[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Handle-info] Error in handle - Unable to find signature of '0.NA/0.NA' from majority of keys
Hi!
 here at the University of Padova (org name is Phaidra), we have an 
handle server with prefix 11168/.
 Yesterday we was unable to register new handles:
2020-08-31 18:06:05.256+0200" 75 class net.handle.server.HandleServer: 
error getting values: HandleException (CANNOT_CONNECT_TO_SERVER) 
41.231.118.2: java.net.SocketTimeoutException: connect timed out
HandleException (CANNOT_CONNECT_TO_SERVER) 41.231.118.2: 
java.net.SocketTimeoutException: connect timed out
        at 
net.handle.hdllib.HandleResolver.sendHttpRequest(HandleResolver.java:2915)
        at 
net.handle.hdllib.HandleResolver.sendRequestToInterface(HandleResolver.java:2231)
        at 
net.handle.hdllib.HandleResolver.sendRequestToServerByProtocol(HandleResolver.java:1913)
        at 
net.handle.hdllib.HandleResolver.sendRequestToServerInSiteByProtocol(HandleResolver.java:1634)
        at 
net.handle.hdllib.HandleResolver.sendRequestToSite(HandleResolver.java:1612)
        at 
net.handle.hdllib.HappyEyeballsResolver.sendRequestToSiteViaProtocol(HappyEyeballsResolver.java:187)
        at 
net.handle.hdllib.HappyEyeballsResolver.sendRequestToSites(HappyEyeballsResolver.java:165)
        at 
net.handle.hdllib.HappyEyeballsResolver.sendRequestAndSetResponseOrPublicException(HappyEyeballsResolver.java:143)
        at 
net.handle.hdllib.HappyEyeballsResolver.run(HappyEyeballsResolver.java:82)
        at java.lang.Thread.run(Thread.java:748)
"2020-09-01 08:30:55.872+0200" 25 Shutting down server at Tue Sep 01 
08:30:55 CEST 2020
"2020-09-01 08:34:44.786+0200" 25 Started new run.
this morning I tried to register an handle and I got this:
AUTHENTICATE PUBKEY:300:0.NA/11168
/usr/local/hs/admpriv.bin|<our cert pass>
CREATE 11168/test2020
100 HS_ADMIN 86400 1110 ADMIN 300:110011111111:0.NA/11168
3 URL 86400 1110 UTF8 https://phaidra.cab.unipd.it/
[...]
  sending HDL-UDP request (version=2.5; oc=400; rc=0; snId=0 crt caCrt 
noAuth expires:Tue Sep 01 20:19:43 CEST 2020 /) to 147.162.213.84:2641
    received HDL-UDP response: version=2.5; oc=400; rc=1; snId=134 crt 
caCrt auth noAuth expires:Tue Sep 01 20:19:43 CEST 2020
  sending HDL-UDP request (version=2.5; oc=400; rc=0; snId=0 crt caCrt 
noAuth expires:Tue Sep 01 20:19:43 CEST 2020 /) to 147.162.213.84:2641
    received HDL-UDP response: version=2.5; oc=400; rc=1; snId=135 crt 
caCrt auth noAuth expires:Tue Sep 01 20:19:43 CEST 2020
==>FAILURE[5]: create:11168/test2020: Error setting up session
Successes/Total Entries: 0/1
Batch File Lines: 5
Finish Time: Tue Sep 01 08:19:43 CEST 2020
This batch took 0 seconds to complete at an average speed of 
2.070393374741201 operations/second
Batch process finished
and now, after a server restart, we have this in the logs:
2020-09-01 08:34:44.787+0200" 25 HANDLE.NET Server Software version 7.2.1
Error verifying root values signature: HandleException 
(ENCRYPTION_ERROR) Unable to find signature of '0.NA/0.NA' from majority 
of keys
HandleException (ENCRYPTION_ERROR) Unable to find signature of 
'0.NA/0.NA' from majority of keys
        at 
net.handle.hdllib.SecureResolver.verifyValuesByMajority(SecureResolver.java:753)
        at 
net.handle.hdllib.Configuration.refreshRootInfoFromNet(Configuration.java:501)
        at 
net.handle.server.AbstractServer$RootInfoUpdater.run(AbstractServer.java:110)
How can we fix this problem? Thanks for any help. We are using 
-Djdk.crypto.KeyAgreement.legacyKDF=true (you can see it below in the 
command line). We are ok with the payment until 6/30/2021.
This is the handle server process:
root@phaidra:~# netstat -tulpn | grep 2641
tcp6       0      0 147.162.213.84:2641 :::*                    
LISTEN      18713/java
udp6       0      0 147.162.213.84:2641 
:::*                                18713/java
/usr/local/hs/root@phaidra:~# ps auxw | grep 18713
java -Djdk.crypto.KeyAgreement.legacyKDF=true -server -Xmx200M -cp 
:/root/phaidra/hs/hsj-7.2/bin/../lib/admintool.jar:/root/phaidra/hs/hsj-7.2/bin/../lib/bcpkix-jdk15on-147.jar:/root/phaidra/hs/hsj-7.2/bin/../lib/bcprov-ext-jdk15on-147.jar:/root/phaidra/hs/hsj-7.2/bin/../lib/cnriutil.jar:/root/phaidra/hs/hsj-7.2/bin/../lib/commons-codec-1.7.jar:/root/phaidra/hs/hsj-7.2/bin/../lib/gson-2.2.2.jar:/root/phaidra/hs/hsj-7.2/bin/../lib/handle.jar:/root/phaidra/hs/hsj-7.2/bin/../lib/icu4j-4_2_1-idna.jar:/root/phaidra/hs/hsj-7.2/bin/../lib/je-3.3.98.jar:/root/phaidra/hs/hsj-7.2/bin/../lib/jython-2.2.1.jar:/root/phaidra/hs/hsj-7.2/bin/../lib/oldadmintool.jar:/root/phaidra/hs/hsj-7.2/bin/../lib/*/*.jar:/root/phaidra/hs/hsj-7.2/bin/../lib/amazons3/*.jar 
net.handle.server.Main /usr/local/hs/
Here the config:
contactdata.dct
{
  "contact_email" = "yuri.carrer@unipd.it"
  "org_name" = "Phaidra"
  "contact_name" = "Yuri Carrer"
}
config.dct
{
  "hdl_http_config" = {
    "bind_address" = "147.162.213.84"
    "num_threads" = "15"
    "bind_port" = "8000"
    "backlog" = "5"
    "log_accesses" = "no"
  }
  "server_type" = "server"
  "hdl_udp_config" = {
    "bind_address" = "147.162.213.84"
    "num_threads" = "15"
    "bind_port" = "2641"
    "log_accesses" = "no"
  }
  "hdl_tcp_config" = {
    "bind_address" = "147.162.213.84"
    "num_threads" = "15"
    "bind_port" = "2641"
    "backlog" = "5"
    "log_accesses" = "no"
  }
  "no_udp_resolution" = "n"
  "interfaces" = (
    "hdl_udp"
    "hdl_tcp"
    "hdl_http"
  )
  "server_config" = {
    "server_admins" = (
      "300:0.NA/YOUR_NAMING_AUTHORITY"
    )
    "replication_admins" = (
      "300:0.NA/YOUR_NAMING_AUTHORITY"
    )
    "max_session_time" = "86400000"
    "this_server_id" = "1"
    "max_auth_time" = "60000"
    "backup_admins" = (
      "300:0.NA/YOUR_NAMING_AUTHORITY"
    )
    "case_sensitive" = "no"
  }
}
--
Yuri Carrer
 CAB - Centro di Ateneo per le Biblioteche, Università di Padova
 Tel: 049/827 9712 - Via Beato Pellegrino, 28 - Padova
_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info