Tuesday, August 23, 2016

Cannot instantiate weblogic.entitlement.data.ldap.EData

We got an interesting failure on WebLogic startup:
Cannot instantiate weblogic.entitlement.data.ldap.EData
null
java.lang.ExceptionInInitializerError
 at com.octetstring.vde.util.guid.GuidGenerator.nextGuidInBytes(GuidGenerator.java:125)
 at com.octetstring.vde.util.guid.Guid.(Guid.java:84)
 at com.octetstring.vde.backend.standard.BackendStandard.add(BackendStandard.java:379)
 at com.octetstring.vde.backend.BackendHandler.add(BackendHandler.java:460)
 at weblogic.ldap.EmbeddedLDAPConnection.add(EmbeddedLDAPConnection.java:1152)
 Truncated. see log file for complete stacktrace

Caused By: java.lang.NullPointerException
 at java.lang.System.arraycopy(Native Method)
 at com.octetstring.vde.util.guid.GuidParamGenerator.generateNodeID(GuidParamGenerator.java:47)
 at com.octetstring.vde.util.guid.GuidStateManager.initializeGUIDParameters(GuidStateManager.java:59)
 at com.octetstring.vde.util.guid.GuidStateManager.(GuidStateManager.java:30)
 at com.octetstring.vde.util.guid.GuidStateManager.(GuidStateManager.java:23)
 Truncated. see log file for complete stacktrace


The getLocalHost test failed:

bash-3.2$ cat TestMe.java
 import java.net.InetAddress;
 import java.net.UnknownHostException;

public class TestMe {
 public static void main(String[] args) throws UnknownHostException 
{ System.out.println(InetAddress.getLocalHost()); } 
}

javac TestMe.java 
 java -cp . TestMe

Exception in thread "main" java.net.UnknownHostException: date: date
 at java.net.InetAddress.getLocalHost(InetAddress.java:1430)
 at TestMe.main(TestMe.java:6)


It turned out that "hostname" prints "date" , instead of the actual hostname
Checking into the usual files /etc/hosts /etc/inet/hosts /etc/hostname.vnet0 /etc/hostname.vnet1 (it's a Solaris box) didn't reveal anything strange.
Up to the OS specialist to fix it.

Monday, August 22, 2016

Thursday, August 18, 2016

ClientHello and ServerHello

When you enable -Dssl.debug=true -Djavax.net.debug=ssl -Dweblogic.log.StdoutSeverity=Debug you get a lot of cryptic information in the logs
This document http://www.cisco.com/c/en/us/support/docs/security-vpn/secure-socket-layer-ssl/116181-technote-product-00.html explains quite well the SSL exchange protocol.


http://security.stackexchange.com/questions/19473/understanding-2048-bit-ssl-and-256-bit-encryption

this is a sample ClientHello:

*** ClientHello, TLSv1
RandomCookie:  GMT: 1454428615 bytes = { 69, 83, 231, 161, 89, 17, 57, 52, 161, 204, 30, 120, 164, 155, 109, 48, 216, 11, 123, 111, 55, 22, 86, 64, 123, 128, 64, 180 }
Session ID:  {}
Cipher Suites: [TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension server_name, server_name: [host_name: ldap.pippo.net]
***
[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)', WRITE: TLSv1 Handshake, length = 94
[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)', READ: TLSv1 Handshake, length = 3726


this is a sample ServerHello:

*** ServerHello, TLSv1
RandomCookie:  GMT: 1454428615 bytes = { 173, 6, 9, 133, 26, 24, 40, 154, 88, 2, 88, 175, 59, 169, 225, 31, 240, 132, 194, 100, 230, 48, 159, 177, 56, 91, 246, 67 }
Session ID:  {49, 77, 200, 173, 221, 205, 188, 24, 24, 109, 151, 39, 90, 35, 26, 224, 39, 31, 102, 10, 125, 130, 207, 170, 124, 33, 67, 152, 53, 80, 6, 204}
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: 
***
%% Initialized:  [Session-1, TLS_RSA_WITH_AES_256_CBC_SHA]
** TLS_RSA_WITH_AES_256_CBC_SHA
*** Certificate chain
chain [0] = [
[
  Version: V3

...... details about certificate chain


]
***
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Cert Authorities:


*** ServerHelloDone









It's the future

https://circleci.com/blog/its-the-future/

I am reblogging this fantastic piece of Theater, a sort of "Dialogue Concerning the Two Chief World Systems" where Simplicio at the end proves to be much wiser than Salviati. As for me, I like to be a Sagredo and sit and watch the dispute - only thinking that I can use a product only if it has sound foundations, proper engineering, excellent documentation and a huge amount of testing behind.



I had to disgrace in a distant past to work UNDER a guy who believed that any problem should be solved by at least half a dozen open source products stitched together in a wobbly haphazard and totally undocumented manner. I dedicate to him this post, with great relief that I am no longer UNDER him.

Wednesday, August 17, 2016

BEA-000449 Closing the socket, as no data read from it on 1.2.3.4:5,6789

BEA-000449 Closing the socket, as no data read from it on 1.2.3.4:5,6789 during the configured idle timeout of 5 seconds

1.2.3.4:5,6789 represents an IP (1.2.3.4) and port number 5,6789 (I find irritating that then print the , as separator....)

This message can be ignored NORMALLY (use a log filter is you like), and the IP addresses most likely are Load Balancer IPs. It means PROBABLY that a user doesn't wait for a web page to be entirely loaded, and navigates away closing abruptly the current socket transfer. The "configured idle timeout" however identifies a special case of "login timeout" kicking in (see below)

Read "Error Logs Say "Warning Socket BEA-000449 Closing socket as no data read" (Doc ID 2051032.1)" oracle document, saying that

"WebLogic Server tries to reuse sockets to improve performance, but sockets which are idle for a specified period are closed. The length of this period is controlled by the weblogic.client.socket.ConnectTimeout parameter, which specifies the amount of time the server waits before closing an inactive HTTP connection. This is set in the WebLogic Server startup script as one of the JAVA_OPTIONS. For example:

-Dweblogic.client.socket.ConnectTimeout=XXX"



Surely, if 5 seconds is too little , you can change it! Probably 5 s comes from the configuration value of login timeout :

"config / turning / login time out : (default is 5000ms)" "The login timeout for this server's default regular (non-SSL) listen port. This is the maximum amount of time allowed for a new connection to establish." ServerMBean.LoginTimeoutMillis



Thursday, August 4, 2016

Could not create the Java Virtual Machine

cat Test.java 
public class Test {
 public static void main(String[] args) {
        System.out.println("ciao");
 }

}
javac Test.java
export PIPPO="ciao - bello"
java -Dpippo=$PIPPO Test
Unrecognized option: -
Error: Could not create the Java Virtual Machine.
Error: A fatal exception has occurred. Program will exit.



This is how a simple space in the value of a property can mess up your JVM.
if you run this
java -Dpippo="$PIPPO" Test
(with additional quotes) all works fine!

Tuesday, August 2, 2016

WindowBuilder to build Swing client in Java

If you think Swing is bad, what about the endless mess that is Web UI development.... so we chose the lesser evil.... anyway UI technologies are one of the most Epic Failures in IT history, for they all lack a really stable mathematical model behind them.
Installation instructions: http://download.eclipse.org/windowbuilder/WB/integration/4.4/
In fact it took me a while to discover that the "update site URL" is the same http://download.eclipse.org/windowbuilder/WB/integration/4.4/ (sorry Eclipse for being so dumb... if I were smart I would not be using Eclipse in the first place)
After you install, you discover that now you have 2 new Perspectives, WindowBuilder Palette and Structure. You can live without them.
After a LOT of clicks I discover that the latest doc is here . I love Eclipse, it turns life in a treasure hunt game.
Anyway using the WindowBuilder is relatively simple and it seems to fulfill its promise of two-way engineering (edit the code, and see the result in the design view).