Comments (3)
Hi Boris,
This is actually not a problem with the import/export stuff.
The short explanation: The certificate/key stores we ship with in the quickstarts and demo need to be regenerated. This is already done on master, see: https://github.com/apiman/apiman/pull/345/files
The long explanation: In a recent update to Java 8 JRE (1.8.0_72 as far as I can tell), the security constraints on certificates were updated to no longer accept weak hashing algorithms (e.g. MD5). This was because we generated the keystores using Java 7 way back, and its default settings were to use MD5. Iβve since regenerated it using Java 8βs latest keytool, which is using SHA256.
Solutions:
- Best - Generate your own keystores/certificate stores using Java 8+ keytool. See https://github.com/apiman/apiman/pull/345/files. You should do this anyway if youβre using apiman outside of internal testing.
- Bad but works - Download and replace certificate stores as per https://github.com/apiman/apiman/pull/345/files
Regards,
Marc
On 9 Feb 2016, at 10:01, Boris Korogvich [email protected] wrote:
Hi everyone.
I try to import JSON data to an empty Apiman. Apiman use Oracle Database Express Edition 11g.
Db config:
apiman.hibernate.dialect=org.hibernate.dialect.Oracle10gDialect
apiman.hibernate.hbm2ddl.auto=update
In logs all is OK:INFO: ----------------------------
INFO: Starting apiman data import.
INFO: Importing data from apiman version: 1.2.1.Final
INFO: Importing a user: admin
INFO: Importing a gateway: The Gateway
INFO: Importing a role: Organization Owner
INFO: Importing a role: Client App Developer
INFO: Importing a role: API Developer
INFO: Importing a policy definition: IP Whitelist Policy
INFO: Importing a policy definition: IP Blacklist Policy
INFO: Importing a policy definition: BASIC Authentication Policy
INFO: Importing a policy definition: Rate Limiting Policy
INFO: Importing a policy definition: Ignored Resources Policy
INFO: Importing a policy definition: Authorization Policy
INFO: Importing a policy definition: Quota Policy
INFO: Importing a policy definition: Caching Policy
INFO: Importing a policy definition: Transfer Quota Policy
INFO: Importing an organization: System Technologies
INFO: Importing a role membership: admin+OrganizationOwner=>SystemTechnologies
INFO: Importing a plan: Anti DDOS
INFO: Importing a plan version: 1.0
INFO: Importing a plan policy: Rate Limiting Policy
INFO: Importing an API: Tokenizer API
INFO: Importing an API version: 1.0
INFO: Importing an API version: 1.01
INFO: Importing a client: STPP Console
INFO: Importing a client version: 1.0
INFO: Importing an audit entry: 1
INFO: Importing an audit entry: 3
INFO: Importing an audit entry: 5
INFO: Importing an audit entry: 6
INFO: Importing an audit entry: 8
INFO: Importing an audit entry: 10
INFO: Importing an audit entry: 11
INFO: Importing an audit entry: 13
INFO: Importing an audit entry: 14
INFO: Importing an audit entry: 15
INFO: Importing an audit entry: 16
INFO: Importing an audit entry: 17
INFO: Importing an audit entry: 19
INFO: Importing an audit entry: 20
INFO: Importing an audit entry: 21
INFO: Importing an audit entry: 22
INFO: Importing an audit entry: 24
INFO: Importing an audit entry: 25
INFO: Importing an audit entry: 26
INFO: Importing an audit entry: 27
INFO: Importing an audit entry: 28
INFO: Importing an audit entry: 29
INFO: Importing an audit entry: 31
INFO: Importing an audit entry: 32
INFO: Importing an audit entry: 33
INFO: Importing an audit entry: 34
INFO: +Importing a client contract: 37fbaf07-3ec5-43f1-acbb-ed4ec82a5394
INFO: Publishing APIs to the gateway.
INFO: Publishing API: SystemTechnologies / TokenizerAPI -> 1.01
But I get a bunch of exceptions in stdout:12:42:53,922 INFO [stdout](default task-23) java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: java.security.cert.Certific[226/1940]
on: Certificates does not conform to algorithm constraints
12:42:53,923 INFO [stdout](default task-23) java.lang.RuntimeException: java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: java.sec$
rity.cert.CertificateException: Certificates does not conform to algorithm constraints
12:42:53,923 INFO [stdout](default task-23) at io.apiman.manager.api.exportimport.manager.StorageImportDispatcher.publishApis(StorageImportDisp$
tcher.java:501) ~[apiman-manager-api-export-import-api-1.2.1.Final.jar:?]
12:42:53,923 INFO [stdout](default task-23) at io.apiman.manager.api.exportimport.manager.StorageImportDispatcher.close(StorageImportDispatcher$
java:431) ~[apiman-manager-api-export-import-api-1.2.1.Final.jar:?]
12:42:53,923 INFO [stdout](default task-23) at io.apiman.manager.api.exportimport.manager.StorageImportDispatcher$Proxy$_$$_WeldClientProxy.clo$
e(Unknown Source) ~[apiman-manager-api-export-import-api-1.2.1.Final.jar:?]
12:42:53,923 INFO [stdout](default task-23) at io.apiman.manager.api.exportimport.json.JsonImportReader.read(JsonImportReader.java:159) [apiman$
manager-api-export-import-api-1.2.1.Final.jar:?]
12:42:53,923 INFO [stdout](default task-23) at io.apiman.manager.api.rest.impl.SystemResourceImpl$2.write(SystemResourceImpl.java:235) [apiman-$
anager-api-rest-impl-1.2.1.Final.jar:?]
12:42:53,923 INFO [stdout](default task-23) at org.jboss.resteasy.plugins.providers.StreamingOutputProvider.writeTo(StreamingOutputProvider.java
:32) [resteasy-jaxrs-3.0.11.Final.jar!/:?]
12:42:53,923 INFO [stdout](default task-23) at org.jboss.resteasy.plugins.providers.StreamingOutputProvider.writeTo(StreamingOutputProvider.java
:17) [resteasy-jaxrs-3.0.11.Final.jar!/:?]
12:42:53,923 INFO [stdout](default task-23) at org.jboss.resteasy.core.interception.AbstractWriterInterceptorContext.writeTo(AbstractWriterInter
ceptorContext.java:129) [resteasy-jaxrs-3.0.11.Final.jar!/:?]
12:42:53,923 INFO [stdout](default task-23) at org.jboss.resteasy.core.interception.ServerWriterInterceptorContext.writeTo(ServerWriterIntercept
orContext.java:62) [resteasy-jaxrs-3.0.11.Final.jar!/:?]
12:42:53,923 INFO [stdout](default task-23) at org.jboss.resteasy.core.interception.AbstractWriterInterceptorContext.proceed(AbstractWriterInter
ceptorContext.java:118) [resteasy-jaxrs-3.0.11.Final.jar!/:?]
12:42:53,923 INFO [stdout](default task-23) at org.jboss.resteasy.security.doseta.DigitalSigningInterceptor.aroundWriteTo(DigitalSigningIntercep
tor.java:143) [resteasy-crypto-3.0.11.Final.jar!/:?]
12:42:53,923 INFO [stdout](default task-23) at org.jboss.resteasy.core.interception.AbstractWriterInterceptorContext.proceed(AbstractWriterInte$
12:42:53,937 INFO [stdout](default task-23) Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Cert[66/1940]
does not conform to algorithm constraints
12:42:53,937 INFO [stdout](default task-23) at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:?]
12:42:53,937 INFO [stdout](default task-23) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) ~[?:?]
12:42:53,937 INFO [stdout](default task-23) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) ~[?:?]
12:42:53,937 INFO [stdout](default task-23) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) ~[?:?]
12:42:53,937 INFO [stdout](default task-23) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509) ~[?:?]
12:42:53,937 INFO [stdout](default task-23) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:?]
12:42:53,937 INFO [stdout](default task-23) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) ~[?:?]
12:42:53,938 INFO [stdout](default task-23) at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) ~[?:?]
12:42:53,938 INFO [stdout](default task-23) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) ~[?:?]
12:42:53,938 INFO [stdout](default task-23) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[?:?]
12:42:53,938 INFO [stdout](default task-23) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) ~[?:?]
12:42:53,938 INFO [stdout](default task-23) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) ~[?:?]
12:42:53,938 INFO [stdout](default task-23) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactor
y.java:290) ~[httpclient-4.3.6.jar:4.3.6]
12:42:53,938 INFO [stdout](default task-23) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java
:259) ~[httpclient-4.3.6.jar:4.3.6]
12:42:53,938 INFO [stdout](default task-23) at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:
125) ~[httpclient-4.3.6.jar:4.3.6]
12:42:53,938 INFO [stdout](default task-23) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionM
anager.java:319) ~[httpclient-4.3.6.jar:4.3.6]
12:42:53,938 INFO [stdout](default task-23) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363) ~[httpclien
t-4.3.6.jar:4.3.6]
12:42:53,938 INFO [stdout](default task-23) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219) ~[httpclient-4.3.6
.jar:4.3.6]
12:42:53,938 INFO [stdout](default task-23) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195) ~[httpclient-4.3.6.ja$
12:42:53,939 INFO [stdout](default task-23) Caused by: java.security.cert.CertificateException: Certificates does not conform to algorithm constra
ints
12:42:53,939 INFO [stdout](default task-23) at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1055)
~[?:?]
12:42:53,939 INFO [stdout](default task-23) at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:981) ~[?:?]
12:42:53,939 INFO [stdout](default task-23) at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:923) ~[?:?]
12:42:53,939 INFO [stdout](default task-23) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491) ~[?:?]
12:42:53,939 INFO [stdout](default task-23) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:?]
12:42:53,939 INFO [stdout](default task-23) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) ~[?:?]
12:42:53,939 INFO [stdout](default task-23) at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) ~[?:?]
12:42:53,939 INFO [stdout](default task-23) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) ~[?:?]
12:42:53,939 INFO [stdout](default task-23) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[?:?]
12:42:53,939 INFO [stdout](default task-23) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) ~[?:?]
12:42:53,939 INFO [stdout](default task-23) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) ~[?:?]
12:42:53,944 INFO [stdout](default task-23) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactor
y.java:290) ~[httpclient-4.3.6.jar:4.3.6]
12:42:53,945 INFO [stdout](default task-23) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java
:259) ~[httpclient-4.3.6.jar:4.3.6]
12:42:53,945 INFO [stdout](default task-23) at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:
125) ~[httpclient-4.3.6.jar:4.3.6]
12:42:53,945 INFO [stdout](default task-23) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionM
β
Reply to this email directly or view it on GitHub https://github.com//issues/367.
from apiman.
@VEINHORN - to answer your question about Oracle support. Yes, we do plan on creating DDLs for both Oracle and SQL Server. You can watch the progress of that task here:
https://issues.jboss.org/browse/APIMAN-950
from apiman.
@msavy @EricWittmann This problem has occured after migrating from JVM 7 to 8 on our VM. Thank you guys. Now all works fine. π
from apiman.
Related Issues (20)
- Problems with allowedIssuers HOT 6
- Support for specifying muliple elasticsearch hosts HOT 1
- Portal does not display Cyrillic characters when adding translations to i18n HOT 3
- The Extended API Description goes beyond the boundaries if the text is too long
- The Extended API Description code syntax highlighting
- Add DNS filtering to Blacklist and Whitelist Policies
- Apiman 3.1.2.Final and Tomcat 9 HOT 1
- Loops with at Most One Iteration
- Issuer build Error in KeycloakOAuthFactory.buildIssuerWithRealm HOT 1
- APIMAN with client auth HOT 3
- Failed to publish API
- Plugins: "TypeError: Cannot read properties of undefined (reading 'indexOf')" HOT 6
- JSON plugin forms sometimes render multiple times HOT 1
- Vert.x: Allow finer configuration of HTTP Client settings between Apiman Gateway and API Backend HOT 1
- APIMAN Gateway encodes even the reserve characters from query parameter value HOT 3
- Authorization Policy - No roles have been extracted during authentication HOT 1
- `apiman.manager` vs `apiman-manager` config inconsistency
- Incorrect implementation of key handling in KeycloakOAuth2 Plugin
- Incorrect implementation of key handling in JWT Plugin HOT 1
- Cache remotely downloaded plugins when non-snapshot
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from apiman.