[SOLVED] MQTT binding error (java.security.NoSuchAlgorithmException: Algorithm is missing)

  • Platform information:
    • Hardware: AMD64
    • OS: Ubuntu 18.04 LXC container on Proxmox Host
    • Java Runtime Environment: I’ve tried Zulu 8 and 9
    • openHAB version: 2.4.0

I’m trying to configure the MQTT binding on my OpenHAB2 instance to connect to an MQTT broker.

Everything is good after the initial setup, but after I reboot the container I get an ‘java.security.NoSuchAlgorithmException: Algorithm is missing’ error with the binding.

I initially tried Zulu 8, and subsequently found that I had to set the java security policy to unlimited. I did that, but it didn’t work. I then tried upgrading to Zulu 9 (where unlimited is the default), and it still doesn’t work.

The odd thing to me is that it seems to work until I reboot the container. I can delete the broker an re-create it, and it works again until I reboot the container.

I’ve tried both secure and unsecure connections to the broker, and have the same result for each. I am using a login/password on the broker.

Here’s the relevant openhab.log entry:

2019-01-14 11:58:21.835 [ERROR] [core.thing.internal.ThingManagerImpl] - Exception occurred while initializing handler of thing ‘mqtt:broker:c967843e’: java.security.NoSuchAlgorithmException: Algorithm is missing
java.lang.IllegalArgumentException: java.security.NoSuchAlgorithmException: Algorithm is missing
at org.eclipse.smarthome.binding.mqtt.handler.BrokerHandler.assignSSLContextProvider(BrokerHandler.java:151) ~[?:?]
at org.eclipse.smarthome.binding.mqtt.handler.BrokerHandler.initialize(BrokerHandler.java:224) ~[?:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:564) ~[?:?]
at org.eclipse.smarthome.core.internal.common.AbstractInvocationHandler.invokeDirect(AbstractInvocationHandler.java:153) [102:org.eclipse.smarthome.core:0.10.0.oh240]
at org.eclipse.smarthome.core.internal.common.Invocation.call(Invocation.java:53) [102:org.eclipse.smarthome.core:0.10.0.oh240]
at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641) [?:?]
at java.lang.Thread.run(Thread.java:844) [?:?]
Caused by: java.security.NoSuchAlgorithmException: Algorithm is missing
at org.eclipse.smarthome.binding.mqtt.handler.BrokerHandler.assignSSLContextProvider(BrokerHandler.java:144) ~[?:?]
… 11 more

I fixed it. I had to disable the settings for certificate pinning and public key pinning and clear out the certificate and public key hashes for some reason.

OH doesn’t run on any version of Java newer than 8. There is work going on to migrate to Java 11, hopefully by the release of 2.5.

I actually saw the same error when I first played around with the new binding and assumed I did something wrong.

@David_Graeff, is this a known problem or should we file an issue? Is there a work around?

I have never used Zulu, so don’t know how they are packaging the security algorithms.
The java runtime makes guarantees in the documentation for some algorithms and I’m using those. But at the same time those are not part of any standard distribution because of that stupid old 1980’s export law of the US.

I need to test it with Zulu at some point, but have no time at hand right now. I’m not sure if a bug report is the right tool, as not all installations are affected, but at the same time the error should be presented in another way to the user. That is a usability bug at least.

Perhaps not but the docs make it clear that Zulu is the preferred JRE. Zulu is the version of Java that ships with the official openHAB Docker containers. And on RPis, probably our biggest supported hardware platform in terms of number of users Zulu is THE recommended JRE.

If it’s not a bug, it’s still a really big problem.

But the behavior is very odd. It works just fine (connects to the broker, can send and receive messages I think) up until OH is restarted. Only then do we get the errors. So if the problem is a missing algorithm in the library why does it work at first?

Could this be related to missing Zulu Cryptographic Extension Kit? The dockerhub webpage for openHAB mentions the following:

I know that the OP is not using Docker, but apparently the Zulu CEK does not come with the default installation.

It’s a good thought but I run with that variable set in Docker an I saw the same problem.

I should clarify that it is working for me now with a freshly installed Zulu 8 and the default crypto policy.

The issue for me seems to be related to certificate pinning. If I enable it (the default), I get the error the next time I restart OpenHAB. I have my own MQTT broker in a separate container…I didn’t do anything with certificates in the broker, but I wonder if it’s somehow giving a different certificate on each secure connection.

That would be an incorrect and completely broken behavior. The certificate is a little bit of proof that a server is who it claims to be. If it gave a different certificate every time there would be nothing to base that proof upon. It’d break everything.

I agree.

I just double-checked my MQTT broker, and I did configure it with a self-signed certificate. My signing CA is loaded in the Ubuntu’s certificate store on the LXC container running OpenHAB. So I’d say the certificates are all good.

So I guess I’m confused on two points.

  1. Why does the connection break when certificate pinning is enabled?
  2. Why does it work when I’m using the default crypto policy in Zulu 8?

Hi Fug1,

I have the same MQTT error message in my logs as you did; can you provide the steps in your solution?

2019-09-02 09:17:13.214 [ERROR] [core.thing.internal.ThingManagerImpl] - Exception occurred while initializing handler of thing 'mqtt:broker:roomba': java.security.NoSuchAlgorithmException: Algorithm is missing
java.lang.IllegalArgumentException: java.security.NoSuchAlgorithmException: Algorithm is missing
	at org.eclipse.smarthome.binding.mqtt.handler.BrokerHandler.assignSSLContextProvider(BrokerHandler.java:151) ~[?:?]
	at org.eclipse.smarthome.binding.mqtt.handler.BrokerHandler.initialize(BrokerHandler.java:224) ~[?:?]
	at sun.reflect.GeneratedMethodAccessor91.invoke(Unknown Source) ~[?:?]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
	at java.lang.reflect.Method.invoke(Method.java:498) ~[?:?]
	at org.eclipse.smarthome.core.internal.common.AbstractInvocationHandler.invokeDirect(AbstractInvocationHandler.java:153) [102:org.eclipse.smarthome.core:0.10.0.oh240]
	at org.eclipse.smarthome.core.internal.common.Invocation.call(Invocation.java:53) [102:org.eclipse.smarthome.core:0.10.0.oh240]
	at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:?]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:?]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:?]
	at java.lang.Thread.run(Thread.java:748) [?:?]
Caused by: java.security.NoSuchAlgorithmException: Algorithm is missing
	at org.eclipse.smarthome.binding.mqtt.handler.BrokerHandler.assignSSLContextProvider(BrokerHandler.java:144) ~[?:?]
	... 10 more

Running OH2.4 on Synology with these MQTT versions:

204 │ Active   │  80 │ 1.2.1.201809150405     │ org.eclipse.paho.client.mqttv3
205 │ Active   │  80 │ 0.11.0.oh250M1         │ org.eclipse.smarthome.binding.mqtt.generic
213 │ Active   │  80 │ 0.11.0.oh250M1         │ org.eclipse.smarthome.io.transport.mqtt
221 │ Active   │  80 │ 0.11.0.oh250M1         │ org.eclipse.smarthome.io.mqttembeddedbroker
223 │ Active   │  80 │ 0.11.0.oh250M1         │ org.eclipse.smarthome.binding.mqtt

Best, Jay

Hi Jay
I had the same on OH2.5 M2. I did the following in PaperUI

  • Disable Certificat Pinning
  • Disable Public key Pinning
  • Remove both hash-values (Certificates and public key hash)

further more I had a wrong Username and Password in my config of the mqtt-broker-thing. It always takes a wrong one whenever I make a config

hope this helps
Best
Frieso

1 Like

Thank you!

I looked around at PaperUI but could NOT find those values anywhere. I defined my THINGS vs. using PaperUI and found the 2 entries and changed them to “false” there.


Bridge mqtt:broker:roomba "Roomba Main Floor" @ "Main Floor" [ clientID="xxxxxx", host="192.168.0.143", port=8883, secure=true, username="xxxxxx", password=":xxxxx", certificatepin=false, publickeypin=false ] 
{
  Thing topic state "Roomba Cleaner State" @ "Main Floor" {
    Channels:
      Type string : wifistat "WiFi"    [ stateTopic="wifistat" ]
      Type string : shadow   "Status"  [ stateTopic="$aws/things/3164420C50229600/shadow/#" ]
  }
}

Here’s what my PaperUI looks like when you don’t use it for configuration.



Best, Jay

1 Like

See my workaround at: MQTT TLS certificate pinning - incorrect hashes - #10 by Netboy3