Menu
▾
▴
Re: [skce-help] Enquiry about the SKCE
|
From: StrongKey C. H. <skc...@li...> - 2012-12-06 19:57:26
|
Hi Pawan, My name is Jyothsna, an engineer from StrongAuth. I will be helping you further with the issues you have working with CryptoEngine. Regarding the problem you are facing, here are few recommendations. 1) Make sure you have generated a certificate for cryptoengine and added the same to glassfish application server on which cryptoengine is deployed. http://www.cryptoengine.org/skce-docs/42-subinstall/96-install-glassfish31.html A glassfish restart is needed after this step. 2) Make sure you have imported the same certificate from the browser and add it to the JVM you are using while running javaclient.jar. If you have multiple java installations on your machine, make sure you specify the full java install path while running javaclient.jar "C:\Program Files\Java\jdk1.7.0_07\bin\java.exe" -jar javaClient.jar 3) Using SSL; You have to use hostname instead of ip address. This is because the certificate you have generated in step 1 is tied to the hostname and might do a comparison while establishing SSL handshake. 4) If you are okay with a non-secure communication (using http:// instead of https://); using ip address is fine and the port number is 8080 by default. Let me know if these inputs help; I will be happy to help you further. Appreciate your efforts in trying CryptoEngine. Please make sure you copy emails to the below address which is the help forum for CryptoEngine. skc...@li... Regards, -- Jyothsna Padavala Software Engineer StrongAuth, Inc. www.strongauth.com On 12/06/2012 07:57 AM, Arshad Noor wrote: > Can you please help Pawan with this, Jyothsna? Copy > skc...@li... in your reply (you should > have added yourself to that distribution list on Sourceforge > prior to your reply - since you are a Moderator of the lists > now, you should be able to add yourself). Thanks. > > Arshad > > -------- Original Message -------- > Subject: Re: Enquiry about the SKCE > Date: Thu, 6 Dec 2012 10:54:11 +0530 > From: Pawan <pav...@gm...> > To: Arshad Noor <ars...@st...> > > > > Thank you Arshad, It's working for me, with this i have done whole > set-up experimentation with in my Desktop. When I do normal encrypt > operation using javaClient.jar i got the follow below error. > And When i do Browse > https://192.168.31.238:8181/skce/SKCEWebService?wsdl , its working fine > and XML formatted tags rendered in browser. Here is the Explanation for > what i have done > > 1. Installed & configured OpenDS with Database file skce.ldif . OpenDS > is running. > 2. Installed & configured Glasssfish , and deployed skce.war > 3. Imported the CryptoEngine Certificate into JVM > 4. configured skce-configuration according my localhost > 5. configured skcews-configuration according my localhost > 6. configured jets3t-properties according Eucalyptus{Private} > 7.Deployed JavaClient.jar in netbeans , supplied proper arguments . run > the project > > Kindly advice me to overcome issue , any thing else i have missed please > let me know. > > > Note : instead of hostname , ip is working fine , due to organisation > constrains i can't use/alter proxy change configuration > > > javax.xml.ws.WebServiceException: Failed to access the WSDL at: > https://192.168.31.238:8181/skce/SKCEWebService?wsdl. It failed with: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find valid certification path to requested target. > at > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLParser.java:184) > > at > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:166) > > at > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:131) > > at > com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.java:271) > > at > com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:234) > > at > com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:182) > > at > com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:106) > > at javax.xml.ws.Service.<init>(Service.java:56) > at com.strongauth.skcews.SKCEWebService.<init>(SKCEWebService.java:81) > at com.strongauth.skce.javaclient.Main.main(Main.java:362) > Caused by: javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find valid certification path to requested target > at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1649) > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241) > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235) > at > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206) > > at > com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136) > > at > com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593) > at > com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529) > > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893) > > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138) > > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165) > > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149) > > at > sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434) > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166) > > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1177) > > at > sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234) > > at java.net.URL.openStream(URL.java:1010) > at > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSDLParser.java:837) > > at > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDLParser.java:294) > > at > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:151) > > ... 8 more > Caused by: sun.security.validator.ValidatorException: PKIX path building > failed: sun.security.provider.certpath.SunCertPathBuilderException: > unable to find valid certification path to requested target > at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323) > at > sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217) > > at sun.security.validator.Validator.validate(Validator.java:218) > at > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126) > > at > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209) > > at > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249) > > at > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185) > > ... 23 more > Caused by: sun.security.provider.certpath.SunCertPathBuilderException: > unable to find valid certification path to requested target > at > sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174) > > at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238) > at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318) > ... 29 more > Java Result: 1 > > > > > Thanks in Advance . > > > > > On Thu, Dec 6, 2012 at 8:24 AM, Arshad Noor <ars...@st... > <mailto:ars...@st...>> wrote: > > Yes, that is correct. Glassfish requires that the alias of the > certificate be "s1as" (it is the number one, not the letter L) > for the SSL port to become active. > > Arshad > > On 12/05/2012 03:36 AM, Pawan wrote: > > Hi Arshad Noor , > > Here > > http://www.cryptoengine.org/__skce-docs/42-subinstall/96-__install-glassfish31.html > > > <http://www.cryptoengine.org/skce-docs/42-subinstall/96-install-glassfish31.html> > > web age , step 3 > > { > " Now we will back up the original certificate. Type the command > below > to do so. Also replace the required variables with the values > set up in > your environment. > > keytool -changealias -alias s1as -destalias s1as.original > -keystore > <Glassfish Home>/domains/domain1/config/__keystore.jks > -storepass changeit " > > } > > > > "slas" means alias name which is created in step 2 ?? > > > Please suggest me. > > > Thanks & Regards > pawan.A > > > > > > > > > > > > On Sat, Dec 1, 2012 at 5:50 AM, Arshad Noor > <ars...@st... <mailto:ars...@st...> > <mailto:arshad.noor@__strongauth.com > <mailto:ars...@st...>>> wrote: > > There is no additional documentation on the source code, > Pawan. The > expectation is that software developers have a sufficient > understanding > in Java to follow the code. If you have specific questions > on sections > of the code, feel free to highlight them in your e-mail > with specific > questions and we'll be happy to respond. > > The <https://<host:port> implies that you've setup the > CryptoEngine as > a web-service on your network (following the instructions > given at > http://www.cryptoengine.org/____skce-docs/37-skce-install.html > <http://www.cryptoengine.org/__skce-docs/37-skce-install.html> > <http://www.cryptoengine.org/__skce-docs/37-skce-install.html > <http://www.cryptoengine.org/skce-docs/37-skce-install.html>__>__). > > Once you've setup the CryptoEngine as a web-service on your > network, > then you will specify the fully-qualified domain name and > the port > number of the server where the CryptoEngine web-service is > running > to test the JavaClient.jar program. That's what the > https://<host:port> > refers to. > > Arshad Noor > StrongAuth, Inc. > > On 11/29/2012 10:48 PM, Pawan wrote: > > Hi Arshad Noor, > > > > Once again thank you for your > Information. I > made an > attempt to explore source of SKCE, but SKCE source > code a bit > complicated to understand a person new to SKCE like me. > I would > like to > request you Please provide any Documentation or > information > about source > code. And When we ran the jar file JavaClient.Jar > which takes a > bunch > of arguments as input, in that what does it means > "*https://<host:port>*" ? > > > > > > On Tue, Nov 27, 2012 at 5:19 PM, Arshad Noor > <ars...@st... <mailto:ars...@st...> > <mailto:arshad.noor@__strongauth.com > <mailto:ars...@st...>> > <mailto:arshad.noor@ <mailto:arshad.noor@>__strongau__th.com > <http://strongauth.com> > <mailto:arshad.noor@__strongauth.com > <mailto:ars...@st...>>>> wrote: > > Yes, it is possible to use this in your > application even if > your > application does not require authentication. You > can create a > credential in LDAP and put those credentials in > the SKCE > configuration properties file, so your users don't > have to > supply a > credential. > > If you want to eliminate ALL authentication, then, > just > comment out > that section os the SKCE code and build your own > jar/war > file for > your application. > > Arshad Noor > StrongAuth, Inc. > > On Nov 26, 2012, at 10:23 PM, Pawan > <pav...@gm... <mailto:pav...@gm...> > <mailto:pav...@gm... <mailto:pav...@gm...>> > <mailto:pav...@gm... <mailto:pav...@gm...> > <mailto:pav...@gm... <mailto:pav...@gm...>>__>__> > wrote: > > Hi Arshad Noor , > > > Thanks for your information , > it is very > helpful > for me . I have understood and analysed what > actually > happened in > StrongAuth Crypto Engine. According to our > Cloud-stack ( > Eucalyptus , XEN ) and features we have a > specific portal > (application). Application which does n't > requires LDAP > Authentication. Is it Possible to use this > Encryption/Decryption > Web-service in my application. if possible > please > provide me > information. > > > Thanks in Advance. > > > > On Mon, Nov 26, 2012 at 11:06 PM, Arshad Noor > <ars...@st... <mailto:ars...@st...> > <mailto:arshad.noor@__strongauth.com > <mailto:ars...@st...>> > <mailto:arshad.noor@ <mailto:arshad.noor@>__strongau__th.com > <http://strongauth.com> > <mailto:arshad.noor@__strongauth.com > <mailto:ars...@st...>>>> > wrote: > > Hi Pawan, > > You can do precisely what you described in > your > e-mail, with the > CryptoEngine. Take a look at the > source-code of > the StrongKey > CryptoCabinet > > (http://www.cryptocabinet.org/____how-skcc-works.html > <http://www.cryptocabinet.org/__how-skcc-works.html> > <http://www.cryptocabinet.org/__how-skcc-works.html > <http://www.cryptocabinet.org/how-skcc-works.html>>) > and you'll see how the CryptoEngine can be > integrated into your > application. > > If you need any additional help, just join > the Help > forum at > Sourceforge > (http://sourceforge.net/____projects/skce/forums > <http://sourceforge.net/__projects/skce/forums> > <http://sourceforge.net/__projects/skce/forums > <http://sourceforge.net/projects/skce/forums>>) and > we'll be more than happy to help with > additional > questions. > > Arshad Noor > StrongAuth, Inc. > > P.S. You can also get an idea of how the > CryptoEngine can be > used by reviewing this article on RC3: > http://ibm.co/rc3dw > > > On 11/26/2012 12:56 AM, StrongAuth > Webmaster wrote: > > From Pawan at pav...@gm... > <mailto:pav...@gm...> > <mailto:pav...@gm... <mailto:pav...@gm...>> > <mailto:pav...@gm... <mailto:pav...@gm...> > <mailto:pav...@gm... <mailto:pav...@gm...>>__> > : Hi > > i am pawan working in CDAC as > Project > Engineer.i > just got working out with Eucalyptus > Walrus(Open Source > 2.0.2 ). Here To communicate with > Eucalyptus > Walrus we are > using Jets3t (Third party) API. > > I have gone through your web-site > thoroughly > and i got > stuck up with this question in mind, > that How > this can be > integrated with my Application which > will > communicate with > Walrus. Please Help me in this issue. > And i > want to use > CryptoEngine to Encrypt Files(data) > and upload > into Cloud > , Decrypt file(data) and download from > Cloud. > > > > Thanks in Advance. > [14.139.180.34, safari 537.11] > > > > > > |
