tags:

views:

894

answers:

4
Q: 

Solaris JMS Client connect to Weblogic 11g t3s security problem

When I try to connect Weblogic t3s protocol in Solaris Server, it shows this error:

java.lang.IllegalStateException: Not enough cryptography available to enable a cipher suite!
        at com.certicom.tls.interfaceimpl.TLSSystem.resetCipherSuiteSupport(Unknown Source)
        at com.certicom.tls.interfaceimpl.TLSSystem.setCertificateSupport(Unknown Source)
        at com.certicom.tls.interfaceimpl.TLSSystem.<init>(Unknown Source)
        at com.certicom.tls.interfaceimpl.TLSSystem.<init>(Unknown Source)
        at com.certicom.net.ssl.SSLContext.<init>(Unknown Source)
        at com.bea.sslplus.CerticomSSLContext.<init>(Unknown Source)
        at sun.reflect.GeneratedConstructorAccessor6.newInstance(Unknown Source)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
        at java.lang.Class.newInstance0(Class.java:355)
        at java.lang.Class.newInstance(Class.java:308)
        at weblogic.security.utils.SSLSetup.getSSLDelegateInstance(SSLSetup.java:122)
        at weblogic.security.utils.SSLContextWrapper.<init>(SSLContextWrapper.java:48)
        at weblogic.security.utils.SSLContextWrapper.getInstance(SSLContextWrapper.java:43)
        at weblogic.security.utils.SSLSetup.getSSLContext(SSLSetup.java:238)
        at weblogic.security.SSL.SSLClientInfo.getSSLSocketFactory(SSLClientInfo.java:101)
        at weblogic.socket.ChannelSSLSocketFactory.getSocketFactory(ChannelSSLSocketFactory.java:170)
        at weblogic.socket.ChannelSSLSocketFactory.createSocket(ChannelSSLSocketFactory.java:77)
        at weblogic.socket.ChannelSSLSocketFactory.createSocket(ChannelSSLSocketFactory.java:114)
        at weblogic.socket.BaseAbstractMuxableSocket.createSocket(BaseAbstractMuxableSocket.java:133)
        at weblogic.rjvm.t3.MuxableSocketT3.newSocketWithRetry(MuxableSocketT3.java:206)
        at weblogic.rjvm.t3.MuxableSocketT3.connect(MuxableSocketT3.java:375)
        at weblogic.rjvm.t3.ConnectionFactoryT3S.createConnection(ConnectionFactoryT3S.java:34)
        at weblogic.rjvm.ConnectionManager.createConnection(ConnectionManager.java:1773)
        at weblogic.rjvm.ConnectionManager.findOrCreateConnection(ConnectionManager.java:1416)
        at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:437)
        at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:315)
        at weblogic.rjvm.RJVMManager.findOrCreateRemoteInternal(RJVMManager.java:251)
        at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager.java:194)
        at weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer(RJVMFinder.java:238)
        at weblogic.rjvm.RJVMFinder.findOrCreateInternal(RJVMFinder.java:200)
        at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:170)
        at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:153)
        at weblogic.jndi.WLInitialContextFactoryDelegate$1.run(WLInitialContextFactoryDelegate.java:344)
        at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
        at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
        at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:339)
        at weblogic.jndi.Environment.getContext(Environment.java:315)
        at weblogic.jndi.Environment.getContext(Environment.java:285)
        at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:117)
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
        at javax.naming.InitialContext.init(InitialContext.java:223)
        at javax.naming.InitialContext.<init>(InitialContext.java:197)

I have define the following parameters:

-Djava.protocol.handler.pkgs=weblogic.net -Dweblogic.security.SSL.ignoreHostnameVerification=true -Dweblogic.security.TrustKeyStore=CustomTrust -Dweblogic.security.CustomTrustKeyStoreType=JKS -Dweblogic.security.CustomTrustKeyStoreFileName=keystore -Dweblogic.security.CustomTrustKeyStorePassPhrase=passphrase -Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true

How can I fix it? Same source and same parameters is working in Windows.

Thank You.

+1  A: 

Are you using the same JVM vendor on both machines?

Most likely the CA used to generate the keystore is available on the Windows truststore but not available on Solaris, the assumption being the keystore was generated in Windows and the CA is not yet shipped with the JRE being used on Solaris. The differences are discussed here.

How to configure the truststore to add a CA

n002213f  2010-01-12 12:02:25
I have build a new trust store and store Weblogic CA. Also I have use absolute path pointed to the file. THX
chris13work  2010-01-12 16:29:32
A: 

Are you sure that you keystore file is picked up? Maybe try to use an absolute path when specifying the -Dweblogic.security.CustomTrustKeyStoreFileName option.

Also, are the classpath of the JMS client really identical in both environments?

Try to provide wlserver_10.3/server/lib/wlfullclient.jar (that you create by running the command java -jar wljarbuilder.jar) and wlserver_10.3/server/lib/wlcipher.jar (yeah, wlfullclient.jar is not that full!) on the classpath.

Pascal Thivent  2010-01-12 13:32:28
ya, The wlcipher.jar is in the classpath and Key store is absolute path.
chris13work  2010-01-12 16:25:24
A: 

Finally, We got the solution.

Just add webserviceclient+ssl.jar to your classpath will solve the problem.

  • webserviceclient+ssl.jar not included in wlfullclient.jar.
chris13work  2010-01-14 03:30:17
Yeah, a JMS client needs a jar for webservices, this is so obvious. And why the hell is this jar in the classpath under windows!? Madness!
Pascal Thivent  2010-01-14 04:01:20
I have no idea. I double check my windows environment, there are 2 environment variables:WEBLOGIC_HOME=D:\weblogic\bea10.3\wlserver_10.3WL_HOME=D:\weblogic\bea10.3\wlserver_10.3But I don't think this is related.
chris13work  2010-01-14 08:42:52
+1  A: 

This solution comes a bit late in the day, but is meant for others having the same problem.

Apparently, the accepted solution of adding webserviceclient+ssl.jar to the classpath works, since the WebLogic Full Client - wlfullclient.jar has references to other JARs in its MANIFEST.MF file. Adding the webservices client JAR resolves the issue, since it appears to have the minimum set of classes required for correct operation of the client when using SSL/TLS. The error is usually encountered when copies of the wlfullclient.jar and wlcipher.jar are made in a different directory, and added to the classpath. The JVM then fails to load other dependent classes from JARs that are referenced from within the MANIFEST file.

The actual solution would be to add the wlfullclient.jar that is generated in the *WL_HOME*\server\lib directory, to the CLASSPATH. All other dependent JARs would then be picked up via the appropriate classloader, since the manifest references these via relative directory paths.

Vineet Reynolds  2010-04-06 21:27:09

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java