Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-21984

java.security.cert.CertificateExpiredException: NotAfter: Thu Feb 27 04:21:29 JST 2014

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • core
    • None
    • Jenkins 1.543, Jenkins 1.554-SNAPSHOT

      After installing jenkis, I am getting the following exception. It seems that the server certificate has expired.

      Attempting to reconnect slave
      2 27, 2014 9:57:02 午後 致命的 hudson.model.DownloadService$Downloadable doPostBack
      Signature verification failed in downloadable 'hudson.tools.JDKInstaller'
      java.security.cert.CertPathValidatorException: timestamp check failed
      at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:139)
      at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:330)
      at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:178)
      at java.security.cert.CertPathValidator.validate(CertPathValidator.java:250)
      at org.jvnet.hudson.crypto.CertificateUtil.validatePath(CertificateUtil.java:93)
      at jenkins.util.JSONSignatureValidator.verifySignature(JSONSignatureValidator.java:92)
      at hudson.model.DownloadService$Downloadable.doPostBack(DownloadService.java:258)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:298)
      at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:161)
      at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:96)
      at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:120)
      at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:728)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:858)
      at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:248)
      at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:728)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:858)
      at org.kohsuke.stapler.MetaClass$12.dispatch(MetaClass.java:390)
      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:728)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:858)
      at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:210)
      at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:728)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:858)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:631)
      at org.kohsuke.stapler.Stapler.service(Stapler.java:225)
      at javax.servlet.http.HttpServlet.service(Unknown Source)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Unknown Source)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(Unknown Source)
      at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:96)
      at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:203)
      at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:181)
      at net.bull.javamelody.PluginMonitoringFilter.doFilter(PluginMonitoringFilter.java:86)
      at org.jvnet.hudson.plugins.monitoring.HudsonMonitoringFilter.doFilter(HudsonMonitoringFilter.java:90)
      at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:99)
      at com.cloudbees.jenkins.support.SupportMetricsFilter.doFilter(SupportMetricsFilter.java:105)
      at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:99)
      at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:88)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Unknown Source)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(Unknown Source)
      at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:48)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Unknown Source)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(Unknown Source)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
      at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:174)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:64)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Unknown Source)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(Unknown Source)
      at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:46)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Unknown Source)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(Unknown Source)
      at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Unknown Source)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(Unknown Source)
      at org.apache.catalina.core.StandardWrapperValve.invoke(Unknown Source)
      at org.apache.catalina.core.StandardContextValve.invoke(Unknown Source)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Unknown Source)
      at org.apache.catalina.core.StandardHostValve.invoke(Unknown Source)
      at org.apache.catalina.valves.ErrorReportValve.invoke(Unknown Source)
      at org.apache.catalina.core.StandardEngineValve.invoke(Unknown Source)
      at org.apache.catalina.connector.CoyoteAdapter.service(Unknown Source)
      at org.apache.coyote.ajp.AjpAprProcessor.process(Unknown Source)
      at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(Unknown Source)
      at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(Unknown Source)
      at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918)
      at java.lang.Thread.run(Thread.java:662)
      Caused by: java.security.cert.CertificateExpiredException: NotAfter: Thu Feb 27 04:21:29 JST 2014
      at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:256)
      at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:568)
      at sun.security.provider.certpath.BasicChecker.verifyTimestamp(BasicChecker.java:157)
      at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:109)
      at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:117)
      ... 88 more

          [JENKINS-21984] java.security.cert.CertificateExpiredException: NotAfter: Thu Feb 27 04:21:29 JST 2014

          Verified the fix with a fresh installation

          Kohsuke Kawaguchi added a comment - Verified the fix with a fresh installation

          Jesse Glick added a comment -

          Still broken in LTS. Checked in a fresh 1.532.2 installation (UC was OK but tool installations were not).

          Also UpdateSiteTest.updateDirectlyWithJson is failing, since it is using a downloaded copy of data, which I can fix.

          Jesse Glick added a comment - Still broken in LTS. Checked in a fresh 1.532.2 installation (UC was OK but tool installations were not). Also UpdateSiteTest.updateDirectlyWithJson is failing, since it is using a downloaded copy of data, which I can fix.

          Jesse Glick added a comment -

          Additionally, JENKINS-19081 requires that the JSONP form of tool installer metadata include signature blocks. Currently signature blocks are available in the HTML (postMessage) variants of tool installer metadata files, and both JSONP and HTML variants of the update center.

          Jesse Glick added a comment - Additionally, JENKINS-19081 requires that the JSONP form of tool installer metadata include signature blocks. Currently signature blocks are available in the HTML ( postMessage ) variants of tool installer metadata files, and both JSONP and HTML variants of the update center.

          Code changed in jenkins
          User: Jesse Glick
          Path:
          test/src/test/java/hudson/model/UpdateCenterTest.java
          http://jenkins-ci.org/commit/jenkins/c87b7daf79f8613de7bfd3ee6745f66d5d1a14a3
          Log:
          JENKINS-21984 Checking stable UC as well. Cannot reproduce certificate problem in test.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: test/src/test/java/hudson/model/UpdateCenterTest.java http://jenkins-ci.org/commit/jenkins/c87b7daf79f8613de7bfd3ee6745f66d5d1a14a3 Log: JENKINS-21984 Checking stable UC as well. Cannot reproduce certificate problem in test.

          Code changed in jenkins
          User: Jesse Glick
          Path:
          test/src/test/java/hudson/model/UpdateSiteTest.java
          http://jenkins-ci.org/commit/jenkins/334ce1be691c96ad63642c8301c4f0417a0705c3
          Log:
          JENKINS-21984 Disabling cert check on updateDirectlyWithJson since the certificate is now expired, and it is no good to have a test which is known to start failing at a particular time in the future!

          Compare: https://github.com/jenkinsci/jenkins/compare/a0d6e5286d94...334ce1be691c

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: test/src/test/java/hudson/model/UpdateSiteTest.java http://jenkins-ci.org/commit/jenkins/334ce1be691c96ad63642c8301c4f0417a0705c3 Log: JENKINS-21984 Disabling cert check on updateDirectlyWithJson since the certificate is now expired, and it is no good to have a test which is known to start failing at a particular time in the future! Compare: https://github.com/jenkinsci/jenkins/compare/a0d6e5286d94...334ce1be691c

          Jesse Glick added a comment -

          Ah, of course: UpdateCenterTest checks only UC metadata, whereas it is tool installer metadata which appears to still have a bad signature. Would need a new test for that.

          Jesse Glick added a comment - Ah, of course: UpdateCenterTest checks only UC metadata, whereas it is tool installer metadata which appears to still have a bad signature. Would need a new test for that.

          dogfood added a comment -

          Integrated in jenkins_main_trunk #3203
          JENKINS-21984 Checking stable UC as well. Cannot reproduce certificate problem in test. (Revision c87b7daf79f8613de7bfd3ee6745f66d5d1a14a3)
          JENKINS-21984 Disabling cert check on updateDirectlyWithJson since the certificate is now expired, and it is no good to have a test which is known to start failing at a particular time in the future! (Revision 334ce1be691c96ad63642c8301c4f0417a0705c3)

          Result = SUCCESS
          Jesse Glick : c87b7daf79f8613de7bfd3ee6745f66d5d1a14a3
          Files :

          • test/src/test/java/hudson/model/UpdateCenterTest.java

          Jesse Glick : 334ce1be691c96ad63642c8301c4f0417a0705c3
          Files :

          • test/src/test/java/hudson/model/UpdateSiteTest.java

          dogfood added a comment - Integrated in jenkins_main_trunk #3203 JENKINS-21984 Checking stable UC as well. Cannot reproduce certificate problem in test. (Revision c87b7daf79f8613de7bfd3ee6745f66d5d1a14a3) JENKINS-21984 Disabling cert check on updateDirectlyWithJson since the certificate is now expired, and it is no good to have a test which is known to start failing at a particular time in the future! (Revision 334ce1be691c96ad63642c8301c4f0417a0705c3) Result = SUCCESS Jesse Glick : c87b7daf79f8613de7bfd3ee6745f66d5d1a14a3 Files : test/src/test/java/hudson/model/UpdateCenterTest.java Jesse Glick : 334ce1be691c96ad63642c8301c4f0417a0705c3 Files : test/src/test/java/hudson/model/UpdateSiteTest.java

          Code changed in jenkins
          User: Jesse Glick
          Path:
          test/src/test/java/hudson/model/UpdateSiteTest.java
          http://jenkins-ci.org/commit/jenkins/1d29041372aeb77cab5a6aa4ce758ba5133c2f51
          Log:
          JENKINS-21984 Disabling cert check on updateDirectlyWithJson since the certificate is now expired, and it is no good to have a test which is known to start failing at a particular time in the future!
          (cherry picked from commit 334ce1be691c96ad63642c8301c4f0417a0705c3)

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: test/src/test/java/hudson/model/UpdateSiteTest.java http://jenkins-ci.org/commit/jenkins/1d29041372aeb77cab5a6aa4ce758ba5133c2f51 Log: JENKINS-21984 Disabling cert check on updateDirectlyWithJson since the certificate is now expired, and it is no good to have a test which is known to start failing at a particular time in the future! (cherry picked from commit 334ce1be691c96ad63642c8301c4f0417a0705c3)

          dogfood added a comment -

          Integrated in jenkins_main_trunk #3715
          JENKINS-21984 Disabling cert check on updateDirectlyWithJson since the certificate is now expired, and it is no good to have a test which is known to start failing at a particular time in the future! (Revision 1d29041372aeb77cab5a6aa4ce758ba5133c2f51)

          Result = SUCCESS
          Jesse Glick : 1d29041372aeb77cab5a6aa4ce758ba5133c2f51
          Files :

          • test/src/test/java/hudson/model/UpdateSiteTest.java

          dogfood added a comment - Integrated in jenkins_main_trunk #3715 JENKINS-21984 Disabling cert check on updateDirectlyWithJson since the certificate is now expired, and it is no good to have a test which is known to start failing at a particular time in the future! (Revision 1d29041372aeb77cab5a6aa4ce758ba5133c2f51) Result = SUCCESS Jesse Glick : 1d29041372aeb77cab5a6aa4ce758ba5133c2f51 Files : test/src/test/java/hudson/model/UpdateSiteTest.java

          Jesse Glick added a comment -

          Missing signature blocks is an unrelated issue (related to JENKINS-15105), so reclosing.

          Jesse Glick added a comment - Missing signature blocks is an unrelated issue (related to JENKINS-15105 ), so reclosing.

            kohsuke Kohsuke Kawaguchi
            sogabe sogabe
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: