Skip to main content

Platform

Thread Dump#

The below commands expect that symphony is operated as a docker container named symphony.

Use following command to to identify the process id of the main java process, look for felix.jar:

docker exec -it symphony /home/app/java/bin/jps

In our test environment the command output was:

15 felix.jar

The required process id is 15.

You can produce a thread dump by running following command:

docker exec -it symphony /home/app/java/bin/jstack 15 > /tmp/thread_dump.txt

The output will be redirected to /tmp/thread_dump.txt.

Debug Port not exposed#

When using the debug jvm command line arguments:

-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005

remote debugging should be enabled through port 5005. In rare cases exposure of the port fails. To overcome you should directly use the host name instead of the wildcard - e.g.:

-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=host.name:5005

Adapters

KPMGSB#

Redundant length RSA key problem (SDSYM-808)#

When trying to open a p12 keystore we might run into these errors,

java.security.InvalidKeyException: Invalid RSA private key

Caused by: java.io.IOException: DerInputStream.getLength(): Redundant length bytes found

This happens because starting from java version 8u121 more checks were added to the DER encoding parsing code to catch various encoding errors. The change was introduced by oracle to address the security vulnerability CVE-2016-5546. As a consequence signatures which contain constructed indefinite length encoding will lead to IOException during parsing.

A permanent solution would be to fix the source where the p12 file is generated, please contact the provider of the p12 keystore to correct their system.

As a workaround we can use openSSL to clean up the p12 file.

  1. Run this command to deconstruct the p12 keystore into its individual components.

    openssl pkcs12 -in pkcs12-file -out key-and-cert -nodes -passin pass:abcXYZ
  2. With the result of the first command run the following command to repackage the key and cert into a valid p12 keystore.

    openssl pkcs12 -in key-and-cert -export -out new-pkcs12-file -passout pass:abcXYZ