We are getting an SSLException: Server key exception with Jasper & CAS

Posted on September 3, 2015 at 2:00am

We have configured Jasper for external authentication with a CAS instance. The process seems to be correct: Jasper redirects to CAS, which authenticates the user and redirects back to Jasper on the following path: /jasperserver-pro/j_spring_security_check?ticket=ST-3-snZs2urwCPEaNmlfT2Me-CAS_SERVER_URL

At this point, we get the error: Details: javax.net.ssl.SSLException: Server key and in the logs we see the stack trace below. CAS is configured with an SSL certificate and this certificate is also imported to the store on the Jasper server.

We are using Jasper server version 6.0.1 on AWS.

 

The stack trace:

2015-09-03 08:49:56,477 ERROR SystemErrorController,http-bio-80-exec-3:81 - Internal server error

java.lang.RuntimeException: javax.net.ssl.SSLException: Server key

        at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:407)

        at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:45)

        at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:200)

        at org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthenticationProvider.java:140)

        at org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticationProvider.java:126)

        at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)

        at com.jaspersoft.jasperserver.api.security.externalAuth.cas.JSCasProcessingFilter.attemptAuthentication(JSCasProcessingFilter.java:60)

        at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:211)

        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)

        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

        at com.jaspersoft.ji.license.LicenseCheckFilter.doFilter(LicenseCheckFilter.java:103)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

        at com.jaspersoft.ji.license.JILicenseFilter.doFilter(JILicenseFilter.java:86)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

        at com.jaspersoft.jasperserver.war.NullFilter.doFilter(NullFilter.java:43)

        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)

        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

        at com.jaspersoft.jasperserver.war.UserPreferencesFilter.doFilter(UserPreferencesFilter.java:210)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

        at com.jaspersoft.jasperserver.api.logging.filter.BasicLoggingFilter.doFilter(BasicLoggingFilter.java:53)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

        at com.jaspersoft.jasperserver.api.security.JSCsrfGuardFilter.doFilter(JSCsrfGuardFilter.java:83)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

        at com.jaspersoft.jasperserver.api.security.WebAppSecurityFilter.doFilter(WebAppSecurityFilter.java:80)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

        at com.jaspersoft.jasperserver.war.MultipartRequestWrapperFilter.doFilter(MultipartRequestWrapperFilter.java:95)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

        at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:100)

        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)

        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

        at com.jaspersoft.jasperserver.api.security.encryption.EncryptionFilter.doFilter(EncryptionFilter.java:150)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

        at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

        at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)

        at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)

        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)

        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

        at com.jaspersoft.jasperserver.war.util.SessionDecoratorFilter.doFilter(SessionDecoratorFilter.java:63)

        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)

        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

        at com.jaspersoft.jasperserver.war.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:67)

        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)

        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

        at com.jaspersoft.jasperserver.war.P3PFilter.doFilter(P3PFilter.java:43)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)

        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)

        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:614)

        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)

        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)

        at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:957)

        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)

        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423)

        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1079)

        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:620)

        at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)

 

        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

        at java.lang.Thread.run(Thread.java:745)

Caused by: javax.net.ssl.SSLException: Server key

        at sun.security.ssl.Handshaker.throwSSLException(Handshaker.java:1260)

        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:283)

        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:913)

        at sun.security.ssl.Handshaker.process_record(Handshaker.java:849)

        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1035)

        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1344)

        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1371)

        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355)

        at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)

        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)

        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1301)

        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)

        at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:393)

        ... 70 more

Caused by: java.security.spec.InvalidKeySpecException: key spec not recognised

        at org.bouncycastle.jcajce.provider.asymmetric.util.BaseKeyFactorySpi.engineGeneratePublic(Unknown Source)

        at org.bouncycastle.jcajce.provider.asymmetric.ec.KeyFactorySpi.engineGeneratePublic(Unknown Source)

        at java.security.KeyFactory.generatePublic(KeyFactory.java:334)

        at sun.security.ssl.HandshakeMessage$ECDH_ServerKeyExchange.<init>(HandshakeMessage.java:1057)

        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:278)

        ... 81 more

 

 

 

JasperReports® Server
elie.soueidy's picture
elie.soueidy
2
Joined: May 22 2015 - 2:33am
Last seen: 7 years 6 months ago

2 Answers:

Posted on September 10, 2015 at 12:56pm

From your stack trace, it looks like your issue is similar to http://community.jaspersoft.com/questions/851286/jasper-server-601-aws-s... and http://community.jaspersoft.com/questions/842421/cant-email-reports-jasp...

It seems like the accepted solution to this is to switch JDKs. I've tried looking into this more and seen problems with ssl on openjdk1.7 and have tried adding bouncycastle as an external JCE security provider, with limited success... If anyone else has ideas how to fix this issue without switching to the oracle jdk or at least an explanation for why that seems to work I'd be super thankful

srang's picture
srang
736
Joined: Oct 28 2014 - 11:52am
Last seen: 6 years 10 months ago
Posted on September 28, 2015 at 1:52pm

Most probably Bouncy castle library is causing this bcprov......jar

try to update it to latest version: from here https://www.bouncycastle.org/latest_releases.html

P.S. JRS 6.1 already have them updated.

ogavavka's picture
ogavavka
1012
Joined: Mar 12 2012 - 2:10pm
Last seen: 1 week 5 days ago
Feedback