使用SSL连接到Tibco EMS时出现javax.crypto.BadPaddingException [英] javax.crypto.BadPaddingException when connecting to Tibco EMS with SSL
问题描述
本主题是先前情况的延续: 如何在Weblogic 11g上设置到ActiveMQ的JMS桥 但现在使用Tibco作为源JMS桥接目标.
This topic is a continuation of previous case: How to setup JMS bridge to ActiveMQ on Weblogic 11g but now using Tibco as a source JMS bridge destination.
尝试从JMS桥配置连接到Tibco EMS时出现以下错误:
I'm getting following error when trying connect to Tibco EMS from JMS bridge configuration :
javax.jms.JMSSecurityException: Error occured while reading identity data: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded
at com.tibco.tibjms.TibjmsSSL._identityFromStore(TibjmsSSL.java:2664)
at com.tibco.tibjms.TibjmsSSL.createIdentity(TibjmsSSL.java:2569)
at com.tibco.tibjms.TibjmsxLinkSSL._initSSL(TibjmsxLinkSSL.java:309)
at com.tibco.tibjms.TibjmsxLinkSSL.connect(TibjmsxLinkSSL.java:390)
at com.tibco.tibjms.TibjmsConnection._create(TibjmsConnection.java:1274)
at com.tibco.tibjms.TibjmsConnection.<init>(TibjmsConnection.java:4100)
at com.tibco.tibjms.TibjmsQueueConnection.<init>(TibjmsQueueConnection.java:36)
at com.tibco.tibjms.TibjmsxCFImpl._createImpl(TibjmsxCFImpl.java:200)
at com.tibco.tibjms.TibjmsxCFImpl._createConnection(TibjmsxCFImpl.java:253)
at com.tibco.tibjms.TibjmsQueueConnectionFactory.createQueueConnection(TibjmsQueueConnectionFactory.java:87)
at weblogic.jms.adapter.JMSBaseConnection.startInternal(JMSBaseConnection.java:364)
at weblogic.jms.adapter.JMSBaseConnection.start(JMSBaseConnection.java:244)
at weblogic.jms.adapter.JMSManagedConnectionFactory.createManagedConnection(JMSManagedConnectionFactory.java:190)
jndi.properties内容:
jndi.properties content:
com.tibco.tibjms.naming.security_protocol=ssl
com.tibco.tibjms.naming.ssl_enable_verify_host=false
com.tibco.tibjms.naming.ssl_enable_verify_hostname=false
com.tibco.tibjms.naming.ssl_vendor=j2se
com.tibco.tibjms.naming.ssl_expected_hostname=test
com.tibco.tibjms.naming.ssl_identity=/home/oracle/keys/test.p12
com.tibco.tibjms.naming.ssl_password=pass
#DEBUG
com.tibco.tibjms.naming.ssl_trace=true
com.tibco.tibjms.naming.ssl_debug_trace=true
com.tibco.tibjms.debug=true
com.tibco.tibjms.ssl.debug.trace=true
com.tibco.tibjms.ssl.trace=true
我已经找到了它所在的异常的根本原因:
I've reached the root cause of the exception it's in:
// sun.security.rsa.RSAPadding.unpadV15()
if (paramArrayOfByte[(i++)] != 0) {
throw new BadPaddingException("Data must start with zero");
}
有什么想法吗?
推荐答案
您需要了解与TIBCO EMS的连接分为两个阶段(如果仅使用私有API,则可以分为1个步骤),其中第一个阶段正在创建中这是到EMS的JNDI连接并查找connectionfactory定义的时候,这是在jndi.properties中设置的属性有用的时候.
You need to understand that connecting to TIBCO EMS is of 2 phases (can be 1 step of course if just using private API), with the first one being creating the JNDI connection to EMS and lookup the connectionfactory definition, this is when the properties you set in jndi.properties become useful.
在返回查询之后,可以使用检索到的ConnectionFactory对象创建实际的连接.您面临的问题是在此阶段没有为客户端私钥提供密码.
After the lookup return, the actual connection can be created using the retrieved ConnectionFactory object. The problem you are facing is during this stage no password is given for the client side private key.
如果您已阅读文档,EMS将尝试使用您传递给ConnectionFactory.createConnection(String userName,String password)的密码.应该有一个地方/属性文件,您可以在其中设置那些托管环境中ConnectionFactory.createConnection()的密码.
If you have read the documentation, EMS will try to use the password you passed to ConnectionFactory.createConnection(String userName, String password). There should be a place / property file where you can set the password for ConnectionFactory.createConnection() in those managed environments.
我想这是避免在托管环境中调用私有API(例如com.tibco.tibjms.TibjmsSSL.setPassword(pass))的唯一方法.
And I guess this is the only way to avoid calling a private API such as com.tibco.tibjms.TibjmsSSL.setPassword(pass) in managed environment.
这篇关于使用SSL连接到Tibco EMS时出现javax.crypto.BadPaddingException的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
