Skip to Content.
Sympa Menu

dynes-deployments - Re: [dynes-deployments] "Error in signature with X509Token"

Subject: DYNES-Deployments

List archive

Re: [dynes-deployments] "Error in signature with X509Token"


Chronological Thread 
  • From: Ty Bell <>
  • To:
  • Subject: Re: [dynes-deployments] "Error in signature with X509Token"
  • Date: Fri, 26 Oct 2012 16:55:07 -0400
Dale,

You can log into your OSCARS UI: https://idc.net.wisc.edu:8443/OSCARS/, lookup the reservation and most of the time I'll provide an error message. For net.wisc.edu-37, the error was: "failed to reach remote domain:https://idc.magpi.net:8443/axis2/services/OSCARScreateReservation: caught BSSException Start time is more than 4 minutes in the past: check your system time or client settings"

I checked the time on the Wisc, MAGPI and Internet2 IDCs and they were all displaying proper time.


--Ty

On Oct 26, 2012, at 3:16 PM, Dale W. Carder <> wrote:


I tried it twice.  Once it gave me FAILED (net.wisc.edu-37), and when
I tried a second time (net.wisc.edu-38) and the circuit did became ACTIVE
with the ping working.

Is there a way to troubleshoot why one instance failed?

best,
Dale


Thus spake Ramiro Voicu () on Fri, Oct 26, 2012 at 02:20:57PM +0200:
Hi Dale,

Please try upenn. I just check it and it works fine from your site.

Thanks
Ramiro

On 10/25/2012 11:02 PM, Dale W. Carder wrote:
To answer my own question actually I see in the logs that it eventually failed too.

Is there a known working endpoint I can use?

Dale


Thus spake Dale W. Carder () on Thu, Oct 25, 2012 at 04:00:48PM -0500:

As it turns out, UNL is exactly where I was trying to get to.

In trying to test to caltech, it does eventually say "Finished ping cmd".  
Does that mean it worked?

Dale

Thus spake Ty Bell () on Thu, Oct 25, 2012 at 04:56:52PM -0400:
Ramiro,

I wouldn't use UNL as an endpoint since it hasn't been finalized.

--Ty

On Oct 25, 2012, at 4:47 PM, Ramiro Voicu <> wrote:

Ty, Dale,

I am now logged in on the FDT box, trying to trace the X509Token error. I don't see it any more.

This one got stuck INCREATE (net.wisc.edu-30) with UNL.

The previous one (net.wisc.edu-29) with Caltech went ACTIVE, but there was no ping on the data plane.

Nonetheless, I don't see the X509 error any more.


Ramiro


On 10/25/2012 10:35 PM, Ty Bell wrote:
Dale,

Are you still experiencing this? I logged into idc.net.wisc.edu
<http://idc.net.wisc.edu> and saw one ACTIVE circuit (net.wisc.edu
<http://net.wisc.edu>-25) but none stuck INCREATE. Do you remember the
reservation ID of the one that was stuck? What other FDT were you trying
to ping?


--Ty

On Oct 25, 2012, at 3:58 PM, Dale W. Carder <
<>> wrote:


So, I'm trying to do the dynes 'ping' and the circuit creation is stuck
in the INCREATE state.

I note in the logs there are suspicious stack traces like this:

Oct 25, 2012 1:50:19 PM fdt.agent.session.CreateCircuitTask
waitForIDCCreate
SEVERE: [ waitForIDCCreate ]  Got exception in waitForRequestSetup().
It will be ignored, but please notify the developers. Cause:
org.apache.axis2.AxisFault: Error in signature with X509Token
     at
org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:70)
     at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
     at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
     at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:429)
     at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:401)
     at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228)
     at
org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
     at
net.es.oscars.oscars.OSCARSStub.queryReservation(OSCARSStub.java:718)
     at net.es.oscars.client.Client.queryReservation(Client.java:222)
     at
fdt.agent.session.CreateCircuitTask.waitForIDCCreate(CreateCircuitTask.java:71)
     at
fdt.agent.session.CreateCircuitTask.run(CreateCircuitTask.java:224)
     at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
     at
java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
     at java.util.concurrent.FutureTask.run(FutureTask.java:166)
     at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
     at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
     at java.lang.Thread.run(Thread.java:722)
Caused by: org.apache.rampart.RampartException: Error in signature
with X509Token
     at
org.apache.rampart.builder.BindingBuilder.getSignatureBuider(BindingBuilder.java:305)
     at
org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:626)
     at
org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:413)
     at
org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:93)
     at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
     at
org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:64)
     ... 16 more
Caused by: org.apache.ws.security.WSSecurityException: General
security error (Unexpected number of X509Data: for Signature)
     at
org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:296)
     at
org.apache.rampart.builder.BindingBuilder.getSignatureBuider(BindingBuilder.java:301)
     ... 21 more


Dale

--
Dale W. Carder - Sr. Network Engineer
University of Wisconsin  /  WiscNet
http://net.doit.wisc.edu/~dwcarder







Archive powered by MHonArc 2.6.16.

Top of Page