SSL ListenThread.run() failed - Weblogic

This is a discussion on SSL ListenThread.run() failed - Weblogic ; Hi! I get the following error while connecting to WL (8.1 sp2) over two-way ssl: #### > java.lang.ArrayIndexOutOfBoundsException: 0 java.lang.ArrayIndexOutOfBoundsException: 0 at weblogic.math.Bignum. (Bignum.java:28) at weblogic.security.ASN1.ASN1Utils.inputASN1Integer( ASN1Utils.java:129) at weblogic.security.RSAKey.input(RSAKey.java:129) at weblogic.security.RSAKey.setBytes(RSAKey.java:83) at weblogic.security.Key. (Key.java:50) at weblogic.security.RSAKey. (RSAKey.java:48) at weblogic.security.RSAKey. (RSAKey.java:58) ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: SSL ListenThread.run() failed

  1. SSL ListenThread.run() failed


    Hi!

    I get the following error while connecting to WL (8.1 sp2) over two-way ssl:

    ####
    <> <> java.lang.ArrayIndexOutOfBoundsException: 0
    java.lang.ArrayIndexOutOfBoundsException: 0
    at weblogic.math.Bignum.(Bignum.java:28)
    at weblogic.security.ASN1.ASN1Utils.inputASN1Integer( ASN1Utils.java:129)
    at weblogic.security.RSAKey.input(RSAKey.java:129)
    at weblogic.security.RSAKey.setBytes(RSAKey.java:83)
    at weblogic.security.Key.(Key.java:50)
    at weblogic.security.RSAKey.(RSAKey.java:48)
    at weblogic.security.RSAKey.(RSAKey.java:58)
    at weblogic.security.RSAPublicKey.(RSAPublicKey.java:44)
    at weblogic.security.X509.input(X509.java:157)
    at weblogic.security.X509.initialize(X509.java:84)
    at weblogic.security.Certificate.(Certificate.java:60)
    at weblogic.security.X509.(X509.java:59)
    at weblogic.security.utils.SSLCertUtility.toX509(SSLC ertUtility.java:140)
    at weblogic.security.utils.SSLIOContext.reset(SSLIOCo ntext.java:53)
    at weblogic.security.utils.SSLIOContext.(SSLIOContext.java:36)
    at javax.net.ssl.impl.SSLSocketImpl.resetConnection(U nknown Source)
    at javax.net.ssl.impl.SSLServerSocketImpl.accept(Unkn own Source)
    at weblogic.t3.srvr.ListenThread.accept(ListenThread. java:739)
    at weblogic.t3.srvr.ListenThread.run(ListenThread.jav a:292)


    This exception comes randomly, sometimes I can eliminate it, but I don't know
    how and after a while (after deployents) it comes back.
    Has anyone seen this before?
    Thanks: G.



  2. Re: SSL ListenThread.run() failed


    The fact that it fails with the ArrayIndexOutOfBoundsException is a bug, and it
    is exposed by something in one of the server trusted CA certificates. So you might
    be able to work around this if this is the ca cert that you do not need.
    This problem will be fixed in 810 sp4.

    Pavel.

    "George Karl" wrote:
    >
    >Hi!
    >
    >I get the following error while connecting to WL (8.1 sp2) over two-way
    >ssl:
    >
    >####
    >
    > <> <> >failed:
    >java.lang.ArrayIndexOutOfBoundsException: 0
    >java.lang.ArrayIndexOutOfBoundsException: 0
    > at weblogic.math.Bignum.(Bignum.java:28)
    > at weblogic.security.ASN1.ASN1Utils.inputASN1Integer( ASN1Utils.java:129)
    > at weblogic.security.RSAKey.input(RSAKey.java:129)
    > at weblogic.security.RSAKey.setBytes(RSAKey.java:83)
    > at weblogic.security.Key.(Key.java:50)
    > at weblogic.security.RSAKey.(RSAKey.java:48)
    > at weblogic.security.RSAKey.(RSAKey.java:58)
    > at weblogic.security.RSAPublicKey.(RSAPublicKey.java:44)
    > at weblogic.security.X509.input(X509.java:157)
    > at weblogic.security.X509.initialize(X509.java:84)
    > at weblogic.security.Certificate.(Certificate.java:60)
    > at weblogic.security.X509.(X509.java:59)
    > at weblogic.security.utils.SSLCertUtility.toX509(SSLC ertUtility.java:140)
    > at weblogic.security.utils.SSLIOContext.reset(SSLIOCo ntext.java:53)
    > at weblogic.security.utils.SSLIOContext.(SSLIOContext.java:36)
    > at javax.net.ssl.impl.SSLSocketImpl.resetConnection(U nknown Source)
    > at javax.net.ssl.impl.SSLServerSocketImpl.accept(Unkn own Source)
    > at weblogic.t3.srvr.ListenThread.accept(ListenThread. java:739)
    > at weblogic.t3.srvr.ListenThread.run(ListenThread.jav a:292)
    >
    >
    >This exception comes randomly, sometimes I can eliminate it, but I don't
    >know
    >how and after a while (after deployents) it comes back.
    >Has anyone seen this before?
    >Thanks: G.
    >
    >



  3. Re: SSL ListenThread.run() failed


    Thank you Pavel!
    Just a short comment, I noticed, that somehow my trusted cert store gets corrupted,
    because if I change it back to the original one, it works fine. In my application
    I import certificates into the store, I guess it could make it wrong. (I'm using
    standard JSSE methods for that)
    Anyway do you know a solution to load certificates in the store at runtime so
    that can be used by the WLS? (or can I reload the store with an MBean or something
    like that?)

    Thanks, George!

    "Pavel" wrote:
    >
    >The fact that it fails with the ArrayIndexOutOfBoundsException is a bug,
    >and it
    >is exposed by something in one of the server trusted CA certificates.
    >So you might
    >be able to work around this if this is the ca cert that you do not need.
    >This problem will be fixed in 810 sp4.
    >
    >Pavel.
    >
    >"George Karl" wrote:
    >>
    >>Hi!
    >>
    >>I get the following error while connecting to WL (8.1 sp2) over two-way
    >>ssl:
    >>
    >>####
    >>
    >> <> <> >>failed:
    >>java.lang.ArrayIndexOutOfBoundsException: 0
    >>java.lang.ArrayIndexOutOfBoundsException: 0
    >> at weblogic.math.Bignum.(Bignum.java:28)
    >> at weblogic.security.ASN1.ASN1Utils.inputASN1Integer( ASN1Utils.java:129)
    >> at weblogic.security.RSAKey.input(RSAKey.java:129)
    >> at weblogic.security.RSAKey.setBytes(RSAKey.java:83)
    >> at weblogic.security.Key.(Key.java:50)
    >> at weblogic.security.RSAKey.(RSAKey.java:48)
    >> at weblogic.security.RSAKey.(RSAKey.java:58)
    >> at weblogic.security.RSAPublicKey.(RSAPublicKey.java:44)
    >> at weblogic.security.X509.input(X509.java:157)
    >> at weblogic.security.X509.initialize(X509.java:84)
    >> at weblogic.security.Certificate.(Certificate.java:60)
    >> at weblogic.security.X509.(X509.java:59)
    >> at weblogic.security.utils.SSLCertUtility.toX509(SSLC ertUtility.java:140)
    >> at weblogic.security.utils.SSLIOContext.reset(SSLIOCo ntext.java:53)
    >> at weblogic.security.utils.SSLIOContext.(SSLIOContext.java:36)
    >> at javax.net.ssl.impl.SSLSocketImpl.resetConnection(U nknown Source)
    >> at javax.net.ssl.impl.SSLServerSocketImpl.accept(Unkn own Source)
    >> at weblogic.t3.srvr.ListenThread.accept(ListenThread. java:739)
    >> at weblogic.t3.srvr.ListenThread.run(ListenThread.jav a:292)
    >>
    >>
    >>This exception comes randomly, sometimes I can eliminate it, but I don't
    >>know
    >>how and after a while (after deployents) it comes back.
    >>Has anyone seen this before?
    >>Thanks: G.
    >>
    >>

    >



  4. Re: SSL ListenThread.run() failed


    No, Weblogic does not provide any additional api for keystore management. You are
    supposed to configure your keystores using Sun keytool and utils.ImportPrivateKey
    tool, or any other tool, or java keystore api, and then configure Weblogic SSL
    to use your keystores. In 810 certs are loaded from the keystores at the server
    boot time, so if you modify them after that you will need to reboot the server.
    Are you sure the keystore data is corrupted? It seems more likely the code that
    parses the certificates simply chokes on a non-RSA certificate, or a certificate
    with some unusual extension.

    Pavel.

    "George Karl" wrote:
    >
    >Thank you Pavel!
    >Just a short comment, I noticed, that somehow my trusted cert store gets
    >corrupted,
    >because if I change it back to the original one, it works fine. In my
    >application
    >I import certificates into the store, I guess it could make it wrong.
    >(I'm using
    >standard JSSE methods for that)
    >Anyway do you know a solution to load certificates in the store at runtime
    >so
    >that can be used by the WLS? (or can I reload the store with an MBean
    >or something
    >like that?)
    >
    >Thanks, George!
    >
    >"Pavel" wrote:
    >>
    >>The fact that it fails with the ArrayIndexOutOfBoundsException is a

    >bug,
    >>and it
    >>is exposed by something in one of the server trusted CA certificates.
    >>So you might
    >>be able to work around this if this is the ca cert that you do not need.
    >>This problem will be fixed in 810 sp4.
    >>
    >>Pavel.
    >>
    >>"George Karl" wrote:
    >>>
    >>>Hi!
    >>>
    >>>I get the following error while connecting to WL (8.1 sp2) over two-way
    >>>ssl:
    >>>
    >>>####
    >>>
    >>> <> <> >>>failed:
    >>>java.lang.ArrayIndexOutOfBoundsException: 0
    >>>java.lang.ArrayIndexOutOfBoundsException: 0
    >>> at weblogic.math.Bignum.(Bignum.java:28)
    >>> at weblogic.security.ASN1.ASN1Utils.inputASN1Integer( ASN1Utils.java:129)
    >>> at weblogic.security.RSAKey.input(RSAKey.java:129)
    >>> at weblogic.security.RSAKey.setBytes(RSAKey.java:83)
    >>> at weblogic.security.Key.(Key.java:50)
    >>> at weblogic.security.RSAKey.(RSAKey.java:48)
    >>> at weblogic.security.RSAKey.(RSAKey.java:58)
    >>> at weblogic.security.RSAPublicKey.(RSAPublicKey.java:44)
    >>> at weblogic.security.X509.input(X509.java:157)
    >>> at weblogic.security.X509.initialize(X509.java:84)
    >>> at weblogic.security.Certificate.(Certificate.java:60)
    >>> at weblogic.security.X509.(X509.java:59)
    >>> at weblogic.security.utils.SSLCertUtility.toX509(SSLC ertUtility.java:140)
    >>> at weblogic.security.utils.SSLIOContext.reset(SSLIOCo ntext.java:53)
    >>> at weblogic.security.utils.SSLIOContext.(SSLIOContext.java:36)
    >>> at javax.net.ssl.impl.SSLSocketImpl.resetConnection(U nknown Source)
    >>> at javax.net.ssl.impl.SSLServerSocketImpl.accept(Unkn own Source)
    >>> at weblogic.t3.srvr.ListenThread.accept(ListenThread. java:739)
    >>> at weblogic.t3.srvr.ListenThread.run(ListenThread.jav a:292)
    >>>
    >>>
    >>>This exception comes randomly, sometimes I can eliminate it, but I

    >don't
    >>>know
    >>>how and after a while (after deployents) it comes back.
    >>>Has anyone seen this before?
    >>>Thanks: G.
    >>>
    >>>

    >>

    >



  5. Re: SSL ListenThread.run() failed


    Yes, I mean that the keystore is corrupted for the parser.. :-)
    Thank you for your hints!
    G.

    "Pavel" wrote:
    >
    >No, Weblogic does not provide any additional api for keystore management.
    >You are
    >supposed to configure your keystores using Sun keytool and utils.ImportPrivateKey
    >tool, or any other tool, or java keystore api, and then configure Weblogic
    >SSL
    >to use your keystores. In 810 certs are loaded from the keystores at
    >the server
    >boot time, so if you modify them after that you will need to reboot the
    >server.
    >Are you sure the keystore data is corrupted? It seems more likely the
    >code that
    >parses the certificates simply chokes on a non-RSA certificate, or a
    >certificate
    >with some unusual extension.
    >
    >Pavel.
    >
    >"George Karl" wrote:
    >>
    >>Thank you Pavel!
    >>Just a short comment, I noticed, that somehow my trusted cert store

    >gets
    >>corrupted,
    >>because if I change it back to the original one, it works fine. In my
    >>application
    >>I import certificates into the store, I guess it could make it wrong.
    >>(I'm using
    >>standard JSSE methods for that)
    >>Anyway do you know a solution to load certificates in the store at runtime
    >>so
    >>that can be used by the WLS? (or can I reload the store with an MBean
    >>or something
    >>like that?)
    >>
    >>Thanks, George!
    >>
    >>"Pavel" wrote:
    >>>
    >>>The fact that it fails with the ArrayIndexOutOfBoundsException is a

    >>bug,
    >>>and it
    >>>is exposed by something in one of the server trusted CA certificates.
    >>>So you might
    >>>be able to work around this if this is the ca cert that you do not

    >need.
    >>>This problem will be fixed in 810 sp4.
    >>>
    >>>Pavel.
    >>>
    >>>"George Karl" wrote:
    >>>>
    >>>>Hi!
    >>>>
    >>>>I get the following error while connecting to WL (8.1 sp2) over two-way
    >>>>ssl:
    >>>>
    >>>>####
    >>>>
    >>>> <> <> >>>>failed:
    >>>>java.lang.ArrayIndexOutOfBoundsException: 0
    >>>>java.lang.ArrayIndexOutOfBoundsException: 0
    >>>> at weblogic.math.Bignum.(Bignum.java:28)
    >>>> at weblogic.security.ASN1.ASN1Utils.inputASN1Integer( ASN1Utils.java:129)
    >>>> at weblogic.security.RSAKey.input(RSAKey.java:129)
    >>>> at weblogic.security.RSAKey.setBytes(RSAKey.java:83)
    >>>> at weblogic.security.Key.(Key.java:50)
    >>>> at weblogic.security.RSAKey.(RSAKey.java:48)
    >>>> at weblogic.security.RSAKey.(RSAKey.java:58)
    >>>> at weblogic.security.RSAPublicKey.(RSAPublicKey.java:44)
    >>>> at weblogic.security.X509.input(X509.java:157)
    >>>> at weblogic.security.X509.initialize(X509.java:84)
    >>>> at weblogic.security.Certificate.(Certificate.java:60)
    >>>> at weblogic.security.X509.(X509.java:59)
    >>>> at weblogic.security.utils.SSLCertUtility.toX509(SSLC ertUtility.java:140)
    >>>> at weblogic.security.utils.SSLIOContext.reset(SSLIOCo ntext.java:53)
    >>>> at weblogic.security.utils.SSLIOContext.(SSLIOContext.java:36)
    >>>> at javax.net.ssl.impl.SSLSocketImpl.resetConnection(U nknown Source)
    >>>> at javax.net.ssl.impl.SSLServerSocketImpl.accept(Unkn own Source)
    >>>> at weblogic.t3.srvr.ListenThread.accept(ListenThread. java:739)
    >>>> at weblogic.t3.srvr.ListenThread.run(ListenThread.jav a:292)
    >>>>
    >>>>
    >>>>This exception comes randomly, sometimes I can eliminate it, but I

    >>don't
    >>>>know
    >>>>how and after a while (after deployents) it comes back.
    >>>>Has anyone seen this before?
    >>>>Thanks: G.
    >>>>
    >>>>
    >>>

    >>

    >



+ Reply to Thread