Telco and IT

Everything which is related to Telecommunications, IT and my work

Belkin KVM: Falied to validate certificate

After one of JVM updates, my Belkin KVM (Remote IP Manager) has started refusing to start with “Falied to validate certificate” error followed by “PKIX path validation failed”:

I’ve found following exceptions in Java console:

sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Algorithm constraints check failed on disabled signature algorithm: MD5withRSA
 at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:352)
 at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:249)
...

and

com.sun.deploy.security.BlockedException: User has denied the privileges to the code
 at sun.plugin2.applet.Plugin2ClassLoader.getPermissions(Unknown Source)
 at sun.plugin2.applet.Applet2ClassLoader.getPermissions(Unknown Source)
 at java.security.SecureClassLoader.getProtectionDomain(SecureClassLoader.java:206)
 at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
 at java.net.URLClassLoader.defineClass(URLClassLoader.java:467)
...

Google says that this is pretty common problem and returned plenty of receipts how to fix it.

Scanning the system for potential locations of the java.security file, there are four candidates. However, there is a catch: we should fix Java not in the system-wide location but the Java plugin for the web browser you’re using (Safari on MacOS in my case).

Jareks-MacBook-Pro:~ jhartman$ locate java.security
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security/java.security
/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib/security/java.security
/Library/Java/JavaVirtualMachines/jdk1.8.0_102.jdk/Contents/Home/jre/lib/security/java.security
/Library/Java/JavaVirtualMachines/jdk1.8.0_45.jdk/Contents/Home/jre/lib/security/java.security

So we can skip the last three locations and just focus on the 1st one. Change the lines as described

Jareks-MacBook-Pro:~ jhartman$ edit "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security/java.security"

jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 256, \
 DSA keySize < 1024, EC keySize < 224
jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768, \
 EC keySize < 224

Save and restart the browser (Safari). This time the KVM applet can start (after plenty of security warnings though).

Update

The application has to be also white-listed, otherwise it will generate error as below:

Open System Preferences, Java settings and add IP address of your KVM to the list:

Add following:

Again: save and restart your browser.

Update 2

Another security exception is required (after one of Java 8 updates):

MBP:~ jhartman$ edit "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security/java.policy"

Add this line within the grant { }; section:

// KVM
permission java.net.SocketPermission "192.168.1.111:444", "connect, accept"; 

NoSQL: Exiting inner Replica loop with exception com.sleepycat.je.rep.RollbackProhibitedException

If a NoSQL Storage Node is not running for a while, after startup it may complaining:

2016-11-17 13:22:34.934 UTC WARNING [admin1] JE: Exiting inner Replica loop with exception com.sleepycat.je.rep.RollbackProhibitedException: (JE 6.4.15) 1(1):/opt/ece/data/nosql/storage2/kvroot/ECEStore/sn1/admin1/env Node 1(1):/opt/ece/data/nosql/storage2/kvroot/ECEStore/sn1/admin1/env must rollback 41 commits to the earliest point indicated by transaction id=-392 time=2016-11-17 14:18:53.969 vlsn=884 lsn=0x0/0x6e4be1 in order to rejoin the replication group, but the transaction rollback limit of 10 prohibits this. Either increase the property je.rep.txnRollbackLimit to a value larger than 10 to permit automatic rollback, or manually remove the problematic transactions. To do a manual removal, truncate the log to file 00000000.jdb, offset 0x6e4944, vlsn 881 using the directions in com.sleepycat.je.util.DbTruncateLog.  ROLLBACK_PROHIBITED: Node would like to roll back past committed transactions, but would exceed the limit specified by je.rep.txnRollbackLimit. Manual intervention required. Environment is invalid and must be closed.

(more…)

ASN.1 encoding tutorial

Introduction

Recently I in my work I had to encode an Inap (to be more precise – Sinap) content “by hand”. It’s not a rocket science however when you need to repeat this action several times it’s worth to prepare an “automatic” solution.

Input data

As an imput I have description of Furnish Charging Information in ASN.1:

FurnishChargingInformation ::= OPERATION 
   ARGUMENT FurnishChargingInformationArg 
   ERRORS {MissingParameter , 
                 TaskRefused , 
                 UnexpectedComponentSequence , 
                 UnexpectedDataValue , 
                 UnexpectedParameter } 
FurnishChargingInformationArg ::= FCIBillingChargingCharacteristics
FCIBillingChargingCharacteristics ::= OCTET STRING (SIZE (minFCIBillingChargingLen..maxFCIBillingChargingLen))

Ok, how to read it? (S)INAP message FurnishChargingInformation has an argument FurnishChargingInformationArg which is eqal to FCIBillingChargingCharacteristics. FCIBillingChargingCharacteristics is a limited size octet string.

(more…)

How to disable and remove usbecm2 device from Solaris 11 server

After fresh installation of T4-1 server, I’ve noticed a network interface which I didn’t expect – the usbecm2:

root@slc:/# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000
net0: flags=100001000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,PHYSRUNNING> mtu 1500 index 7
        inet 139.156.7.116 netmask ffffff00 broadcast 139.156.7.255
        ether 0:10:e0:9a:2e:6
usbecm2: flags=100001000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,PHYSRUNNING> mtu 1500 index 14
        inet 169.254.182.77 netmask ffffff00 broadcast 169.254.182.255
        ether 2:21:28:57:47:17
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
        inet6 ::1/128
net0: flags=120002000840<RUNNING,MULTICAST,IPv6,PHYSRUNNING> mtu 1500 index 7
        inet6 ::/0
        ether 0:10:e0:9a:2e:6
usbecm2: flags=120002000840<RUNNING,MULTICAST,IPv6,PHYSRUNNING> mtu 1500 index 14
        inet6 ::/0
        ether 2:21:28:57:47:17

(more…)