Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [geclipse-dev] Grid Certificates Problem

Hi all,

The problem is general. Our soft does not work with symbolic links in
archives.

The quickfix for this is to fetch certificates in old format (which are
still available, but I don't know for how long).

You find them under this URL:
http://dist.eugridpma.info/distribution/igtf/current-old/accredited/tgz/

note 'current-old' instead of 'current'.

Window->Preferences: g-Eclipse->Security: Import
pass this URL into the URI field.

Then "select all" and import.

-- 
Mateusz Pabiś


W dniu 2011-05-12 09:06, Nicholas Loulloudes pisze:
> Hi Mathias, all,
> 
> How are you?
> 
> I wanted to add-up on Antriani's email.  We recently discovered that
> EuGridPMA changed the distribution format of CA certs. This change was
> due to the wake of OpenSSL v1, and become effective after CA cert 
> distribution v1.33. At v1.34, the new format become the default format.
> As Antriani mentioned, the EuGridPMA  so far provides the CA cert
> distribution in both formats, but I am not sure how long this transition
> phase will last.
> 
> I had a quick look into our code that makes the cert import, and it
> seems that our parser does not work for the new format. If someone can
> verify this as well, then we can go ahead and provide the necessary patch.
> 
> Best,
> Nicholas.
> 
> Mathias Stümpert wrote:
>> Dear Antriani,
>>
>> I can think of two reasons for your problem:
>>
>> 1) The standard JCE is not "strong" enough to decrypt the certs you
>> are trying to import
>> 2) One of the certs you are trying to import may be corrupt or may
>> contain unsupported extensions
>>
>> For a solution of 1) see the help content for g-Eclipse:
>>
>> <cite>
>>
>>     * download the "Java Cryptography Extension Unlimited Strength
>>       Jurisdiction Policy Files" from
>>       http://java.sun.com/javase/downloads (or the corresponding site
>>       if you have another Java version)
>>     * unpack that file and follow the instructions in the README. You
>>       only need to copy the two policy files into the right path in
>>       your Java installation, namely: *$JAVA_HOME/jre/lib/security*
>>
>> </cite>
>>
>> For a solution of 2) I recommend to try to import one cert after the
>> other to see if the problem is a general one or only occurs for one
>> specific cert.
>>
>> Cheers, Mathias
>>
>>
>>> Hi all,
>>>
>>> I have been using g-Eclipse to extend it with social functionality.
>>>
>>> I had a problem with the importing of the grid certificates -
>>> I was getting a parsing error after the change of the certificate format.
>>> I temporally solved the problem by using
>>> http://dist.eugridpma.info/distribution/igtf/current-old/accredited/tgz/
>>> instead of
>>> http://dist.eugridpma.info/distribution/igtf/current/accredited/tgz/.
>>>
>>> Now the current-old fails for some certificates giving :
>>>
>>> Plug-In:
>>> eu.geclipse.core
>>>
>>> Contact Address:
>>> N/A
>>>
>>> Description:
>>> Unable to load certificate
>>>
>>> Reasons:
>>> N/A
>>>
>>> Proposed Solutions:
>>> N/A
>>>
>>> Stacktrace:
>>> eu.geclipse.core.reporting.ProblemException: Unable to load certificate
>>> at eu.geclipse.core.security.X509Util.loadCertificate(X509Util.java:163)
>>> at
>>> eu.geclipse.ui.internal.preference.SecurityPreferencePage.addCertificates(SecurityPreferencePage.java:335)
>>> at
>>> eu.geclipse.ui.internal.preference.SecurityPreferencePage$11.run(SecurityPreferencePage.java:373)
>>> at
>>> org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)
>>> Caused by: java.security.cert.CertificateException: Could not parse
>>> certificate: java.io.IOException: DerInputStream.getLength():
>>> lengthTag=11, too big.
>>> at
>>> sun.security.provider.X509Factory.engineGenerateCertificate(Unknown
>>> Source)
>>> at java.security.cert.CertificateFactory.generateCertificate(Unknown
>>> Source)
>>> at eu.geclipse.core.security.X509Util.loadCertificate(X509Util.java:159)
>>> ... 3 more
>>> Caused by: java.io.IOException: DerInputStream.getLength():
>>> lengthTag=11, too big.
>>> at sun.security.util.DerInputStream.getLength(Unknown Source)
>>> at sun.security.util.DerValue.init(Unknown Source)
>>> at sun.security.util.DerValue.<init>(Unknown Source)
>>> ... 6 more
>>>
>>>
>>> when i try to import them.
>>>
>>> Thanks,
>>> Antriani Stylianou
>>> University of Cyprus
>>>
>>>
>>> _______________________________________________
>>> geclipse-dev mailing list
>>> geclipse-dev@xxxxxxxxxxx
>>> https://dev.eclipse.org/mailman/listinfo/geclipse-dev
>>>     
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> geclipse-dev mailing list
>> geclipse-dev@xxxxxxxxxxx
>> https://dev.eclipse.org/mailman/listinfo/geclipse-dev
>>   
> 
> 
> -- 
> 
> ________________________________________________________
> Nicholas Loulloudes
> PhD Candidate,
> Department of Computer Science,
> University of Cyprus,
> Nicosia, Cyprus
> 
> Tel: +357-22892663
> Email: loulloudes.n[at]cs.ucy.ac.cy
> Web: www.cs.ucy.ac.cy/~nickl <http://www.cs.ucy.ac.cy/%7Enickl>
> VSense: vsense.cs.ucy.ac.cy <http://vsense.cs.ucy.ac.cy>
> ________________________________________________________
> 
> 
> 
> _______________________________________________
> geclipse-dev mailing list
> geclipse-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/geclipse-dev



Back to the top