search cancel

Run APM on local JRE instead of embedded 1.8.0_112-b15

book

Article ID: 239249

calendar_today

Updated On:

Products

CA Application Performance Management (APM / Wily / Introscope)

Issue/Introduction

JRE version 1.8.0_112-b15 has been identified by a security scan as a vulnerable JRE version. We would like to run the APM server using the system JRE which we can control and easily upgrade. Could you provide steps to configure that?

We see that there is a hotfix to upgrade the JRE to 1.8.0_292 from AdoptOpenJDK but that is also not on the approved JRE versions list and we would just like to have full control over the JRE version.

After the upgrade of the APM 10.7 GA to SP3, the EM was not starting and showing following messages in EM log.

[com.wily.apm.model.SpringAppContext] SpringAppContext initialization, logging configured with '/data2/Introscope10.7.0.45/./config/log4j.properties'
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'com.ca.wily.jasypt.APMEncryptablePropertyPlaceholderConfigurer#0' defined in class path resource [apm-hibernate-context.xml]: Cannot resolve reference to bean 'stringEncryptor' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'stringEncryptor' defined in class path resource [jasyptEncryptor.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.ca.apm.crypto.jasypt.APMStringEncryptor]: Constructor threw exception; nested exception is java.security.UnrecoverableKeyException: Private key not stored as PKCS#8 EncryptedPrivateKeyInfo: java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = 48)
 at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:334)
 at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
 at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:651)
 at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:145)
 at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1077)
 at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:981)
 at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:485)
 at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
 at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
 at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
 at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
 at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:195)
 at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:666)
 at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:464)
 at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:139)
 at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:93)
 at com.wily.apm.model.SpringAppContext.init(SpringAppContext.java:73)
 at com.wily.apm.model.SpringAppContext.<init>(SpringAppContext.java:42)
 at com.wily.apm.model.SpringAppContext.<clinit>(SpringAppContext.java:36)
 at com.wily.introscope.server.enterprise.entity.appmap.AppMapEntity.initApmDataService(AppMapEntity.java:233)
 at com.wily.introscope.server.enterprise.entity.appmap.AppMapEntity.<init>(AppMapEntity.java:169)
 at com.wily.introscope.server.enterprise.EnterpriseServer.initialize(EnterpriseServer.java:632)
 at com.wily.introscope.server.enterprise.EnterpriseServer.doStart(EnterpriseServer.java:385)
 at com.wily.util.ALifeCycle.start(ALifeCycle.java:86)
 at com.wily.introscope.server.enterprise.EnterpriseServer.<init>(EnterpriseServer.java:328)
 at com.wily.introscope.server.enterprise.EnterpriseServer.<init>(EnterpriseServer.java:307)
 at com.wily.introscope.server.enterprise.EnterpriseServer.start(EnterpriseServer.java:1609)
 at com.wily.introscope.em.internal.Activator.startEM(Activator.java:119)
 at com.wily.introscope.em.internal.Application.start(Application.java:27)
 at org.eclipse.equinox.internal.app.EclipseAppHandle.run(EclipseAppHandle.java:193)
 at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.runApplication(EclipseAppLauncher.java:110)
 at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.start(EclipseAppLauncher.java:79)
 at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:386)
 at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:179)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:498)
 at org.eclipse.equinox.launcher.Main.invokeFramework(Main.java:549)
 at org.eclipse.equinox.launcher.Main.basicRun(Main.java:504)
 at org.eclipse.equinox.launcher.Main.run(Main.java:1236)
 at org.eclipse.equinox.launcher.Main.main(Main.java:1212)
 at org.eclipse.core.launcher.Main.main(Main.java:30)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:498)
 at com.zerog.lax.LAX.launch(Unknown Source)
 at com.zerog.lax.LAX.main(Unknown Source)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'stringEncryptor' defined in class path resource [jasyptEncryptor.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.ca.apm.crypto.jasypt.APMStringEncryptor]: Constructor threw exception; nested exception is java.security.UnrecoverableKeyException: Private key not stored as PKCS#8 EncryptedPrivateKeyInfo: java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = 48)
 at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:1039)
 at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:985)
 at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:485)
 at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
 at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
 at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
 at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
 at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:191)
 at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:328)
 ... 48 more
Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.ca.apm.crypto.jasypt.APMStringEncryptor]: Constructor threw exception; nested exception is java.security.UnrecoverableKeyException: Private key not stored as PKCS#8 EncryptedPrivateKeyInfo: java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = 48)
 at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:163)
 at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:87)
 at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:1032)
 ... 56 more
Caused by: java.security.UnrecoverableKeyException: Private key not stored as PKCS#8 EncryptedPrivateKeyInfo: java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = 48)
 at sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:332)
 at java.security.KeyStore.getKey(KeyStore.java:1023)
 at com.ca.apm.crypto.util.JCEKSKeystore.getKey(JCEKSKeystore.java:171)
 at com.ca.apm.crypto.util.JCEKSKeystore.loadCrypts(JCEKSKeystore.java:179)
 at com.ca.apm.crypto.jasypt.APMStringEncryptor.<init>(APMStringEncryptor.java:78)
 at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
 at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
 at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
 at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
 at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:148)
 ... 58 more
Caused by: java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = 48)
 at sun.security.util.ObjectIdentifier.<init>(ObjectIdentifier.java:253)
 at sun.security.util.DerInputStream.getOID(DerInputStream.java:281)
 at com.sun.crypto.provider.PBES2Parameters.engineInit(PBES2Parameters.java:267)
 at java.security.AlgorithmParameters.init(AlgorithmParameters.java:293)
 at sun.security.x509.AlgorithmId.decodeParams(AlgorithmId.java:132)
 at sun.security.x509.AlgorithmId.<init>(AlgorithmId.java:114)
 at sun.security.x509.AlgorithmId.parse(AlgorithmId.java:372)
 at sun.security.pkcs.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:80)
 at sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:321)
 ... 67 more
4/05/22 09:44:51.409 AM GMT [ERROR] [main] [com.wily.apm.model.SpringAppContext] [ Error Creating Spring Application Context with Spring configuration files classpath:jasyptEncryptor.xml]
4/05/22 09:44:51.409 AM GMT [ERROR] [main] [Manager.AppMapSubsystem] APM Data model subsystem is unavailable so AppMap feature is not functional. Please check the DataBase connectivity or disable AppMap feature.

Cause

After the upgrade of the APM 10.7 GA to SP3, it seems like keystore.jcek file got corrupted. Due to this reason the EM was not able to start with system JRE.

Environment

Release : 10.7.0

Component : Introscope

Resolution

Obtained new keystore.jceks file from the SP3 APM10.7.0.197SP3.jar file and did the following steps.

stop EM.
make a backup of keystore.jceks current file.
copy the new keystore.jceks file
set the password to clear text and property to true in tess-db-cfg.xml file.
clear product cache.
Delete the entire content [all files and directories] of <EM-Home>/work
Delete the entire content [all files and directories] of ./configuration folder except settings and config.ini (DO NOT delete config.ini and settings) 
path: <EM-Home>/product/enterprisemanager/configuration
Delete all files at <EM-Home>/logs
start EM.