Bug 4304 - Class does not represent an RSA key
: Class does not represent an RSA key
Status: NEW
: CoG jglobus
security
: unspecified
: PC Windows XP
: P3 normal
: ---
Assigned To:
:
:
:
:
  Show dependency treegraph
 
Reported: 2006-03-21 14:26 by
Modified: 2007-09-12 16:46 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2006-03-21 14:26:15
The following error might be seen when a differnet JCE provider is installed
first before the Cryptix provider.

2006-03-21 11:48:18,765 ERROR container.ServiceThread [ServiceThread-3,run:309]
Unexpected error during request processing
java.lang.InternalError: java.security.InvalidKeyException: Class does not
repre
sent an RSA key: COM.claymoresystems.cert.X509RSAPrivateKey
        at
COM.claymoresystems.ptls.SSLCertificateVerify.encode(SSLCertificateVe
rify.java:128)
        at
COM.claymoresystems.ptls.SSLHandshake.sendHandshakeMsg(SSLHandshake.j
ava:149)
        at
COM.claymoresystems.ptls.SSLHandshake.sendHandshakeMsg(SSLHandshake.j
ava:144)
        at
COM.claymoresystems.ptls.SSLHandshakeClient.sendCertificateVerify(SSL
HandshakeClient.java:391)
        at
COM.claymoresystems.ptls.SSLHandshakeClient.processTokens(SSLHandshak
eClient.java:150)
        at
COM.claymoresystems.ptls.SSLHandshake.processHandshake(SSLHandshake.j
ava:135)
------- Comment #1 From 2006-03-22 04:57:42 -------
The observed behaviour may be as follows:

The client is able to establish a connection to a GT4 service that uses a
different cryptography provider. The service is instantiated and it registers
the cryptography provider. The service processes a request normally. 

However, from this point on GT4 stops establishing new connections (incoming or
outgoing), because the new cryptography provider overtakes some of the
cryptographic functionality of the Cryptix provider.

Cryptix mentions this incompatibility issue: http://www.rtfm.com/puretls/ 
[21 March 2006]
------- Comment #2 From 2006-03-22 05:01:18 -------
The stack trace in the first message is for failing outgoing request (service
establishes a connection).

Another form of the same problem (incoming request to GT4 is rejected): 

2006-03-21 11:48:24,171 ERROR container.GSIServiceThread
[ServiceThread-2,proces
s:123] Error processing request
Authentication failed
. Caused by
Failure unspecified at GSS-API level
. Caused by
COM.claymoresystems.ptls.SSLThrewAlertException: Decrypt error
        at COM.claymoresystems.ptls.SSLConn.alert(SSLConn.java:235)
        at
COM.claymoresystems.ptls.SSLCertificateVerify.decode(SSLCertificateVe
rify.java:164)
        at
COM.claymoresystems.ptls.SSLHandshakeServer.recvCertificateVerify(SSL
HandshakeServer.java:561)
        at
COM.claymoresystems.ptls.SSLHandshakeServer.processTokens(SSLHandshak
eServer.java:228)
        at
COM.claymoresystems.ptls.SSLHandshake.processHandshake(SSLHandshake.j
ava:135)
        at
org.globus.gsi.gssapi.GlobusGSSContextImpl.acceptSecContext(GlobusGSS
ContextImpl.java:284)
        at
org.globus.gsi.gssapi.net.GssSocket.authenticateServer(GssSocket.java
:124)
        at
org.globus.gsi.gssapi.net.GssSocket.startHandshake(GssSocket.java:142
)
        at
org.globus.gsi.gssapi.net.GssSocket.getOutputStream(GssSocket.java:16
0)
        at
org.globus.wsrf.container.GSIServiceThread.process(GSIServiceThread.j
ava:94)
        at org.globus.wsrf.container.ServiceThread.run(ServiceThread.java:302)
------- Comment #3 From 2007-09-12 16:46:49 -------
Reassigning to current cog developer to close/fix as appropriate