4 Replies Latest reply: Nov 3, 2006 8:57 AM by (A_Sharma) RSS

    SSL & Document Security Server

    Community Member
      Hi -

      Previously I had successfully implemented a solution to allow me to apply a policy to a PDF remotely. I did this by creating an EJB to interact with the Document Security server. The EJB takes a byte[] as input (which is the unprotected PDF) and returns a byte[] as output (which is the protected PDF). This was working well.

      I've now implemented SSL on JBoss/Document Security server and although the certificate seems fine, the application no longer works. At the point where it's writing the data back to the client the following error is presented within the server.log file:

      2006-10-17 14:18:54,973 INFO [STDOUT] omniORB: From endpoint: giop:tcp:192.168.1.103:3528. Detected GIOP 1.2 protocol error in input message. Connection is
      closed.
      2006-10-17 14:18:55,116 INFO [STDOUT] omniORB: From endpoint: giop:tcp:192.168.1.103:3528. Detected GIOP 1.2 protocol error in input message. Connection is
      closed.
      2006-10-17 14:18:55,137 ERROR [com.adobe.document.PDFManipulation] Service PDFManipulation: Native process (PID=0) /opt/semantico/slot/Adobe/1/LiveCycle_7.0.
      2/PolicyServer/jboss-3.2.5/server/all/svcnative/PDFManipulation/bin/PDFManipulation.exe terminated abnormally with error code 1
      2006-10-17 14:18:55,140 INFO [com.adobe.service.logging.Logger] $$$/server/service/logging/msg.LogSvcInit=Logger com.adobe.service.logging.Logger initialize
      d

      The system doesn't actually seem to terminate as my client just sits there waiting for a response that doesn't seem to come.

      Has anyone seen this before? Have I done something wrong when implementing the certificate? Is it unrelated to the SSL work that I've been doing?

      I'm really confused and can't seem to find any forum topics addressing this issue so am very stuck. If anyone could offer any ideas as to how to solve this issue I'd be most grateful.

      The steps I took to implement SSL were:

      - generated a new certificate
      - generated a CSR to get signed by a trusted authority
      - added the signed certificate into my java environment
      - performed an 'expert' installation of document security server to incorporate the new certificate (I had to do this as configtool doesn't seem to work on my machine)
      - added the certificate to the JBoss installation & configured JBoss

      If anyone could help me with this I'd be very grateful.

      Anil.
        • 1. Re: SSL & Document Security Server
          Hi

          I can't help with the spesific error in the log, but I know there is a strict order in which the different livecycle products should be installed.

          If you install Policy Server and then Livecycle Forms, then the Policy Server doesnt work anymore. The other way around goes fine.

          I got a confirmation of this by Gary Thain (?) from Canada. He has had a lot of workshops in europe in all the livecycle products.

          What order have you installed APS and Security server in?

          If would try to contact Gary first since a reinstall of both products and maybe having to revoke the sertificate and re issue it is both timeconsuming and you will not know if this works untill its all done... again.

          I do not have his contact information but try to google him or ask your Adobe contacts if they know the correct order.

          Regards
          Michael
          • 2. Re: SSL & Document Security Server
            Community Member
            Hi Michael

            Thanks for the prompt response & thanks for the suggestion.

            I installed Policy Server first & then Document Security server, which is the way the documentation describes to do it.

            I've also had document security server working with Policy server and since that point I've not uninstalled Policy server at all. The only real problem has come when I have installed the certificate -

            I've been looking at the error logs some more and all I can seem to find is that the PDFManipulation.exe terminates with error code 1 (whatever that means!).

            Anyway, thanks for your help - I really appreciate it. Hopefully someone out there will have an answer for me!

            A.
            • 3. Re: SSL & Document Security Server
              Hello

              I suspect that your problem has someting to do with the configuration of the "jacorb.properties" file used by JBoss (located in Jboss\server\all\conf).

              I have configured SSL on JBoss 3.2.5 using credentials that I created to using the Java keytool, I have documented all of the steps that I followed to configure JBoss. I have also been successful in applying a policy (Java Servlet) to a PDF using ALDS with an SSL connection

              I can send you the document if you want. You can contact me at steve.forrest@adobe.com. Please not, that this document is not an official Adobe document and it is to be used at your own risk!

              Regards
              Steve
              • 4. Re: SSL & Document Security Server
                Community Member
                Hi Steve (and anyone that can help!) - <br /><br />I've installed my SSL certificate onto JBoss etc, and when I go to:<br /><br />https://<machine>:8433/edc/Main.do<br /><br />I see the certificate and it is trusted etc. The certificate appears fine.<br /><br />But when I run my application to apply a policy to a PDF (which works without the SSL connection) I get a problem being displayed in the server.log file.<br /><br />It initially says it has a problem retrieving the trust info (I assume that it's related) and then when it tries to do the work I get an SSLHandshakeException. <br /><br />javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure  vmcid: 0x0  minor code: 0  completed: No<br />        at org.jacorb.orb.iiop.IIOPConnection.to_COMM_FAILURE<br /><br />I'm confused as to why the certificate seems fine for the browser but there is a problem with the system communicating internally in order to apply the policy to the document.<br /><br />-------------<br /><br />2006-11-03 16:09:21,409 WARN  [com.adobe.document.PDFManipulation] problem retrieving trust info, security functions will not work<br />2006-11-03 16:09:21,422 DEBUG [org.jboss.mx.loading.UnifiedClassLoader] New jmx UCL with url null<br />2006-11-03 16:09:21,422 DEBUG [org.jboss.mx.loading.UnifiedClassLoader] setRepository, r=org.jboss.mx.loading.HeirarchicalLoaderRepository3@1944379, ucl=org.jboss.mx.loading.HeirarchicalLoaderRepository3$CacheClassLoader@1002a9d{ url=null ,addedOrder=0}<br />2006-11-03 16:09:21,422 DEBUG [org.jboss.mx.loading.UnifiedClassLoader] New jmx UCL with url null<br />2006-11-03 16:09:21,422 DEBUG [org.jboss.mx.loading.UnifiedClassLoader] setRepository, r=org.jboss.mx.loading.HeirarchicalLoaderRepository3@1944379, ucl=org.jboss.mx.loading.UnifiedClassLoader3@71edc8{ url=null ,addedOrder=0}<br />2006-11-03 16:09:21,432 INFO  [com.adobe.document.PDFManipulation] @@@ Starting PDFManipulation Services @@@<br />2006-11-03 16:09:21,434 DEBUG [com.adobe.document.PDFManipulation] Service PDFManipulation: Signal READY received<br />2006-11-03 16:09:21,435 DEBUG [org.jboss.mx.loading.UnifiedClassLoader] New jmx UCL with url null<br />2006-11-03 16:09:21,435 DEBUG [org.jboss.mx.loading.UnifiedClassLoader] setRepository, r=org.jboss.mx.loading.HeirarchicalLoaderRepository3@1944379, ucl=org.jboss.mx.loading.HeirarchicalLoaderRepository3$CacheClassLoader@1c4ecb7{ url=null ,addedOrder=0}<br />2006-11-03 16:09:21,435 DEBUG [org.jboss.mx.loading.UnifiedClassLoader] New jmx UCL with url null<br />2006-11-03 16:09:21,435 DEBUG [org.jboss.mx.loading.UnifiedClassLoader] setRepository, r=org.jboss.mx.loading.HeirarchicalLoaderRepository3@1944379, ucl=org.jboss.mx.loading.UnifiedClassLoader3@7c0754{ url=null ,addedOrder=0}<br />2006-11-03 16:09:21,490 INFO  [com.adobe.document.PDFManipulation] Service PDFManipulation: Exception while allocating a connection.<br />2006-11-03 16:09:21,494 INFO  [com.adobe.document.PDFManipulation] org.omg.CORBA.COMM_FAILURE: IOException: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure  vmcid: 0x0  minor code: 0  completed: No<br />org.omg.CORBA.COMM_FAILURE: IOException: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure  vmcid: 0x0  minor code: 0  completed: No<br />        at org.jacorb.orb.iiop.IIOPConnection.to_COMM_FAILURE(Unknown Source)<br />        at org.jacorb.orb.iiop.IIOPConnection.flush(Unknown Source)<br />        at org.jacorb.orb.giop.GIOPConnection.sendMessage(Unknown Source)<br />        at org.jacorb.orb.giop.GIOPConnection.sendRequest(Unknown Source)<br />        at org.jacorb.orb.giop.ClientConnection.sendRequest(Unknown Source)<br />        at org.jacorb.orb.giop.ClientConnection.sendRequest(Unknown Source)<br />        at org.jacorb.orb.Delegate.invoke_internal(Unknown Source)<br />        at org.jacorb.orb.Delegate.invoke(Unknown Source)<br />        at org.omg.CORBA.portable.ObjectImpl._invoke(ObjectImpl.java:457)<br />        at com.adobe.service._ControlAgentStub.newRequestHandler(_ControlAgentStub.java:23)<br />        at com.adobe.service.ProcessResource.allocateConnection(ProcessResource.java:561)<br />        at com.adobe.service.ConnectionResource.getConnection(ConnectionResource.java:39)<br />        at com.adobe.service.J2EEConnectionFactoryManagerPeerImpl.getConnection(J2EEConnectionFactor yManagerPeerImpl.java:106)<br />        at com.semantico.depp.drm.documentsecurity.server.PolicyApplicationBean.applyPolicy(Unknown Source)<br />        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)<br />        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)<br />        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)<br />        at java.lang.reflect.Method.invoke(Method.java:324)<br />        at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionConta iner.java:683)<br />        at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionI nterceptor.java:185)<br />        at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:84)<br />        at org.jboss.ejb.plugins.AbstractTxInterceptorBMT.invokeNext(AbstractTxInterceptorBMT.java:1 44)<br />        at org.jboss.ejb.plugins.TxInterceptorBMT.invoke(TxInterceptorBMT.java:62)<br />        at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstance Interceptor.java:72)<br />        at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:120)<br />        at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:191)<br />        at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor. java:122)<br />        at org.jboss.ejb.StatelessSessionContainer.internalInvoke(StatelessSessionContainer.java:331 )<br /><br />--------------<br /><br />Can anyone shed any light on what's going on here? I've configured my system as documented by a few people but I don't seem to be able to get it working.<br /><br />Many thanks,<br />Anil.