Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6382135

RSA premaster secret error / Cannot find any provider supporting RSA/ECB/PKCS1Padding

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P4
    • Resolution: Not an Issue
    • Affects Version/s: 5.0
    • Fix Version/s: None
    • Component/s: security-libs
    • Labels:

      Description

      FULL PRODUCT VERSION :
      java version "1.5.0_06"
      Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05)
      Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode, sharing)

      ADDITIONAL OS VERSION INFORMATION :
      Windows -XP

      A DESCRIPTION OF THE PROBLEM :
      While communicating to an Active Directory server via SSL and also exuting the application with a security manager in place javax.naming.CommunicationException exception is thrown.

      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :

      1. Include the root certificate of Active Direcotry into the cacerts of the JAVA_HOME/jre/lib/security folder.

      2.Create a class file from the attached testcase

      3. JAR this class file. Make sure that a policy file exists to grant it all the permissions. Excute it via the command prompt and use

      java -Djava.security.manager <class file>

      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      I was expecting the user to be successfully authenticated and no exceptions to be thrown.
      ACTUAL -
      javax.naming.CommunicationException: simple bind failed: <server ip>:636 [Root
      xception is javax.net.ssl.SSLKeyException: RSA premaster secret error]
       
      ERROR MESSAGES/STACK TRACES THAT OCCUR :
      javax.naming.CommunicationException: simple bind failed: <server ip>:636 [Root
      xception is javax.net.ssl.SSLKeyException: RSA premaster secret error]
              at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
              at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
              at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
              at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
              at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
              at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
              at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
              at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
              at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
              at javax.naming.InitialContext.init(Unknown Source)
              at javax.naming.InitialContext.<init>(Unknown Source)
              at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
              at com.docfinity.loginmodule.OitJndiLoginModule.getContext(OitJndiLogin
      odule.java:138)
              at com.docfinity.loginmodule.OitJndiLoginModule.login(OitJndiLoginModul
      .java:81)
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
              at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
              at java.lang.reflect.Method.invoke(Unknown Source)
              at javax.security.auth.login.LoginContext.invoke(Unknown Source)
              at javax.security.auth.login.LoginContext.access$000(Unknown Source)
              at javax.security.auth.login.LoginContext$4.run(Unknown Source)
              at java.security.AccessController.doPrivileged(Native Method)
              at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)
              at javax.security.auth.login.LoginContext.login(Unknown Source)
              at com.docfinity.application.LoginManager.authenticateJndi(LoginManager
      java:260)
              at com.docfinity.application.LoginManager.actionPerformed(LoginManager.
      ava:129)
              at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
              at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
              at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
              at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
              at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Sou
      ce)
              at java.awt.Component.processMouseEvent(Unknown Source)
              at javax.swing.JComponent.processMouseEvent(Unknown Source)
              at java.awt.Component.processEvent(Unknown Source)
              at java.awt.Container.processEvent(Unknown Source)
              at java.awt.Component.dispatchEventImpl(Unknown Source)
              at java.awt.Container.dispatchEventImpl(Unknown Source)
              at java.awt.Component.dispatchEvent(Unknown Source)
              at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
              at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
              at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
              at java.awt.Container.dispatchEventImpl(Unknown Source)
              at java.awt.Window.dispatchEventImpl(Unknown Source)
              at java.awt.Component.dispatchEvent(Unknown Source)
              at java.awt.EventQueue.dispatchEvent(Unknown Source)
              at java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source

              at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
              at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
              at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
              at java.awt.EventDispatchThread.run(Unknown Source)
      Caused by: javax.net.ssl.SSLKeyException: RSA premaster secret error
              at com.sun.net.ssl.internal.ssl.PreMasterSecret.<init>(Unknown Source)
              at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(Unknow
       Source)
              at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
      Source)
              at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
              at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Sourc
      )
              at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source

              at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(U
      known Source)
              at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Sourc
      )
              at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
              at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
              at java.io.BufferedOutputStream.flush(Unknown Source)
              at com.sun.jndi.ldap.Connection.writeRequest(Unknown Source)
              at com.sun.jndi.ldap.LdapClient.ldapBind(Unknown Source)
              ... 50 more
      Caused by: java.security.NoSuchAlgorithmException: Cannot find any provider sup
      orting RSA/ECB/PKCS1Padding
              at javax.crypto.Cipher.getInstance(DashoA12275)
              at com.sun.net.ssl.internal.ssl.JsseJce.getCipher(Unknown Source)
              at com.sun.net.ssl.internal.ssl.RSACipher.<init>(Unknown Source)
              at com.sun.net.ssl.internal.ssl.RSACipher.getInstance(Unknown Source)
              ... 63 more

      REPRODUCIBILITY :
      This bug can be reproduced always.

      ---------- BEGIN SOURCE ----------
      import java.io.IOException;
      import java.util.Hashtable;
      import javax.naming.ldap.*;
      import javax.naming.directory.*;
      import javax.naming.*;
        
      public class searchssl
      {
      public static void main (String[] args)
      {

      Hashtable env = new Hashtable();


      String adminName = "<username>";
      String adminPassword = "<passoword>";
      String ldapURL = "ldap://&lt;serverip&gt;:636";
       
      //Access the keystore, this is where the Root CA public key cert was installed
      //Could also do this via the command line option java -Djavax.net.ssl.trustStore....
      //No need to specifiy the keystore password for read operations
      System.out.println(System.getProperty("java.home"));
      System.out.println(System.getProperty("user.home"));
      String keystore = System.getProperty("java.home") + "/lib/security/cacerts";
      System.setProperty("javax.net.ssl.trustStore",keystore);

      env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");

      //set security credentials
      env.put(Context.SECURITY_AUTHENTICATION,"simple");
      env.put(Context.SECURITY_PRINCIPAL,adminName);
      env.put(Context.SECURITY_CREDENTIALS,adminPassword);
       
      //specify use of ssl
      env.put(Context.SECURITY_PROTOCOL,"ssl");

      //connect to my domain controller
      env.put(Context.PROVIDER_URL,ldapURL);
      try {
       
      // Create the initial directory context
      LdapContext ctx = new InitialLdapContext(env,null);
      //Create the critical Sort control that sorts based on "cn"
      Control[] ctxCtls = new Control[]{
      new SortControl(new String[]{"cn"}, Control.CRITICAL)
      };

      //Set the context's request controls to be ctxCtls
      ctx.setRequestControls(ctxCtls);

      //Create the search controls
      SearchControls searchCtls = new SearchControls();

      //Specify the attributes to return
      String returnedAtts[]={"sn","givenName","mail"};
      searchCtls.setReturningAttributes(returnedAtts);

      //Specify the search scope
      searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
       
      //specify the LDAP search filter
      String searchFilter = "(&(objectClass=user)(mail=*))";
       
      //Specify the Base for the search
      String searchBase = "DC=OIT,DC=DocFinity,DC=com";
       
      //initialize counter to total the results
      int totalResults = 0;
       
       
      // Search for objects using the filter
      NamingEnumeration answer = ctx.search(searchBase, searchFilter, searchCtls);
       
      //Loop through the search results
      while (answer.hasMoreElements()) {
      SearchResult sr = (SearchResult)answer.next();
       
      totalResults++;
       
      System.out.println(">>>" + sr.getName());
       
      // Print out some of the attributes, catch the exception if the attributes have no values
      Attributes attrs = sr.getAttributes();
      if (attrs != null) {
      try {
      System.out.println(" surname: " + attrs.get("sn").get());
      System.out.println(" firstname: " + attrs.get("givenName").get());
      System.out.println(" mail: " + attrs.get("mail").get());
      System.out.println(" password: " + attrs.get("userPassword"));
      }
      catch (NullPointerException e) {
      System.out.println("Errors listing attributes: " + e);
      }
      }
       
      }
       
        System.out.println("Total results: " + totalResults);
      ctx.close();
       
      }
      catch (NamingException e) {
      System.err.println("Problem searching directory: " + e);
      } catch (IOException e) {
      // TODO Auto-generated catch block
      System.err.println("IO Exception while setting the sort control: " + e);
      }
      }
      }
      ---------- END SOURCE ----------

      CUSTOMER SUBMITTED WORKAROUND :
      Use Jdk1.4.2

        Attachments

          Activity

            People

            • Assignee:
              andreas Andreas Sterbenz
              Reporter:
              ndcosta Nelson Dcosta (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Imported:
                Indexed: