Bug 478266
| Summary: | Penrose OpenDS startup fails with 'AES KeyGenerator not available' | ||
|---|---|---|---|
| Product: | [Retired] penrose | Reporter: | Chandrasekar Kannan <ckannan> |
| Component: | Configuration | Assignee: | Endi Sukma Dewata <edewata> |
| Status: | CLOSED EOL | QA Contact: | Ben Levenson <benl> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 2.0 | CC: | benl, nmalki, ykaul |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-03-27 19:35:14 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 471500 | ||
OpenDS is dependent on Sun JDK and JAVA_HOME needs to be configured properly.. JDK is required. JRE will not work. |
When upgrading from Penrose 1.1.2 to 2.0RC1 (OpenDS), after following the migration documentation, Penrose starts the JMX service and then generates the following exception when attempting to start OpenDS: [06/17/2008 09:26:56] CryptoManager cannot get the requested encryption cipher AES/CBC/PKCS5Padding: CryptoManagerException(CryptoManager failed to instantiate a KeyGenerator fo r algorithm "AES": NoSuchAlgorithmException(AES KeyGenerator not available)) org.opends.server.types.InitializationException: CryptoManager cannot get the requested encryption cipher AES/CBC/PKCS5Padding: CryptoManagerException(CryptoManager failed to in stantiate a KeyGenerator for algorithm "AES": NoSuchAlgorithmException(AES KeyGenerator not available)) at org.opends.server.crypto.CryptoManagerImpl.<init>(CryptoManagerImpl.java:288) at org.opends.server.core.DirectoryServer.initializeCryptoManager(DirectoryServer.java:2248) at org.opends.server.core.DirectoryServer.startServer(DirectoryServer.java:1317) at org.safehaus.penrose.opends.OpenDSLDAPService.init(OpenDSLDAPService.java:74) at org.safehaus.penrose.service.Service.init(Service.java:54) at org.safehaus.penrose.service.ServiceManager.startService(ServiceManager.java:113) at org.safehaus.penrose.server.PenroseServer.start(PenroseServer.java:114) at org.safehaus.penrose.server.PenroseServer.main(PenroseServer.java:301) Please note that the Unlimited Strength policy files and Bouncy Castle version 139 are installed into the JVM. The keystore is JKS. I have taken the following steps in an attempt to correct the problem, all without any effect: - downloaded the BouncyCastle regression tests to verify that the AES (and all other) ciphers are available and functioning in the JVM - downgraded to BouncyCastle version 135 (the version which was used with Penrose 1.1.2) - removed the AES Password Storage Scheme from {PENROSE_HOME}/services/OpenDS/config/config.ldif Additional Comments From jrwilson dated Tue Jun 17 17:33:43 CDT 2008 The same error appears in a clean install of Penrose 2.0RC1 on startup--the error is unrelated to migrated partition data. Additional Comments From jrwilson dated Tue Jun 17 18:09:38 CDT 2008 The Penrose 1.1.2 installation used Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_11-b03) with Bouncy Castle 135. Installing this version of the JVM has no effect on the error encountered. Additional Comments From jrwilson dated Wed Jun 18 16:27:57 CDT 2008 I have now tried this configuration on both 32 and 64-bit environments with no change to the error conditions. Additional Comments From jimyang dated Fri Aug 08 10:30:41 CDT 2008 Make sure your JAVA_HOME is setup properly. Additional Comments From jrwilson dated Fri Aug 08 18:07:53 CDT 2008 Jim, many thanks. Your reply made me double-check the service script I am using. While it sets JAVA_HOME, it did not export JAVA_HOME, a fact I had overlooked earlier. Additional Comments From alex.davies dated Fri Sep 05 16:51:14 CDT 2008 I have this issue too, with Penrose 2.0 RC4 on RHEL5 i386. To fix this, I added this to the etc/init.d/penrose-server scripts provided (which I have copied to /etc/init.d and made executable): # Add just below #!/bin/sh JAVA_HOME=/usr/java/jdk1.6.0_10/jre export JAVA_HOME JAVA_BIN=$JAVA_HOME/bin CLASSPATH=$CLASSPATH:$JAVA_HOME:$JAVA_HOME/lib PATH=$JAVA_BIN:$PATH export JAVA_BIN CLASSPATH PATH I installed the JDK RPM from http://www.java.net/download/jdk6/6u10/promoted/b28/binaries/jdk-6u10-rc-bin-b28-linux-i586-21_jul_2008-rpm.bin (note you need JDK, NOT JRE) [the downloaded .bin file expands out to jdk-6u10-rc-linux-i586.rpm] Hope this is helpful to someone. I suggest that this isnt the most sensible error message for Penrose to give if JAVA_HOME is incorrect... ========================================================= Issue dump from jira $VAR1 = { 'priority' => '3', 'customFieldValues' => [], 'project' => 'PENROSE', 'status' => '1', 'components' => [ { 'name' => 'Configuration', 'id' => '10014' } ], 'reporter' => 'jrwilson', 'key' => 'PENROSE-301', 'assignee' => 'jimyang', 'summary' => 'Penrose OpenDS startup fails with 'AES KeyGenerator not available'', 'id' => '10998', 'updated' => '2008-09-05 16:51:14.0', 'votes' => '0', 'fixVersions' => [], 'affectsVersions' => [ { 'releaseDate' => '2008-04-07 00:00:00.0', 'sequence' => '28', 'name' => 'Penrose-2.0RC1', 'released' => 'true', 'id' => '10093', 'archived' => 'false' } ], 'description' => 'When upgrading from Penrose 1.1.2 to 2.0RC1 (OpenDS), after following the migration documentation, Penrose starts the JMX service and then generates the following exception when attempting to start OpenDS: [06/17/2008 09:26:56] CryptoManager cannot get the requested encryption cipher AES/CBC/PKCS5Padding: CryptoManagerException(CryptoManager failed to instantiate a KeyGenerator fo r algorithm "AES": NoSuchAlgorithmException(AES KeyGenerator not available)) org.opends.server.types.InitializationException: CryptoManager cannot get the requested encryption cipher AES/CBC/PKCS5Padding: CryptoManagerException(CryptoManager failed to in stantiate a KeyGenerator for algorithm "AES": NoSuchAlgorithmException(AES KeyGenerator not available)) at org.opends.server.crypto.CryptoManagerImpl.<init>(CryptoManagerImpl.java:288) at org.opends.server.core.DirectoryServer.initializeCryptoManager(DirectoryServer.java:2248) at org.opends.server.core.DirectoryServer.startServer(DirectoryServer.java:1317) at org.safehaus.penrose.opends.OpenDSLDAPService.init(OpenDSLDAPService.java:74) at org.safehaus.penrose.service.Service.init(Service.java:54) at org.safehaus.penrose.service.ServiceManager.startService(ServiceManager.java:113) at org.safehaus.penrose.server.PenroseServer.start(PenroseServer.java:114) at org.safehaus.penrose.server.PenroseServer.main(PenroseServer.java:301) Please note that the Unlimited Strength policy files and Bouncy Castle version 139 are installed into the JVM. The keystore is JKS. I have taken the following steps in an attempt to correct the problem, all without any effect: - downloaded the BouncyCastle regression tests to verify that the AES (and all other) ciphers are available and functioning in the JVM - downgraded to BouncyCastle version 135 (the version which was used with Penrose 1.1.2) - removed the AES Password Storage Scheme from {PENROSE_HOME}/services/OpenDS/config/config.ldif ', 'created' => '2008-06-17 11:29:21.0', 'environment' => 'Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_15-b04), Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 5.0, Bouncy Castle bcprov-jdk15-139.jar, running on SUSE Enterprise', 'type' => '1' }; =========================================================