docker - Spring Boot 1.4.1 SSL trustAnchors exception -


i running spring boot microservices inside docker containers (docker-compose) testing, tried upgrade spring boot 1.4.0 1.4.1 (tried 1.4.2. also) services fail on start

invalidalgorithmparameterexception: trustanchors parameter must non-empty exception.

i have not experienced issues running spring boot 1.4.0. dockerfile use 1 of services provided below (some sensitive values have been replaced, tried 1.4.2 same result.

the same behaviour happens when run service on command line, environment variables , java params listed in dockerfile below.

here extract log:

2016-11-10 08:10:06.645 error [sbsa-account-om-service,,,] 1 --- [           main] o.apache.catalina.core.standardservice   : failed start connector [connector[http/1.1-8762]]  org.apache.catalina.lifecycleexception: failed start component [connector[http/1.1-8762]]     @ org.apache.catalina.util.lifecyclebase.start(lifecyclebase.java:167) ~[tomcat-embed-core-8.5.5.jar!/:8.5.5]     @ org.apache.catalina.core.standardservice.addconnector(standardservice.java:225) ~[tomcat-embed-core-8.5.5.jar!/:8.5.5]     @ org.springframework.boot.context.embedded.tomcat.tomcatembeddedservletcontainer.addpreviouslyremovedconnectors(tomcatembeddedservletcontainer.java:233) [spring-boot-1.4.1.release.jar!/:1.4.1.release]     @ org.springframework.boot.context.embedded.tomcat.tomcatembeddedservletcontainer.start(tomcatembeddedservletcontainer.java:178) [spring-boot-1.4.1.release.jar!/:1.4.1.release]     @ org.springframework.boot.context.embedded.embeddedwebapplicationcontext.startembeddedservletcontainer(embeddedwebapplicationcontext.java:297) [spring-boot-1.4.1.release.jar!/:1.4.1.release]     @ org.springframework.boot.context.embedded.embeddedwebapplicationcontext.finishrefresh(embeddedwebapplicationcontext.java:145) [spring-boot-1.4.1.release.jar!/:1.4.1.release]     @ org.springframework.context.support.abstractapplicationcontext.refresh(abstractapplicationcontext.java:544) [spring-context-4.3.3.release.jar!/:4.3.3.release]     @ org.springframework.boot.context.embedded.embeddedwebapplicationcontext.refresh(embeddedwebapplicationcontext.java:122) [spring-boot-1.4.1.release.jar!/:1.4.1.release]     @ org.springframework.boot.springapplication.refresh(springapplication.java:761) [spring-boot-1.4.1.release.jar!/:1.4.1.release]     @ org.springframework.boot.springapplication.refreshcontext(springapplication.java:371) [spring-boot-1.4.1.release.jar!/:1.4.1.release]     @ org.springframework.boot.springapplication.run(springapplication.java:315) [spring-boot-1.4.1.release.jar!/:1.4.1.release]     @ org.springframework.boot.springapplication.run(springapplication.java:1186) [spring-boot-1.4.1.release.jar!/:1.4.1.release]     @ org.springframework.boot.springapplication.run(springapplication.java:1175) [spring-boot-1.4.1.release.jar!/:1.4.1.release]     @ com.sbg.om.services.sbsaaccountomserviceapplication.main(sbsaaccountomserviceapplication.java:24) [classes!/:0.0.1-snapshot]     @ sun.reflect.nativemethodaccessorimpl.invoke0(native method) ~[na:1.8.0_11]     @ sun.reflect.nativemethodaccessorimpl.invoke(nativemethodaccessorimpl.java:62) ~[na:1.8.0_11]     @ sun.reflect.delegatingmethodaccessorimpl.invoke(delegatingmethodaccessorimpl.java:43) ~[na:1.8.0_11]     @ java.lang.reflect.method.invoke(method.java:483) ~[na:1.8.0_11]     @ org.springframework.boot.loader.mainmethodrunner.run(mainmethodrunner.java:48) [app.jar:0.0.1-snapshot]     @ org.springframework.boot.loader.launcher.launch(launcher.java:87) [app.jar:0.0.1-snapshot]     @ org.springframework.boot.loader.launcher.launch(launcher.java:50) [app.jar:0.0.1-snapshot]     @ org.springframework.boot.loader.jarlauncher.main(jarlauncher.java:58) [app.jar:0.0.1-snapshot] caused by: org.apache.catalina.lifecycleexception: service.getname(): "tomcat";  protocol handler start failed     @ org.apache.catalina.connector.connector.startinternal(connector.java:976) ~[tomcat-embed-core-8.5.5.jar!/:8.5.5]     @ org.apache.catalina.util.lifecyclebase.start(lifecyclebase.java:150) ~[tomcat-embed-core-8.5.5.jar!/:8.5.5]     ... 21 common frames omitted caused by: java.lang.illegalargumentexception: java.security.invalidalgorithmparameterexception: trustanchors parameter must non-empty     @ org.apache.tomcat.util.net.abstractjsseendpoint.createsslcontext(abstractjsseendpoint.java:103) ~[tomcat-embed-core-8.5.5.jar!/:8.5.5]     @ org.apache.tomcat.util.net.abstractjsseendpoint.initialisessl(abstractjsseendpoint.java:81) ~[tomcat-embed-core-8.5.5.jar!/:8.5.5]     @ org.apache.tomcat.util.net.nioendpoint.bind(nioendpoint.java:244) ~[tomcat-embed-core-8.5.5.jar!/:8.5.5]     @ org.apache.tomcat.util.net.abstractendpoint.start(abstractendpoint.java:874) ~[tomcat-embed-core-8.5.5.jar!/:8.5.5]     @ org.apache.coyote.abstractprotocol.start(abstractprotocol.java:590) ~[tomcat-embed-core-8.5.5.jar!/:8.5.5]     @ org.apache.catalina.connector.connector.startinternal(connector.java:969) ~[tomcat-embed-core-8.5.5.jar!/:8.5.5]     ... 22 common frames omitted caused by: java.security.invalidalgorithmparameterexception: trustanchors parameter must non-empty     @ java.security.cert.pkixparameters.settrustanchors(pkixparameters.java:200) ~[na:1.8.0_11]     @ java.security.cert.pkixparameters.<init>(pkixparameters.java:157) ~[na:1.8.0_11]     @ java.security.cert.pkixbuilderparameters.<init>(pkixbuilderparameters.java:130) ~[na:1.8.0_11]     @ org.apache.tomcat.util.net.jsse.jsseutil.getparameters(jsseutil.java:341) ~[tomcat-embed-core-8.5.5.jar!/:8.5.5]     @ org.apache.tomcat.util.net.jsse.jsseutil.gettrustmanagers(jsseutil.java:273) ~[tomcat-embed-core-8.5.5.jar!/:8.5.5]     @ org.apache.tomcat.util.net.abstractjsseendpoint.createsslcontext(abstractjsseendpoint.java:101) ~[tomcat-embed-core-8.5.5.jar!/:8.5.5]     ... 27 common frames omitted  2016-11-10 08:10:06.691  info [sbsa-account-om-service,,,] 1 --- [           main] o.apache.catalina.core.standardservice   : stopping service tomcat

dockerfile:

from webdizz/centos-java8 volume /tmp add <app name>.jar app.jar  add smoke-test.trust.jks /smoke-test.trust.jks  # environment vars ssl keystore + truststore env security_x509_orgunit=<org unit> env server_ssl_enabled="true" env security_sessions="stateless" env security_headers_hsts="all" env server_ssl_ciphers="tls_rsa_with_aes_128_cbc_sha,tls_rsa_with_aes_256_cbc_sha" env server_ssl_protocol="tls" env server_ssl_keystore="/smoke-test.trust.jks" env server_ssl_keystorepassword=<password> env server_ssl_keystoretype="jks" env server_ssl_keyalias=<alias> env server_ssl_keypassword=<password> env ribbon_readtimeout="60000" env ribbon_issecure="true" env ribbon_ishostnamevalidationrequired="true" env ribbon_keystore="/smoke-test.trust.jks" env ribbon_keystorepassword=<password> env security_requiressl="true" env server_ssl_truststore="/smoke-test.trust.jks" env server_ssl_truststorepassword=<password> env server_ssl_truststoretype="jks" env server_ssl_clientauth="need" env ribbon_truststore="/smoke-test.trust.jks" env ribbon_truststorepassword=<password> env ribbon_isclientauthrequired="true" env pci_cipher_key=<key> env liquibase_contexts=<context>  # run actual java app run sh -c 'touch /app.jar' expose 8762 expose 9997 entrypoint ["java",  \             "-djavax.net.ssl.truststore=/smoke-test.trust.jks", \             "-djavax.net.ssl.truststorepassword=<password>", \             "-djavax.net.ssl.truststoretype=jks", \                 "-djavax.net.debug=ssl", \             "-dspring.profiles.active=testing", \             "-dom.security.enabled=true", \             "-dmanagement.security.enabled=true", \             "-dom.security.x509.subjectprincipalregex=ou=(.*?)(?:,|$)", \             "-dom.security.x509.roleconfiguration[0].rolenames[0]=<rolename>", \             "-dom.security.x509.roleconfiguration[0].searchvalues[0]=<value>", \             "-dom.security.orderedpathrestrictions[0].pattern='/**'", \             "-dom.security.orderedpathrestrictions[0].roles=<role>", \                       "-dom.security.orderedpathrestrictions[0].csrfdisabled=true", \                      "-xdebug", \             "-agentlib:jdwp=transport=dt_socket,address=9997,server=y,suspend=n", \             "-dserver.port=8762", \             "-deureka.instance.non-secure-port=0", \             "-deureka.instance.secure-port=8762", \             "-deureka.instance.hostname=<name>", \             "-deureka.instance.nonsecureportenabled=false", \             "-deureka.instance.secureportenabled=true", \             "-deureka.client.serviceurl.defaultzone=<url>", \             "-dspring.application.name=sbsa-account-om-service", \             "-deureka.instance.securevirtualhostname=<name>", \             "-djava.security.egd=file:/dev/./urandom", \             "-jar", \             "/app.jar"]

edit: not same issue mentioned in trustanchors question problem related going spring boot version 1.4.0 1.4.1, change being boot version, other configs worked under spring boot 1.4.0 have been left same.

turns out of spring boot 1.4.1 underlying tomcat version got bumped 8.5.6 , not accept other certificate types other than

entry type: trustedcertentry

i using self signed certs of type:

entry type: privatekeyentry

after re-generating certs started working fine.


Comments

Post a Comment

Popular posts from this blog

asynchronous - C# WinSCP .NET assembly: How to upload multiple files asynchronously -

i using winscp .net assembly uploading files. want upload multiple files asynchronous way. have created method works single upload. public class uploadingdata { private sessionoptions _sessionoptions; private session _session; //connection etc private void onconnected() { foreach (var fileinfo in localfileslist) { var task = task.factory.startnew(() => uploadfilesasync(fileinfo)); } } private async task uploadfilesasync(string file) { string remotefilepath = _session.translatelocalpathtoremote(file, @"/", "/test_data_upload"); var uploading = _session.putfiles(file, remotefilepath, false); //when done await task.run(() => thread.sleep(1000)); } } please suggest me correct way. thanks you can use backgroundworker class this: string[] images = new string[50]; foreach (var path in images) { backgroundworker
Read more

aws api gateway - SerializationException in posting new Records via Dynamodb Proxy Service in API -

i getting "__type": "com.amazon.coral.service#serializationexception" as reply in postman & in test console in api gateway trying post record directly dynamodb using api proxy services.. referring aws article - https://aws.amazon.com/blogs/compute/using-amazon-api-gateway-as-a-proxy-for-dynamodb/ here's mapping { "tablename": "tablenamegoeshere", "item": { "id" : "$context.requestid" "eventname" : "$input.path('$.eventname')", "timestamp" : $input.path('$.timestamp'), "answers": "$util.parsejson($input.path('$.answers'))" } } update: did asked ... , worked if try add array of json objects gives me above same error - here's trying now. please - couldnt find on google well #set($inputroot = $input.path('$')) { "tablename": "answer", "item": {
Read more

asp.net - Problems sending emails from forum -

i have been redesigning site has message board, has been written guy looked after site. it has few problems , written in .asp , uses .mdb files database. you can see whole thing here . feel free post if helps, test thing have set using original files , new database. the basic problem when posts message, supposed email sent them, have posted it. when replies, originator supposed message, replier has been posted. i’d have thought @ point in process there should script/file in postmessage.asp? the postmessage.asp page below. <% option explicit %> <!-- #include virtual="common/adovbs.inc" --> <html> <head> <meta http-equiv="content-type" content="text/html; charset=windows-1252"> <meta name="generator" content="microsoft frontpage 4.0"> <meta name="progid" content="frontpage.editor.document"> <title>new page 2</title> <base target="_self"
Read more