问题
This topic is a continuation of previous case: How to setup JMS bridge to ActiveMQ on Weblogic 11g but now using Tibco as a source JMS bridge destination.
I'm getting following error when trying connect to Tibco EMS from JMS bridge configuration :
javax.jms.JMSSecurityException: Error occured while reading identity data: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded
at com.tibco.tibjms.TibjmsSSL._identityFromStore(TibjmsSSL.java:2664)
at com.tibco.tibjms.TibjmsSSL.createIdentity(TibjmsSSL.java:2569)
at com.tibco.tibjms.TibjmsxLinkSSL._initSSL(TibjmsxLinkSSL.java:309)
at com.tibco.tibjms.TibjmsxLinkSSL.connect(TibjmsxLinkSSL.java:390)
at com.tibco.tibjms.TibjmsConnection._create(TibjmsConnection.java:1274)
at com.tibco.tibjms.TibjmsConnection.<init>(TibjmsConnection.java:4100)
at com.tibco.tibjms.TibjmsQueueConnection.<init>(TibjmsQueueConnection.java:36)
at com.tibco.tibjms.TibjmsxCFImpl._createImpl(TibjmsxCFImpl.java:200)
at com.tibco.tibjms.TibjmsxCFImpl._createConnection(TibjmsxCFImpl.java:253)
at com.tibco.tibjms.TibjmsQueueConnectionFactory.createQueueConnection(TibjmsQueueConnectionFactory.java:87)
at weblogic.jms.adapter.JMSBaseConnection.startInternal(JMSBaseConnection.java:364)
at weblogic.jms.adapter.JMSBaseConnection.start(JMSBaseConnection.java:244)
at weblogic.jms.adapter.JMSManagedConnectionFactory.createManagedConnection(JMSManagedConnectionFactory.java:190)
jndi.properties content:
com.tibco.tibjms.naming.security_protocol=ssl
com.tibco.tibjms.naming.ssl_enable_verify_host=false
com.tibco.tibjms.naming.ssl_enable_verify_hostname=false
com.tibco.tibjms.naming.ssl_vendor=j2se
com.tibco.tibjms.naming.ssl_expected_hostname=test
com.tibco.tibjms.naming.ssl_identity=/home/oracle/keys/test.p12
com.tibco.tibjms.naming.ssl_password=pass
#DEBUG
com.tibco.tibjms.naming.ssl_trace=true
com.tibco.tibjms.naming.ssl_debug_trace=true
com.tibco.tibjms.debug=true
com.tibco.tibjms.ssl.debug.trace=true
com.tibco.tibjms.ssl.trace=true
EDIT: I've reached the root cause of the exception it's in:
// sun.security.rsa.RSAPadding.unpadV15()
if (paramArrayOfByte[(i++)] != 0) {
throw new BadPaddingException("Data must start with zero");
}
Any ideas?
回答1:
You need to understand that connecting to TIBCO EMS is of 2 phases (can be 1 step of course if just using private API), with the first one being creating the JNDI connection to EMS and lookup the connectionfactory definition, this is when the properties you set in jndi.properties become useful.
After the lookup return, the actual connection can be created using the retrieved ConnectionFactory object. The problem you are facing is during this stage no password is given for the client side private key.
If you have read the documentation, EMS will try to use the password you passed to ConnectionFactory.createConnection(String userName, String password). There should be a place / property file where you can set the password for ConnectionFactory.createConnection() in those managed environments.
And I guess this is the only way to avoid calling a private API such as com.tibco.tibjms.TibjmsSSL.setPassword(pass) in managed environment.
回答2:
After some time the problem has been resolved. The case was that password to the private key wasn't provided to Tibco client.
It can be done with:
com.tibco.tibjms.TibjmsSSL.setPassword(pass)
But there is still not clear how to solve this problem in managed environments like Mule ESB connector, or Weblogic bridge config, where your define the client with the meta-data / configuration only... Any comments welcomed.
来源:https://stackoverflow.com/questions/24676937/javax-crypto-badpaddingexception-when-connecting-to-tibco-ems-with-ssl