java.lang.NullPointerException( a title for people easy to find similar problem)

473 views
Skip to first unread message

xat...@gmail.com

unread,
May 22, 2016, 10:30:00 PM5/22/16
to BigBlueButton-Setup, zhaozh...@xjtlu.edu.cn
Hi Fred and developers

We are planing to update 1.0 with https certificate.

after following the instruction, we encounter a strange error
the result comes from "bbb-conf debug":






from browser side:

















since I'm conducting it in an test environment, a faked certificated is generated by using Openssl command. It looks  okay to load the default page, but thing goes wrong when someone try to join a demo meeting.













Based on  posted information, the two error occurred but in total different background, 
1) for Java null point, someone resolve it by expand Mem to 4G; 
2) where as the PKIX path Failed was merely mentioned by someone, and she/he claimed that it would not cause any problem.

But neither the solution can solve my problem, the Mem is alread 4.5G. 

here is the picture may provide extra debug information:
















the only errors does not reflect correctly since it is accessible to the  PFD file:












If yours can provide any suggestion, I'm grateful for it.




xat...@gmail.com

unread,
May 22, 2016, 11:05:16 PM5/22/16
to BigBlueButton-Setup, zhaozh...@xjtlu.edu.cn
Other information may be useful for debug, 
So I try to create a folder under /var/www/bigbluebutton-default, name as html5client with "chmod -R a+wxr html5client"
still it generate the error message.


*****************beginning of the message from /var/log/nginx/error.log*******************************
2016/05/23 10:43:54 [error] 2398#0: *32 open() "/var/www/bigbluebutton-default/html5client/check" failed (2: No such file or directory), client: 10.7.84.83, server: bigbluebutton.example.com, request: "GET /html5client/check HTTP/1.1", host: "bigbluebutton.example.com", referrer: "http://bigbluebutton.example.com/client/BigBlueButton.html"
2016/05/23 10:44:01 [error] 2398#0: *32 open() "/var/www/bigbluebutton-default/html5client/check" failed (2: No such file or directory), client: 10.7.84.83, server: bigbluebutton.example.com, request: "GET /html5client/check HTTP/1.1", host: "bigbluebutton.example.com", referrer: "http://bigbluebutton.example.com/client/BigBlueButton.html"
2016/05/23 10:44:11 [error] 2398#0: *32 open() "/var/www/bigbluebutton-default/html5client/check" failed (2: No such file or directory), client: 10.7.84.83, server: bigbluebutton.example.com, request: "GET /html5client/check HTTP/1.1", host: "bigbluebutton.example.com", referrer: "http://bigbluebutton.example.com/client/BigBlueButton.html"
*****************end of the message  from /var/log/nginx/error.log*******************************

xat...@gmail.com

unread,
May 23, 2016, 2:36:21 AM5/23/16
to BigBlueButton-Setup, zhaozh...@xjtlu.edu.cn
I'm not sure whether this information may be helpful for debug, but I still decide to post to see if there is lucky where someone encountered similar error,
-----------------message from tomcat7-------------------------

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

                at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

                at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1916)

                at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279)

                at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273)

                at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1472)

                at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:213)

                at sun.security.ssl.Handshaker.processLoop(Handshaker.java:913)

                at sun.security.ssl.Handshaker.process_record(Handshaker.java:849)

                at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1035)

                at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1344)

                at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1371)

                at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355)

                at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)

                at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)

                at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1093)

                at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)

                at org.apache.jsp.demo1_jsp.postURL(demo1_jsp.java:911)

                at org.apache.jsp.demo1_jsp.postURL(demo1_jsp.java:886)

                at org.apache.jsp.demo1_jsp.getJoinURL(demo1_jsp.java:216)

                at org.apache.jsp.demo1_jsp._jspService(demo1_jsp.java:1278)

                at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)

                at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432)

                at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)

                at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)

                at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)

                at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1041)

                at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)

                at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:313)

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

                at java.lang.Thread.run(Thread.java:745)

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

                at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)

                at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)

                at sun.security.validator.Validator.validate(Validator.java:260)

                at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)

                at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)

                at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)

                at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1454)

                ... 37 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

                at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)

                at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)

                at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)

                ... 43 more

java.lang.NullPointerException

                at java.io.StringReader.<init>(StringReader.java:50)

                at org.apache.jsp.demo1_jsp.parseXml(demo1_jsp.java:949)

                at org.apache.jsp.demo1_jsp.getJoinURL(demo1_jsp.java:216)

                at org.apache.jsp.demo1_jsp._jspService(demo1_jsp.java:1278)

                at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)

                at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432)

                at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)

                at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)

                at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)

                at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1041)

                at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)

                at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:313)

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

                at java.lang.Thread.run(Thread.java:745)

------------------------------ end for the message --------------------------

Chad Pilkey

unread,
May 23, 2016, 4:07:26 PM5/23/16
to BigBlueButton-Setup, zhaozh...@xjtlu.edu.cn
I'm not sure what the cause of your HTTPS issue is, but those /html5client/check lines are because BigBlueButton.html looks to see if your server has the HTML5 running. Those messages can be ignored if you don't have it running.

xat...@gmail.com

unread,
May 25, 2016, 1:05:20 AM5/25/16
to BigBlueButton-Setup, zhaozh...@xjtlu.edu.cn
thanks Pilkey 

so far the problem I encountered is quite rarely in the community, although there are people had faced same problem, most of them has spelling error in the " /var/lib/tomcat7/webapps/demo/bbb_api_conf.jsp",
Since I double check the spelling in the files, everythings looks good,

#                                IP from ifconfig: 10.7.84.90
#  /var/lib/tomcat7/webapps/demo/bbb_api_conf.jsp: bigbluebutton.example.com

conversely, another person had spelling error like in the post

 One developer pointed out that self-generated certificate may cause problem, which  sounds right, but to obtain SSL certificate from 

is not detailed and the error I encountered is beyond the topic,(get an invaild response from the domain where I specified)

Commercial service is optional, but The problem is we are not sure how much it will cost to fully setup. 

Chad Pilkey

unread,
May 25, 2016, 12:50:47 PM5/25/16
to BigBlueButton-Setup, zhaozh...@xjtlu.edu.cn
If you are using a self-signed certificate you will definitely run into issues with tomcat. After some Googling of the actual error ("tomcat unable to find valid certification path to requested target") it looks like the cause is using a self-signed certificate. The two solutions are to add your self-signed certificate to the tomcat keystore (it might work) or purchase a legitimate domain and use Let's Encrypt to get a valid certificate.

If you really must go the keystore route I will warn you that people in the past have said on these mailing lists that they would try it and report back, but no successful attempts come to mind.

xat...@gmail.com

unread,
May 27, 2016, 4:30:59 AM5/27/16
to BigBlueButton-Setup, zhaozh...@xjtlu.edu.cn
Hi Pilkey
I'm using authenticated certificate but the problem continues,

However, I found another solution which resolve my problem, the post is at(only Chinese)

1) create a java file named as InstallCert.java, put the codes in the file:

/*
 * Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *   - Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *
 *   - Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in the
 *     documentation and/or other materials provided with the distribution.
 *
 *   - Neither the name of Sun Microsystems nor the names of its
 *     contributors may be used to endorse or promote products derived
 *     from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

public class InstallCert {

public static void main(String[] args) throws Exception {
String host;
int port;
char[] passphrase;
if ((args.length == 1) || (args.length == 2)) {
String[] c = args[0].split(":");
host = c[0];
port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);
String p = (args.length == 1) ? "changeit" : args[1];
passphrase = p.toCharArray();
} else {
System.out
.println("Usage: java InstallCert <host>[:port] [passphrase]");
return;
}

File file = new File("jssecacerts");
if (file.isFile() == false) {
char SEP = File.separatorChar;
File dir = new File(System.getProperty("java.home") + SEP + "lib"
+ SEP + "security");
file = new File(dir, "jssecacerts");
if (file.isFile() == false) {
file = new File(dir, "cacerts");
}
}
System.out.println("Loading KeyStore " + file + "...");
InputStream in = new FileInputStream(file);
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(in, passphrase);
in.close();

SSLContext context = SSLContext.getInstance("TLS");
TrustManagerFactory tmf = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
X509TrustManager defaultTrustManager = (X509TrustManager) tmf
.getTrustManagers()[0];
SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);
context.init(null, new TrustManager[] { tm }, null);
SSLSocketFactory factory = context.getSocketFactory();

System.out
.println("Opening connection to " + host + ":" + port + "...");
SSLSocket socket = (SSLSocket) factory.createSocket(host, port);
socket.setSoTimeout(10000);
try {
System.out.println("Starting SSL handshake...");
socket.startHandshake();
socket.close();
System.out.println();
System.out.println("No errors, certificate is already trusted");
} catch (SSLException e) {
System.out.println();
e.printStackTrace(System.out);
}

X509Certificate[] chain = tm.chain;
if (chain == null) {
System.out.println("Could not obtain server certificate chain");
return;
}

BufferedReader reader = new BufferedReader(new InputStreamReader(
System.in));

System.out.println();
System.out.println("Server sent " + chain.length + " certificate(s):");
System.out.println();
MessageDigest sha1 = MessageDigest.getInstance("SHA1");
MessageDigest md5 = MessageDigest.getInstance("MD5");
for (int i = 0; i < chain.length; i++) {
X509Certificate cert = chain[i];
System.out.println(" " + (i + 1) + " Subject "
+ cert.getSubjectDN());
System.out.println("   Issuer  " + cert.getIssuerDN());
sha1.update(cert.getEncoded());
System.out.println("   sha1    " + toHexString(sha1.digest()));
md5.update(cert.getEncoded());
System.out.println("   md5     " + toHexString(md5.digest()));
System.out.println();
}

System.out
.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");
String line = reader.readLine().trim();
int k;
try {
k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;
} catch (NumberFormatException e) {
System.out.println("KeyStore not changed");
return;
}

X509Certificate cert = chain[k];
String alias = host + "-" + (k + 1);
ks.setCertificateEntry(alias, cert);

OutputStream out = new FileOutputStream("jssecacerts");
ks.store(out, passphrase);
out.close();

System.out.println();
System.out.println(cert);
System.out.println();
System.out
.println("Added certificate to keystore 'jssecacerts' using alias '"
+ alias + "'");
}

private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();

private static String toHexString(byte[] bytes) {
StringBuilder sb = new StringBuilder(bytes.length * 3);
for (int b : bytes) {
b &= 0xff;
sb.append(HEXDIGITS[b >> 4]);
sb.append(HEXDIGITS[b & 15]);
sb.append(' ');
}
return sb.toString();
}

private static class SavingTrustManager implements X509TrustManager {

private final X509TrustManager tm;
private X509Certificate[] chain;

SavingTrustManager(X509TrustManager tm) {
this.tm = tm;
}

public X509Certificate[] getAcceptedIssuers() {
throw new UnsupportedOperationException();
}

public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
throw new UnsupportedOperationException();
}

public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
this.chain = chain;
tm.checkServerTrusted(chain, authType);
}
}

}

2) install jdk:
apt-get install openjdk-7-jdk

3) compile the java file
javac InstallCert.java

4) suppose your domain name is, bigbluebutton.example.com , run the command as:
java InstallCert bigbluebutton.example.com

5) press 1 and enter, then you can find a file generated at current folder name as :
jssecacerts

6) copy the file to the java jdk folder, in my computer, it is located at:
/usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security

now, it's working

 
Hope it can help someone who suffer the similar problem.

xat...@gmail.com

unread,
May 27, 2016, 4:51:48 AM5/27/16
to BigBlueButton-Setup, zhaozh...@xjtlu.edu.cn
after that, I have encontered an error like
failed to sip server
solution:
1) get the port and ip address:
netstat -ant | grep 5060

2) copy the file for backup purpose:
cp /usr/share/red5/webapps/sip/WEB-INF/bigbluebutton-sip.properties /usr/share/red5/webapps/sip/WEB-INF/bigbluebutton-sip.properties.bak
3) suppose my ipaddress is 10.7.84.90:, edit the "bigbluebutton-sip.properties" file by adding:
sip.server.host=10.7.84.90

4) run the following command:
 bbb-conf --clean
 bbb-conf --check

Reply all
Reply to author
Forward
0 new messages