Loading…
Tilbage

Profilbillede

Strange Java Error

Zoran Avtarovski

H Guys,

I was going through our logs and saw the following error has appeared since updating our product to use the oiosaml2.java-2.2.1 jar.

2021-05-29 05:52:47,624 ERROR [CRLChecker] logging.Log4JLogger (Log4JLogger.java:92) - Unexpected error while reading CA certficate from: file:/temp/TRUST2408SystemtestXIXCA.cer
java.io.FileNotFoundException: /temp/TRUST2408SystemtestXIXCA.cer (No such file or directory)
    at java.io.FileInputStream.open0(Native Method) ~[?:1.8.0_292]
    at java.io.FileInputStream.open(FileInputStream.java:195) ~[?:1.8.0_292]
    at java.io.FileInputStream.<init>(FileInputStream.java:138) ~[?:1.8.0_292]
    at java.io.FileInputStream.<init>(FileInputStream.java:93) ~[?:1.8.0_292]
    at sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:90) ~[?:1.8.0_292]
    at sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:188) ~[?:1.8.0_292]
    at java.net.URL.openStream(URL.java:1068) ~[?:1.8.0_292]
    at dk.itst.oiosaml.sp.metadata.CRLChecker.getCertificateCA(CRLChecker.java:329) [oiosaml2.java-2.2.1.jar:?]
    at dk.itst.oiosaml.sp.metadata.CRLChecker.doOCSPCheck(CRLChecker.java:263) [oiosaml2.java-2.2.1.jar:?]
    at dk.itst.oiosaml.sp.metadata.CRLChecker.checkCertificate(CRLChecker.java:209) [oiosaml2.java-2.2.1.jar:?]
    at dk.itst.oiosaml.sp.metadata.CRLChecker.access$000(CRLChecker.java:95) [oiosaml2.java-2.2.1.jar:?]
    at dk.itst.oiosaml.sp.metadata.CRLChecker$1.call(CRLChecker.java:121) [oiosaml2.java-2.2.1.jar:?]
    at dk.itst.oiosaml.sp.metadata.CRLChecker$1.call(CRLChecker.java:119) [oiosaml2.java-2.2.1.jar:?]
    at org.fishwife.jrugged.CircuitBreaker.invoke(CircuitBreaker.java:238) [jrugged-core-3.2.2.jar:?]
    at dk.itst.oiosaml.sp.metadata.CRLChecker.checkCertificates(CRLChecker.java:119) [oiosaml2.java-2.2.1.jar:?]
    at dk.itst.oiosaml.sp.metadata.CRLChecker$2.run(CRLChecker.java:602) [oiosaml2.java-2.2.1.jar:?]
    at java.util.TimerThread.mainLoop(Timer.java:555) [?:1.8.0_292]
    at java.util.TimerThread.run(Timer.java:505) [?:1.8.0_292]

What I don't understand is why is it searching for the certificate locally. Would it make sense to use a default public URL?

We don't have the oiosaml-sp.ocsp.ca property set. Where do we get the CA certificate so we can do the setup locally?

 

We don't have a 

 

Hi Zoran,

You can download the SystemTest XIX CA certificate from http://f.aia.systemtest19.trust2408.com/systemtest19-ca.cer

The URL should also be available from the Authority Information Access attribute of the end-user certificate which was issued by SystemTest XIX CA.

Best regards,
Morten D. Bech