Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-46950

CertificateParsingException "RFC822Name may not be null or empty" in Winstone with jdk 1.8.0_141

      When using jdk 1.8.0_141 and jenkins 2.79, there is the following exception at startup :

      INFO: Winstone Servlet Engine v4.0 running: controlPort=disabled
      java.security.cert.CertificateParsingException: java.io.IOException: RFC822Name may not be null or empty
      	at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:169)
      	at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1804)
      	at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:195)
      	at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:102)
      	at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339)
      	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:755)
      	at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
      	at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
      	at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
      	at java.security.KeyStore.load(KeyStore.java:1445)
      	at sun.security.util.AnchorCertificates$1.run(AnchorCertificates.java:61)
      	at sun.security.util.AnchorCertificates$1.run(AnchorCertificates.java:52)
      	at java.security.AccessController.doPrivileged(Native Method)
      	at sun.security.util.AnchorCertificates.<clinit>(AnchorCertificates.java:52)
      	at sun.security.provider.certpath.AlgorithmChecker.checkFingerprint(AlgorithmChecker.java:214)
      	at sun.security.provider.certpath.AlgorithmChecker.<init>(AlgorithmChecker.java:164)
      	at sun.security.provider.certpath.AlgorithmChecker.<init>(AlgorithmChecker.java:118)
      	at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:157)
      	at sun.security.validator.Validator.validate(Validator.java:260)
      	at sun.security.validator.Validator.validate(Validator.java:236)
      	at sun.security.validator.Validator.validate(Validator.java:205)
      	at javax.crypto.JarVerifier.isTrusted(JarVerifier.java:608)
      	at javax.crypto.JarVerifier.verifySingleJar(JarVerifier.java:528)
      	at javax.crypto.JarVerifier.verifyJars(JarVerifier.java:361)
      	at javax.crypto.JarVerifier.verify(JarVerifier.java:289)
      	at javax.crypto.JceSecurity.verifyProviderJar(JceSecurity.java:159)
      	at javax.crypto.JceSecurity.getVerificationResult(JceSecurity.java:185)
      	at javax.crypto.JceSecurity.canUseProvider(JceSecurity.java:199)
      	at javax.crypto.Cipher.getInstance(Cipher.java:515)
      	at hudson.util.Secret.getCipher(Secret.java:226)
      	at jenkins.security.CryptoConfidentialKey.decrypt(CryptoConfidentialKey.java:133)
      	at hudson.util.HistoricalSecrets.decrypt(HistoricalSecrets.java:49)
      	at hudson.util.Secret.decrypt(Secret.java:207)
      	at hudson.util.Secret.fromString(Secret.java:239)
      	at hudson.util.Secret$ConverterImpl.unmarshal(Secret.java:268)
      	at hudson.util.XStream2$AssociatedConverterImpl.unmarshal(XStream2.java:374)
      	at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:72)
      	at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:65)
      	at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:66)
      	at hudson.util.RobustReflectionConverter.unmarshalField(RobustReflectionConverter.java:393)
      	at hudson.util.RobustReflectionConverter.doUnmarshal(RobustReflectionConverter.java:331)
      	at hudson.util.RobustReflectionConverter.unmarshal(RobustReflectionConverter.java:270)
      	at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:72)
      	at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:65)
      	at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:66)
      	at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:50)
      	at com.thoughtworks.xstream.core.TreeUnmarshaller.start(TreeUnmarshaller.java:134)
      	at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.unmarshal(AbstractTreeMarshallingStrategy.java:32)
      	at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1189)
      	at hudson.util.XStream2.unmarshal(XStream2.java:114)
      	at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1173)
      	at com.thoughtworks.xstream.XStream.fromXML(XStream.java:1053)
      	at hudson.XmlFile.read(XmlFile.java:150)
      	at hudson.ProxyConfiguration.load(ProxyConfiguration.java:222)
      	at jenkins.model.Jenkins.<init>(Jenkins.java:892)
      	at hudson.model.Hudson.<init>(Hudson.java:86)
      	at hudson.model.Hudson.<init>(Hudson.java:82)
      	at hudson.WebAppMain$3.run(WebAppMain.java:235)
      Caused by: java.io.IOException: RFC822Name may not be null or empty
      	at sun.security.x509.RFC822Name.parseName(RFC822Name.java:83)
      	at sun.security.x509.RFC822Name.<init>(RFC822Name.java:55)
      	at sun.security.x509.GeneralName.<init>(GeneralName.java:104)
      	at sun.security.x509.GeneralSubtree.<init>(GeneralSubtree.java:78)
      	at sun.security.x509.GeneralSubtrees.<init>(GeneralSubtrees.java:81)
      	at sun.security.x509.NameConstraintsExtension.<init>(NameConstraintsExtension.java:196)
      	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
      	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
      	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
      	at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
      	at sun.security.x509.CertificateExtensions.parseExtension(CertificateExtensions.java:113)
      	at sun.security.x509.CertificateExtensions.init(CertificateExtensions.java:88)
      	at sun.security.x509.CertificateExtensions.<init>(CertificateExtensions.java:78)
      	at sun.security.x509.X509CertInfo.parse(X509CertInfo.java:702)
      	at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:167)
      	... 57 more
      
       

      When running the same version of Jenkins but with jdk 1.8.0_45 there is no issue.
      Here the command line used:

      JENKINS_HOME=$HOME/jenkins /usr/java/jdk1.8.0_141/bin/java -jar bin/jenkins.war --httpPort=8081
      

          [JENKINS-46950] CertificateParsingException "RFC822Name may not be null or empty" in Winstone with jdk 1.8.0_141

          Daniel Beck added a comment -

          This makes no sense to me. The effective call is

          javax.crypto.Cipher.getInstance("AES")

          Try this:

          Create a file called Main.java and add the following content:

          class Main {
              public static void main(String[] args) throws Exception {
                  System.out.println(javax.crypto.Cipher.getInstance("AES").getClass().getName());
              }
          }

          Save it, compile with javac Main.java and run with java Main. What happens?

          Daniel Beck added a comment - This makes no sense to me. The effective call is javax.crypto.Cipher.getInstance("AES") Try this: Create a file called Main.java and add the following content: class Main {     public static void main(String[] args) throws Exception {         System.out.println(javax.crypto.Cipher.getInstance("AES").getClass().getName());     } } Save it, compile with javac Main.java and run with java Main . What happens?

          Jean-Paul G added a comment -

          Hi Daniel,

          Thanks a lot for the quick response.

          Indeed with your test class I have exactly the same exception. Therefore it is linked to my jdk8 installation, not to Jenkins.
          The ticket can be closed.

          Best regards,
          Jean-Paul

           

          Jean-Paul G added a comment - Hi Daniel, Thanks a lot for the quick response. Indeed with your test class I have exactly the same exception. Therefore it is linked to my jdk8 installation, not to Jenkins. The ticket can be closed. Best regards, Jean-Paul  

          Jean-Paul G added a comment -

          jdk8 installation issue on user side, not related to Jenkins

          Jean-Paul G added a comment - jdk8 installation issue on user side, not related to Jenkins

            Unassigned Unassigned
            jguigui Jean-Paul G
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: