We are getting an SSLException: Server key exception with Jasper & CAS

0

We have configured Jasper for external authentication with a CAS instance. The process seems to be correct: Jasper redirects to CAS, which authenticates the user and redirects back to Jasper on the following path: /jasperserver-pro/j_spring_security_check?ticket=ST-3-snZs2urwCPEaNmlfT2Me-CAS_SERVER_URL

At this point, we get the error: Details: javax.net.ssl.SSLException: Server key and in the logs we see the stack trace below. CAS is configured with an SSL certificate and this certificate is also imported to the store on the Jasper server.

We are using Jasper server version 6.0.1 on AWS.

 

The stack trace:

2015-09-03 08:49:56,477 ERROR SystemErrorController,http-bio-80-exec-3:81 - Internal server error

java.lang.RuntimeException: javax.net.ssl.SSLException: Server key

        at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:407)

        at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:45)

        at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:200)

        at org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthenticationProvider.java:140)

        at org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticationProvider.java:126)

        at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)

        at com.jaspersoft.jasperserver.api.security.externalAuth.cas.JSCasProcessingFilter.attemptAuthentication(JSCasProcessingFilter.java:60)

        at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:211)

        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)

        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

        at com.jaspersoft.ji.license.LicenseCheckFilter.doFilter(LicenseCheckFilter.java:103)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

        at com.jaspersoft.ji.license.JILicenseFilter.doFilter(JILicenseFilter.java:86)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

        at com.jaspersoft.jasperserver.war.NullFilter.doFilter(NullFilter.java:43)

        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)

        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

        at com.jaspersoft.jasperserver.war.UserPreferencesFilter.doFilter(UserPreferencesFilter.java:210)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

        at com.jaspersoft.jasperserver.api.logging.filter.BasicLoggingFilter.doFilter(BasicLoggingFilter.java:53)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

        at com.jaspersoft.jasperserver.api.security.JSCsrfGuardFilter.doFilter(JSCsrfGuardFilter.java:83)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

        at com.jaspersoft.jasperserver.api.security.WebAppSecurityFilter.doFilter(WebAppSecurityFilter.java:80)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

        at com.jaspersoft.jasperserver.war.MultipartRequestWrapperFilter.doFilter(MultipartRequestWrapperFilter.java:95)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

        at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:100)

        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)

        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

        at com.jaspersoft.jasperserver.api.security.encryption.EncryptionFilter.doFilter(EncryptionFilter.java:150)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

        at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

        at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)

        at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)

        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)

        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

        at com.jaspersoft.jasperserver.war.util.SessionDecoratorFilter.doFilter(SessionDecoratorFilter.java:63)

        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)

        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

        at com.jaspersoft.jasperserver.war.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:67)

        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)

        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

        at com.jaspersoft.jasperserver.war.P3PFilter.doFilter(P3PFilter.java:43)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)

        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)

        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:614)

        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)

        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)

        at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:957)

        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)

        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423)

        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1079)

        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:620)

        at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)

 

        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

        at java.lang.Thread.run(Thread.java:745)

Caused by: javax.net.ssl.SSLException: Server key

        at sun.security.ssl.Handshaker.throwSSLException(Handshaker.java:1260)

        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:283)

        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:913)

        at sun.security.ssl.Handshaker.process_record(Handshaker.java:849)

        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1035)

        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1344)

        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1371)

        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355)

        at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)

        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)

        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1301)

        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)

        at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:393)

        ... 70 more

Caused by: java.security.spec.InvalidKeySpecException: key spec not recognised

        at org.bouncycastle.jcajce.provider.asymmetric.util.BaseKeyFactorySpi.engineGeneratePublic(Unknown Source)

        at org.bouncycastle.jcajce.provider.asymmetric.ec.KeyFactorySpi.engineGeneratePublic(Unknown Source)

        at java.security.KeyFactory.generatePublic(KeyFactory.java:334)

        at sun.security.ssl.HandshakeMessage$ECDH_ServerKeyExchange.<init>(HandshakeMessage.java:1057)

        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:278)

        ... 81 more

 

 

 

elie.soueidy's picture
Joined: May 22 2015 - 2:33am
Last seen: 3 years 10 months ago

2 Answers:

0

From your stack trace, it looks like your issue is similar to http://community.jaspersoft.com/questions/851286/jasper-server-601-aws-s... and http://community.jaspersoft.com/questions/842421/cant-email-reports-jasp...

It seems like the accepted solution to this is to switch JDKs. I've tried looking into this more and seen problems with ssl on openjdk1.7 and have tried adding bouncycastle as an external JCE security provider, with limited success... If anyone else has ideas how to fix this issue without switching to the oracle jdk or at least an explanation for why that seems to work I'd be super thankful

srang's picture
206
Joined: Oct 28 2014 - 11:52am
Last seen: 3 years 1 month ago
0

Most probably Bouncy castle library is causing this bcprov......jar

try to update it to latest version: from here https://www.bouncycastle.org/latest_releases.html

P.S. JRS 6.1 already have them updated.

ogavavka's picture
157
Joined: Mar 12 2012 - 2:10pm
Last seen: 13 hours 29 min ago
Feedback
randomness