I am trying to connect with one activeMQ host using vertx (vertx client does not support failover, then I am trying do it manually):
And if the connection fail, I am trying to connect to second Host:
The connection method is:
private fun connectClient(vertx: Vertx, host: String, options: AmqpClientOptions,
address: String): Single<MQServerConnection> =
AmqpClient.create(vertx, options).rxConnect().flatMap { amqpConnection ->
amqpConnection.rxCreateDynamicReceiver().flatMap { receiver ->
amqpConnection.rxCreateSender(address).map { sender ->
MQServerConnection(amqpConnection, sender, receiver, host)
}
}
}
And i am calling using:
connectClient(vertx, host1, options, address).doOnError {
logger.warn("CONNECTION_REFUSED_WITH_HOST_[$host1]")
options = getConnectionOptions(host2)
connectClient(vertx, host2, options, address).doOnError {
Single.error<Connection>(Exception("Error"))
}
}
But if fails the connection with host1 the connection is opened, because i Am getting connecting with host2:
Caused by: io.netty.channel.AbstractChannel$AnnotatedConnectException: Conexión rehusada: HOSTXXX/54.166.103.68:5671
Caused by: java.net.ConnectException: Conexión rehusada
How can I avoid this error in the connection, because i don't have connection because it fail
I am using a keytab and setting it up using the kinit command on my windows commandline. I get the message "New ticket is stored in cache file".After that when I run my java application to access the keytab file for the key I get below error.
Authentication attempt failed javax.security.auth.login.LoginException: No key to store
javax.security.auth.login.LoginException: No key to store
at com.sun.security.auth.module.Krb5LoginModule.commit(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.access$000(Unknown Source)
at javax.security.auth.login.LoginContext$4.run(Unknown Source)
at javax.security.auth.login.LoginContext$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
I am trying to connect to the active directory using ldap. Below are the configuration settings:
-Djavax.security.auth.useSubjectCredsOnly=false
-Djava.security.auth.login.config=C:\Users\cXXXXXX\Git\gssapi_jaas.conf
-Dsun.security.krb5.debug=true
Debug is true storeKey true useTicketCache true useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is
C:\Users\cXXXXXX\Git\abcd.keytab refreshKrb5Config is false principal is xxxx_dev#xxxx.xxxxxx.COM tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Acquire TGT from Cache
KinitOptions cache name is C:\Users\cXXXXXX\krb5cc_cXXXXXX
DEBUG client principal is xxxx_dev#xxxx.xxxxxx.COM
DEBUG server principal is krbtgt/xxxx.xxxxxx.COM#Txxxx.xxxxxx.COM
DEBUG key type: 23
DEBUG auth time: Mon Jul 01 14:20:21 EDT 2019
DEBUG start time: Mon Jul 01 14:20:21 EDT 2019
DEBUG end time: Tue Jul 02 00:20:21 EDT 2019
DEBUG renew_till time: null
CCacheInputStream: readFlags() INITIAL; PRE_AUTH;
Host address is /xx.xx.xxx.xx
Host address is /xxx:0:0:0:xxxx:xxxx:xxxx:xxxx
KrbCreds found the default ticket granting ticket in credential cache.
Java config name: null
Native config name: C:\windows\krb5.ini
Obtained TGT from LSA: Credentials:
client=sxxxx_dev#xxxx.xxxxxx.COM
server=krbtgt/Txxxx.xxxxxx.COM#Txxxx.xxxxxx.COM
authTime=20190701182021Z
startTime=20190701182021Z
endTime=20190702042021Z
renewTill=null
flags=INITIAL;PRE-AUTHENT
EType (skey)=23
(tkt key)=18
Principal is sxxxx_dev#xxxx.xxxxxx.COM
Before adding the kinit cache fil, I was able to atleast validate the account, then I was having issues with GSSapi security. Trying to resolve that I added the cache and this new problem started to happen
public static void main(String[] args) {
// 1. Log in (to Kerberos)
LoginContext lc = null;
try {
/*lc = new LoginContext(Azrm017.class.getName(),
new LuwCallBackHandler());
*/
lc = new LoginContext("Azrm017");
// Attempt authentication
// You might want to do this in a "for" loop to give
// user more than one chance to enter correct username/password
lc.login();
} catch (LoginException le) {
System.err.println("Authentication attempt failed " + le);
le.printStackTrace();
System.err.println("Authentication attempt failed " + le.getSuppressed());
System.exit(-1);
}
// 2. Perform JNDI work as logged in subject
NamingEnumeration<SearchResult> ne =
(NamingEnumeration<SearchResult>) Subject.doAs(lc.getSubject(),
new SearchAction());
while(ne.hasMoreElements()) {
System.out.println(">>>> : " + ne.nextElement().getName());
}
//Subject.doAs(lc.getSubject(), new JndiAction(args));
}
}
/**
* The application must supply a PrivilegedAction that is to be run
* inside a Subject.doAs() or Subject.doAsPrivileged().
*/
class SearchAction implements java.security.PrivilegedAction {
public Object run() {
// Set up the environment for creating the initial context
Hashtable<String, String> env = new Hashtable<> (11);
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
String cn = "dn:CN=xxxxxxx,OU=Service xxxxx,OU=Accounts,OU=xxxxx,DC=test,DC=xxxxxx,DC=com";
env.put(Context.PROVIDER_URL, "ldap://test.xxxxxxx.com:389");
env.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");
env.put("javax.security.sasl.server.authentication", "true");
env.put("javax.security.sasl.qop", "auth-conf");
DirContext ctx = null;
try {
// Create initial context
ctx = new InitialDirContext(env);
SearchControls ctls = new SearchControls();
ctls.setReturningAttributes(
new String[] {"displayName", "mail","description", "suSunetID"});
NamingEnumeration<SearchResult> answer =
ctx.search("cn=People, dc=test, dc=xxxxxxxx, dc=com",
"(&(cn=p*)(sn=s*))", ctls);
return answer;
} catch (Exception e) {
e.printStackTrace();
}
// Close the context when we're done
finally {
closeContext(ctx);
}
return null;
}
Attached above
This is a wrong combination of Krb5LoginModule options. If you want an initiator to store a key then that key must be used to acquire the ticket (i.e. useTicketCache should not be true).
Why do you want to store the key? Will the initiator also act as an acceptor? If yes, you should either use the keytab to authenticate (i.e. useTicketCache=false) or go with the ENC-TKT-IN-SKEY way (i.e. storeKey=false).
I am trying to perform HTTPS requests to a host 10.10.10.1 from Android host with 10.10.10.2 in network without Internet connection - only WiFi 2 peers AP and Android 9 Google Pixel One device.
I've created network_security_config.xml with my cert that is self-signed and has CN=10.10.10.1 and SAN= DNS: 10.10.10.1 PI: 10.10.10.1.
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
<certificates src="user" />
<certificates src="#raw/zone"/>
</trust-anchors>
</base-config>
</network-security-config>
I don't receive verification error and observe successful requests incoming to server - data are HTTP request, decrypted and shown on the server log. But the server can't send data back! It sends, but for some reason these data are not being accepted by the Android phone - just ignored.
I see packets are going from the server to the phone and the server repeatedly retries to shutdown SSL socket until error or success (I made such behavior intentionally during surveying) - here is Wireshark dump from WiFi air:
Here is my request from AsyncTask
protected String doInBackground(String... params) {
StringBuilder result = new StringBuilder();
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream caInput = new BufferedInputStream(MainActivity.this.getResources().openRawResource(R.raw.zone));
Certificate ca = cf.generateCertificate(caInput);
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, tmf.getTrustManagers(), null);
URL url = new URL("https://10.10.10.1/connect");
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
conn.setSSLSocketFactory(ctx.getSocketFactory());
conn.setRequestProperty("param1", params[0]);
conn.setRequestProperty("param2", params[1]);
conn.setRequestMethod("POST");
conn.setDoOutput(true);
conn.setDoInput(true);
mInputStream = conn.getInputStream();
byte[] buffer = new byte[1024];
ByteArrayOutputStream _buf = new ByteArrayOutputStream();
int l;
BufferedInputStream bufin = new BufferedInputStream(mInputStream);
while ((l = bufin.read(buffer,0,1024)) != -1) {
_buf.write(buffer, 0, l);
String rec = _buf.toString("UTF-8");
Log.d("MAIN", "Read: " + rec);
result.append(rec);
}
Log.d("MAIN", "Read finished: " + result.toString());
} catch (Exception e) {
e.printStackTrace();
}
return result.toString();
}
I suspect that Android 9 Network Security does block traffic somehow. I tried to use SSLSockets, change port from 443 to e.g. 1234 - no luck.
In fact my app is being created with Qt and firstly I used Qt stuff, but having no luck - I made fallback to Android Java code within my MainActivity, that I call via JNI from Qt code. Result is the same and I have no ideas more...
Where to dig?
UPD1
When the self-signed certificate is generated with SAN containing DNS:10.10.10.1 only (without IP:10.10.10.1) SSL fails with warnings:
W System.err: javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.10.10.1 not verified:
W System.err: certificate: sha1/gyr2GOhy5lA+ZAHEzh0E2SBEgx0=
W System.err: DN: CN=10.10.10.1,O=Some ltd.,L=Knoxville,ST=TN,C=US
W System.err: subjectAltNames: [10.10.10.1]
W System.err: at com.android.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:201)
W System.err: at com.android.okhttp.internal.io.RealConnection.connectSocket(RealConnection.java:149)
W ...
And conversely, with SAN IP:10.10.10.1 (without DNS: 10.10.10.1) - works as before - session established, data transferred to server and decrypted, but responses from server to client just ignored by client.
UPD2
I've also tried to use domain name some.device for the 10.10.10.1 device and issued certificate with CN and SAN DNS = some.device. It's resolved by Android 9 client, data is being sent successfully but response is still not being accepting.
Looks like Android bug.
After making additional surveying:
1. Some set of Android devices (builds), including Pixel 1, does not accept TCP session that was not finalized by mutual [FIN,ACK] and received data is not delivered to upper level of stack. Also data may not be accepted if TCP stream was not solid, with many retransmissions and Seq changing.
2. In case of using Qt - Android Network Security Configuration does not affect on communications.
3. This is not TLS related issue.
I have copied rabbit mqqt code from one article.
import org.eclipse.paho.client.mqttv3.MqttClient;
import org.eclipse.paho.client.mqttv3.MqttConnectOptions;
import org.eclipse.paho.client.mqttv3.MqttException;
import org.eclipse.paho.client.mqttv3.MqttMessage;
public class MqttPublishSample {
public static void main(String[] args) {
String topic = "MQTT Examples";
String content = "Message from MqttPublishSample";
int qos = 0;
String broker = "tcp://127.0.0.1:1883";
String clientId = "pahomqttpublish1";
try {
MqttClient sampleClient = new MqttClient(broker, clientId);
MqttConnectOptions connOpts = new MqttConnectOptions();
connOpts.setUserName("guest");
connOpts.setPassword("guest".toCharArray());
connOpts.setCleanSession(true);
System.out.println("Connecting to broker: " + broker);
sampleClient.connect(connOpts);
System.out.println("Connected");
System.out.println("Publishing message: " + content);
MqttMessage message = new MqttMessage(content.getBytes());
message.setQos(qos);
sampleClient.publish(topic, message);
System.out.println("Message published");
sampleClient.disconnect();
System.out.println("Disconnected");
System.exit(0);
} catch (MqttException me) {
System.out.println("reason " + me.getReasonCode());
System.out.println("msg " + me.getMessage());
System.out.println("loc " + me.getLocalizedMessage());
System.out.println("cause " + me.getCause());
System.out.println("excep " + me);
me.printStackTrace();
}
}
}
Getting error while running this code this not Qos issue
error while connecting sampleClient.connect(connOpts);
**Error on console **
Connecting to broker: tcp://127.0.0.1:1883
reason 32109
msg Connection lost
loc Connection lost
cause java.io.EOFException
excep Connection lost (32109) - java.io.EOFException
Connection lost (32109) - java.io.EOFException atrg.eclipse.paho.client.mqttv3.internal.CommsReceiver.run(CommsReceiver.java:146) at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.EOFException at java.io.DataInputStream.readByte(DataInputStream.java:267) at rg.eclipse.paho.client.mqttv3.internal.wire.MqttInputStream.readMqttWireMessage(MqttInputStream.java:65) at org.eclipse.paho.client.mqttv3.internal.CommsReceiver.run(CommsReceiver.java:107)
Rabbitmq error log
=ERROR REPORT==== 19-Aug-2016::17:24:54 ===
** Generic server <0.469.0> terminating
** Last message in was
{inet_async,#Port<0.12379>,4714,{ok,[16,42,0,4,77,81,84,84,4,194,0,60,0,16,112,97,104,111,109,113,116,116,112,117,98,108,105,
115,104,49,0,5,103,117,101,115,116,0,5,103,117,101,115,116]}}`
** When Server state == {state,#Port<0.12379>,"127.0.0.1:34033 -> 127.0.0.1:1883",true,running,false,none,{proc_state,#Port<0.12379>,
{dict,0,16,16,8,80,48,{[],[],[],[],[],[],[],[],[],[],[],[],[],[],[],[]},{{[],[],[],[],[],[],[],[],[],[],[],[],[],[],[],[]}}},
{undefined,undefined},{0,nil},{0,nil},undefined,1,undefined,undefined,undefined,{undefined,undefined},undefined,<<"amq.topic">>}}
Reason for termination ==
{{badfun,none},[{rabbit_mqtt_frame,parse,2,[{file,"rabbitmq-mqtt/src/rabbit_mqtt_frame.erl"},{line,39}]},
{rabbit_mqtt_reader,process_received_bytes,2,[{file,"rabbitmq-mqtt/src/rabbit_mqtt_reader.erl"},{line,136}]},{gen_server2,handle_msg,2,[{file,"src/gen_server2.erl"},{line,934}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,239}]}]}
I think you have installed Rabitmq 3.2.5 through apt-get, please install new version of rabitmq 3.6.5 find here here then try
I was looking for a good ldap library for Dart for connecting Microsoft Active Directory. I found dartdap, but I can't seem to get it working. I'm 100% shure that my CN and password is correct, because I can connect to Active directory for example with lpap browser.
The error I get is:
Uncaught Error: Invalid Credentials (49) msg=80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
The ldap.yaml looks like this (address, password and username scrambled off course)
# LDAP configuration file
# default is used if no connection name is specified
default:
port: 389
host: xxx.xx.com
bindDN: cn=testaccount
password: xxxxxxxx
And the ldaptest.dart looks like this:
void readDataFromLDAPServer() {
var ldapConfig = new LDAPConfiguration("ldap.yaml","default");
var attrs = ["dn", "cn", "objectClass"];
var filter = Filter.substring("cn=A*");
var notFilter = Filter.not(filter);
ldapConfig.getConnection().then( (LDAPConnection ldap) {
ldap.search("dc=example,dc=com", filter, attrs).
listen( (SearchEntry entry) => print('Found $entry'));
// we expect to find non A entries
ldap.search("dc=example,dc=com", notFilter, attrs)
.listen( (SearchEntry entry) {
//print("Not search = ${entry}");
// todo: test entries.
});
});
}
Any idea, what might be wrong?
I am using the code below to successfully bind to a Microsoft AD server:
var host = "ip_address";
var ssl = false;
var port = null;
var bindDN = "accountname#domain.name";
var password = "password";
var connection = new LdapConnection(host: host);
connection.setProtocol(ssl, port);
connection.setAuthentication(bindDN, password);
Please note that my binding code differs from what you are using. I am also using an_ldap client for Dart 2.