Réf. : Réf. : Re: Install bouncy castle JCE provider on Websphere 5.1

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Réf. : Réf. : Re: Install bouncy castle JCE provider on Websphere 5.1

Benjamin.Francioni







Jon, Carlos,
Thanks for your responses,
I tried a lot of configurations.

On Websphere 5.1.2 (IBM JDK 1.4.1):

With this one the server start but ISO10126Padding algo still isn't
implemented:
security.provider.1=org.apache.ws.security.components.crypto.Merlin
security.provider.2=sun.security.provider.Sun
security.provider.3=com.ibm.crypto.provider.IBMJCE
security.provider.4=com.sun.crypto.provider.SunJCE
security.provider.5=org.bouncycastle.jce.provider.BouncyCastleProvider
security.provider.6=com.ibm.jsse.IBMJSSEProvider
security.provider.7=com.ibm.security.cert.IBMCertPath
security.provider.8=com.ibm.crypto.pkcs11.provider.IBMPKCS11
security.provider.9=com.sun.net.ssl.internal.ssl.Provider
security.provider.10=com.sun.rsajca.Provider
security.provider.11=sun.security.jgss.SunProvider


Exception in my app:
Exeption:WSDoAllSender: Encryption: error during message
processingorg.apache.ws.security.WSSecurityException: An unsupported
signature or encryption algorithm was used; nested exception is:
      org.apache.xml.security.encryption.XMLEncryptionException: Paddding:
ISO10126Padding not implemented
Original Exception was javax.crypto.NoSuchPaddingException: Paddding:
ISO10126Padding not implemented

With this one an exception occured when the server start (3<->4):
security.provider.1=org.apache.ws.security.components.crypto.Merlin
security.provider.2=sun.security.provider.Sun
security.provider.3=com.sun.crypto.provider.SunJCE
security.provider.4=com.ibm.crypto.provider.IBMJCE
security.provider.5=org.bouncycastle.jce.provider.BouncyCastleProvider
security.provider.6=com.ibm.jsse.IBMJSSEProvider
security.provider.7=com.ibm.security.cert.IBMCertPath
security.provider.8=com.ibm.crypto.pkcs11.provider.IBMPKCS11
security.provider.9=com.sun.net.ssl.internal.ssl.Provider
security.provider.10=com.sun.rsajca.Provider
security.provider.11=sun.security.jgss.SunProvider


Echec du chargement de KeyLocator SampleSenderEncryptionKeyLocator.
L'exception est :
java.lang.NoClassDefFoundError: sun/security/util/DerOutputStream

FYI: my app use Axis and WSS4J

The app works very well on tomcat / Sun JDK1.4.1 with this config:
security.provider.1=org.apache.ws.security.components.crypto.Merlin
security.provider.2=sun.security.provider.Sun
security.provider.3=com.sun.crypto.provider.SunJCE
security.provider.4=org.bouncycastle.jce.provider.BouncyCastleProvider
security.provider.5=com.sun.net.ssl.internal.ssl.Provider
security.provider.6=com.sun.rsajca.Provider
security.provider.7=sun.security.jgss.SunProvider


I'm lost. Any Idea???

Thanks,
Benjamin


|---------+--------------------------->
|         |           Jon Eaves       |
|         |           <[hidden email]> |
|         |                           |
|         |           21/06/2005 23:59|
|         |                           |
|---------+--------------------------->
  >-------------------------------------------------------------------------------------------------------------------------------|
  |                                                                                                                               |
  |        Pour :   dev-crypto <[hidden email]>                                                                      |
  |        cc :                                                                                                                   |
  |        Objet :  Re: [dev-crypto] Install bouncy castle JCE provider on Websphere 5.1                                          |
  >-------------------------------------------------------------------------------------------------------------------------------|



Hi Benjamin,

Due to limitations in the JVM's it will not work in position #1.
Try position #5, (just after the Sun providers) or because of the horror
that is WebSphere, try the end of the list.

cheers,
             -- jon

[hidden email] wrote:

>
>
>
>  --------------------------------------------------------------
>        From: Benjamin Francioni <[hidden email]>
>          To: [hidden email]
>     Subject: PROBLEM WITH LOADING PRODUCT
>
>     Install bouncy castle JCE provider on Websphere 5.1
>  --------------------------------------------------------------
>
> Hello all,
>
> I try to install bc jce provider on Websphere 5.1 because I need
> ISO10126Padding algo which is not implemented on IBM jre.
> So I configured my java.security file like this:
> security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider
> security.provider.2=org.apache.ws.security.components.crypto.Merlin
> security.provider.3=sun.security.provider.Sun
> security.provider.4=com.sun.crypto.provider.SunJCE
> security.provider.5=com.ibm.crypto.provider.IBMJCE
> security.provider.6=com.ibm.jsse.IBMJSSEProvider
> security.provider.7=com.ibm.security.cert.IBMCertPath
> security.provider.8=com.ibm.crypto.pkcs11.provider.IBMPKCS11
>
> And copy bcprov-jdk14-128.jar in jre\lib\ext folder.
>
>
> When I start my server this exception occure:
> [21/06/05 15:26:31:180 CEST] 3d2e8d20 ContainerImpl E WSVR0501E: Erreur
de
> création du composant null [class com.ibm.ws.runtime.component.ORBImpl]
> java.lang.ExceptionInInitializerError
>       at    at
>
com.ibm.rmi.iiop.CDROutputStream.<clinit>(CDROutputStream.java:1077).null(Unknown

>  Source)
>       at com.ibm.rmi.corba.ORB.<init>(ORB.java:250)
>       at com.ibm.rmi.iiop.ORB.<init>(ORB.java:166)
>       at com.ibm.CORBA.iiop.ORB.<init>(ORB.java:521)
>       at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
> Method)
>       at
>
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:79)

>       at
>
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:43)

>       at java.lang.reflect.Constructor.newInstance(Constructor.java:313)
>       at java.lang.Class.newInstance3(Class.java:363)
>       at java.lang.Class.newInstance(Class.java:301)
>       at org.omg.CORBA.ORB.create_impl(ORB.java:325)
>       at org.omg.CORBA.ORB.init(ORB.java:366)
>       at com.ibm.ws.orb.GlobalORBFactory.init(GlobalORBFactory.java:77)
>       at com.ibm.ejs.oa.EJSORBImpl.initializeORB(EJSORBImpl.java:174)
>       at
com.ibm.ejs.oa.EJSServerORBImpl.<init>(EJSServerORBImpl.java:126)
>       at com.ibm.ejs.oa.EJSORB.init(EJSORB.java:339)
>       at com.ibm.ws.runtime.component.ORBImpl.start(ORBImpl.java:282)
>       at
>
com.ibm.ws.runtime.component.ContainerImpl.startComponents(ContainerImpl.java:536)

>       at
> com.ibm.ws.runtime.component.ContainerImpl.start(ContainerImpl.java:413)
>       at
com.ibm.ws.runtime.component.ServerImpl.start(ServerImpl.java:183)
>       at com.ibm.ws.runtime.WsServer.start(WsServer.java:128)
>       at com.ibm.ws.runtime.WsServer.main(WsServer.java:225)
>       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>       at
>
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:79)

>       at
>
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:41)

>       at java.lang.reflect.Method.invoke(Method.java:386)
>       at com.ibm.ws.bootstrap.WSLauncher.main(WSLauncher.java:105)
>       at
>
com.ibm.etools.websphere.tools.runner.api.ServerRunnerV5$1.run(ServerRunnerV5.java:97)

> Caused by: java.lang.SecurityException: class configured for
> MessageDigest(provider: BootstrapProvider version 1.1)cannot be found.
> com/ibm/security/bootstrap/JDKMessageDigest$SHA1
>       at
>
com.ibm.rmi.io.ObjectStreamClass._computeSerialVersionUID(ObjectStreamClass.java:1306)

>       at
com.ibm.rmi.io.ObjectStreamClass.init(ObjectStreamClass.java:775)
>       at
>
com.ibm.rmi.io.ObjectStreamClass.lookupInternal(ObjectStreamClass.java:266)
>       at
> com.ibm.rmi.io.ObjectStreamClass.lookup(ObjectStreamClass.java:219)
>       at
>
com.ibm.rmi.io.ObjectStreamClass.lookupInternal(ObjectStreamClass.java:256)
>       at
> com.ibm.rmi.io.ObjectStreamClass.lookup(ObjectStreamClass.java:219)
>       at
> com.ibm.rmi.util.RepositoryId.createHashString(RepositoryId.java:713)
>       at    at
>
com.ibm.rmi.util.RepositoryId.<clinit>(RepositoryId.java:209).null(Unknown
> Source)
>       ... 28 more
>
> [21/06/05 15:26:31:230 CEST] 3d2e8d20 ContainerImpl E WSVR0501E: Erreur
de
> création du composant null [class
> com.ibm.ws.naming.bootstrap.NameServerImpl]
> java.lang.NullPointerException
>       at
>
com.ibm.ws.naming.distcos.ServantManagerImpl.<init>(ServantManagerImpl.java:132)

>       at
>
com.ibm.ws.naming.distcos.NameSpaceBuilder.<init>(NameSpaceBuilder.java:216)

>       at
> com.ibm.ws.naming.distcos.NSBSingleAppSvr.<init>(NSBSingleAppSvr.java:65)
>       at
> com.ibm.ws.naming.bootstrap.NameServerImpl.start(NameServerImpl.java:372)
>       at
>
com.ibm.ws.runtime.component.ContainerImpl.startComponents(ContainerImpl.java:536)

>       at
> com.ibm.ws.runtime.component.ContainerImpl.start(ContainerImpl.java:413)
>       at
com.ibm.ws.runtime.component.ServerImpl.start(ServerImpl.java:183)
>       at com.ibm.ws.runtime.WsServer.start(WsServer.java:128)
>       at com.ibm.ws.runtime.WsServer.main(WsServer.java:225)
>       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>       at
>
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:79)

>       at
>
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:41)

>       at java.lang.reflect.Method.invoke(Method.java:386)
>       at com.ibm.ws.bootstrap.WSLauncher.main(WSLauncher.java:105)
>       at
>
com.ibm.etools.websphere.tools.runner.api.ServerRunnerV5$1.run(ServerRunnerV5.java:97)

>
>
>
> I have missed something? What's that BoostrapProvider version 1.1?
> Appereciate any help.
>
> Thanks,
> Benjamin
>
> ----------------------------------------------------------
> Le présent message ainsi que ses éventuelles pièces jointes est
> exclusivement destiné au(x) destinataire(s), personnes physiques ou
> morales, qu'il désigne.
> Il constitue de ce fait une correspondance à caractère privé et peut
> contenir des informations confidentielles.
> Si ce message vous est parvenu par erreur, nous vous remercions d'en
aviser

> immédiatement l'expéditeur par retour de courrier électronique puis de le
> détruire, ainsi que ses éventuelles pièces jointes, sans en conserver de
> copie.
>
>
> This message, including any attachment, is intended for the use of the
> individual or entity to which it is addressed.
> It is therefore to be considered as a private correspondence which may
> contain confidential information.
> If you are not the intended recipient, please advise the sender
immediately
> by reply e.mail and delete this message and any attachment thereto
without
> retaining a copy.
> ----------------------------------------------------------
>
>

--
Jon Eaves <[hidden email]>
http://www.eaves.org/blog/
Co-Author of "Apache Tomcat Bible", "Professional Tomcat 5", "Beginning
JavaServer Pages"







----------------------------------------------------------
Le présent message ainsi que ses éventuelles pièces jointes est
exclusivement destiné au(x) destinataire(s), personnes physiques ou
morales, qu'il désigne.
Il constitue de ce fait une correspondance à caractère privé et peut
contenir des informations confidentielles.
Si ce message vous est parvenu par erreur, nous vous remercions d'en aviser
immédiatement l'expéditeur par retour de courrier électronique puis de le
détruire, ainsi que ses éventuelles pièces jointes, sans en conserver de
copie.


This message, including any attachment, is intended for the use of the
individual or entity to which it is addressed.
It is therefore to be considered as a private correspondence which may
contain confidential information.
If you are not the intended recipient, please advise the sender immediately
by reply e.mail and delete this message and any attachment thereto without
retaining a copy.
----------------------------------------------------------


Reply | Threaded
Open this post in threaded view
|

Re: Réf. : Réf. : Re: [dev-crypto] Install bouncy castle JCE provider on Websphere 5.1

Jon Eaves
[hidden email] wrote:
> Jon, Carlos,
> Thanks for your responses,
> I tried a lot of configurations.
>
> On Websphere 5.1.2 (IBM JDK 1.4.1):
>
> With this one the server start but ISO10126Padding algo still isn't
> implemented:
> security.provider.1=org.apache.ws.security.components.crypto.Merlin

This is almost certainly wrong.  The Sun provider should/must be #1.

> security.provider.2=sun.security.provider.Sun
> security.provider.3=com.ibm.crypto.provider.IBMJCE
> security.provider.4=com.sun.crypto.provider.SunJCE
> security.provider.5=org.bouncycastle.jce.provider.BouncyCastleProvider
> security.provider.6=com.ibm.jsse.IBMJSSEProvider
> security.provider.7=com.ibm.security.cert.IBMCertPath
> security.provider.8=com.ibm.crypto.pkcs11.provider.IBMPKCS11
> security.provider.9=com.sun.net.ssl.internal.ssl.Provider
> security.provider.10=com.sun.rsajca.Provider
> security.provider.11=sun.security.jgss.SunProvider

I'd put all the Sun and IBM providers first and second, then BC, then
the Merlin libraries.  Try that.

Cheers,
        -- jon

--
Jon Eaves <[hidden email]>
http://www.eaves.org/blog/
Co-Author of "Apache Tomcat Bible", "Professional Tomcat 5", "Beginning JavaServer Pages"