Cannot generate DH keypair!

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Cannot generate DH keypair!

EricMacau
Hello,

When I tried to connect to the remote SSL server, it raised the following exception? Any body can teach me or give me some hints what cause this? Thanks.

My platform: 
Java 1.8
bcpkix-jdk15on-154.jar, bcprov-jdk15on-154.jar


Best regards,
Eric




2016-06-29 11:38:41 ERROR mo.dse.certservice.services.CertService:checkOcspHashValue,308 - ; nested exception is: 
javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
org.apache.axis.AxisFault: ; nested exception is: 
javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
at org.apache.axis.AxisFault.makeFault(AxisFault.java:101) ~[axis.jar:na]
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154) ~[axis.jar:na]
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) ~[axis.jar:na]
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) ~[axis.jar:na]
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) ~[axis.jar:na]
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165) ~[axis.jar:na]
at org.apache.axis.client.Call.invokeEngine(Call.java:2784) ~[axis.jar:na]
at org.apache.axis.client.Call.invoke(Call.java:2767) ~[axis.jar:na]
at org.apache.axis.client.Call.invoke(Call.java:2443) ~[axis.jar:na]
at org.apache.axis.client.Call.invoke(Call.java:2366) ~[axis.jar:na]
at org.apache.axis.client.Call.invoke(Call.java:1812) ~[axis.jar:na]
at mo.dse.certservice.services.CertService.checkOcspHashValue(CertService.java:285) ~[CertService.jar:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_91]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_91]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_91]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_91]
at com.sun.xml.ws.api.server.InstanceResolver$1.invoke(InstanceResolver.java:250) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.server.InvokerTube$2.invoke(InvokerTube.java:149) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.server.sei.SEIInvokerTube.processRequest(SEIInvokerTube.java:88) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1063) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:979) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:950) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:825) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:380) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:651) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:264) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.transport.http.servlet.ServletAdapter.invokeAsync(ServletAdapter.java:218) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doGet(WSServletDelegate.java:159) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServletDelegate.java:194) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.transport.http.servlet.WSServlet.doPost(WSServlet.java:80) [jaxws-rt.jar:2.2.7]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:648) [servlet-api.jar:na]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) [servlet-api.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292) [catalina.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [catalina.jar:8.0.32]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) [tomcat-websocket.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [catalina.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [catalina.jar:8.0.32]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) [catalina.jar:8.0.32]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) [catalina.jar:8.0.32]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) [catalina.jar:8.0.32]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) [catalina.jar:8.0.32]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [catalina.jar:8.0.32]
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616) [catalina.jar:8.0.32]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) [catalina.jar:8.0.32]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:522) [catalina.jar:8.0.32]
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1095) [tomcat-coyote.jar:8.0.32]
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672) [tomcat-coyote.jar:8.0.32]
at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2500) [tomcat-coyote.jar:8.0.32]
at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2489) [tomcat-coyote.jar:8.0.32]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_91]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_91]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:8.0.32]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_91]
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1906) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1889) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1410) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) ~[na:1.8.0_91]
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186) ~[axis.jar:na]
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191) ~[axis.jar:na]
at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404) ~[axis.jar:na]
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138) ~[axis.jar:na]
... 51 common frames omitted
Caused by: java.lang.RuntimeException: Could not generate DH keypair
at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:81) ~[na:1.8.0_91]
at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:721) ~[na:1.8.0_91]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:281) ~[na:1.8.0_91]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) ~[na:1.8.0_91]
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) ~[na:1.8.0_91]
... 56 common frames omitted
Caused by: java.security.InvalidAlgorithmParameterException: parameter object not a ECParameterSpec
at org.bouncycastle.jce.provider.JDKKeyPairGenerator$EC.initialize(Unknown Source) ~[na:na]
at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:76) ~[na:1.8.0_91]
... 63 common frames omitted
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Cannot generate DH keypair!

David Hook

I'd recommend having a very good look at your class path

org.bouncycastle.jce.provider.JDKKeyPairGenerator$EC.initialize(Unknown Source) ~[na:na]

does not exist in 1.54. There's a much older version of BC in the class path somewhere.

Regards,

David

On 29/06/16 13:59, Eric Chow wrote:
Hello,

When I tried to connect to the remote SSL server, it raised the following exception? Any body can teach me or give me some hints what cause this? Thanks.

My platform: 
Java 1.8
bcpkix-jdk15on-154.jar, bcprov-jdk15on-154.jar


Best regards,
Eric




2016-06-29 11:38:41 ERROR mo.dse.certservice.services.CertService:checkOcspHashValue,308 - ; nested exception is: 
javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
org.apache.axis.AxisFault: ; nested exception is: 
javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
at org.apache.axis.AxisFault.makeFault(AxisFault.java:101) ~[axis.jar:na]
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154) ~[axis.jar:na]
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) ~[axis.jar:na]
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) ~[axis.jar:na]
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) ~[axis.jar:na]
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165) ~[axis.jar:na]
at org.apache.axis.client.Call.invokeEngine(Call.java:2784) ~[axis.jar:na]
at org.apache.axis.client.Call.invoke(Call.java:2767) ~[axis.jar:na]
at org.apache.axis.client.Call.invoke(Call.java:2443) ~[axis.jar:na]
at org.apache.axis.client.Call.invoke(Call.java:2366) ~[axis.jar:na]
at org.apache.axis.client.Call.invoke(Call.java:1812) ~[axis.jar:na]
at mo.dse.certservice.services.CertService.checkOcspHashValue(CertService.java:285) ~[CertService.jar:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_91]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_91]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_91]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_91]
at com.sun.xml.ws.api.server.InstanceResolver$1.invoke(InstanceResolver.java:250) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.server.InvokerTube$2.invoke(InvokerTube.java:149) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.server.sei.SEIInvokerTube.processRequest(SEIInvokerTube.java:88) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1063) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:979) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:950) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:825) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:380) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:651) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:264) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.transport.http.servlet.ServletAdapter.invokeAsync(ServletAdapter.java:218) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doGet(WSServletDelegate.java:159) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServletDelegate.java:194) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.transport.http.servlet.WSServlet.doPost(WSServlet.java:80) [jaxws-rt.jar:2.2.7]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:648) [servlet-api.jar:na]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) [servlet-api.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292) [catalina.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [catalina.jar:8.0.32]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) [tomcat-websocket.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [catalina.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [catalina.jar:8.0.32]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) [catalina.jar:8.0.32]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) [catalina.jar:8.0.32]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) [catalina.jar:8.0.32]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) [catalina.jar:8.0.32]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [catalina.jar:8.0.32]
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616) [catalina.jar:8.0.32]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) [catalina.jar:8.0.32]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:522) [catalina.jar:8.0.32]
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1095) [tomcat-coyote.jar:8.0.32]
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672) [tomcat-coyote.jar:8.0.32]
at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2500) [tomcat-coyote.jar:8.0.32]
at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2489) [tomcat-coyote.jar:8.0.32]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_91]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_91]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:8.0.32]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_91]
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1906) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1889) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1410) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) ~[na:1.8.0_91]
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186) ~[axis.jar:na]
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191) ~[axis.jar:na]
at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404) ~[axis.jar:na]
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138) ~[axis.jar:na]
... 51 common frames omitted
Caused by: java.lang.RuntimeException: Could not generate DH keypair
at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:81) ~[na:1.8.0_91]
at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:721) ~[na:1.8.0_91]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:281) ~[na:1.8.0_91]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) ~[na:1.8.0_91]
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) ~[na:1.8.0_91]
... 56 common frames omitted
Caused by: java.security.InvalidAlgorithmParameterException: parameter object not a ECParameterSpec
at org.bouncycastle.jce.provider.JDKKeyPairGenerator$EC.initialize(Unknown Source) ~[na:na]
at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:76) ~[na:1.8.0_91]
... 63 common frames omitted

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Fwd: [dev-crypto] Cannot generate DH keypair!

EricMacau
Hello David,

It is strange, as you said that there is a much older version of BC in the classpath. Yes, I found one bcprov-jdk13-133.jar in other webapp.

But it is strange why it will load that old jar which is not in the same webapp (classloader).


My environment:

Tomcat-8.0.32


There are two webapps under the tomcat, and the location of those BC libraries are as following:

tomcat-8.0.32/webapps/CertService/WEB-INF/lib  ---> bcpkix-jdk15on-154.jar, bcprov-jdk15on-154.jar
tomcat-8.0.32/webapps/DocService/WEB/INF/lib  ---> bcprov-jdk13-133.jar



My question is that why it will load the old jar from DocService when I am calling the CertService?

Is it the BC bug or the Tomcat bug?

Thanks,
Eric






On Wed, Jun 29, 2016 at 4:22 PM, Eric Chow <[hidden email]> wrote:
In my WEB-INF/lib, it is only existing two BC library (bcpkix-jdk15on-154.jar, bcprov-jdk15on-154.jar). I double checked the $TOMCAT_HOME/lib, there is also not any BC related jar file.

Therefore, I don't know what is happing. Would you please to give me more hints or idea why it raises those exceptions?

Thanks.

Eric


On Wed, Jun 29, 2016 at 12:52 PM, David Hook <[hidden email]> wrote:

I'd recommend having a very good look at your class path

org.bouncycastle.jce.provider.JDKKeyPairGenerator$EC.initialize(Unknown Source) ~[na:na]

does not exist in 1.54. There's a much older version of BC in the class path somewhere.

Regards,

David


On 29/06/16 13:59, Eric Chow wrote:
Hello,

When I tried to connect to the remote SSL server, it raised the following exception? Any body can teach me or give me some hints what cause this? Thanks.

My platform: 
Java 1.8
bcpkix-jdk15on-154.jar, bcprov-jdk15on-154.jar


Best regards,
Eric




2016-06-29 11:38:41 ERROR mo.dse.certservice.services.CertService:checkOcspHashValue,308 - ; nested exception is: 
javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
org.apache.axis.AxisFault: ; nested exception is: 
javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
at org.apache.axis.AxisFault.makeFault(AxisFault.java:101) ~[axis.jar:na]
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154) ~[axis.jar:na]
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) ~[axis.jar:na]
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) ~[axis.jar:na]
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) ~[axis.jar:na]
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165) ~[axis.jar:na]
at org.apache.axis.client.Call.invokeEngine(Call.java:2784) ~[axis.jar:na]
at org.apache.axis.client.Call.invoke(Call.java:2767) ~[axis.jar:na]
at org.apache.axis.client.Call.invoke(Call.java:2443) ~[axis.jar:na]
at org.apache.axis.client.Call.invoke(Call.java:2366) ~[axis.jar:na]
at org.apache.axis.client.Call.invoke(Call.java:1812) ~[axis.jar:na]
at mo.dse.certservice.services.CertService.checkOcspHashValue(CertService.java:285) ~[CertService.jar:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_91]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_91]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_91]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_91]
at com.sun.xml.ws.api.server.InstanceResolver$1.invoke(InstanceResolver.java:250) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.server.InvokerTube$2.invoke(InvokerTube.java:149) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.server.sei.SEIInvokerTube.processRequest(SEIInvokerTube.java:88) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1063) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:979) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:950) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:825) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:380) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:651) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:264) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.transport.http.servlet.ServletAdapter.invokeAsync(ServletAdapter.java:218) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doGet(WSServletDelegate.java:159) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServletDelegate.java:194) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.transport.http.servlet.WSServlet.doPost(WSServlet.java:80) [jaxws-rt.jar:2.2.7]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:648) [servlet-api.jar:na]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) [servlet-api.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292) [catalina.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [catalina.jar:8.0.32]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) [tomcat-websocket.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [catalina.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [catalina.jar:8.0.32]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) [catalina.jar:8.0.32]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) [catalina.jar:8.0.32]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) [catalina.jar:8.0.32]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) [catalina.jar:8.0.32]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [catalina.jar:8.0.32]
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616) [catalina.jar:8.0.32]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) [catalina.jar:8.0.32]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:522) [catalina.jar:8.0.32]
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1095) [tomcat-coyote.jar:8.0.32]
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672) [tomcat-coyote.jar:8.0.32]
at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2500) [tomcat-coyote.jar:8.0.32]
at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2489) [tomcat-coyote.jar:8.0.32]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_91]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_91]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:8.0.32]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_91]
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1906) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1889) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1410) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) ~[na:1.8.0_91]
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186) ~[axis.jar:na]
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191) ~[axis.jar:na]
at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404) ~[axis.jar:na]
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138) ~[axis.jar:na]
... 51 common frames omitted
Caused by: java.lang.RuntimeException: Could not generate DH keypair
at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:81) ~[na:1.8.0_91]
at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:721) ~[na:1.8.0_91]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:281) ~[na:1.8.0_91]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) ~[na:1.8.0_91]
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) ~[na:1.8.0_91]
... 56 common frames omitted
Caused by: java.security.InvalidAlgorithmParameterException: parameter object not a ECParameterSpec
at org.bouncycastle.jce.provider.JDKKeyPairGenerator$EC.initialize(Unknown Source) ~[na:na]
at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:76) ~[na:1.8.0_91]
... 63 common frames omitted




Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fwd: [dev-crypto] Cannot generate DH keypair!

David Hook

It's not a BC bug, it might not necessarily be a tomcat bug either... if either one of the apps is actually installing the provider in the JVM it's probably game over. As the DocService is using a JDK 13 jar it almost certainly will be.

Regards,

David


On 29/06/16 20:04, Eric Chow wrote:
Hello David,

It is strange, as you said that there is a much older version of BC in the classpath. Yes, I found one bcprov-jdk13-133.jar in other webapp.

But it is strange why it will load that old jar which is not in the same webapp (classloader).


My environment:

Tomcat-8.0.32


There are two webapps under the tomcat, and the location of those BC libraries are as following:

tomcat-8.0.32/webapps/CertService/WEB-INF/lib  ---> bcpkix-jdk15on-154.jar, bcprov-jdk15on-154.jar
tomcat-8.0.32/webapps/DocService/WEB/INF/lib  ---> bcprov-jdk13-133.jar



My question is that why it will load the old jar from DocService when I am calling the CertService?

Is it the BC bug or the Tomcat bug?

Thanks,
Eric






On Wed, Jun 29, 2016 at 4:22 PM, Eric Chow <[hidden email]> wrote:
In my WEB-INF/lib, it is only existing two BC library (bcpkix-jdk15on-154.jar, bcprov-jdk15on-154.jar). I double checked the $TOMCAT_HOME/lib, there is also not any BC related jar file.

Therefore, I don't know what is happing. Would you please to give me more hints or idea why it raises those exceptions?

Thanks.

Eric


On Wed, Jun 29, 2016 at 12:52 PM, David Hook <[hidden email]> wrote:

I'd recommend having a very good look at your class path

org.bouncycastle.jce.provider.JDKKeyPairGenerator$EC.initialize(Unknown Source) ~[na:na]

does not exist in 1.54. There's a much older version of BC in the class path somewhere.

Regards,

David


On 29/06/16 13:59, Eric Chow wrote:
Hello,

When I tried to connect to the remote SSL server, it raised the following exception? Any body can teach me or give me some hints what cause this? Thanks.

My platform: 
Java 1.8
bcpkix-jdk15on-154.jar, bcprov-jdk15on-154.jar


Best regards,
Eric




2016-06-29 11:38:41 ERROR mo.dse.certservice.services.CertService:checkOcspHashValue,308 - ; nested exception is: 
javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
org.apache.axis.AxisFault: ; nested exception is: 
javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
at org.apache.axis.AxisFault.makeFault(AxisFault.java:101) ~[axis.jar:na]
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154) ~[axis.jar:na]
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) ~[axis.jar:na]
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) ~[axis.jar:na]
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) ~[axis.jar:na]
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165) ~[axis.jar:na]
at org.apache.axis.client.Call.invokeEngine(Call.java:2784) ~[axis.jar:na]
at org.apache.axis.client.Call.invoke(Call.java:2767) ~[axis.jar:na]
at org.apache.axis.client.Call.invoke(Call.java:2443) ~[axis.jar:na]
at org.apache.axis.client.Call.invoke(Call.java:2366) ~[axis.jar:na]
at org.apache.axis.client.Call.invoke(Call.java:1812) ~[axis.jar:na]
at mo.dse.certservice.services.CertService.checkOcspHashValue(CertService.java:285) ~[CertService.jar:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_91]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_91]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_91]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_91]
at com.sun.xml.ws.api.server.InstanceResolver$1.invoke(InstanceResolver.java:250) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.server.InvokerTube$2.invoke(InvokerTube.java:149) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.server.sei.SEIInvokerTube.processRequest(SEIInvokerTube.java:88) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1063) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:979) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:950) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:825) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:380) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:651) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:264) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.transport.http.servlet.ServletAdapter.invokeAsync(ServletAdapter.java:218) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doGet(WSServletDelegate.java:159) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServletDelegate.java:194) [jaxws-rt.jar:2.2.7]
at com.sun.xml.ws.transport.http.servlet.WSServlet.doPost(WSServlet.java:80) [jaxws-rt.jar:2.2.7]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:648) [servlet-api.jar:na]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) [servlet-api.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292) [catalina.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [catalina.jar:8.0.32]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) [tomcat-websocket.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [catalina.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [catalina.jar:8.0.32]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) [catalina.jar:8.0.32]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) [catalina.jar:8.0.32]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) [catalina.jar:8.0.32]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) [catalina.jar:8.0.32]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [catalina.jar:8.0.32]
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616) [catalina.jar:8.0.32]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) [catalina.jar:8.0.32]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:522) [catalina.jar:8.0.32]
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1095) [tomcat-coyote.jar:8.0.32]
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672) [tomcat-coyote.jar:8.0.32]
at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2500) [tomcat-coyote.jar:8.0.32]
at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2489) [tomcat-coyote.jar:8.0.32]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_91]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_91]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:8.0.32]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_91]
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1906) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1889) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1410) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) ~[na:1.8.0_91]
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186) ~[axis.jar:na]
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191) ~[axis.jar:na]
at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404) ~[axis.jar:na]
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138) ~[axis.jar:na]
... 51 common frames omitted
Caused by: java.lang.RuntimeException: Could not generate DH keypair
at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:81) ~[na:1.8.0_91]
at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:721) ~[na:1.8.0_91]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:281) ~[na:1.8.0_91]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) ~[na:1.8.0_91]
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) ~[na:1.8.0_91]
... 56 common frames omitted
Caused by: java.security.InvalidAlgorithmParameterException: parameter object not a ECParameterSpec
at org.bouncycastle.jce.provider.JDKKeyPairGenerator$EC.initialize(Unknown Source) ~[na:na]
at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:76) ~[na:1.8.0_91]
... 63 common frames omitted





Loading...