Description
Work Environment
| Question | Answer |
|---|---|
| OS version (server) | Ubuntu 16.04.3 |
| OS version (client) | Windows 7 |
| TheHive version / git hash | 3.0.3 |
| Package Type | DEB |
| Browser type & version | Chrome |
Problem Description
Having issues with the truststore using the crt that I converted to a jks
Steps to Reproduce
Logs:
2018-01-29 12:40:27,541 [INFO] from module in main - Loading model class org.elastic4play.services.DBListModel
2018-01-29 12:40:27,541 [INFO] from module in main - Loading model class models.CaseModel
2018-01-29 12:40:27,542 [INFO] from module in main - Loading model class org.elastic4play.services.AttachmentModel
2018-01-29 12:40:27,542 [INFO] from module in main - Loading model class models.AuditModel
2018-01-29 12:40:27,542 [INFO] from module in main - Loading model class connectors.cortex.models.JobModel
2018-01-29 12:40:27,542 [INFO] from module in main - Loading model class models.LogModel
2018-01-29 12:40:27,543 [INFO] from module in main - Loading model class models.TaskModel
2018-01-29 12:40:27,543 [INFO] from module in main - Loading model class models.UserModel
2018-01-29 12:40:27,544 [INFO] from module in main - Loading model class models.DashboardModel
2018-01-29 12:40:27,544 [INFO] from module in main - Loading model class models.CaseTemplateModel
2018-01-29 12:40:28,859 [INFO] from akka.event.slf4j.Slf4jLogger in application-akka.actor.default-dispatcher-4 - Slf4jLogger started
2018-01-29 12:40:29,503 [INFO] from org.elasticsearch.plugins.PluginsService in main - no modules loaded
2018-01-29 12:40:29,506 [INFO] from org.elasticsearch.plugins.PluginsService in main - loaded plugin [org.elasticsearch.index.reindex.ReindexPlugin]
2018-01-29 12:40:29,506 [INFO] from org.elasticsearch.plugins.PluginsService in main - loaded plugin [org.elasticsearch.join.ParentJoinPlugin]
2018-01-29 12:40:29,506 [INFO] from org.elasticsearch.plugins.PluginsService in main - loaded plugin [org.elasticsearch.percolator.PercolatorPlugin]
2018-01-29 12:40:29,506 [INFO] from org.elasticsearch.plugins.PluginsService in main - loaded plugin [org.elasticsearch.script.mustache.MustachePlugin]
2018-01-29 12:40:29,506 [INFO] from org.elasticsearch.plugins.PluginsService in main - loaded plugin [org.elasticsearch.transport.Netty3Plugin]
2018-01-29 12:40:29,506 [INFO] from org.elasticsearch.plugins.PluginsService in main - loaded plugin [org.elasticsearch.transport.Netty4Plugin]
2018-01-29 12:40:30,699 [INFO] from io.netty.util.internal.PlatformDependent in main - Your platform does not provide complete low-level API for accessing direct buffers reliably. Unless explicitly requested, heap buffer will always be preferred to avoid potential system instability.
2018-01-29 12:40:31,195 [WARN] from application in main - /etc/thehive/application.conf: 26: auth.type is deprecated, use auth.provider instead
2018-01-29 12:40:31,236 [WARN] from application in main - /etc/thehive/application.conf: 130: play.crypto.secret is deprecated, use play.http.secret.key instead
2018-01-29 12:40:31,807 [INFO] from connectors.cortex.services.CortexClient in main - new Cortex(TIA-CORTEX, http://XX.XX.XX.XX:8080) authentication: no
2018-01-29 12:40:31,826 [INFO] from connectors.cortex.services.CortexSrv in main - Search for unfinished job ...
2018-01-29 12:40:32,027 [INFO] from connectors.cortex.services.CortexSrv in application-akka.actor.default-dispatcher-4 - 0 jobs found
2018-01-29 12:40:32,161 [ERROR] from akka.actor.OneForOneStrategy in application-akka.actor.default-dispatcher-2 - Unable to provision, see the following errors:
- Error injecting constructor, java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at connectors.misp.MispConfig.(MispConfig.scala:34)
at connectors.misp.MispConfig.class(MispConfig.scala:13)
while locating connectors.misp.MispConfig
for the 1st parameter of connectors.misp.MispSrv.(MispSrv.scala:31)
at connectors.misp.MispConnector.configure(MispConnector.scala:18) (via modules: com.google.inject.util.Modules$OverrideModule -> connectors.misp.MispConnector)
while locating connectors.misp.MispSrv
for the 3rd parameter of connectors.misp.UpdateMispAlertArtifactActor.(UpdateMispAlertArtifactActor.scala:27)
at connectors.misp.UpdateMispAlertArtifactActor.class(UpdateMispAlertArtifactActor.scala:26)
while locating connectors.misp.UpdateMispAlertArtifactActor1 error
akka.actor.ActorInitializationException: akka://application/user/UpdateMispAlertArtifactActor: exception during creation
at akka.actor.ActorInitializationException$.apply(Actor.scala:193)
at akka.actor.ActorCell.create(ActorCell.scala:608)
at akka.actor.ActorCell.invokeAll$1(ActorCell.scala:462)
at akka.actor.ActorCell.systemInvoke(ActorCell.scala:484)
at akka.dispatch.Mailbox.processAllSystemMessages(Mailbox.scala:282)
at akka.dispatch.Mailbox.run(Mailbox.scala:223)
at akka.dispatch.Mailbox.exec(Mailbox.scala:234)
at akka.dispatch.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260)
at akka.dispatch.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339)
at akka.dispatch.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979)
at akka.dispatch.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107)
Caused by: com.google.inject.ProvisionException: Unable to provision, see the following errors:
- Error injecting constructor, java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at connectors.misp.MispConfig.(MispConfig.scala:34)
at connectors.misp.MispConfig.class(MispConfig.scala:13)
while locating connectors.misp.MispConfig
for the 1st parameter of connectors.misp.MispSrv.(MispSrv.scala:31)
at connectors.misp.MispConnector.configure(MispConnector.scala:18) (via modules: com.google.inject.util.Modules$OverrideModule -> connectors.misp.MispConnector)
while locating connectors.misp.MispSrv
for the 3rd parameter of connectors.misp.UpdateMispAlertArtifactActor.(UpdateMispAlertArtifactActor.scala:27)
at connectors.misp.UpdateMispAlertArtifactActor.class(UpdateMispAlertArtifactActor.scala:26)
while locating connectors.misp.UpdateMispAlertArtifactActor1 error
at com.google.inject.internal.InjectorImpl$2.get(InjectorImpl.java:1028)
at com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java:1054)
at play.api.inject.guice.GuiceInjector.instanceOf(GuiceInjectorBuilder.scala:409)
at play.api.inject.guice.GuiceInjector.instanceOf(GuiceInjectorBuilder.scala:404)
at play.api.inject.ContextClassLoaderInjector.$anonfun$instanceOf$2(Injector.scala:117)
at play.api.inject.ContextClassLoaderInjector.withContext(Injector.scala:126)
at play.api.inject.ContextClassLoaderInjector.instanceOf(Injector.scala:117)
at play.api.libs.concurrent.ActorRefProvider.$anonfun$get$1(Akka.scala:209)
at akka.actor.TypedCreatorFunctionConsumer.produce(IndirectActorProducer.scala:87)
at akka.actor.Props.newActor(Props.scala:213)
at akka.actor.ActorCell.newActor(ActorCell.scala:563)
at akka.actor.ActorCell.create(ActorCell.scala:589)
... 9 common frames omitted
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
at java.security.cert.PKIXParameters.(PKIXParameters.java:157)
at java.security.cert.PKIXBuilderParameters.(PKIXBuilderParameters.java:130)
at com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder.buildTrustManagerParameters(SSLContextBuilder.scala:284)
at com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder.buildTrustManager(SSLContextBuilder.scala:317)
at com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder.$anonfun$buildCompositeTrustManager$1(SSLContextBuilder.scala:146)
at scala.collection.TraversableLike.$anonfun$map$1(TraversableLike.scala:234)
at scala.collection.immutable.List.foreach(List.scala:389)
at scala.collection.TraversableLike.map(TraversableLike.scala:234)
at scala.collection.TraversableLike.map$(TraversableLike.scala:227)
at scala.collection.immutable.List.map(List.scala:295)
at com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder.buildCompositeTrustManager(SSLContextBuilder.scala:144)
at com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder.build(SSLContextBuilder.scala:118)
at play.api.libs.ws.ahc.AhcConfigBuilder.configureSSL(AhcConfig.scala:267)
at play.api.libs.ws.ahc.AhcConfigBuilder.configure(AhcConfig.scala:142)
at play.api.libs.ws.ahc.AhcConfigBuilder.build(AhcConfig.scala:153)
at play.api.libs.ws.ahc.StandaloneAhcWSClient$.apply(StandaloneAhcWSClient.scala:153)
at play.api.libs.ws.ahc.AhcWSClient$.apply(AhcWSClient.scala:68)
at services.CustomWSAPI$.getWS(CustomWSAPI.scala:58)
at services.CustomWSAPI.(CustomWSAPI.scala:80)
at services.CustomWSAPI.withConfig(CustomWSAPI.scala:97)
at connectors.misp.MispConfig$$anonfun$$lessinit$greater$3.$anonfun$new$5(MispConfig.scala:28)
at scala.Option.map(Option.scala:146)
at connectors.misp.MispConfig$$anonfun$$lessinit$greater$3.$anonfun$new$4(MispConfig.scala:27)
at scala.Option.flatMap(Option.scala:171)
at connectors.misp.MispConfig$$anonfun$$lessinit$greater$3.$anonfun$new$3(MispConfig.scala:26)
at scala.collection.TraversableLike.$anonfun$flatMap$1(TraversableLike.scala:241)
at scala.collection.immutable.List.foreach(List.scala:389)
at scala.collection.TraversableLike.flatMap(TraversableLike.scala:241)
at scala.collection.TraversableLike.flatMap$(TraversableLike.scala:238)
at scala.collection.immutable.List.flatMap(List.scala:352)
at connectors.misp.MispConfig$$anonfun$$lessinit$greater$3.$anonfun$new$2(MispConfig.scala:25)
at scala.collection.TraversableLike.$anonfun$flatMap$1(TraversableLike.scala:241)
at scala.collection.immutable.Set$Set2.foreach(Set.scala:130)
at scala.collection.TraversableLike.flatMap(TraversableLike.scala:241)
at scala.collection.TraversableLike.flatMap$(TraversableLike.scala:238)
at scala.collection.AbstractTraversable.flatMap(Traversable.scala:104)
at connectors.misp.MispConfig$$anonfun$$lessinit$greater$3.apply(MispConfig.scala:23)
at connectors.misp.MispConfig$$anonfun$$lessinit$greater$3.apply(MispConfig.scala:19)
at scala.collection.TraversableLike.$anonfun$flatMap$1(TraversableLike.scala:241)
at scala.collection.immutable.List.foreach(List.scala:389)
at scala.collection.TraversableLike.flatMap(TraversableLike.scala:241)
at scala.collection.TraversableLike.flatMap$(TraversableLike.scala:238)
at scala.collection.immutable.List.flatMap(List.scala:352)
at connectors.misp.MispConfig.(MispConfig.scala:19)
at connectors.misp.MispConfig.(MispConfig.scala:37)
at connectors.misp.MispConfig$$FastClassByGuice$$4f508da8.newInstance()
at com.google.inject.internal.DefaultConstructionProxyFactory$FastClassProxy.newInstance(DefaultConstructionProxyFactory.java:89)
at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:111)
at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:90)
at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:268)
at com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:46)
at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1092)
at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:194)
at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:41)
at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)
at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)
at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:110)
at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:90)
at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:268)
at com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:46)
at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1092)
at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:194)
at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:41)
at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)
at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)
at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:110)
at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:90)
at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:268)
at com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:46)
at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1092)
at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:194)
at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:41)
at com.google.inject.internal.InjectorImpl$2$1.call(InjectorImpl.java:1019)
at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1085)
at com.google.inject.internal.InjectorImpl$2.get(InjectorImpl.java:1015)
... 20 common frames omitted
2018-01-29 12:40:33,156 [ERROR] from play.shaded.ahc.io.netty.util.HashedWheelTimer in main - You are creating too many HashedWheelTimer instances. HashedWheelTimer is a shared resource that must be reused across the JVM,so that only a few instances are created.
2018-01-29 12:40:33,563 [INFO] from akka.actor.CoordinatedShutdown in application-akka.actor.default-dispatcher-2 - Starting coordinated shutdown from JVM shutdown hook
### Complementary information
Config file:
# Elasticsearch
search {
# Index name.
index = the_hive
# ElasticSearch cluster name.
cluster = hive
# ElasticSearch instance address.
host = ["127.0.0.1:9300"]
# Scroll keepalive.
keepalive = 1m
# Scroll page size.
pagesize = 50
}
# Authentication
auth {
# "type" parameter contains the authentication provider(s). It can be multi-valued, which is useful
# for migration.
# The available auth types are:
# - services.LocalAuthSrv : passwords are stored in the user entity within ElasticSearch). No
# configuration are required.
# - ad : use ActiveDirectory to authenticate users. The associated configuration shall be done in
# the "ad" section below.
# - ldap : use LDAP to authenticate users. The associated configuration shall be done in the
# "ldap" section below.
type = [local]
ad {
# The Windows domain name in DNS format. This parameter is required if you do not use
# 'serverNames' below.
#domainFQDN = "mydomain.local"
# Optionally you can specify the host names of the domain controllers instead of using 'domainFQDN
# above. If this parameter is not set, TheHive uses 'domainFQDN'.
#serverNames = [ad1.mydomain.local, ad2.mydomain.local]
# The Windows domain name using short format. This parameter is required.
#domainName = "MYDOMAIN"
# If 'true', use SSL to connect to the domain controller.
#useSSL = true
}
ldap {
# The LDAP server name or address. The port can be specified using the 'host:port'
# syntax. This parameter is required if you don't use 'serverNames' below.
#serverName = "ldap.mydomain.local:389"
# If you have multiple LDAP servers, use the multi-valued setting 'serverNames' instead.
#serverNames = [ldap1.mydomain.local, ldap2.mydomain.local]
# Account to use to bind to the LDAP server. This parameter is required.
#bindDN = "cn=thehive,ou=services,dc=mydomain,dc=local"
# Password of the binding account. This parameter is required.
#bindPW = "***secret*password***"
# Base DN to search users. This parameter is required.
#baseDN = "ou=users,dc=mydomain,dc=local"
# Filter to search user in the directory server. Please note that {0} is replaced
# by the actual user name. This parameter is required.
#filter = "(cn={0})"
# If 'true', use SSL to connect to the LDAP directory server.
#useSSL = true
}
}
# Cortex
# TheHive can connect to one or multiple Cortex instances. Give each
# Cortex instance a name and specify the associated URL.
## Enable the Cortex module
play.modules.enabled += connectors.cortex.CortexConnector
cortex {
"TIA-CORTEX" {
# URL of the Cortex server.
url = "http://xxx.xxx.xxx:8080"
}
}
# MISP
# TheHive can connect to one or multiple MISP instances. Give each MISP
# instance a name and specify the associated Authkey that must be used
# to poll events, the case template that should be used by default when
# importing events as well as the tags that must be added to cases upon
# import.
# Prior to configuring the integration with a MISP instance, you must
# enable the MISP connector. This will allow you to import events to
# and/or export cases to the MISP instance(s).
play.modules.enabled += connectors.misp.MispConnector
misp {
"TIA-REPO" {
# URL of the MISP instance.
url = "https://xxx.xxx.xxx"
# Authentication key.
key = "auth key here"
# Name of the case template in TheHive that shall be used to import
# MISP events as cases by default.
caseTemplate = "TIA_REPO_TEMPLATE"
# Tags to add to each observable imported from an event available on
# this instance.
tags = ["TIA-REPO-IMPORTED"]
# Truststore to use to validate the X.509 certificate of the MISP
# instance if the default truststore is not sufficient.
ws.ssl.trustManager.stores = [
{
type: "JKS",
path: "/opt/thehive/misp.local.jks"
}
]
}
# Interval between consecutive MISP event imports in hours (h) or
# minutes (m).
interval = 1h
}