Hi Thilina,
This exception usually occurs if Bouncy Castle is not registered as
a security provider in your JVM. To resolve this issue follow the steps
given below,
1. Find the JVM you are running (Use update-java-alternatives -l
command)
2. Find java.security in /path_to_your_jvm/jre/lib/security
3. Add
security.provider.X=org.bouncycastle.jce.provider.BouncyCastleProvider
(X is the next number in sequence)
After adding BC provider, java.security would look like as below,
security.provider.1=sun.security.provider.Sun
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.3=com.sun.net.ssl.internal.ssl.Provider
security.provider.4=com.sun.crypto.provider.SunJCE
security.provider.5=sun.security.jgss.SunProvider
security.provider.6=com.sun.security.sasl.Provider
security.provider.7=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.8=sun.security.smartcardio.SunPCSC
security.provider.9=org.bouncycastle.jce.provider.BouncyCastleProvider
[1] is a good reference on this. Also it has a test program to check
whether BC is installed or not.
If this doesnt solve the issue, please let me know.
[1]
http://www.randombugs.com/java/javalangsecurityexception-jce-authenticate-provider-bc.html
Thanks
AmilaJ
Thilina Mahesh Buddhika wrote:
> Hi AmilaJ,
>
> I tried starting an IS pack built from latest trunk and the following
> exception was thrown from identity provider initialization code.
>
> java.lang.SecurityException: JCE cannot authenticate the provider BC
> at javax.crypto.Cipher.getInstance(DashoA12275)
> at javax.crypto.Cipher.getInstance(DashoA12275)
> at org.wso2.carbon.core.util.CryptoUtil.encrypt(CryptoUtil.java:76)
> at
> org.wso2.carbon.core.util.CryptoUtil.encryptAndBase64Encode(CryptoUtil.java:98)
> at
> org.wso2.carbon.security.keystore.KeyStoreAdmin.addKeyStore(KeyStoreAdmin.java:225)
> at
> org.wso2.carbon.security.keystore.KeyStoreAdmin.addKeyStoreWithFilePath(KeyStoreAdmin.java:173)
> at
> org.wso2.carbon.identity.provider.Initializer.addKeyStores(Initializer.java:113)
> at
> org.wso2.carbon.identity.provider.Initializer.init(Initializer.java:64)
> at
> org.wso2.carbon.identity.provider.internal.IdentityProviderServiceComponent.activate(IdentityProviderServiceComponent.java:80)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:592)
> at
> org.eclipse.equinox.internal.ds.model.ServiceComponent.activate(ServiceComponent.java:230)
>
>
> Then I removed ApacheDS related bundles and replaced the user-mgt.xml
> of IS with a default user-mgt.xml. Then it started up fine.
>
> Down in the stack trace, I could observe the following lines.
>
> Caused by: java.util.jar.JarException:
> file:/home/thilina/projects/carbon/trunk/products/is/modules/distribution/target/wso2is-3.0.0-SNAPSHOT/repository/components/configuration/org.eclipse.osgi/bundles/12/1/.cp/apacheds-all-1.5.7.jar
>
> has unsigned entries -
> org/apache/directory/server/core/partition/avl/AvlIndex.class
> at javax.crypto.SunJCE_d.b(DashoA12275)
> at javax.crypto.SunJCE_d.a(DashoA12275)
> at javax.crypto.SunJCE_d.a(DashoA12275)
> at javax.crypto.SunJCE_b.b(DashoA12275)
> at javax.crypto.SunJCE_b.a(DashoA12275)
>
> I doubt whether this error is the cause for the above exception.
>
> Thanks,
> Thilina
>
> On Mon, Aug 16, 2010 at 10:35 AM, Amila Jayasekara <[email protected]
> <mailto:[email protected]>> wrote:
>
> Hi All,
> Just to inform you that IS is now integrated with in-built
> ApacheDS
> server. To achieve this we are replacing some tokens in user-mgmt.xml.
> Token replacement in user-mgmt.xml is not trivial and i had to
> introduce
> some new code into user-mgmt.xml to achieve this.
> In summary this is how we do token replacement in user-mgmt.xml.
> Introduce a new tag called "<ISUserStoreManager
> class="org.wso2.carbon.user.core.ldap.ApacheDSUserStoreManager">" and
> this is quite similar to <UserStoreManager
> "org.wso2.carbon.user.core.ldap.ApacheDSUserStoreManager"> tag. But in
> default configuration this is commented.
> When building IS comment all existing <UserStoreManager> tags and
> replace <!--ISUserStoreManager> with <UserStoreManager>.
>
> This approach is quite fragile. For example if someone introduce a
> comment to a default <UserStoreManager>, build will break.
>
> I believe we should be able to improve the way we replace
> tokens
> in user-mgmt.xml. I guess the best way to achieve this is by
> separating
> UserStoreManager and their properties or maybe to introduce a enable,
> disable attribute to <UserStoreManager> tag.
>
> Feedback appreciated.
>
> Thankx
> AmilaJ
>
> _______________________________________________
> Carbon-dev mailing list
> [email protected] <mailto:[email protected]>
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
>
>
> --
> Thilina Mahesh Buddhika
> Senior Software Engineer
> WSO2 Inc. ; http://wso2.com
> lean . enterprise . middleware
>
> phone : +94 77 44 88 727
> blog : http://blog.thilinamb.com
> ------------------------------------------------------------------------
>
> _______________________________________________
> Carbon-dev mailing list
> [email protected]
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
_______________________________________________
Carbon-dev mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
