When using JGlobus in the pegasus-gridftp client from Pegasus we encountered the exception below on the XSEDE workflows host (workflow.iu.xsede.org). (see also discussion at: https://jira.pegasus.isi.edu/browse/PM-945)
It would be helpful if JGlobus gave a better error message in this case to indicate what security object is causing the problem. It would also be good if org.globus.gsi.stores.Stores had a tighter pattern for CRL file names.
edu.isi.pegasus.gridftp.GridFTPException: Unable to load user proxy
at edu.isi.pegasus.gridftp.Command.execute(Command.java:54)
at edu.isi.pegasus.gridftp.PegasusGridFTP.execute(PegasusGridFTP.java:192)
at edu.isi.pegasus.gridftp.PegasusGridFTP.main(PegasusGridFTP.java:197)
Caused by: GSSException: Defective credential detected [Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: PEMFilebasedCertStore, provider: Globus, class: org.globus.gsi.stores.ResourceCertStore)]
at org.globus.gsi.gssapi.GlobusGSSManagerImpl.createCredential(GlobusGSSManagerImpl.java:132)
at org.globus.gsi.gssapi.GlobusGSSManagerImpl.createCredential(GlobusGSSManagerImpl.java:71)
at edu.isi.pegasus.gridftp.Command.execute(Command.java:52)
... 2 more
Caused by: org.globus.gsi.CredentialException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: PEMFilebasedCertStore, provider: Globus, class: org.globus.gsi.stores.ResourceCertStore)
at org.globus.gsi.X509Credential.verify(X509Credential.java:445)
at org.globus.gsi.X509Credential.reloadDefaultCredential(X509Credential.java:480)
at org.globus.gsi.X509Credential.getDefaultCredential(X509Credential.java:462)
at org.globus.gsi.gssapi.GlobusGSSManagerImpl.createCredential(GlobusGSSManagerImpl.java:130)
... 4 more
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: PEMFilebasedCertStore, provider: Globus, class: org.globus.gsi.stores.ResourceCertStore)
at java.security.Provider$Service.newInstance(Provider.java:1259)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:243)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:190)
at java.security.cert.CertStore.getInstance(CertStore.java:228)
at org.globus.gsi.stores.Stores$ReloadableCrlStore.load(Stores.java:211)
at org.globus.gsi.stores.Stores$ReloadableCrlStore.(Stores.java:207)
at org.globus.gsi.stores.Stores.getCRLStore(Stores.java:92)
at org.globus.gsi.X509Credential.verify(X509Credential.java:438)
... 7 more
Caused by: java.lang.IllegalArgumentException: Object cannot be null
at org.globus.gsi.stores.AbstractResourceSecurityWrapper.init(AbstractResourceSecurityWrapper.java:78)
at org.globus.gsi.stores.AbstractResourceSecurityWrapper.init(AbstractResourceSecurityWrapper.java:62)
at org.globus.gsi.stores.ResourceCRL.(ResourceCRL.java:43)
at org.globus.gsi.stores.ResourceCRLStore.create(ResourceCRLStore.java:40)
at org.globus.gsi.stores.ResourceCRLStore.create(ResourceCRLStore.java:32)
at org.globus.gsi.stores.ResourceSecurityWrapperStore.load(ResourceSecurityWrapperStore.java:138)
at org.globus.gsi.stores.ResourceSecurityWrapperStore.loadResources(ResourceSecurityWrapperStore.java:109)
at org.globus.gsi.stores.ResourceSecurityWrapperStore.loadWrappers(ResourceSecurityWrapperStore.java:85)
at org.globus.gsi.stores.ResourceCertStore.(ResourceCertStore.java:69)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
at java.security.Provider$Service.newInstance(Provider.java:1254)
... 14 more
When using JGlobus in the pegasus-gridftp client from Pegasus we encountered the exception below on the XSEDE workflows host (workflow.iu.xsede.org). (see also discussion at: https://jira.pegasus.isi.edu/browse/PM-945)
We discovered that JGlobus was trying to read a broken CRL with a name ending in ".r0.broken". (see: https://jira.pegasus.isi.edu/secure/attachment/12217/157753a5.r0.broken) We couldn't detect this problem with the globus-url-copy client because it does not read the file.
It would be helpful if JGlobus gave a better error message in this case to indicate what security object is causing the problem. It would also be good if org.globus.gsi.stores.Stores had a tighter pattern for CRL file names.
edu.isi.pegasus.gridftp.GridFTPException: Unable to load user proxy at edu.isi.pegasus.gridftp.Command.execute(Command.java:54) at edu.isi.pegasus.gridftp.PegasusGridFTP.execute(PegasusGridFTP.java:192) at edu.isi.pegasus.gridftp.PegasusGridFTP.main(PegasusGridFTP.java:197) Caused by: GSSException: Defective credential detected [Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: PEMFilebasedCertStore, provider: Globus, class: org.globus.gsi.stores.ResourceCertStore)] at org.globus.gsi.gssapi.GlobusGSSManagerImpl.createCredential(GlobusGSSManagerImpl.java:132) at org.globus.gsi.gssapi.GlobusGSSManagerImpl.createCredential(GlobusGSSManagerImpl.java:71) at edu.isi.pegasus.gridftp.Command.execute(Command.java:52) ... 2 more Caused by: org.globus.gsi.CredentialException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: PEMFilebasedCertStore, provider: Globus, class: org.globus.gsi.stores.ResourceCertStore) at org.globus.gsi.X509Credential.verify(X509Credential.java:445) at org.globus.gsi.X509Credential.reloadDefaultCredential(X509Credential.java:480) at org.globus.gsi.X509Credential.getDefaultCredential(X509Credential.java:462) at org.globus.gsi.gssapi.GlobusGSSManagerImpl.createCredential(GlobusGSSManagerImpl.java:130) ... 4 more Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: PEMFilebasedCertStore, provider: Globus, class: org.globus.gsi.stores.ResourceCertStore) at java.security.Provider$Service.newInstance(Provider.java:1259) at sun.security.jca.GetInstance.getInstance(GetInstance.java:243) at sun.security.jca.GetInstance.getInstance(GetInstance.java:190) at java.security.cert.CertStore.getInstance(CertStore.java:228) at org.globus.gsi.stores.Stores$ReloadableCrlStore.load(Stores.java:211) at org.globus.gsi.stores.Stores$ReloadableCrlStore.(Stores.java:207)
at org.globus.gsi.stores.Stores.getCRLStore(Stores.java:92)
at org.globus.gsi.X509Credential.verify(X509Credential.java:438)
... 7 more
Caused by: java.lang.IllegalArgumentException: Object cannot be null
at org.globus.gsi.stores.AbstractResourceSecurityWrapper.init(AbstractResourceSecurityWrapper.java:78)
at org.globus.gsi.stores.AbstractResourceSecurityWrapper.init(AbstractResourceSecurityWrapper.java:62)
at org.globus.gsi.stores.ResourceCRL.(ResourceCRL.java:43)
at org.globus.gsi.stores.ResourceCRLStore.create(ResourceCRLStore.java:40)
at org.globus.gsi.stores.ResourceCRLStore.create(ResourceCRLStore.java:32)
at org.globus.gsi.stores.ResourceSecurityWrapperStore.load(ResourceSecurityWrapperStore.java:138)
at org.globus.gsi.stores.ResourceSecurityWrapperStore.loadResources(ResourceSecurityWrapperStore.java:109)
at org.globus.gsi.stores.ResourceSecurityWrapperStore.loadWrappers(ResourceSecurityWrapperStore.java:85)
at org.globus.gsi.stores.ResourceCertStore.(ResourceCertStore.java:69)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
at java.security.Provider$Service.newInstance(Provider.java:1254)
... 14 more