-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
voms-proxy-init fails to decrypt the private key of my EEC #19
Comments
Hi @paulmillar , is this issue still bugging you? |
Well, yes. I'm currently using a work-around: voms-proxy-init2 (the C-client) works:
However, the Java client continues to be completely useless for me:
For reference, these are the versions I have installed:
|
Hi Paul, as you see from the stack trace
voms-clients relies on CANL to load credentials (which relies on Bouncycastle). Taking inspiration from the issue above, I reproduced the issue as follows:
And then with this small program: public class TestPrivateKeyParsing {
public static void main(String[] args) throws IOException {
FileInputStream key1_0 = new FileInputStream("testkey-1.0.2.pem");
FileInputStream key1_1 = new FileInputStream("testkey-1.1.pem");
PasswordSupplier ps = () -> "pippo".toCharArray();
CertificateUtils.loadPEMPrivateKey(key1_0,ps);
System.out.println("key_1_0 loaded succesfully");
CertificateUtils.loadPEMPrivateKey(key1_1,ps);
System.out.println("key_1_1 loaded succesfully");
}
} which prints on my machine:
|
@golbi also probably should have a look... |
This issue has become pressing, as there are now VOMS servers that no longer work with the C-client ( Via email, Andrea pointed out two work-arounds for this issue: 1. Use the (unsupported) C-client to generate the proxyFirst, generate the proxy (without any VOMS AC):
Then use the Java-client to add the VOMS AC to the proxy:
2. Re-encrypt the private key
|
Here is
voms-proxy-init
not working:This is actually
voms-proxy-inti3
:Here are other tools successfully creating a proxy from the same EEC:
Here are some environment details:
Since the error message doesn't really say what went wrong (perhaps another bug, there), I took the current versions of libraries (available through Debian stretch) and added some simple debugging:
Here is the output of
voms-proxy-init
when run with these patched libraries:Here's a rough summary of the credentials:
I've configured my laptop to use
voms-proxy-init2
as a work-around, so this isn't urgentThe text was updated successfully, but these errors were encountered: