Hi Amila; Please have a look at CryptoUtil of carbon.core...
Anyway I will work on that - since you are busy with some other stuff.. Thanks & regards, -Prabath On Wed, Sep 29, 2010 at 1:37 PM, Amila Jayasekara <[email protected]> wrote: > Prabath Siriwardana wrote: >> On Fri, Aug 20, 2010 at 12:10 AM, Thilina Mahesh Buddhika >> <[email protected]> wrote: >> >>> Thanks Amila. I will try that. >>> >>> But can we ask users to follow these steps before running IS ? It will break >>> the 'extract and run' practice we have been maintaining with Carbon. >>> >>> WDYT? >>> >> >> +1 - We can do it at the code level.. >> > Hi Prabath, > Please guide me on how to do this at code level. A reference would > be sufficient. > Thanks > AmilaJ >> Thanks & regards, >> -Prabath >> >> >>> Thanks, >>> Thilina >>> >>> On Thu, Aug 19, 2010 at 11:58 PM, Amila Jayasekara <[email protected]> wrote: >>> >>>> Hi Thilina, >>>> This exception usually occurs if Bouncy Castle is not registered as >>>> a security provider in your JVM. To resolve this issue follow the steps >>>> given below, >>>> 1. Find the JVM you are running (Use update-java-alternatives -l >>>> command) >>>> 2. Find java.security in /path_to_your_jvm/jre/lib/security >>>> 3. Add >>>> security.provider.X=org.bouncycastle.jce.provider.BouncyCastleProvider >>>> (X is the next number in sequence) >>>> >>>> After adding BC provider, java.security would look like as below, >>>> >>>> security.provider.1=sun.security.provider.Sun >>>> security.provider.2=sun.security.rsa.SunRsaSign >>>> security.provider.3=com.sun.net.ssl.internal.ssl.Provider >>>> security.provider.4=com.sun.crypto.provider.SunJCE >>>> security.provider.5=sun.security.jgss.SunProvider >>>> security.provider.6=com.sun.security.sasl.Provider >>>> security.provider.7=org.jcp.xml.dsig.internal.dom.XMLDSigRI >>>> security.provider.8=sun.security.smartcardio.SunPCSC >>>> security.provider.9=org.bouncycastle.jce.provider.BouncyCastleProvider >>>> >>>> [1] is a good reference on this. Also it has a test program to check >>>> whether BC is installed or not. >>>> >>>> If this doesnt solve the issue, please let me know. >>>> >>>> [1] >>>> >>>> http://www.randombugs.com/java/javalangsecurityexception-jce-authenticate-provider-bc.html >>>> >>>> Thanks >>>> AmilaJ >>>> >>>> >>>> >>>> Thilina Mahesh Buddhika wrote: >>>> >>>>> Hi AmilaJ, >>>>> >>>>> I tried starting an IS pack built from latest trunk and the following >>>>> exception was thrown from identity provider initialization code. >>>>> >>>>> java.lang.SecurityException: JCE cannot authenticate the provider BC >>>>> at javax.crypto.Cipher.getInstance(DashoA12275) >>>>> at javax.crypto.Cipher.getInstance(DashoA12275) >>>>> at org.wso2.carbon.core.util.CryptoUtil.encrypt(CryptoUtil.java:76) >>>>> at >>>>> >>>>> org.wso2.carbon.core.util.CryptoUtil.encryptAndBase64Encode(CryptoUtil.java:98) >>>>> at >>>>> >>>>> org.wso2.carbon.security.keystore.KeyStoreAdmin.addKeyStore(KeyStoreAdmin.java:225) >>>>> at >>>>> >>>>> org.wso2.carbon.security.keystore.KeyStoreAdmin.addKeyStoreWithFilePath(KeyStoreAdmin.java:173) >>>>> at >>>>> >>>>> org.wso2.carbon.identity.provider.Initializer.addKeyStores(Initializer.java:113) >>>>> at >>>>> org.wso2.carbon.identity.provider.Initializer.init(Initializer.java:64) >>>>> at >>>>> >>>>> org.wso2.carbon.identity.provider.internal.IdentityProviderServiceComponent.activate(IdentityProviderServiceComponent.java:80) >>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>>> at >>>>> >>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) >>>>> at >>>>> >>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) >>>>> at java.lang.reflect.Method.invoke(Method.java:592) >>>>> at >>>>> >>>>> org.eclipse.equinox.internal.ds.model.ServiceComponent.activate(ServiceComponent.java:230) >>>>> >>>>> >>>>> Then I removed ApacheDS related bundles and replaced the user-mgt.xml >>>>> of IS with a default user-mgt.xml. Then it started up fine. >>>>> >>>>> Down in the stack trace, I could observe the following lines. >>>>> >>>>> Caused by: java.util.jar.JarException: >>>>> >>>>> file:/home/thilina/projects/carbon/trunk/products/is/modules/distribution/target/wso2is-3.0.0-SNAPSHOT/repository/components/configuration/org.eclipse.osgi/bundles/12/1/.cp/apacheds-all-1.5.7.jar >>>>> has unsigned entries - >>>>> org/apache/directory/server/core/partition/avl/AvlIndex.class >>>>> at javax.crypto.SunJCE_d.b(DashoA12275) >>>>> at javax.crypto.SunJCE_d.a(DashoA12275) >>>>> at javax.crypto.SunJCE_d.a(DashoA12275) >>>>> at javax.crypto.SunJCE_b.b(DashoA12275) >>>>> at javax.crypto.SunJCE_b.a(DashoA12275) >>>>> >>>>> I doubt whether this error is the cause for the above exception. >>>>> >>>>> Thanks, >>>>> Thilina >>>>> >>>>> On Mon, Aug 16, 2010 at 10:35 AM, Amila Jayasekara <[email protected] >>>>> <mailto:[email protected]>> wrote: >>>>> >>>>> Hi All, >>>>> Just to inform you that IS is now integrated with in-built >>>>> ApacheDS >>>>> server. To achieve this we are replacing some tokens in >>>>> user-mgmt.xml. >>>>> Token replacement in user-mgmt.xml is not trivial and i had to >>>>> introduce >>>>> some new code into user-mgmt.xml to achieve this. >>>>> In summary this is how we do token replacement in user-mgmt.xml. >>>>> Introduce a new tag called "<ISUserStoreManager >>>>> class="org.wso2.carbon.user.core.ldap.ApacheDSUserStoreManager">" >>>>> and >>>>> this is quite similar to <UserStoreManager >>>>> "org.wso2.carbon.user.core.ldap.ApacheDSUserStoreManager"> tag. But >>>>> in >>>>> default configuration this is commented. >>>>> When building IS comment all existing <UserStoreManager> tags and >>>>> replace <!--ISUserStoreManager> with <UserStoreManager>. >>>>> >>>>> This approach is quite fragile. For example if someone introduce a >>>>> comment to a default <UserStoreManager>, build will break. >>>>> >>>>> I believe we should be able to improve the way we replace >>>>> tokens >>>>> in user-mgmt.xml. I guess the best way to achieve this is by >>>>> separating >>>>> UserStoreManager and their properties or maybe to introduce a >>>>> enable, >>>>> disable attribute to <UserStoreManager> tag. >>>>> >>>>> Feedback appreciated. >>>>> >>>>> Thankx >>>>> AmilaJ >>>>> >>>>> _______________________________________________ >>>>> Carbon-dev mailing list >>>>> [email protected] <mailto:[email protected]> >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Thilina Mahesh Buddhika >>>>> Senior Software Engineer >>>>> WSO2 Inc. ; http://wso2.com >>>>> lean . enterprise . middleware >>>>> >>>>> phone : +94 77 44 88 727 >>>>> blog : http://blog.thilinamb.com >>>>> ------------------------------------------------------------------------ >>>>> >>>>> _______________________________________________ >>>>> Carbon-dev mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>> >>>>> >>>> _______________________________________________ >>>> Carbon-dev mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>> >>> >>> -- >>> Thilina Mahesh Buddhika >>> Senior Software Engineer >>> WSO2 Inc. ; http://wso2.com >>> lean . enterprise . middleware >>> >>> phone : +94 77 44 88 727 >>> blog : http://blog.thilinamb.com >>> >>> _______________________________________________ >>> Carbon-dev mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>> >>> >>> >> >> >> >> > > > _______________________________________________ > Carbon-dev mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > -- Thanks & Regards, Prabath Siriwardena http://blog.facilelogin.com http://RampartFAQ.com _______________________________________________ Carbon-dev mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
