This is a problem for us using vlingo-http backed by vlingo-wire, which was making direct use of Java NIO. We thought we were facing the infamous Netty Java NIO epoll bug that was fixed by Netty, so we applied Netty's fix to vlingo-wire. This didn't work. We finally gave up trying to solve it with direct NIO and even with incorporating Netty's fix. Thus, we switched to Netty in place of NIO, which works everywhere else, but not on Heroku.
Using Netty and some fine-grained logging we saw that for each request the server definitely replies. But for some reason the reply does not get past the Heroku router. For example:
2020-04-06T20:50:13.896574+00:00 app[web.1]: 20:50:13.896 [nioEventLoopGroup-3-4] DEBUG i.v.w.f.b.n.s.NettyInboundHandler - Request received
2020-04-06T20:50:13.896929+00:00 app[web.1]: 20:50:13.896 [nioEventLoopGroup-3-4] DEBUG i.n.handler.logging.LoggingHandler - [id: 0x1efddaa2, L:/172.18.27.14:59829 - R:/10.11.43.12:20716] READ COMPLETE
2020-04-06T20:50:13.897026+00:00 app[web.1]: Retrieving operations and...
2020-04-06T20:50:13.898394+00:00 app[web.1]: 20:50:13.898 [nioEventLoopGroup-3-4] DEBUG i.n.handler.logging.LoggingHandler - [id: 0x1efddaa2, L:/172.18.27.14:59829 - R:/10.11.43.12:20716] WRITE: 148B
2020-04-06T20:50:13.898395+00:00 app[web.1]: +-------------------------------------------------+
2020-04-06T20:50:13.898396+00:00 app[web.1]: | 0 1 2 3 4 5 6 7 8 9 a b c d e f |
2020-04-06T20:50:13.898397+00:00 app[web.1]: +--------+-------------------------------------------------+----------------+
2020-04-06T20:50:13.898397+00:00 app[web.1]: |00000000| 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0a |HTTP/1.1 200 OK.|
2020-04-06T20:50:13.898397+00:00 app[web.1]: |00000010| 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 |Content-Type: ap|
2020-04-06T20:50:13.898399+00:00 app[web.1]: |00000020| 70 6c 69 63 61 74 69 6f 6e 2f 76 6e 64 2e 63 61 |plication/vnd.ca|
2020-04-06T20:50:13.898400+00:00 app[web.1]: |00000030| 6c 63 75 6c 61 74 69 6f 6e 2b 6a 73 6f 6e 3b 76 |lculation+json;v|
2020-04-06T20:50:13.898400+00:00 app[web.1]: |00000040| 65 72 73 69 6f 6e 3d 31 2e 31 0a 43 6f 6e 74 65 |ersion=1.1.Conte|
2020-04-06T20:50:13.898400+00:00 app[web.1]: |00000050| 6e 74 2d 4c 65 6e 67 74 68 3a 20 35 33 0a 0a 5b |nt-Length: 53..[|
2020-04-06T20:50:13.898401+00:00 app[web.1]: |00000060| 0a 20 20 22 41 44 44 49 54 49 4f 4e 22 2c 0a 20 |. "ADDITION",. |
2020-04-06T20:50:13.898401+00:00 app[web.1]: |00000070| 20 22 53 55 42 54 52 41 43 54 49 4f 4e 22 2c 0a | "SUBTRACTION",.|
2020-04-06T20:50:13.898401+00:00 app[web.1]: |00000080| 20 20 22 4d 55 4c 54 49 50 4c 49 43 41 54 49 4f | "MULTIPLICATIO|
2020-04-06T20:50:13.898402+00:00 app[web.1]: |00000090| 4e 22 0a 5d |N".] |
2020-04-06T20:50:13.898402+00:00 app[web.1]: +--------+-------------------------------------------------+----------------+
2020-04-06T20:50:13.898467+00:00 app[web.1]: 20:50:13.898 [nioEventLoopGroup-3-4] DEBUG i.n.handler.logging.LoggingHandler - [id: 0x1efddaa2, L:/172.18.27.14:59829 - R:/10.11.43.12:20716] FLUSH
2020-04-06T20:50:13.898847+00:00 app[web.1]: 20:50:13.898 [nioEventLoopGroup-3-4] TRACE i.v.w.f.b.n.s.NettyInboundHandler - Reply sent
The conclusion was that perhaps we were not closing the client socket properly (even though using curl has the same problems). In any case we tried server socket eager closing to close the socket right after a response to an HTTP request. The assumption was that maybe the close would flush socket buffers (small responses). This also didn't work for us.
All of the above worked from the beginning on direct AWS use, and continues to work there.
We are currently looking into some ideas we got about timeouts and DNS configuration, but so far it's not panning out.
At this point we are stuck and don't know what to do or try next. We would sure like to support Heroku. If you have any clues to share we would appreciate it very much.
I have an applet installed on a JavaCard. I want to delete this applet through over the air(OTA) message by sending APDU commands. following are the APDU command I send through card reader to delete th applet:
1) A4 04 00 00
2) ExAuth 00 02 00 01 00 404142434445464748494A4B4C4D4E4F
3) 80 E4 00 00 0D 4F 0B A0 00 00 00 00 01 02 03 03 01 02
4) 80 E4 00 00 0D 4F 0B A0 00 00 00 00 01 02 03 03 00 00
I have followed this :
https://adywicaksono.wordpress.com/2008/05/21/understanding-gsm-0348/
But I have not been able to delete the applet as there is some error everytime.
Thank You.
Under my assumption that your JavaCard is using the Global Platform framework (which almost every JavaCard does) you need to perform the following steps:
Select CardManager
Authenticate
Delete the applet
You probably succeeded the first step, although selecting the Cardmanager by its AID is the better way to go. The second step looks a bit weird to me from what you posted. The third step looks good as well.
To authenticate there are diffrent protocols, e.g. SCP01, SCP02, etc. SCP02 is the de facto standard for modern cards. Then of course you also need the right keys to authenticate, for most cards delivired there are the default keys that you already have. The exact procedure is explained in the Global Platform specification. A sample log from my tool looks like this:
=> 00 A4 04 00 08 A0 00 00 01 51 00 00 00 00 .........Q....
(9407 usec)
<= 6F 64 84 08 A0 00 00 01 51 00 00 00 A5 58 9F 65 od......Q....X.e
01 FF 9F 6E 06 47 91 23 47 41 00 73 49 06 07 2A ...n.G.#GA.sI..*
86 48 86 FC 6B 01 60 0B 06 09 2A 86 48 86 FC 6B .H..k.`...*.H..k
02 02 02 63 09 06 07 2A 86 48 86 FC 6B 03 64 0B ...c...*.H..k.d.
06 09 2A 86 48 86 FC 6B 04 02 55 65 0B 06 09 2B ..*.H..k..Ue...+
85 10 86 48 64 02 01 03 66 0C 06 0A 2B 06 01 04 ...Hd...f...+...
01 2A 02 6E 01 02 90 00 .*.n....
Status: No Error
cm> set-key 255/1/DES-ECB/404142434445464748494a4b4c4d4e4f 255/2/DES-ECB/404142434445464748494a4b4c4d4e4f 255/3/DES-ECB/404142434445464748494a4b4c4d4e4f
cm> init-update 255
=> 80 50 00 00 08 7D 62 4D F4 89 F6 07 E3 00 .P...}bM......
(55368 usec)
<= 00 00 42 87 00 17 97 93 24 74 FF 02 00 01 3C 2B ..B.....$t....<+
97 86 B8 3B 57 0A D0 9F 82 BF AD C2 90 00 ...;W.........
Status: No Error
cm> ext-auth plain
=> 84 82 00 00 10 EA 1A 9D A0 24 E6 00 9E F8 84 96 .........$......
1A 77 71 46 B4 .wqF.
(56879 usec)
<= 90 00 ..
Status: No Error
cm> delete ff4563686f4170706c6574
=> 80 E4 00 00 0D 4F 0B FF 45 63 68 6F 41 70 70 6C .....O..EchoAppl
65 74 00 et.
(956894 usec)
<= 00 90 00 ...
Status: No Error
As you don't want to perform all the cryptographic protocol by yourself there are tools out there, that do the job for you. The best freeware tool in my opinion is GlobalPlatformPro from Martin Paljek. Beware that there are plenty other tools that might be deprecated.
In order to perform remote application management on SIM you need to have OTA keys of SIM card and OTA platform to construct appropriate GSM 03.48 and 03.40 APDU commands to exchange secure data packets with SIM. SIM carries out authentication of mobile user in mobile networks and neither GSM nor OTA keys of SIM cards never shared by mobile operators to 3rd parties.
MNOs have OTA platform which maintains relational database to keep MSISDN-ICCID-OTA Keys(KiK,KiD and KiC) triplet. Apart from OTA keys, SPI, TAR and CNTR values as part of each SIM card profile is kept in OTA platform to generate GSM 03.48 packet. So to perform any applet provisioning (instal, update delete) generally secure data content must be encrypted with KiC and KiD.
Hello we are trying to create an iOS MDM server using java.
I am stuck at the very first point where we have to sign the certificate and send an SCEP.
I have first sent the enroll plist file to the ios device. In response to which I receive a HttpServletRequest from the ios device when we click on "Install" from the device.
It the uses the URL which contains the profile request url and a request is obtained for the same in java.
After reading the request.getInputStream i got to know that the request has two parts within. One is a plist another is the certificate of the device.
printing the file i got the below plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CHALLENGE</key>
<string>challengesessionvalue1234</string>
<key>UDID</key>
<string>b3d8980d72a6c2abf4f936862e8c50a734ccc030</string>
</dict>
</plist>
It contains the "Challenge" string which was sent during enrollment. Also it gives the device UDID. This part was retrieve by reading the inputStream of the request in java using bytes.
Another part the request.getInputStream contains is the pkcs signed certificate details of Apple certificate as shown below:
PKCS7 :: signer infos:
0. Signer Info for (issuer): CN=Apple iPhone Device CA, OU=Apple iPhone, O=Apple Inc., C=US
version: 01
certificateSerialNumber: 0252f631 cadff5f3 99986
digestAlgorithmId: SHA
authenticatedAttributes: PKCS9 Attributes: [
[ContentType: 1.2.840.113549.1.7.1];
[MessageDigest: 0000: E1 BF 36 1B 11 5C CB 0E E6 1C 57 4F 09 FC 55 B4 ..6..\....WO..U.
0010: D9 C1 E0 1E ....
];
[SigningTime: Wed Jul 30 11:46:02 UTC 2014]
] (end PKCS9 Attributes)
digestEncryptionAlgorithmId: RSA
encryptedDigest:
0000: C5 11 AC 76 89 E7 43 BD A3 03 5F 14 4B 08 BD E4 ...v..C..._.K...
0010: 5E F9 55 BA A7 F5 4E 43 E0 74 FD 06 D2 E2 88 03 ^.U...NC.t......
0020: C4 9C 88 A2 01 E0 9C 63 62 C2 D9 1A BD FC 00 B3 .......cb.......
0030: 64 30 8F 00 BD F4 4A B9 4E EA D5 C6 7B 26 1C 01 d0....J.N....&..
0040: A5 E2 B7 27 B9 7A A8 2D 22 97 E3 D9 24 7B 8B 24 ...'.z.-"...$..$
0050: 84 49 7C 38 1B A7 56 80 B8 CD 1A 44 9C AF 79 D9 .I.8..V....D..y.
0060: 86 12 B5 31 D1 BD 5C 27 F6 64 BC EC DC 02 19 A5 ...1..\'.d......
0070: 25 A5 09 F2 BB 11 67 78 3E DC D4 03 F2 E4 8D C0 %.....gx>.......
I have not copied the whole file as it was a huge. To read this part i used PKCS7 available for java from sun.security.pkcs package.
I would first like to read the "Challenge" value and authenticate the certificate using challenge itself as it will be a uniquely identified session value for us. I just want to pass back a sign certificate to iOS device so that i can proceed further.
Please provide a java code which will help in parse this request.getInputStream.
The content type of the request is = "application/pkcs7-signature"
And how should i pass back the response. Do i need to create the certificate again?
Please help.
Hope i made myself clear with the doubt.
Thanks in advance.!!
Let me try to break down your question to multiple subquestion and answer the.
I am stuck at the very first point where we have to sign the certificate and send an SCEP.
Frankly, I wasn't able to understand what you are talking about.
Based on the response which you got, you are doing this:
https://developer.apple.com/library/ios/documentation/networkinginternet/conceptual/iphoneotaconfiguration/OTASecurity/OTASecurity.html
And you are on phase 2, step 1.
I would first like to read the "Challenge" value and authenticate the certificate using challenge itself as it will be a uniquely identified session value for us
Again. I am not 100% sure what you mean. Specifically "authenticate the certificate using challenge itself"
You should do two things at this steps
Authenticate this request using the challenge extract from the request
Validate the signature (make sure that it's correct signature and that it's signed by appropriate Apple certificate).
if everything is correct (the challange and the certificate) then you should send either a profile with SCEP payload or PKCS12 payload
Please provide a java code which will help in parse this request.getInputStream.
To read this part i used PKCS7 available for java from sun.security.pkcs package.
I would recommend to look at Bouncy Castle. It's excellent library which handles crypto.
And search for "Bouncy castle validate signature":
X.509 Certificate validation with Java and Bouncycastle
http://www.nakov.com/blog/2009/12/01/x509-certificate-validation-in-java-build-and-verify-chain-and-verify-clr-with-bouncy-castle/
I have a java card. How I can find the algorithms that the card support and use for it's cryptography? What happens when I click on the authenticate button in jcmanager (for example)? How I can authenticate with APDUs?
This is output of jcmanager when I clicked on Authenticate :
Open terminal ...
EstablishContext(): ...
Wait for card in a certain reader ...
Pick reader ...
**********************
Selecting Card Manager
***********************
-> 00 A4 04 00 08 A0 00 00 00 03 00 00 00
<- 6F 10 84 08 A0 00 00 00 03 00 00 00 A5 04 9F 65 01 FF 90 00
************
Init Update
*************
-> 80 50 00 00 08 D3 90 22 B2 C5 7C D4 DD
<- 00 00 11 60 01 00 7F 8B 0A F9 02 02 00 99 3E 01 33 1B 3F 8E 33 BA E4 AD 82 6E 3C C1 90 00
HostChallenge: D3 90 22 B2 C5 7C D4 DD
CardChallenge: 3E 01 33 1B 3F 8E
Card Calculated Card Cryptogram: 33 BA E4 AD 82 6E 3C C1
Derivation Data is 01 82 00 99 00 00 00 00 00 00 00 00 00 00 00 00
Host Cryptogram Data (to encrypt) 00 99 3E 01 33 1B 3F 8E D3 90 22 B2 C5 7C D4 DD 80 00 00 00 00 00 00 00
Card Cryptogram Data (to encrypt for verification) D3 90 22 B2 C5 7C D4 DD 00 99 3E 01 33 1B 3F 8E 80 00 00 00 00 00 00 00
S_ENC: CE 69 1B 1E C8 EC DB B0 0A 9B 18 4A 53 58 04 BB CE 69 1B 1E C8 EC DB B0
The Current session MAC key is F8 85 4D 94 19 BC 83 4C 99 BA E9 94 15 00 A6 B8
The Current session DEK key is 6D 72 48 D4 23 BF 3B 1C 7C 2F 1F BC 7C 04 E9 F6
Encrypted CardCryptoGram is 58 20 23 4E 14 8B FE AA F8 6D 14 20 3D 41 18 E4 33 BA E4 AD 82 6E 3C C1
Encrypted HostCryptoGram is 07 D0 B3 EB 0F 1B 7E 54 84 34 08 6C 5F D9 E5 55 4B 5F 0D F6 87 52 99 2E
-> 84 82 03 00 10 4B 5F 0D F6 87 52 99 2E 17 29 AA 68 12 98 CE 2D
<- 90 00
Authenticated
Is this right :
I send a random 8 byte number to the card:
-> 80 50 00 00 08 D3 90 22 B2 C5 7C D4 DD
and in the answer of my command, card give me a random numbers + the encrypted random number that I sent to the card. What happens next? my card and my reader with which algorithm encrypt and decrypt random numbers (cardchallenge and host challenge)?
you are totally mixing up things.
FIRST there is Global Platform. Global Platform specifies how to interact with the card manager/security domain: e.g. how to authenticate with the card manager, how to upload a cap file, how to install a cap file, to lock the card to unlock the card to change the keys you mentioned above etc...
SECOND there is the Java Card applet which you code in a way you want your smartcard to behave lateron.
your question is very unclear.
do you mean cryptographic algorithms regarding global platform or jor java card code?
for first identiy your card and read the corresponding Global Platform Specification, there are various authentication modes called scp01 scp02 ...
if you mean javacard: the JC Specification is not mandatory so its the manufactureres choice what crypto to implement. to find out you can either trial&error or you talk to the manufacturer
for authentication to the card manager you should always use a tool (either GPJ GPshell or JCOP tools<--last one is not freely available) generating the APDUs and crypto behind it instead of manually sending APDUs.
however, if you want to know the details read Global Platform Specification instead of asking on a forum
The algorithms supported by your particular card can be obtained via JCAlgTest project. JCAlgTest project page also provides results for 63+ cards gathered by other users. Use ATR of your card to search for similar one in JCAlgTest database. Alternatively, use ATR parsing tool and find match your card by name. The JCAlgTest project also provides performance comparison for selected cards.
I'm wondering if anyone can give me any pointers in relation to the initialization of AMX MBeans on Glassfish. I'm using GF v2.1.1, Java 6 (running as 5) on a Mac.
Whenever I start up GF (which I have to do and redo a LOT), my startup freezes for 90 seconds on this line:
ADM1079: Initialization of AMX MBeans started
I know that this is due to the proxy server at the company. We are behind a proxy server with NTLM authentication (that causes enough problems in general), and I am running a local Authoxy http proxy instance on localhost to bypass the auth step.
If I switch to a proxy-free network, and remove any system proxy settings, I can start up the server quickly and it doesn't stall here. Unfortunately I can't do this all the time as switching back and forth makes some things unstable. When I'm in the corporate network and have set up the proxy on my system, I always get this delay.
So I know roughly what's causing it, just wondered if anyone can point me in the right direction for speeding this up? It doesn't seem to be timing out, as the server startup continues successfully 90s later. But maybe there's a way of changing AMX MBeans timeout settings, or somehow passing it specific proxy settings which it may not be picking up from the system.
This has been plagueing me and my team for about a year and I can't find much info on configuring this piece of the startup online. So I'm very grateful for any tips or just further info on AMX MBeans you can give me.
09-May-2013 11:45:46 com.sun.enterprise.admin.servermgmt.launch.ASLauncher buildCommand
INFO:
/System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/bin/java
-Dcom.sun.aas.instanceRoot=/Applications/NetBeans/SUNWappserver/domains/domain1
-Dcom.sun.aas.ClassPathPrefix=
-Dcom.sun.aas.ClassPathSuffix=/Applications/NetBeans/SUNWappserver/lib/ojdbc5.jar
-Dcom.sun.aas.ServerClassPath=
-Dcom.sun.aas.classloader.appserverChainJars.ee=
-Dcom.sun.aas.classloader.appserverChainJars=admin-cli.jar,admin-cli-ee.jar,j2ee-svc.jar
-Dcom.sun.aas.classloader.excludesList=admin-cli.jar,appserv-upgrade.jar,sun-appserv-ant.jar
-Dcom.sun.aas.classloader.optionalOverrideableChain.ee=
-Dcom.sun.aas.classloader.optionalOverrideableChain=webservices-rt.jar,webservices-tools.jar
-Dcom.sun.aas.classloader.serverClassPath.ee=Does not exist/lib/hadbjdbc4.jar,/Applications/NetBeans/SUNWappserver/lib/SUNWjdmk/5.1/lib/jdmkrt.jar,Does not exist/lib/dbstate.jar,Does not exist/lib/hadbm.jar,Does not exist/lib/hadbmgt.jar,/opt/SUNWmfwk/lib/mfwk_instrum_tk.jar
-Dcom.sun.aas.classloader.serverClassPath=/Applications/NetBeans/SUNWappserver/lib/install/applications/jmsra/imqjmsra.jar,/Applications/NetBeans/SUNWappserver/imq/lib/jaxm-api.jar,/Applications/NetBeans/SUNWappserver/imq/lib/fscontext.jar,/Applications/NetBeans/SUNWappserver/imq/lib/imqbroker.jar,/Applications/NetBeans/SUNWappserver/imq/lib/imqjmx.jar,/Applications/NetBeans/SUNWappserver/lib/ant/lib/ant.jar,/Applications/NetBeans/SUNWappserver/lib/SUNWjdmk/5.1/lib/jdmkrt.jar
-Dcom.sun.aas.classloader.sharedChainJars.ee=appserv-se.jar,appserv-ee.jar,jesmf-plugin.jar,Does not exist/lib/dbstate.jar,Does not exist/lib/hadbjdbc4.jar,jgroups-all.jar,/opt/SUNWmfwk/lib/mfwk_instrum_tk.jar
-Dcom.sun.aas.classloader.sharedChainJars=javaee.jar,/System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib/tools.jar,install/applications/jmsra/imqjmsra.jar,com-sun-commons-launcher.jar,com-sun-commons-logging.jar,/Applications/NetBeans/SUNWappserver/imq/lib/jaxm-api.jar,/Applications/NetBeans/SUNWappserver/imq/lib/fscontext.jar,/Applications/NetBeans/SUNWappserver/imq/lib/imqbroker.jar,/Applications/NetBeans/SUNWappserver/imq/lib/imqjmx.jar,/Applications/NetBeans/SUNWappserver/imq/lib/imqxm.jar,webservices-rt.jar,webservices-tools.jar,mail.jar,appserv-jstl.jar,jmxremote_optional.jar,/Applications/NetBeans/SUNWappserver/lib/SUNWjdmk/5.1/lib/jdmkrt.jar,activation.jar,appserv-rt.jar,appserv-admin.jar,appserv-cmp.jar,/Applications/NetBeans/SUNWappserver/updatecenter/lib/updatecenter.jar,/Applications/NetBeans/SUNWappserver/jbi/lib/jbi.jar,/Applications/NetBeans/SUNWappserver/imq/lib/imqjmx.jar,/Applications/NetBeans/SUNWappserver/lib/ant/lib/ant.jar,dbschema.jar
-Dcom.sun.aas.configName=server-config
-Dcom.sun.aas.configRoot=/Applications/NetBeans/SUNWappserver/config
-Dcom.sun.aas.defaultLogFile=/Applications/NetBeans/SUNWappserver/domains/domain1/logs/server.log
-Dcom.sun.aas.domainName=domain1
-Dcom.sun.aas.installRoot=/Applications/NetBeans/SUNWappserver
-Dcom.sun.aas.instanceName=server
-Dcom.sun.aas.processLauncher=SE
-Dcom.sun.aas.promptForIdentity=true
-Dcom.sun.enterprise.config.config_environment_factory_class=com.sun.enterprise.config.serverbeans.AppserverConfigEnvironmentFactory
-Dcom.sun.enterprise.overrideablejavaxpackages=javax.help,javax.portlet
-Dcom.sun.enterprise.taglibs=appserv-jstl.jar,jsf-impl.jar
-Dcom.sun.enterprise.taglisteners=jsf-impl.jar
-Dcom.sun.updatecenter.home=/Applications/NetBeans/SUNWappserver/updatecenter
-Ddomain.name=domain1
-Djava.endorsed.dirs=/Applications/NetBeans/SUNWappserver/lib/endorsed
-Djava.ext.dirs=/System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib/ext:/System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/jre/lib/ext:/Applications/NetBeans/SUNWappserver/domains/domain1/lib/ext:/Applications/NetBeans/SUNWappserver/javadb/lib
-Djava.library.path=/Applications/NetBeans/SUNWappserver/lib:/Applications/NetBeans/SUNWappserver/lib:/Applications/NetBeans/SUNWappserver/lib
-Djava.security.auth.login.config=/Applications/NetBeans/SUNWappserver/domains/domain1/config/login.conf
-Djava.security.policy=/Applications/NetBeans/SUNWappserver/domains/domain1/config/server.policy
-Djava.util.logging.manager=com.sun.enterprise.server.logging.ServerLogManager
-Djavax.management.builder.initial=com.sun.enterprise.admin.server.core.jmx.AppServerMBeanServerBuilder
-Djavax.net.ssl.keyStore=/Applications/NetBeans/SUNWappserver/domains/domain1/config/keystore.jks
-Djavax.net.ssl.trustStore=/Applications/NetBeans/SUNWappserver/domains/domain1/config/cacerts.jks
-Djdbc.drivers=org.apache.derby.jdbc.ClientDriver
-Djmx.invoke.getters=true
-Dsun.rmi.dgc.client.gcInterval=3600000
-Dsun.rmi.dgc.server.gcInterval=3600000
-client
-XX:+UnlockDiagnosticVMOptions
-Xms256m
-XX:PermSize=256m
-XX:MaxPermSize=256m
-Xmx512m
-XX:NewRatio=2
-XX:+LogVMOutput
-XX:LogFile=/Applications/NetBeans/SUNWappserver/domains/domain1/logs/jvm.log
-cp
/Applications/NetBeans/SUNWappserver/lib/jhall.jar:/Applications/NetBeans/SUNWappserver/lib/appserv-launch.jar
com.sun.enterprise.server.PELaunch
start
Starting Sun GlassFish Enterprise Server v2.1.1 ((v2.1 Patch06)(9.1_02 Patch12)) (build b31g-fcs) ...
CORE5076: Using [Java HotSpot(TM) 64-Bit Server VM, Version 1.6.0_45] from [Apple Inc.]
SEC1002: Security Manager is OFF.
Using MQ RA for Broker lifecycle control
[
Version: V1
Subject: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
Key: Sun RSA public key, 1000 bits
modulus: 6144706769222379850430183405655235862870193813433361902309516534729547168229223442088128897090426025874990958624426272027915771330043379079076269082776443120496525109458437435793974957144923190172655546279112796066635455545786300647745888353781002359412766112775410851780140804282673804950495744761467
public exponent: 65537
Validity: [From: Tue Nov 08 16:00:00 PST 1994,
To: Thu Jan 07 15:59:59 PST 2010]
Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
SerialNumber: [ 02ad667e 4e45fe5e 576f3c98 195eddc0]
]
Algorithm: [MD2withRSA]
Signature:
0000: 65 DD 7E E1 B2 EC B0 E2 3A E0 EC 71 46 9A 19 11 e.......:..qF...
0010: B8 D3 C7 A0 B4 03 40 26 02 3E 09 9C E1 12 B3 D1 ......#&.>......
0020: 5A F6 37 A5 B7 61 03 B6 5B 16 69 3B C6 44 08 0C Z.7..a..[.i;.D..
0030: 88 53 0C 6B 97 49 C7 3E 35 DC 6C B9 BB AA DF 5C .S.k.I.>5.l....\
0040: BB 3A 2F 93 60 B6 A9 4B 4D F2 20 F7 CD 5F 7F 64 .:/.`..KM. .._.d
0050: 7B 8E DC 00 5C D7 FA 77 CA 39 16 59 6F 0E EA D3 ....\..w.9.Yo...
0060: B5 83 7F 4D 4D 42 56 76 B4 C9 5F 04 F8 38 F8 EB ...MMBVv.._..8..
0070: D2 5F 75 5F CD 7B FC E5 8E 80 7C FC 50 ._u_........P
];_RequestID=ba54c6aa-d5b5-419d-809a-5db959e52842;|SEC5054: Certificate has expired: [
[
Version: V1
Subject: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
Key: Sun RSA public key, 1000 bits
modulus: 6144706769222379850430183405655235862870193813433361902309516534729547168229223442088128897090426025874990958624426272027915771330043379079076269082776443120496525109458437435793974957144923190172655546279112796066635455545786300647745888353781002359412766112775410851780140804282673804950495744761467
public exponent: 65537
Validity: [From: Tue Nov 08 16:00:00 PST 1994,
To: Thu Jan 07 15:59:59 PST 2010]
Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
SerialNumber: [ 02ad667e 4e45fe5e 576f3c98 195eddc0]
]
Algorithm: [MD2withRSA]
Signature:
0000: 65 DD 7E E1 B2 EC B0 E2 3A E0 EC 71 46 9A 19 11 e.......:..qF...
0010: B8 D3 C7 A0 B4 03 40 26 02 3E 09 9C E1 12 B3 D1 ......#&.>......
0020: 5A F6 37 A5 B7 61 03 B6 5B 16 69 3B C6 44 08 0C Z.7..a..[.i;.D..
0030: 88 53 0C 6B 97 49 C7 3E 35 DC 6C B9 BB AA DF 5C .S.k.I.>5.l....\
0040: BB 3A 2F 93 60 B6 A9 4B 4D F2 20 F7 CD 5F 7F 64 .:/.`..KM. .._.d
0050: 7B 8E DC 00 5C D7 FA 77 CA 39 16 59 6F 0E EA D3 ....\..w.9.Yo...
0060: B5 83 7F 4D 4D 42 56 76 B4 C9 5F 04 F8 38 F8 EB ...MMBVv.._..8..
0070: D2 5F 75 5F CD 7B FC E5 8E 80 7C FC 50 ._u_........P
]
SEC1143: Loading policy provider com.sun.enterprise.security.provider.PolicyWrapper.
WEB0114: SSO is disabled in virtual server [server]
WEB0114: SSO is disabled in virtual server [__asadmin]
JTS5014: Recoverable JTS instance, serverId = [54882]
ADM1079: Initialization of AMX MBeans started
It freezes here for about 90 seconds. See the next snippet with timestamps:
[#|2013-05-09T11:45:50.394-0700|INFO|sun-appserver2.1|javax.enterprise.system.tools.admin|_ThreadID=10;_ThreadName=main;|ADM1079: Initialization of AMX MBeans started|#]
[#|2013-05-09T11:47:23.135-0700|INFO|sun-appserver2.1|javax.enterprise.resource.resourceadapter|_ThreadID=10;_ThreadName=main;|JMS Service Connection URL is :mq://macbookro.americas.bmw.corp:54881/|#]