[kapua-dev] R: Please help: Problem with kapua broker Certficate

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[kapua-dev] R: Please help: Problem with kapua broker Certficate

From: "Modanese, Riccardo" <Riccardo.Modanese@xxxxxxxxxxxx>
Date: Fri, 14 Apr 2023 12:58:30 +0000
Accept-language: it-IT, en-US
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=eurotech.com; dmarc=pass action=none header.from=eurotech.com; dkim=pass header.d=eurotech.com; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=NeqvTHIxtLK2OVnNpxs0kooGGVf56TFqa6O+89tM+1E=; b=DdcIHa82F9EONGiziU5cI5yWAQsB3d8Pd52ZXmynjVr0eJ7k27I1bjgC3cM0LwCqudNRnT3rc381G8uVY3SFBsQO6IUai34u91Ny9xM+VeWbzg1YEieKNN7zmJ1jt8/F4Bo+DLArzDf2yq7kPzaYSc6wn7B/747CmiozJ52T0GXytAQb8ooMnCnha2oOCXMGt3Y5zFlvJB67XgyCEF74MQSHx/x/zi+xfkeDc6OIcS+OonByuTKw3/Kme4/597vofkFSl7+kP9UzSZeEduwQBqSMSNfE+LBLbY9zt2WOT+fPndsegRF9dGM3kTuxPtEY4W1trwfvv3g18+7B7MTQIw==
Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nRC06g2pAH+nMscMrkp31PsWkln3bQToSGwNZY8A5y0M+rc7e8Yt6a41WOeYyU1tFGctsggyqweX5ivTcXEfX4bx2IPNh44OZrnaWbc6h/D53iE+PnUK/NB9x8lLP7sMcGiyP1nZsfJ9WTtVrED1TSsLqr1BWAcKnpReHLRvRZDYcEPKCiYP7US0fzshAmWwfJwNxFpUYqlXi4wEe0zQYCWJXYbQ+JV6ZYU+q6avzMCu7lIZEEWTN4kbnU0/VqlGf//dRcSYzRCxFSduRmm7J5DVDwdnee+U8wKsJGy3i6q3EcHPJA5ftKRgV7d7r4577bdGVGezA7wUnWJPrtgHFw==
Delivered-to: kapua-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/kapua-dev/>
List-help: <mailto:kapua-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/kapua-dev>, <mailto:kapua-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/kapua-dev>, <mailto:kapua-dev-request@eclipse.org?subject=unsubscribe>
Thread-index: AQHZbrNg7bBy2JZDR0ivEpczeuQz6a8qwwpx
Thread-topic: [kapua-dev] Please help: Problem with kapua broker Certficate

Hi, doing a blame to the source code here:

https://github.com/eclipse/kapua/blame/dce02854e2598c5b7c0f4661d24d532bf94fc095/assembly/broker/entrypoint/run-broker#L21

and here:

https://github.com/eclipse/kapua/blame/dce02854e2598c5b7c0f4661d24d532bf94fc095/deployment/docker/compose/docker-compose.yml#L43

I don’t see any change in the last 5 years.

I suggest you to double check the parameters you are providing. The EOFException looks like the keystore is empty or malformed maybe.

Regards,

Riccardo

Da: kapua-dev <kapua-dev-bounces@xxxxxxxxxxx> per conto di Beyza Dem <beyza.demiray44@xxxxxxxxx>
Data: venerdì, 14 aprile 2023 11:27
A: kapua developer discussions <kapua-dev@xxxxxxxxxxx>
Oggetto: [kapua-dev] Please help: Problem with kapua broker Certficate

Hi everyone,

I have updated kapua from 1.0.0-M7 to 1.6.7. The update is done and I get the web ui but I can't connect any kura device to kapua via mqtt (-to kapua broker), there is no certificate on the mqtt port.

The certificates are fine. With version 1.0.0-M7 I had no problems with the certificates. I also recreated the keystore after the update, but the error did not change.

I suspect that the new version of kapua can not read the certificates - but im not sure.

For setting up the certificates I have set these variables in docker-compose file.

- KAPUA_CA='cat /.../CA.crt.pem'
- KAPUA_CRT='cat /.../CA.crt'
- KAPUA_KEY='cat /.../CA.key'
- KAPUA_KEY_PASSWORD=<Password>
- KAPUA_KEYSTORE='base64 /.../CA.jks'

- KAPUA_KEYSTORE_PASSWORD=<Password>

Do I need to add anything in the docker-compose file? Or is the problem somewhere else?

Before I include the variable "djavax.net.ssl..." into docker-compose file, the log files of kapua broker said :

9:03:01.962 [ActiveMQ BrokerService[message-broker] Task-7] DEBUG o.a.a.broker.TransportConnector - Reason: java.io.IOException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
broker | java.io.IOException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
broker | at org.apache.activemq.transport.nio.NIOSSLTransport.initializeStreams(NIOSSLTransport.java:188)
broker | at org.apache.activemq.transport.mqtt.MQTTNIOSSLTransport.initializeStreams(MQTTNIOSSLTransport.java:52)
broker | at org.apache.activemq.transport.tcp.TcpTransport.connect(TcpTransport.java:543)
broker | at org.apache.activemq.transport.nio.NIOTransport.doStart(NIOTransport.java:174)
broker | at org.apache.activemq.transport.nio.NIOSSLTransport.doStart(NIOSSLTransport.java:462)
broker | at org.apache.activemq.util.ServiceSupport.start(ServiceSupport.java:55)
broker | at org.apache.activemq.transport.TransportFilter.start(TransportFilter.java:64)
broker | at org.apache.activemq.transport.mqtt.MQTTTransportFilter.start(MQTTTransportFilter.java:157)
broker | at org.apache.activemq.transport.mqtt.MQTTInactivityMonitor.start(MQTTInactivityMonitor.java:148)
broker | at org.apache.activemq.transport.TransportFilter.start(TransportFilter.java:64)
broker | at org.apache.activemq.broker.TransportConnection.start(TransportConnection.java:1071)
broker | at org.apache.activemq.broker.TransportConnector$1$1.run(TransportConnector.java:218)
broker | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
broker | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
broker | at java.lang.Thread.run(Thread.java:750)
broker | Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
broker | at java.security.Provider$Service.newInstance(Provider.java:1617)
broker | at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
broker | at sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
broker | at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
broker | at javax.net.ssl.SSLContext.getDefault(SSLContext.java:96)
broker | at org.apache.activemq.transport.nio.NIOSSLTransport.initializeStreams(NIOSSLTransport.java:100)
broker | ... 14 common frames omitted
broker | Caused by: java.security.KeyStoreException: problem accessing trust store
broker | at sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:73)
broker | at javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:250)
broker | at sun.security.ssl.SSLContextImpl$DefaultManagersHolder.getTrustManagers(SSLContextImpl.java:1043)
broker | at sun.security.ssl.SSLContextImpl$DefaultManagersHolder.<clinit>(SSLContextImpl.java:1013)
broker | at sun.security.ssl.SSLContextImpl$DefaultSSLContext.<init>(SSLContextImpl.java:1188)
broker | at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
broker | at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
broker | at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
broker | at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
broker | at java.security.Provider$Service.newInstance(Provider.java:1595)
broker | ... 19 common frames omitted
broker | Caused by: java.io.EOFException: null
broker | at java.io.DataInputStream.readInt(DataInputStream.java:392)
broker | at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:661)
broker | at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:57)
broker | at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
broker | at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:71)
broker | at java.security.KeyStore.load(KeyStore.java:1445)
broker | at sun.security.ssl.TrustStoreManager$TrustAnchorManager.loadKeyStore(TrustStoreManager.java:370)
broker | at sun.security.ssl.TrustStoreManager$TrustAnchorManager.getTrustedCerts(TrustStoreManager.java:318)
broker | at sun.security.ssl.TrustStoreManager.getTrustedCerts(TrustStoreManager.java:55)
broker | at sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:49)

broker | ... 28 common frames omitted

The logs after including djavax.net.ssl in docker-compose file said:

Caused by: java.lang.SecurityException: com.google.inject.ProvisionException: Unable to provision, see the following errors:
broker           |
broker           | 1) Error injecting constructor, org.eclipse.kapua.service.certificate.exception.KapuaCertificateException: Error:
broker           |   at org.eclipse.kapua.service.certificate.internal.CertificateServiceImpl.<init>(CertificateServiceImpl.java:73)
broker           |   while locating org.eclipse.kapua.service.certificate.internal.CertificateServiceImpl
broker           |   at org.eclipse.kapua.locator.guice.KapuaModule.configure(KapuaModule.java:121)
broker           |   while locating org.eclipse.kapua.service.certificate.CertificateService
broker           |   at org.eclipse.kapua.service.authentication.shiro.AuthenticationServiceShiroImpl.<init>(AuthenticationServiceShiroImpl.java:112)
broker           |   while locating org.eclipse.kapua.service.authentication.shiro.AuthenticationServiceShiroImpl
broker           |   at org.eclipse.kapua.locator.guice.KapuaModule.configure(KapuaModule.java:121)
broker           |   while locating org.eclipse.kapua.service.authentication.AuthenticationService
broker           |
broker           | 1 error
broker           |      at org.eclipse.kapua.broker.core.KapuaBrokerSecurityPlugin.installPlugin(KapuaBrokerSecurityPlugin.java:68)
broker           |      at org.apache.activemq.broker.BrokerService.addInterceptors(BrokerService.java:2446)
broker           |      at org.apache.activemq.broker.BrokerService.createBroker(BrokerService.java:2307)
broker           |      at org.apache.activemq.broker.BrokerService.getBroker(BrokerService.java:1018)
broker           |      at org.apache.activemq.broker.BrokerService.getAdminConnectionContext(BrokerService.java:2577)
broker           |      at org.apache.activemq.broker.BrokerService.startVirtualConsumerDestinations(BrokerService.java:2744)
broker           |      at org.apache.activemq.broker.BrokerService.startDestinations(BrokerService.java:2568)
broker           |      at org.apache.activemq.broker.BrokerService.doStartBroker(BrokerService.java:727)
broker           |      at org.apache.activemq.broker.BrokerService.startBroker(BrokerService.java:721)
broker           |      at org.apache.activemq.broker.BrokerService.start(BrokerService.java:624)
broker           |      at org.apache.activemq.xbean.XBeanBrokerService.afterPropertiesSet(XBeanBrokerService.java:73)
broker           |      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
broker           |      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
broker           |      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
broker           |      at java.lang.reflect.Method.invoke(Method.java:498)
broker           |      at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1700)
broker           |      at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1639)
broker           |      at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1568)
broker           |      ... 27 more
broker           | Caused by: com.google.inject.ProvisionException: Unable to provision, see the following errors:
broker           |
broker           | 1) Error injecting constructor, org.eclipse.kapua.service.certificate.exception.KapuaCertificateException: Error:
broker           |   at org.eclipse.kapua.service.certificate.internal.CertificateServiceImpl.<init>(CertificateServiceImpl.java:73)
broker           |   while locating org.eclipse.kapua.service.certificate.internal.CertificateServiceImpl
broker           |   at org.eclipse.kapua.locator.guice.KapuaModule.configure(KapuaModule.java:121)
broker           |   while locating org.eclipse.kapua.service.certificate.CertificateService
broker           |   at org.eclipse.kapua.service.authentication.shiro.AuthenticationServiceShiroImpl.<init>(AuthenticationServiceShiroImpl.java:112)
broker           |   while locating org.eclipse.kapua.service.authentication.shiro.AuthenticationServiceShiroImpl
broker           |   at org.eclipse.kapua.locator.guice.KapuaModule.configure(KapuaModule.java:121)
broker           |   while locating org.eclipse.kapua.service.authentication.AuthenticationService
broker           |
broker           | 1 error
broker           |      at com.google.inject.internal.InjectorImpl$2.get(InjectorImpl.java:1028)
broker           |      at com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java:1054)
broker           |      at org.eclipse.kapua.locator.guice.GuiceLocatorImpl.getService(GuiceLocatorImpl.java:58)
broker           |      at org.eclipse.kapua.broker.core.plugin.KapuaSecurityBrokerFilter.<init>(KapuaSecurityBrokerFilter.java:159)
broker           |      at org.eclipse.kapua.broker.core.KapuaBrokerSecurityPlugin.installPlugin(KapuaBrokerSecurityPlugin.java:65)
broker           |      ... 44 more
broker           | 08:48:51.037 [main] WARN o.e.kapua.ExceptionMessageUtils - Could not load exception messages for code: CERTIFICATE_ERROR. A generic error message will be printed.
broker           | Caused by: org.eclipse.kapua.service.certificate.exception.KapuaCertificateException: Error:
broker           |      at org.eclipse.kapua.service.certificate.internal.CertificateServiceImpl.lambda$new$0(CertificateServiceImpl.java:82)
broker           |      at org.eclipse.kapua.commons.security.KapuaSecurityUtils.lambda$doPrivileged$0(KapuaSecurityUtils.java:78)
broker           |      at org.eclipse.kapua.commons.security.KapuaSecurityUtils.doPrivileged(KapuaSecurityUtils.java:116)
broker           |      at org.eclipse.kapua.commons.security.KapuaSecurityUtils.doPrivileged(KapuaSecurityUtils.java:77)
broker           |      at org.eclipse.kapua.service.certificate.internal.CertificateServiceImpl.<init>(CertificateServiceImpl.java:74)
broker           |      at org.eclipse.kapua.service.certificate.internal.CertificateServiceImpl$$FastClassByGuice$$9956af46.newInstance(<generated>)
broker           |      at com.google.inject.internal.DefaultConstructionProxyFactory$FastClassProxy.newInstance(DefaultConstructionProxyFactory.java:89)
broker           |      at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:111)
broker           |      at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:90)
broker           |      at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:268)
broker           |      at com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:56)
broker           |      at com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:46)
broker           |      at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1092)
broker           |      at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
broker           |      at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:194)
broker           |      at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:41)
broker           |      at com.google.inject.internal.InjectorImpl$2$1.call(InjectorImpl.java:1019)
broker           |      at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1092)
broker           |      at com.google.inject.internal.InjectorImpl$2.get(InjectorImpl.java:1015)
broker           |      at com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java:1054)
broker           |      at org.eclipse.kapua.locator.guice.GuiceLocatorImpl.getService(GuiceLocatorImpl.java:58)
broker           |      at org.eclipse.kapua.service.authentication.shiro.AuthenticationServiceShiroImpl.<init>(AuthenticationServiceShiroImpl.java:123)
broker           |      at org.eclipse.kapua.service.authentication.shiro.AuthenticationServiceShiroImpl$$FastClassByGuice$$251b3f55.newInstance(<generated>)
broker           |      at com.google.inject.internal.DefaultConstructionProxyFactory$FastClassProxy.newInstance(DefaultConstructionProxyFactory.java:89)
broker           |      at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:111)
broker           |      at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:90)
broker           |      at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:268)
broker           |      at com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:56)
broker           |      at com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:46)
broker           |      at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1092)
broker           |      at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
broker           |      at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:194)
broker           |      at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:41)
broker           |      at com.google.inject.internal.InjectorImpl$2$1.call(InjectorImpl.java:1019)
broker           |      at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1085)
broker           |      at com.google.inject.internal.InjectorImpl$2.get(InjectorImpl.java:1015)

Please help me to solve the problem as soon as possible.

Best regards,

Beyza

References:
- [kapua-dev] Please help: Problem with kapua broker Certficate
  - From: Beyza Dem

Prev by Date: [kapua-dev] Please help: Problem with kapua broker Certficate
Next by Date: [kapua-dev] One Github organisation per project activities
Previous by thread: [kapua-dev] Please help: Problem with kapua broker Certficate
Next by thread: [kapua-dev] One Github organisation per project activities
Index(es):
- Date
- Thread

Breadcrumbs