Knime 4.4 supported java security providers - SHA1

Hi,

In Knime 4.4, we have been facing issues with our custom nodes which uses “SHA1WithRSA” while signing the public key. Please let us know what are the supported security providers in KNIME 4.4 for developers to use.

Here’s the code snippet which is an issue in KNIME 4.4

 byte[] keyBytes = IOUtils.toByteArray(inputStream);
 X509EncodedKeySpec spec = new X509EncodedKeySpec(keyBytes);
 KeyFactory kf = KeyFactory.getInstance("RSA");
 PublicKey publicKey = kf.generatePublic(spec);

 Signature sig = Signature.getInstance("SHA1WithRSA");
 sig.initVerify(publicKey);

@marvin.kickuth

1 Like

Hi @jaisonbabu,

I am sorry to hear that you are having issues with getting your nodes working with 4.4.

What problem are you facing exactly? Is the signing failing? Can you provide us with the detailed error messages?

We are shipping with bouncycastle (available through the bcprov bundle).
best,
Gabriel

Hi,

So we have some code in the PluginActivator class which has some logic to determine if it can be used or not. the Activator start method throws user defined exception if that is not satisfied. We use a signing mechanism which fails now in 4.4 (code snippet above post) This exception causes failure to load the class and hence the plugin wont load.

The error screenshot attached.

I’m hoping “SHA1WithRSA” is the issue as OpenJDK 11 might put it in legacy algorithms. But I need a confirmation to be sure. If this is the cause then what is the suggested for us to use.

Let us know if you need more information. Thanks.

1 Like

Hi @jaisonbabu,
Thank you for providing the extra information.

What I can’t see from you screenshot is the exception that causes the failure in the Plugin Activator. Is it encountering a Classloading exception or does it fail to verify the license, and you suspect the issue is that the wrong algorithm is used?

best,
Gabriel

Hi,

Please find the entire exception stack trace. The last exception - “Unable to load plugin. Not licensed for the xxxxxx Digital FUSION nodes.” is user defined. The method which throws the exception checks if the node is licensed or not (code snippet in first post).

We don’t run into this issue in KNIME 4.3 version. For this reason I believe it must be something with the algorithm supported. Please let us know what we might be doing wrong here.

These are the imports used in the class which throws the exception.

import java.awt.Desktop;
import java.io.InputStream;
import java.io.StringReader;
import java.net.URI;
import java.security.KeyFactory;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.spec.X509EncodedKeySpec;
import java.text.SimpleDateFormat;
import java.time.temporal.ChronoUnit;
import java.util.Date;

import javax.json.Json;
import javax.json.JsonObject;
import javax.json.JsonReader;
import javax.swing.JOptionPane;

import org.apache.commons.io.IOUtils;
import org.eclipse.jface.resource.ImageDescriptor;
import org.eclipse.swt.graphics.Image;
import org.eclipse.ui.plugin.AbstractUIPlugin;
import org.knime.core.node.NodeLogger;
import org.osgi.framework.BundleContext;

import sun.misc.BASE64Decoder;
`org.knime.core.node.extension.InvalidNodeFactoryExtensionException: Node 'com.xxxxxx.xxxxxx.knime.adobe.nodes.generated.AdobeListCalculatedMetricsNodeFactory' from plugin 'com.xxxxxx.xxxxxx.knime.adobe' could not be created. The corresponding plugin bundle could not be activated!
	at org.knime.core.node.extension.NodeFactoryExtension.createFactory(NodeFactoryExtension.java:182)
	at org.knime.workbench.repository.RepositoryFactory.createNode(RepositoryFactory.java:117)
	at org.knime.workbench.repository.RepositoryManager.readNodes(RepositoryManager.java:369)
	at org.knime.workbench.repository.RepositoryManager.readRepository(RepositoryManager.java:168)
	at org.knime.workbench.repository.RepositoryManager.getRoot(RepositoryManager.java:574)
	at org.knime.workbench.repository.RepositoryManager.getRoot(RepositoryManager.java:587)
	at org.knime.workbench.workflowcoach.ui.WorkflowCoachView$3.run(WorkflowCoachView.java:268)
	at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63)
Caused by: org.eclipse.core.runtime.CoreException: Plug-in com.xxxxxx.xxxxxx.knime.adobe was unable to load class com.xxxxxx.xxxxxx.knime.adobe.nodes.generated.AdobeListCalculatedMetricsNodeFactory.
	at org.eclipse.core.internal.registry.osgi.RegistryStrategyOSGI.throwException(RegistryStrategyOSGI.java:212)
	at org.eclipse.core.internal.registry.osgi.RegistryStrategyOSGI.createExecutableExtension(RegistryStrategyOSGI.java:198)
	at org.eclipse.core.internal.registry.ExtensionRegistry.createExecutableExtension(ExtensionRegistry.java:920)
	at org.eclipse.core.internal.registry.ConfigurationElement.createExecutableExtension(ConfigurationElement.java:246)
	at org.eclipse.core.internal.registry.ConfigurationElementHandle.createExecutableExtension(ConfigurationElementHandle.java:63)
	at org.knime.core.node.extension.NodeFactoryExtension.createFactory(NodeFactoryExtension.java:162)
	... 7 xxxxxx
Caused by: java.lang.ClassNotFoundException: An error occurred while automatically activating bundle com.xxxxxx.xxxxxx.knime.adobe (557).
	at org.eclipse.osgi.internal.hooks.EclipseLazyStarter.postFindLocalClass(EclipseLazyStarter.java:126)
	at org.eclipse.osgi.internal.loader.classpath.ClasspathManager.findLocalClass(ClasspathManager.java:572)
	at org.eclipse.osgi.internal.loader.ModuleClassLoader.findLocalClass(ModuleClassLoader.java:346)
	at org.eclipse.osgi.internal.loader.BundleLoader.findLocalClass(BundleLoader.java:401)
	at org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:480)
	at org.eclipse.osgi.internal.loader.ModuleClassLoader.loadClass(ModuleClassLoader.java:171)
	at java.base/java.lang.ClassLoader.loadClass(Unknown Source)
	at org.eclipse.osgi.internal.framework.EquinoxBundle.loadClass(EquinoxBundle.java:617)
	at org.eclipse.core.internal.registry.osgi.RegistryStrategyOSGI.createExecutableExtension(RegistryStrategyOSGI.java:196)
	at org.eclipse.core.internal.registry.ExtensionRegistry.createExecutableExtension(ExtensionRegistry.java:920)
	at org.eclipse.core.internal.registry.ConfigurationElement.createExecutableExtension(ConfigurationElement.java:246)
	at org.eclipse.core.internal.registry.ConfigurationElementHandle.createExecutableExtension(ConfigurationElementHandle.java:63)
	at org.knime.core.node.extension.NodeFactoryExtension.createFactory(NodeFactoryExtension.java:162)
	at org.knime.core.node.extension.NodeFactoryExtension.isDeprecated(NodeFactoryExtension.java:121)
	at org.knime.core.node.extension.NodeFactoryExtensionManager.lambda$0(NodeFactoryExtensionManager.java:130)
	at java.base/java.util.stream.ReferencePipeline$2$1.accept(Unknown Source)
	at java.base/java.util.Iterator.forEachRemaining(Unknown Source)
	at java.base/java.util.Spliterators$IteratorSpliterator.forEachRemaining(Unknown Source)
	at java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source)
	at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source)
	at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(Unknown Source)
	at java.base/java.util.stream.ReduceOps$5.evaluateSequential(Unknown Source)
	at java.base/java.util.stream.ReduceOps$5.evaluateSequential(Unknown Source)
	at java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source)
	at java.base/java.util.stream.ReferencePipeline.count(Unknown Source)
	at org.knime.core.node.extension.NodeFactoryExtensionManager.getInstance(NodeFactoryExtensionManager.java:130)
	at org.knime.workbench.repository.RepositoryManager.readNodes(RepositoryManager.java:355)
	... 5 xxxxxx
Caused by: org.osgi.framework.BundleException: Exception in com.xxxxxx.xxxxxx.knime.xxxxxxKnimePluginActivator.start() of bundle com.xxxxxx.xxxxxx.knime.adobe.
	at org.eclipse.osgi.internal.framework.BundleContextImpl.startActivator(BundleContextImpl.java:835)
	at org.eclipse.osgi.internal.framework.BundleContextImpl.start(BundleContextImpl.java:763)
	at org.eclipse.osgi.internal.framework.EquinoxBundle.startWorker0(EquinoxBundle.java:1012)
	at org.eclipse.osgi.internal.framework.EquinoxBundle$EquinoxModule.startWorker(EquinoxBundle.java:366)
	at org.eclipse.osgi.container.Module.doStart(Module.java:605)
	at org.eclipse.osgi.container.Module.start(Module.java:468)
	at org.eclipse.osgi.framework.util.SecureAction.start(SecureAction.java:506)
	at org.eclipse.osgi.internal.hooks.EclipseLazyStarter.postFindLocalClass(EclipseLazyStarter.java:117)
	... 31 xxxxxx
Caused by: **java.lang.Exception: Unable to load plugin.  Not licensed for the xxxxxx Digital FUSION nodes.**
	at com.xxxxxx.xxxxxx.knime.xxxxxxKnimePluginActivator.start(xxxxxxKnimePluginActivator.java:23)
	at org.eclipse.osgi.internal.framework.BundleContextImpl$2.run(BundleContextImpl.java:814)
	at org.eclipse.osgi.internal.framework.BundleContextImpl$2.run(BundleContextImpl.java:1)
	at java.base/java.security.AccessController.doPrivileged(Native Method)
	at org.eclipse.osgi.internal.framework.BundleContextImpl.startActivator(BundleContextImpl.java:806)
	... 38 xxxxxx

Tagging @gab1one since I cannot edit the post anymore

1 Like

Hi @jaisonbabu,

thank you for the additional information:

The first problem seems to be this:

This won’t work with java 11, as those packages are no longer available. There is an official replacement available at java.util.Base64.

Have you converted the build of your extension to java 11 (as described in Preview KNIME AP 4.4 -- Java 11 & Eclipse Upgrade)?
If yes, then you should have seen a compilation error at this point.

If that doesn’t work, I suggest debugging the plugin activation / license verification process with 4.3 and 4.4 in parallel. So that you can see if the security code shows different behavior.

best,
Gabriel

3 Likes

@gab1one : Thanks for this. We ran this piece of code in a java 11 environment and found the same issue. Changing the code to use java.util.Base64 fixed the issue.

We have not done the build conversion to Java 11 yet. Thanks for the post. We would do that as the next step.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.