Search code examples
javasslssl-certificatelotus-domino

URL.openStream generates en error (javax.net.ssl.SSLException)

I've an issue, I'm using static Feed/URL (https) to read data from. Today it stopped to work. URL is still accessible and content is there. I see that feed/URL get new certificate recently.

URL page = new URL(url);
InputStream is = page.openStream(); // issue happens here
InputStreamReader isr = new InputStreamReader(is);
BufferedReader in = new BufferedReader(isr);

Could somebody advise what should I check/test/do to resolve my issue?

Here is error StackTrace

Agent  error: javax.net.ssl.SSLException: java.lang.ArrayIndexOutOfBoundsException: Array index out of range: 64
Agent  error:  at com.ibm.jsse2.o.a(o.java:10)
Agent  error:  at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:216)
Agent  error:  at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:864)
Agent  error:  at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:618)
Agent  error:  at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:500)
Agent  error:  at com.ibm.jsse2.SSLSocketImpl.startHandshake(SSLSocketImpl.java:220)
Agent  error:  at com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:184)
Agent  error:  at com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:40)
Agent  error:  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1207)
Agent  error:  at com.ibm.net.ssl.www2.protocol.https.b.getInputStream(b.java:66)
Agent  error:  at java.net.URL.openStream(URL.java:1022)
Agent  error:  at JavaAgent.getURLContent(JavaAgent.java:23)
Agent  error:  at JavaAgent.NotesMain(JavaAgent.java:12)
Agent  error:  at lotus.domino.AgentBase.runNotes(Unknown Source)
Agent  error:  at lotus.domino.NotesThread.run(Unknown Source)
Agent  error: Caused by: 
Agent  error: java.lang.ArrayIndexOutOfBoundsException: Array index out of range: 64
Agent  error:  at com.ibm.crypto.provider.xc.a(Unknown Source)
Agent  error:  at com.ibm.crypto.provider.xc.a(Unknown Source)
Agent  error:  at com.ibm.crypto.provider.xc.a(Unknown Source)
Agent  error:  at com.ibm.crypto.provider.TlsMasterSecretGenerator.engineGenerateKey(Unknown Source)
Agent  error:  at javax.crypto.KeyGenerator.generateKey(Unknown Source)
Agent  error:  at com.ibm.jsse2.kb.b(kb.java:584)
Agent  error:  at com.ibm.jsse2.kb.a(kb.java:406)
Agent  error:  at com.ibm.jsse2.lb.a(lb.java:352)
Agent  error:  at com.ibm.jsse2.lb.a(lb.java:156)
Agent  error:  at com.ibm.jsse2.kb.s(kb.java:659)
Agent  error:  at com.ibm.jsse2.kb.a(kb.java:393)
Agent  error:  at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:850)
Agent  error:  at com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:63)
Agent  error:  at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:316)
Agent  error:  ... 10 more
Solution

  • We have done 2 things about this issue:

    • Up our Domino server. as far as I understand when you upgrade you Domino server it also upgrade certificate storage.
    • We also disabled certificate validation (even though it's a dirty way).

    You may try my solution Disabling certificate validation in Java

    Also have a look on related topics there, maybe it will help you.