change_eem.sh generates java.security.InvalidKeyException: Unknown key type passed to single block cipher: sun.security.pkcs11.P11Key$P11PrivateKey
search cancel

change_eem.sh generates java.security.InvalidKeyException: Unknown key type passed to single block cipher: sun.security.pkcs11.P11Key$P11PrivateKey

book

Article ID: 373075

calendar_today

Updated On:

Products

Autosys Workload Automation

Issue/Introduction

WebUI / WCC's change_eem.sh script generates an error:

java.security.InvalidKeyException: Unknown key type passed to single block cipher: sun.security.pkcs11.P11Key$P11PrivateKey
    at org.bouncycastle.jcajce.provider.BaseSingleBlockCipher.engineInit(Unknown Source)
    at org.bouncycastle.jcajce.provider.BaseSingleBlockCipher.engineInit(Unknown Source)
    at javax.crypto.Cipher.init(Cipher.java:1249)
    at javax.crypto.Cipher.init(Cipher.java:1189)
    at com.ca.itechnology.iclient.IclUtil.RsaPrivateDecrypt(IclUtil.java:3049)
    at com.ca.itechnology.iclient.IclUtil.matchKeyPair(IclUtil.java:2723)
    at com.ca.itechnology.iclient.Iclient.loginCert(Iclient.java:2332)
    at com.ca.itechnology.iclient.Iclient.authorityLoginCert(Iclient.java:1785)
    at com.ca.eiam.poz.Network.AuthorityLoginCert(Network.java:214)
    at com.ca.eiam.poz.PozFactory.authorityLoginCert(PozFactory.java:1925)
    at com.ca.eiam.SafeContext.authenticateWithCertificate(SafeContext.java:1921)
    at com.ca.uejm.access.providers.EmbIAMAccessProvider.establishSafeContext(Unknown Source)
    at com.ca.uejm.access.providers.EmbIAMAccessProvider.isExternalDirectoryUsed(Unknown Source)
    at com.ca.wcc.config.command.cli.EEMChangeCommand.validateOldEEM(Unknown Source)
    at com.ca.wcc.config.command.cli.EEMChangeCommand.main(Unknown Source)
java.lang.NullPointerException
    at java.lang.String.compareTo(String.java:1155)
    at com.ca.itechnology.iclient.IclUtil.matchKeyPair(IclUtil.java:2725)
    at com.ca.itechnology.iclient.Iclient.loginCert(Iclient.java:2332)
    at com.ca.itechnology.iclient.Iclient.authorityLoginCert(Iclient.java:1785)
    at com.ca.eiam.poz.Network.AuthorityLoginCert(Network.java:214)
    at com.ca.eiam.poz.PozFactory.authorityLoginCert(PozFactory.java:1925)
    at com.ca.eiam.SafeContext.authenticateWithCertificate(SafeContext.java:1921)
    at com.ca.uejm.access.providers.EmbIAMAccessProvider.establishSafeContext(Unknown Source)
    at com.ca.uejm.access.providers.EmbIAMAccessProvider.isExternalDirectoryUsed(Unknown Source)
    at com.ca.wcc.config.command.cli.EEMChangeCommand.validateOldEEM(Unknown Source)
    at com.ca.wcc.config.command.cli.EEMChangeCommand.main(Unknown Source)
java.lang.IllegalStateException: SSLContext is not initialized
    at sun.security.ssl.SSLContextImpl.engineGetSocketFactory(SSLContextImpl.java:209)
    at javax.net.ssl.SSLContext.getSocketFactory(SSLContext.java:294)
    at com.ca.itechnology.iclient.IclSSLSocketFactory.<clinit>(IclSSLSocketFactory.java:51)
    at com.ca.itechnology.iclient.IclUtil.ObtainConnection(IclUtil.java:1966)
    at com.ca.itechnology.iclient.IclUtil.httpRequest(IclUtil.java:1459)
    at com.ca.itechnology.iclient.IclMethod.runBatMethod(IclMethod.java:212)
    at com.ca.itechnology.iclient.Iclient.runBatMethod(Iclient.java:580)
    at com.ca.eiam.poz.Network.RunBatMethod(Network.java:320)
    at com.ca.eiam.poz.PozFactory.runMethod(PozFactory.java:2236)
    at com.ca.eiam.SafeContext.setBackend(SafeContext.java:5707)
    at com.ca.wcc.config.command.cli.EEMChangeCommand.validateEEM(Unknown Source)
    at com.ca.wcc.config.command.cli.EEMChangeCommand.doEEMServer(Unknown Source)
    at com.ca.wcc.config.command.cli.EEMChangeCommand.main(Unknown Source)

Environment

Workload Automation AutoSys

Cause

AutoSys Java environment,  /opt/CA/WorkloadAutomationAE/JRE_WA  and JRE64_WA   were pointing to the JRE/Java provided by the Operating System

example:

cd /opt/CA/WorkloadAutomationAE; ls -al 

JRE64_WA -> /etc/alternatives/jre_openjdk

JRE_WA -> /etc/alternatives/jre_openjdk

ls -al /etc/alternatives/jre_openjdk
lrwxrwxrwx. 1 root root 66 Jul 25 11:20 /etc/alternatives/jre_openjdk -> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.412.b08-2.0.1.el8.x86_64/jre

 

This JRE somehow was not working properly with AutoSys.  The JRE configuration in those folders was restricting some protocols/ciphers somehow

 

Resolution

  • Open two SSH terminals against the AutoSys server in question

  • In terminal 1
    • Mount the AutoSys install ISO
    • Kick off the AutoSys installer (<mountpoint>/install.bin) in one terminal (the goal is to just start the installer, there is no need to go to any next screens or anything like that)

  • In terminal 2

    cd /tmp
    ls -alrt

  • there will be a folder by name  install.dir.XXXXXX  where the XXXX  is the PID of the installer that is running in terminal 1 above

  • copy the AutoSys JRE from the installer temp folder to AutoSys JRE and create soft links JRE_WA/JRE64_WA pointing to it

    cp -rp  /tmp/install.dir.XXXXXX/Linux/resources/jre /opt/CA/WorkloadAutomationAE/jre
    cd /opt/CA/WorkloadAutomationAE
    ln -s /opt/CA/WorkloadAutomationAE/jre JRE_WA
    ln -s /opt/CA/WorkloadAutomationAE/jre JRE64_WA

 

Restart AutoSys / WebUI if needed and perform the change_eem.sh again.

Powered by Wolken Software