JDK11 TLS v1.2 negotiation fails when using NSS-Fips with SunPKCS11 java.security.InvalidKeyException: No installed provider supports key - java-11

When upgrading Java 8 to Java 11 - SSL TLSv1.2 Handshake fails with the following error when using SunPKCS11 and NSS with FIPS enabled. The SSL negotiation works when using TLSv1.1 or when using Java 8.
javax.net.ssl|ERROR|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.496 EDT|TransportContext.java:312|Fatal (INTERNAL_ERROR): Unsupported signature algorithm: rsa_pss_rsae_sha256 (
"throwable" : {
java.security.InvalidKeyException: No installed provider supports this key: sun.security.pkcs11.P11Key$P11PrivateKey
Attached is the output using -Djavax.net.debug=ssl:handshake
javax.net.ssl|DEBUG|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.468 EDT|ClientHello.java:809|Consuming ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2",
"random" : "AF 54 0F C4 94 E5 62 8D B4 A9 8D 2E 84 21 2D D0 B0 17 5A BB BB AD 9C B4 3C 66 0B 5A 4F 90 06 64",
"session id" : "",
"cipher suites" : "[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C)]",
"compression methods" : "00",
"extensions" : [
"server_name (0)": {
type=host_name (0), value=autotestsw.initia.com
},
"renegotiation_info (65,281)": {
"renegotiated connection": [<no renegotiated connection>]
},
"supported_groups (10)": {
"versions": [x25519, secp256r1, secp384r1, secp521r1]
},
"ec_point_formats (11)": {
"formats": [uncompressed]
},
"signature_algorithms (13)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ecdsa_sha1, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, rsa_pkcs1_sha1, dsa_sha256, dsa_sha384, dsa_sha512, dsa_sha1]
}
]
}
)
javax.net.ssl|DEBUG|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.468 EDT|SSLExtensions.java:170|Ignore unavailable extension: supported_versions
javax.net.ssl|DEBUG|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.469 EDT|ClientHello.java:839|Negotiated protocol version: TLSv1.2
javax.net.ssl|DEBUG|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.469 EDT|ServerNameExtension.java:327|no server name matchers, ignore server name indication
javax.net.ssl|DEBUG|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.469 EDT|SSLExtensions.java:189|Consumed extension: server_name
javax.net.ssl|DEBUG|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.470 EDT|SSLExtensions.java:170|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.470 EDT|SSLExtensions.java:170|Ignore unavailable extension: status_request
javax.net.ssl|DEBUG|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.470 EDT|SSLExtensions.java:189|Consumed extension: supported_groups
javax.net.ssl|DEBUG|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.470 EDT|SSLExtensions.java:189|Consumed extension: ec_point_formats
javax.net.ssl|DEBUG|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.471 EDT|SSLExtensions.java:189|Consumed extension: signature_algorithms
javax.net.ssl|DEBUG|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.471 EDT|SSLExtensions.java:170|Ignore unavailable extension: signature_algorithms_cert
javax.net.ssl|DEBUG|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.472 EDT|SSLExtensions.java:170|Ignore unavailable extension: status_request_v2
javax.net.ssl|DEBUG|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.472 EDT|SSLExtensions.java:170|Ignore unavailable extension: supported_versions
javax.net.ssl|DEBUG|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.473 EDT|SSLExtensions.java:189|Consumed extension: renegotiation_info
javax.net.ssl|WARNING|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.474 EDT|SSLExtensions.java:212|Ignore impact of unsupported extension: server_name
javax.net.ssl|DEBUG|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.474 EDT|SSLExtensions.java:204|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.474 EDT|SSLExtensions.java:204|Ignore unavailable extension: status_request
javax.net.ssl|WARNING|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.475 EDT|SSLExtensions.java:212|Ignore impact of unsupported extension: supported_groups
javax.net.ssl|WARNING|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.475 EDT|SSLExtensions.java:212|Ignore impact of unsupported extension: ec_point_formats
javax.net.ssl|WARNING|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.476 EDT|SignatureScheme.java:379|Unsupported signature scheme: dsa_sha384
javax.net.ssl|WARNING|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.476 EDT|SignatureScheme.java:379|Unsupported signature scheme: dsa_sha512
javax.net.ssl|DEBUG|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.476 EDT|SSLExtensions.java:221|Populated with extension: signature_algorithms
javax.net.ssl|DEBUG|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.477 EDT|SSLExtensions.java:204|Ignore unavailable extension: signature_algorithms_cert
javax.net.ssl|DEBUG|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.477 EDT|SSLExtensions.java:204|Ignore unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.477 EDT|SSLExtensions.java:204|Ignore unavailable extension: status_request_v2
javax.net.ssl|DEBUG|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.477 EDT|SSLExtensions.java:204|Ignore unavailable extension: extended_master_secret
javax.net.ssl|DEBUG|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.478 EDT|SSLExtensions.java:204|Ignore unavailable extension: supported_versions
javax.net.ssl|WARNING|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.478 EDT|SSLExtensions.java:212|Ignore impact of unsupported extension: renegotiation_info
javax.net.ssl|DEBUG|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.488 EDT|ServerHello.java:439|use cipher suite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
javax.net.ssl|DEBUG|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.489 EDT|StatusResponseManager.java:763|Staping disabled or is a resumed session
javax.net.ssl|ALL|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.489 EDT|ServerNameExtension.java:450|No expected server name indication response
javax.net.ssl|DEBUG|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.490 EDT|SSLExtensions.java:257|Ignore, context unavailable extension: server_name
javax.net.ssl|ALL|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.490 EDT|MaxFragExtension.java:296|Ignore unavailable max_fragment_length extension
javax.net.ssl|DEBUG|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.490 EDT|SSLExtensions.java:257|Ignore, context unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.490 EDT|SSLExtensions.java:257|Ignore, context unavailable extension: status_request
javax.net.ssl|WARNING|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.491 EDT|SSLExtensions.java:243|Ignore, no extension producer defined: ec_point_formats
javax.net.ssl|DEBUG|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.491 EDT|AlpnExtension.java:365|Ignore unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.491 EDT|SSLExtensions.java:257|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.492 EDT|SSLExtensions.java:257|Ignore, context unavailable extension: status_request_v2
javax.net.ssl|DEBUG|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.492 EDT|SSLExtensions.java:257|Ignore, context unavailable extension: extended_master_secret
javax.net.ssl|DEBUG|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.492 EDT|ServerHello.java:364|Produced ServerHello handshake message (
"ServerHello": {
"server version" : "TLSv1.2",
"random" : "A1 25 47 B4 A9 F7 DB 96 3B 59 84 EB 36 32 76 51 B5 49 11 B5 DC 41 46 25 68 AC 59 95 65 C3 B8 DA",
"session id" : "E9 3F 42 FB C9 84 A2 55 FA DD 15 7E AD E7 08 86 BC 80 EC C1 F4 2C 64 69 E2 55 DA 0D 60 CA F5 13",
"cipher suite": "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F)",
"compression methods" : "00",
"extensions" : [
"renegotiation_info (65,281)": {
"renegotiated connection": [<no renegotiated connection>]
}
]
}
)
javax.net.ssl|DEBUG|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.495 EDT|CertificateMessage.java:262|Produced server Certificate handshake message (
"Certificates": [
"certificate" : {
"version" : "v3",
"serial number" : "10 02",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN= i2git Intermediate CA, OU= Certificate Authority, O=initia, ST=Virginia, C=US",
"not before" : "2019-04-12 15:34:43.000 EDT",
"not after" : "2024-04-10 15:34:43.000 EDT",
"subject" : "CN=autotestsw1.initia.com",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 2.16.840.1.113730.1.13 Criticality=false
},
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 88 A9 E4 46 43 35 8B 10 D7 AF B5 D1 11 EA 06 5A ...FC5.........Z
0010: F9 C5 E9 27 ...'
]
[CN= i2git Root CA, OU= Certificate Authority, O=initia, ST=Virginia, C=US]
SerialNumber: [ 1000]
]
},
{
ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
},
{
ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
},
{
ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
]
},
{
ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: autotestsw1-rel.initia.com
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: FF D4 21 56 12 F3 F4 DF DD A0 B4 FF D5 8C 46 A2 ..!V..........F.
0010: 2D 04 E7 96 -...
]
]
}
]},
"certificate" : {
"version" : "v3",
"serial number" : "10 00",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN= i2git Root CA, OU= Certificate Authority, O=initia, ST=Virginia, C=US",
"not before" : "2019-04-12 11:55:21.000 EDT",
"not after" : "2029-04-09 11:55:21.000 EDT",
"subject" : "CN= i2git Intermediate CA, OU= Certificate Authority, O=initia, ST=Virginia, C=US",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: C5 A6 7D 48 E4 2E 7D E1 8D 28 E6 F9 28 BC 00 01 ...H.....(..(...
0010: 10 7E E6 62 ...b
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 88 A9 E4 46 43 35 8B 10 D7 AF B5 D1 11 EA 06 5A ...FC5.........Z
0010: F9 C5 E9 27 ...'
]
]
}
]}
]
)
javax.net.ssl|ERROR|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.496 EDT|TransportContext.java:312|Fatal (INTERNAL_ERROR): Unsupported signature algorithm: rsa_pss_rsae_sha256 (
"throwable" : {
java.security.InvalidKeyException: No installed provider supports this key: sun.security.pkcs11.P11Key$P11PrivateKey
at java.base/java.security.Signature$Delegate.chooseProvider(Signature.java:1163)
at java.base/java.security.Signature$Delegate.engineInitSign(Signature.java:1204)
at java.base/java.security.Signature.initSign(Signature.java:546)
at java.base/sun.security.ssl.SignatureScheme.getSignature(SignatureScheme.java:473)
at java.base/sun.security.ssl.ECDHServerKeyExchange$ECDHServerKeyExchangeMessage.<init>(ECDHServerKeyExchange.java:155)
at java.base/sun.security.ssl.ECDHServerKeyExchange$ECDHServerKeyExchangeProducer.produce(ECDHServerKeyExchange.java:499)
at java.base/sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(ClientHello.java:1102)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:854)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:813)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:441)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1074)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1061)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:688)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1008)
at org.apache.tomcat.util.net.SecureNioChannel.tasks(SecureNioChannel.java:423)
at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:483)
at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:238)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1392)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:835)}
)
javax.net.ssl|WARNING|41|https-jsse-nio-x.x.xx.xxx-8443-exec-10|2019-04-16 10:08:23.497 EDT|SSLEngineOutputRecord.java:168|outbound has closed, ignore outbound application data
javax.net.ssl|WARNING|40|https-jsse-nio-x.x.xx.xxx-8443-exec-9|2019-04-16 10:08:23.501 EDT|SSLEngineOutputRecord.java:168|outbound has closed, ignore outbound application data

Related

Creating Logstash input and grok filter for a custom time format

Been almost two months and I cannot figure out how to make the following logs to parse. Challenges faced:
There are double quotes around the logs and the format of the logs is not very consistent
Many tab and odd spaces between the logs
Appreciate any guide on how to start
"[5/10/22 16:07:39:393 GTS] 00000330 SystemErr R at com.ibm.mdr.DrStateMgr.eventFromUser(DrStateMgr.java:2952)"
"[5/10/22 16:07:39:393 GTS] 00000330 SystemErr R at com.ibm.mdr.DrStateMgr.dequeueAndFireEvents(DrStateMgr.java:5010)"
[5/10/22 16:03:49:982 GTS] 000000a4 WebContainer E com.ibm.ws.webcontainer.internal.WebContainer handleRequest TEST_SERVER: A WebGroup/Virtual Host to handle / has not been defined.
[5/8/22 6:43:42:236 GTS] 00000001 SSLConfigMana W AAPKI0003A: The runtime has at least one SSL configuration that supports only weak TLSv1 or TLSv1.1 handshake protocols. For increased security, modify the configuration to use only stronger protocols such as TLSv1.2 or later. Find instructions to update your configuration at https://www.ibm.com/support/pages/node/1077951. SSL configurations that use the weaker SSL protocols include: [XDADefaultSSLSettings((cell):AFDJP01PCell01)].
[5/8/22 6:43:42:220 GTS] 00000001 WSKeyStore W SSPKI0002A: One or more key stores are using the default password.
[5/8/22 6:43:42:204 GTS] 00000001 SSLConfigMana I DDPKI0004A: The process has the java security property jdk.tls.disabledAlgorithms set to [SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, DH keySize < 1024, DESede, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, DES_CBC]. The WebSphere Application server is setting the java security property jdk.tls.disabledAlgorithms to [SSLv3, RC4, DH keySize < 768, MD5withRSA].
[5/8/22 6:43:42:204 GTS] 00000001 SSLConfigMana I DDPKI0004A: The process has the java security property jdk.certpath.disabledAlgorithms set to [MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224]. The WebSphere Application server is setting the java security property jdk.certpath.disabledAlgorithms to [MD2, RSA keySize < 1024, MD5].
[5/8/22 6:43:42:204 GTS] 00000001 FIPSManager I EEPKI0005A: FIPS security mode is : No FIPS property found.
[5/8/22 6:43:42:204 GTS] 00000001 SSLConfigMana I GGPKI0007A: The SSL configuration is initializing.
[5/8/22 6:43:42:189 GTS] 00000001 SSLComponentI I HHPKI0008A: SSL service is initializing the configuration
[5/8/22 6:43:42:095 GTS] 00000001 PluginConfigS I PLGC0044B: The plug-in configuration service started successfully.
[5/8/22 6:43:41:345 GTS] 00000001 AdminInitiali A ADMN0054E: The administration service is initialized.
[5/8/22 6:43:41:048 GTS] 00000001 ProviderTrack I com.ibm.ffdc.osgi.ProviderTracker AddingService FFDC1007I: FFDC Provider Installed: com.ibm.ws.ffdc.impl.FfdcProvider#ed46329b
[5/8/22 6:43:40:908 GTS] 00000001 ComponentMeta I ASVR0150U: The runtime provisioning feature is disabled. All components will be started.
[5/8/22 6:43:39:923 GTS] 00000001 ModelMgr I ASVR0180U: Initializing core configuration models
[5/8/22 6:43:39:783 GTS] 00000001 ManagerAdmin I TRAS0555T: The message IDs that are in use are deprecated
[5/8/22 6:43:39:783 GTS] 00000001 ManagerAdmin I TRAS0787K: The startup trace state is *=info.
"[5/8/22 7:37:18:809 GTS] FFDC Exception:java.io.FileNotFoundException SourceId:com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters -IOE ProbeId:1044
java.io.FileNotFoundException: DEAV0180D: File not found: /favicon.ico
at com.ibm.ws.webcontainer.extension.DefaultExtensionProcessor._processEDR(DefaultExtensionProcessor.java:977)
at com.ibm.ws.webcontainer.extension.DefaultExtensionProcessor.processEDR(DefaultExtensionProcessor.java:958)
at com.ibm.ws.webcontainer.extension.DefaultExtensionProcessor.handleRequest(DefaultExtensionProcessor.java:486)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1114)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:4075)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:304)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1019)
at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1817)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:213)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:463)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:530)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:316)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:287)
at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.determineNextChannel(SSLConnectionLink.java:1187)
at com.ibm.ws.ssl.channel.impl.SSLConnectionLink$MyReadCompletedCallback.complete(SSLConnectionLink.java:694)
at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1833)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:175)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1892)
Reporter:null"
Expected output
{
"month": [
[
"5"
]
],
"day": [
[
"10"
]
],
"year": [
[
"22"
]
],
"time": [
[
"16:03:49:982"
]
],
"instance": [
[
"000000a4"
]
]
"process": [
[
"WebContainer E com.ibm.ws.webcontainer.internal.WebContainer handleRequest TEST_SERVER: A WebGroup/Virtual Host to handle / has not been"
]
]
"server": [
[
"TEST_SERVER"
]
]
"error": [
[
"A WebGroup/Virtual Host to handle / has not been"
]
]
}
Grok pattern in use
\[%{MONTHNUM:month}\/%{MONTHDAY:day}\/%{YEAR:year} %{TIME:time} GTS\] %{GREEDYDATA:host}

For this multiple pattern in a single log you can try like the below. if any of grok parsing failed it might be due to extra space in between hence constructed it and add those patterns in this.
filter
{
grok
{
match => {"message" => ["\[%{MONTHNUM:month}\/%{MONTHDAY:day}\/%{YEAR:year} %{TIME:time} GTS\] %{DATA:host} %{WORD:source} %{WORD:logtype} %{DATA:lib} %{WORD:request_type} %{DATA:server}: %{GREEDYDATA:detailed_message}","\[%{MONTHNUM:month}\/%{MONTHDAY:day}\/%{YEAR:year} %{TIME:time} GTS\] %{DATA:host} %{WORD:source} %{WORD:logtype} %{DATA:code}: %{GREEDYDATA:detailed_message}"]}
}
}
However, the above pattern would only work single line for W,R,I,A log type but it won't work in multi line
i.e.,
"[5/8/22 7:37:18:809 GTS] FFDC Exception:java.io.FileNotFoundException SourceId:com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters -IOE ProbeId:1044
java.io.FileNotFoundException: DEAV0180D: File not found: /favicon.ico
at com.ibm.ws.webcontainer.extension.DefaultExtensionProcessor._processEDR(DefaultExtensionProcessor.java:977)
at com.ibm.ws.webcontainer.extension.DefaultExtensionProcessor.processEDR(DefaultExtensionProcessor.java:958)
at com.ibm.ws.webcontainer.extension.DefaultExtensionProcessor.handleRequest(DefaultExtensionProcessor.java:486)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1114)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:4075)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:304)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1019)
at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1817)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:213)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:463)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:530)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:316)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:287)
at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.determineNextChannel(SSLConnectionLink.java:1187)
at com.ibm.ws.ssl.channel.impl.SSLConnectionLink$MyReadCompletedCallback.complete(SSLConnectionLink.java:694)
at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1833)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:175)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1892)
Reporter:null"
Keep posted on how it goes !!! Thanks !!!

SSL Handshake failure after ClientHello

I am using openJdk version 11.28 at the client side. While calling a web service deployed over https, I am getting Handshake failure. Nmap command for the web service provides below result:
I have enabled ssl,handshake logging in my java which is producing below logs:
15:02:04,638 ERROR javax.net.ssl|DEBUG|D2|SupportedGroupsExtension.java:831|Ignore inactive or disabled named group: secp256r1
15:02:04,638 ERROR javax.net.ssl|DEBUG|D2|SupportedGroupsExtension.java:831|Ignore inactive or disabled named group: secp384r1
15:02:04,639 ERROR javax.net.ssl|DEBUG|D2|SupportedGroupsExtension.java:831|Ignore inactive or disabled named group: secp521r1
15:02:04,639 ERROR javax.net.ssl|DEBUG|D2|SupportedGroupsExtension.java:831|Ignore inactive or disabled named group: sect283k1
15:02:04,640 ERROR javax.net.ssl|DEBUG|D2|SupportedGroupsExtension.java:831|Ignore inactive or disabled named group: sect283r1
15:02:04,640 ERROR javax.net.ssl|DEBUG|D2|SupportedGroupsExtension.java:831|Ignore inactive or disabled named group: sect409k1
15:02:04,641 ERROR javax.net.ssl|DEBUG|D2|SupportedGroupsExtension.java:831|Ignore inactive or disabled named group: sect409r1
15:02:04,641 ERROR javax.net.ssl|DEBUG|D2|SupportedGroupsExtension.java:831|Ignore inactive or disabled named group: secp256k1
15:02:04,648 ERROR javax.net.ssl|WARNING|D2|SignatureScheme.java:282|Signature algorithm, ed25519, is not supported by the underlying providers
15:02:04,648 ERROR javax.net.ssl|WARNING|D2|SignatureScheme.java:282|Signature algorithm, ed448, is not supported by the underlying providers
15:02:04,663 ERROR javax.net.ssl|INFO|D2|AlpnExtension.java:161|No available application protocols
15:02:04,664 ERROR javax.net.ssl|DEBUG|D2|SSLExtensions.java:235|Ignore, context unavailable extension: application_layer_protocol_negotiation
15:02:04,666 ERROR javax.net.ssl|DEBUG|D2|SSLExtensions.java:235|Ignore, context unavailable extension: renegotiation_info
15:02:04,668 ERROR javax.net.ssl|DEBUG|D2|ClientHello.java:633|Produced ClientHello handshake message (
15:02:04,668 ERROR "ClientHello": {
15:02:04,668 ERROR "client version" : "TLSv1.2",
15:02:04,669 ERROR "random" : "EE F5 C2 80 02 39 44 E5 C4 0E 65 EC 49 FF D0 38 A1 C7 2F 80 EA 5A F5 43 DC A1 4E C3 CB 42 7E 81",
15:02:04,669 ERROR "session id" : "",
15:02:04,669 ERROR "cipher suites" : "[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(0xC02E), TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(0xC032), TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D), TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(0xC026), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(0xC02A), TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(0xC005), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(0xC00F), TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029), TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(0xC004), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E), TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
15:02:04,669 ERROR "compression methods" : "00",
15:02:04,669 ERROR "extensions" : [
15:02:04,670 ERROR "server_name (0)": {
15:02:04,670 ERROR type=host_name (0), value=mydomain.com
15:02:04,670 ERROR },
15:02:04,670 ERROR "status_request (5)": {
15:02:04,670 ERROR "certificate status type": ocsp
15:02:04,671 ERROR "OCSP status request": {
15:02:04,671 ERROR "responder_id": <empty>
15:02:04,671 ERROR "request extensions": {
15:02:04,671 ERROR <empty>
15:02:04,671 ERROR }
15:02:04,672 ERROR }
15:02:04,672 ERROR },
15:02:04,672 ERROR "supported_groups (10)": {
15:02:04,672 ERROR "versions": [sect571k1, sect571r1, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
15:02:04,672 ERROR },
15:02:04,673 ERROR "ec_point_formats (11)": {
15:02:04,673 ERROR "formats": [uncompressed]
15:02:04,673 ERROR },
15:02:04,673 ERROR "signature_algorithms (13)": {
15:02:04,673 ERROR "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp512r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
15:02:04,674 ERROR },
15:02:04,674 ERROR "signature_algorithms_cert (50)": {
15:02:04,674 ERROR "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp512r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
15:02:04,674 ERROR },
15:02:04,674 ERROR "status_request_v2 (17)": {
15:02:04,675 ERROR "cert status request": {
15:02:04,675 ERROR "certificate status type": ocsp_multi
15:02:04,675 ERROR "OCSP status request": {
15:02:04,675 ERROR "responder_id": <empty>
15:02:04,675 ERROR "request extensions": {
15:02:04,676 ERROR <empty>
15:02:04,676 ERROR }
15:02:04,676 ERROR }
15:02:04,676 ERROR }
15:02:04,677 ERROR },
15:02:04,677 ERROR "extended_master_secret (23)": {
15:02:04,677 ERROR <empty>
15:02:04,677 ERROR },
15:02:04,677 ERROR "supported_versions (43)": {
15:02:04,678 ERROR "versions": [TLSv1.2]
15:02:04,678 ERROR }
15:02:04,678 ERROR ]
15:02:04,678 ERROR }
15:02:04,678 ERROR )
15:02:04,693 ERROR javax.net.ssl|DEBUG|D2|2020-05-16 15:02:04.692|Alert.java:232|Received alert message (
15:02:04,693 ERROR "Alert": {
15:02:04,693 ERROR "level" : "fatal",
15:02:04,693 ERROR "description": "handshake_failure"
15:02:04,693 ERROR }
15:02:04,694 ERROR )
15:02:04,696 ERROR javax.net.ssl|ERROR|D2|2020-05-16 15:02:04.695| : Received fatal alert: handshake_failure (
15:02:04,696 ERROR "throwable" : {
15:02:04,696 ERROR javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
15:02:04,696 ERROR at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
I am unable to find out the reason behind Handshake failure. Please help to identify where the things have gone wrong during Handshake. Thank you.

This seems to be cipher suite conflict at the web service end. It does not support tue ciphers which are enabled at the client side. Kindly capture the packets using wireshark to get a clear picture.

Later in our analysis, we found that issue was the openJdk version we were using. There were no common security groups between the client and server although there were matching cipher suites.
Below liink provides the information about the same thing.
https://bugs.openjdk.java.net/browse/JDK-8208698
Bug was fixed in version 12 and marked "jdk11u-critical-yes". Therefore we simply updated our JDK and issue got resolved.

This certificate lacks a "hosts" field. This makes it unsuitable for websites

when I execute this command to generate kubernetes certificate:
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem \
-config=ca-config.json \
-profile=kubernetes \
kubernetes-csr.json | cfssljson -bare kubernetes
Why the cfssl took shows:
[root#iZuf63refzweg1d9dh94t8Z ssl]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem \
> -config=ca-config.json \
> -profile=kubernetes \
> kubernetes-csr.json | cfssljson -bare kubernetes
2019/08/25 20:02:12 [INFO] generate received request
2019/08/25 20:02:12 [INFO] received CSR
2019/08/25 20:02:12 [INFO] generating key: rsa-2048
2019/08/25 20:02:13 [INFO] encoded CSR
2019/08/25 20:02:13 [INFO] signed certificate with serial number 540759253485135214776496461610290604881680785507
2019/08/25 20:02:13 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
this is my kubernetes(kubernetes-csr.json) config:
{
"CN": "kubernetes",
"hosts": [
"127.0.0.1",
"172.19.104.230",
"172.19.150.82",
"172.19.104.231"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "BeiJing",
"L": "BeiJing",
"O": "k8s",
"OU": "System"
}
]
}
obviously it contains hosts field. I am using cfssl version 1.2 .Is this a bug?

update cfssl version from v1.2 to v1.3.4(latest version):
go get -u github.com/cloudflare/cfssl/cmd/cfssl

Chaincode container can't connect to the local peer due to certificate signed by unknown authority

First of all I'd like to mention, that my setup works like a charm when there's no TLS enabled. It works even in Docker Swarm on AWS.
The problem starts when I enable TLS. When I deploy my .bna file via Composer, my newly created chaincode container produces the following logs:
2017-08-23 13:14:16.389 UTC [Composer] Info -> INFO 001 Setting the Composer pool size to 8
2017-08-23 13:14:16.402 UTC [shim] userChaincodeStreamGetter -> ERRO 002 Error trying to connect to local peer: x509: certificate signed by unknown authority
Error starting chaincode: Error trying to connect to local peer: x509: certificate signed by unknown authority
Funny thing is, that this works when deploying .bna via the composer playground (when the TLS is still enabled in my fabric)...
Below is my connection profile:
{
"name": "test",
"description": "test",
"type": "hlfv1",
"orderers": [
{
"url": "grpcs://orderer.company.com:7050",
"cert": "-----BEGIN CERTIFICATE-----blabla1\n-----END CERTIFICATE-----\n"
}
],
"channel": "channelname",
"mspID": "CompanyMSP",
"ca": {
"url": "https://ca.company.com:7054",
"name": "ca-company",
"trustedRoots": [
"-----BEGIN CERTIFICATE-----\nblabla2\n-----END CERTIFICATE-----\n"
],
"verify": true
},
"peers": [
{
"requestURL": "grpcs://peer0.company.com:7051",
"eventURL": "grpcs://peer0.company.com:7053",
"cert": "-----BEGIN CERTIFICATE-----\nbalbla3\n-----END CERTIFICATE-----\n"
}
],
"keyValStore": "/home/composer/.composer-credentials",
"timeout": 300
}
My certs have been generated by cryptogen tool, hence:
orderers.0.cert contains value of crypto-config/ordererOrganizations/company.com/orderers/orderer.company.com/msp/tlscacerts/tlsca.company.com-cert.pem
peers.0.cert contains value of crypto-config/peerOrganizations/company.com/peers/peer0.company.com/msp/tlscacerts/tlsca.company.com-cert.pem
ca.trustedRoots.0 contains crypto-config/peerOrganizations/company.com/peers/peer0.company.com/tls/ca.crt
I've got the feeling, that my trustedRoots certificate is wrong...
UPDATE
When I do docker inspect chaincode_container I can see that it misses ENV variable: CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/peer.crt, while the chaincode container deployed via playground does have it...

When the chaincode image is built, the TLS certificate that it uses to build the trusted roots is the rootcert from:
# TLS Settings
# Note that peer-chaincode connections through chaincodeListenAddress is
# not mutual TLS auth. See comments on chaincodeListenAddress for more info
tls:
enabled: false
cert:
file: tls/server.crt
key:
file: tls/server.key
rootcert:
file: tls/ca.crt
The TLS certificate that the peer uses to run the gRPC service is the cert one.
By the way - You're using the release branch code, not the one in master - is that correct?

Splunk prop Config issue

I currently writing prop configure to validate my event
Events
Feb 03 13:22:23 Jessica-Ubuntu kernel: [ 7098.424722] usb 1-1: Manufacturer: SanDisk Feb 3 13:22:23 Jessica-Ubuntu kernel: [ 7098.424725] usb 1-1: SerialNumber: 200522427013E6812147 Feb 4 22:11:46 Jessica-Ubuntu kernel: [ 2.710593] usb 2-2.1: Product: Virtual Bluetooth Adapter Feb 4 22:11:46 Jessica-Ubuntu kernel: [ 2.710597] usb 2-2.1: SerialNumber: 000650268328
Prop.Config Settings
[source::linuxusb]
SHOULD_LINEMERGE = true
BREAK_ONLY_BEFORE = Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec
EXTRACT-date = (?i) .*? (?P<date>\w+\s+\d+\s+\d+:\d+:\d+)\s+\w+
EXTRACT-description = (?i) Product: (?P<description>.+?)\s+\w+\s+\d+
EXTRACT-device_mfg = (?i) Manufacturer: (?P<device_mfg>[^ ]+)
EXTRACT-serial_number = (?i) SerialNumber: (?P<serial_number>.+)
Result for SerialNumber
200522427013E6812147 Feb 4 22:11:46 Jessica-Ubuntu kernel: [ 2.710593] usb 2-2.1: Product: Virtual Bluetooth Adapter Feb 4 22:11:46 Jessica-Ubuntu kernel: [ 2.710597] usb 2-2.1: SerialNumber: 000650268328`
I only wan 200522427013E6812147. How do i grab this data only. Please help

Assuming the events provided are 4 separate events (looking at the timestamps):
Feb 03 13:22:23 Jessica-Ubuntu kernel: [ 7098.424722] usb 1-1: Manufacturer: SanDisk
Feb 3 13:22:23 Jessica-Ubuntu kernel: [ 7098.424725] usb 1-1: SerialNumber: 200522427013E6812147
Feb 4 22:11:46 Jessica-Ubuntu kernel: [ 2.710593] usb 2-2.1: Product: Virtual Bluetooth Adapter
Feb 4 22:11:46 Jessica-Ubuntu kernel: [ 2.710597] usb 2-2.1: SerialNumber: 000650268328
Edit EXTRACT-serial_number, changing it to:
EXTRACT-serial_number = (?i) SerialNumber: (?P<serial_number>[^ ]+)
Also, if Splunk does not recognize the above 4 events (based on timestamp) as 4 separate events, try changing SHOULD_LINEMENRGE to false.