Bad CRL causes difficult to debug error message

[juve]

When using JGlobus in the pegasus-gridftp client from Pegasus we encountered the exception below on the XSEDE workflows host (workflow.iu.xsede.org). (see also discussion at: https://jira.pegasus.isi.edu/browse/PM-945)

We discovered that JGlobus was trying to read a broken CRL with a name ending in ".r0.broken". (see: https://jira.pegasus.isi.edu/secure/attachment/12217/157753a5.r0.broken) We couldn't detect this problem with the globus-url-copy client because it does not read the file.

It would be helpful if JGlobus gave a better error message in this case to indicate what security object is causing the problem. It would also be good if org.globus.gsi.stores.Stores had a tighter pattern for CRL file names.

edu.isi.pegasus.gridftp.GridFTPException: Unable to load user proxy at edu.isi.pegasus.gridftp.Command.execute(Command.java:54) at edu.isi.pegasus.gridftp.PegasusGridFTP.execute(PegasusGridFTP.java:192) at edu.isi.pegasus.gridftp.PegasusGridFTP.main(PegasusGridFTP.java:197) Caused by: GSSException: Defective credential detected [Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: PEMFilebasedCertStore, provider: Globus, class: org.globus.gsi.stores.ResourceCertStore)] at org.globus.gsi.gssapi.GlobusGSSManagerImpl.createCredential(GlobusGSSManagerImpl.java:132) at org.globus.gsi.gssapi.GlobusGSSManagerImpl.createCredential(GlobusGSSManagerImpl.java:71) at edu.isi.pegasus.gridftp.Command.execute(Command.java:52) ... 2 more Caused by: org.globus.gsi.CredentialException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: PEMFilebasedCertStore, provider: Globus, class: org.globus.gsi.stores.ResourceCertStore) at org.globus.gsi.X509Credential.verify(X509Credential.java:445) at org.globus.gsi.X509Credential.reloadDefaultCredential(X509Credential.java:480) at org.globus.gsi.X509Credential.getDefaultCredential(X509Credential.java:462) at org.globus.gsi.gssapi.GlobusGSSManagerImpl.createCredential(GlobusGSSManagerImpl.java:130) ... 4 more Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: PEMFilebasedCertStore, provider: Globus, class: org.globus.gsi.stores.ResourceCertStore) at java.security.Provider$Service.newInstance(Provider.java:1259) at sun.security.jca.GetInstance.getInstance(GetInstance.java:243) at sun.security.jca.GetInstance.getInstance(GetInstance.java:190) at java.security.cert.CertStore.getInstance(CertStore.java:228) at org.globus.gsi.stores.Stores$ReloadableCrlStore.load(Stores.java:211) at org.globus.gsi.stores.Stores$ReloadableCrlStore.(Stores.java:207) at org.globus.gsi.stores.Stores.getCRLStore(Stores.java:92) at org.globus.gsi.X509Credential.verify(X509Credential.java:438) ... 7 more Caused by: java.lang.IllegalArgumentException: Object cannot be null at org.globus.gsi.stores.AbstractResourceSecurityWrapper.init(AbstractResourceSecurityWrapper.java:78) at org.globus.gsi.stores.AbstractResourceSecurityWrapper.init(AbstractResourceSecurityWrapper.java:62) at org.globus.gsi.stores.ResourceCRL.(ResourceCRL.java:43) at org.globus.gsi.stores.ResourceCRLStore.create(ResourceCRLStore.java:40) at org.globus.gsi.stores.ResourceCRLStore.create(ResourceCRLStore.java:32) at org.globus.gsi.stores.ResourceSecurityWrapperStore.load(ResourceSecurityWrapperStore.java:138) at org.globus.gsi.stores.ResourceSecurityWrapperStore.loadResources(ResourceSecurityWrapperStore.java:109) at org.globus.gsi.stores.ResourceSecurityWrapperStore.loadWrappers(ResourceSecurityWrapperStore.java:85) at org.globus.gsi.stores.ResourceCertStore.(ResourceCertStore.java:69) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:526) at java.security.Provider$Service.newInstance(Provider.java:1254) ... 14 more