java.security.InvalidAlgorithmParameterException: parameter object not a ECParameterSpec
Asked Answered
R

2

6

We are using WL 11g and jdk1.7 update 121 on linux machine.

We are seeing below error during web service call to another weblogic machine. Any thoughts

2017-02-14 18:23:20,777 [system] [DEBUG] [rule] UserProvisioningServiceUtility.log - tcContactPK:: 0
2017-02-14 18:23:20,777 [system] [DEBUG] [rule] UserProvisioningServiceUtility.log - replacing created by with actual pk
2017-02-14 18:23:20,778 [system] [DEBUG] [rule] UserProvisioningServiceUtility.log - hostname : uatapp.corp.com
2017-02-14 18:23:20,778 [system] [DEBUG] [rule] UserProvisioningServiceUtility.log - port : 7004
2017-02-14 18:23:20,778 [system] [DEBUG] [rule] UserProvisioningServiceUtility.log - scheme : https
2017-02-14 18:23:20,779 [system] [DEBUG] [rule] UserProvisioningServiceUtility.log - Invoking Webservice with url: https://uatapp.corp.com:7004/api/jsonws/lgs-services-portlet.ipeuserprovisionws/I-pe-create-use-email/user-email-id/a%40b.c/first-name/DAVID/middle-name/J./last-name/SEPANIK/dspersonid/12568/action/Add/new-roles/External_OC_Portal/createdby-userid/4003/user-company-pk/19685
2017-02-14 18:23:21,065 [system] [DEBUG] [rule] UserProvisioningServiceUtility.log - IOException : javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1916)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1874)
    at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1857)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1378)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355)
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:543)
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:409)
    at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
    at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)
    at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
    at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:71)
    at UserProvisioningServiceUtility.callJsonService(UserProvisioningServiceUtility.java:339)
    at UserProvisioningServiceUtility.runService(UserProvisioningServiceUtility.java:93)
    at CONT_UserProvisioning_SA.processRequest(CONT_UserProvisioning_SA.java:1975)
    at CONT_UserProvisioning_SA.runRule(CONT_UserProvisioning_SA.java:862)
    at CONT_UserProvisioning_SA.action(CONT_UserProvisioning_SA.java:57)
    at com.mitratech.teamconnect.base.factory.rule.impl.LegacyJavaActionBuilder.executeAction(LegacyJavaActionBuilder.java:48)
    at com.mitratech.teamconnect.base.factory.rule.ScheduledActionExecutor.executeScheduledAction(ScheduledActionExecutor.java:75)
    at com.mitratech.teamconnect.base.factory.FQAppvEngine.executeScheduledAction(FQAppvEngine.java:2556)
    at com.mitratech.teamconnect.base.factory.TCAutomatedActionJob$1.call(TCAutomatedActionJob.java:127)
    at com.mitratech.teamconnect.base.factory.FQUtility.runAsSystemUser(FQUtility.java:649)
    at com.mitratech.teamconnect.base.factory.FQUtility.runAsSystemUserInDomain(FQUtility.java:617)
    at com.mitratech.teamconnect.base.factory.TCAutomatedActionJob.execute(TCAutomatedActionJob.java:51)
    at org.quartz.core.JobRunShell.run(JobRunShell.java:216)
    at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549)
Caused by: java.lang.RuntimeException: Could not generate DH keypair
    at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:82)
    at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:720)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:278)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:913)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:849)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1035)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1344)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1371)
    ... 23 more
Caused by: java.security.InvalidAlgorithmParameterException: parameter object not a ECParameterSpec
    at org.bouncycastle.jce.provider.JDKKeyPairGenerator$EC.initialize(Unknown Source)
    at sun.security.

ssl.ECDHCrypt.(ECDHCrypt.java:77) ... 30 more

Rhombic answered 14/2, 2017 at 23:45 Comment(0)
S
13

This issues are usually related to having an outdated version of bouncycastle. I would recomend to check what bouncycastle versions are being included if using Maven and try to exclude them an let bcprov-jdk15on as the only version in your application.

You can read a very interesting article about a similar error here.

Shogunate answered 15/2, 2017 at 15:1 Comment(1)
That worked for me too. I had bcprov-jdk14 version of library.Nuggar
R
8

After I added below java arg, issue is now fixed

-Dcom.sun.net.ssl.enableECC=false

Thanks

Rhombic answered 17/2, 2017 at 0:17 Comment(2)
Worked for me as well. Used java 1.8.0_211 and bouncycastle 1.61, both are the freshest possible.Kautz
There was bcprov-jdk13-137.jar in another app of the same tomcat and it was the root cause of the problem.Kautz

© 2022 - 2024 — McMap. All rights reserved.