Wrong JDK

Recently I have noticed a dumb tendency when devops/developers instead of installing Oracle JDK do something weird: they download Documentum Foundation Classes distribution archive from EMC portal and try to use JDK shipped within that distribution archive (another weird case is an attempt to deploy applications into JBoss installed on Content Server host) – never ever do that: the JRE/JDK bundled with Documentum products is broken. The problem is since D7 EMC started poisoning bundled JRE by their cryptographic libraries – I already mentioned that here, but slow startup is only a part of problem, the real problem is these cryptographic libraries are broken (check the thorough explanation on ECN: xcp wait for email on gmail working for anyone?). Typical stacktraces are:

Caused by: java.security.cert.CertificateException: Certificate contains invalid public key: Unrecognized public key.
 at com.rsa.cryptoj.o.pk.g(Unknown Source)
 at com.rsa.cryptoj.o.pk.<init>(Unknown Source)
 at com.rsa.cryptoj.o.pj.<init>(Unknown Source)
 at com.rsa.cryptoj.o.pg.a(Unknown Source)
 at com.rsa.cryptoj.o.ot.engineGenerateCertificate(Unknown Source)
 at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339)
 at com.bea.common.security.jdkutils.X509CertificateFactory.engineGenerateCertificate(X509CertificateFactory.java:118)
 at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339)
java.security.SignatureException: Certificate verify failed!
 at com.rsa.cryptoj.o.pj.a(Unknown Source)
 at com.rsa.cryptoj.o.pj.verify(Unknown Source)
 at com.dstc.security.util.licensing.License.getPublicKey(License.java:275)
com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "Connection reset ClientConnectionId:21963716-d0fc-4801-9904-f7c304848444".
at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:1668)
at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1668)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:1324)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:992)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:828)
at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:1012)
at java.sql.DriverManager.getConnection(DriverManager.java:579)
at java.sql.DriverManager.getConnection(DriverManager.java:243)
Caused by: java.io.IOException: Connection reset ClientConnectionId:21963716-d0fc-4801-9904-f7c304848444
at com.microsoft.sqlserver.jdbc.TDSChannel$SSLHandshakeInputStream.readInternal(IOBuffer.java:717)
at com.microsoft.sqlserver.jdbc.TDSChannel$SSLHandshakeInputStream.read(IOBuffer.java:700)
at com.microsoft.sqlserver.jdbc.TDSChannel$ProxyInputStream.readInternal(IOBuffer.java:895)
at com.microsoft.sqlserver.jdbc.TDSChannel$ProxyInputStream.read(IOBuffer.java:883)
at com.rsa.sslj.x.aP.c(Unknown Source)
at com.rsa.sslj.x.aP.a(Unknown Source)
at com.rsa.sslj.x.aP.a(Unknown Source)
at com.rsa.sslj.x.aP.h(Unknown Source)
at com.rsa.sslj.x.cy.startHandshake(Unknown Source)
at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1618)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s