpl.java:123)
broker | at org.eclipse.kapua.service.authentication.shiro.AuthenticationServiceShiroImpl$$FastClassByGuice$$251b3f55.newInstance(<generated>)
broker | at com.google.inject.internal.DefaultConstructionProxyFactory$FastClassProxy.newInstance(DefaultConstructionProxyFactory.java:89)
broker | at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:111)
broker | at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:90)
broker | at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:268)
broker | at com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:56)
broker | at com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:46)
broker | at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1092)
broker | at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
broker | at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:194)
broker | at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:41)
broker | at com.google.inject.internal.InjectorImpl$2$1.call(InjectorImpl.java:1019)
broker | at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1085)
broker | at com.google.inject.internal.InjectorImpl$2.get(InjectorImpl.java:1015)
Please help me to solve the problem as soon as possible.
Best regards,
Beyza
