What framework implementation are you using? In Equinox we had a similar issue reported in bug https://bugs.eclipse.org/bugs/show_bug.cgi?id=89904 and https://bugs.eclipse.org/bugs/show_bug.cgi?id=83981
The fix was to have the framework define proper CodeSource objects so that the VM could validate the provider. Tom |------------> | From: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |Daniel Romero <[email protected]> | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | To: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |[email protected] | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | Date: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |05/14/2009 01:42 PM | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | Subject: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |[osgi-dev] Registering a SecurityProvider programatically in OSGi | >--------------------------------------------------------------------------------------------------------------------------------------------------| Hi, We are trying to use BouncyCastle security provider in our platform on OSGi. We have a bundle that contains the BC signed jars: bcprov-jdk15-143.jar and bcpg-jdk15-143.jar for PGP support. That bundle has a component that, once is activated, registers the security provider: protected void activate(ComponentContext context) throws Exception { log.debug("activate()"); Security.addProvider(new BouncyCastleProvider()); } After that we try to create a Cipher using BC provider: cipher = Cipher.getInstance("AES/ECB/PKCS5Padding", "BC"); And at this point we get an exception: Caused by: java.lang.SecurityException: JCE cannot authenticate the provider BC at javax.crypto.Cipher.getInstance(DashoA12275) at javax.crypto.Cipher.getInstance(DashoA12275) at lib.security.SecurityUtil.createCipher(SecurityUtil.java:113) ... 22 more Caused by: java.util.jar.JarException: Class is on the bootclasspath at javax.crypto.SunJCE_d.a(DashoA12275) at javax.crypto.SunJCE_b.b(DashoA12275) at javax.crypto.SunJCE_b.a(DashoA12275) ... 25 more JCE is not authenticating the provider BC. The Jars are signed. In fact, if we run a unit test, the Cipher is created correctly. We've seen that many people add the jars to lib/ext in the JRE home, and then they edit the file lib/security/java.security adding the provider. If we do that we don't get that exception, but we don't want to do that installation on each environment, we would like to add it programatically. Do you have any idea? Thanks a lot for your time._______________________________________________ OSGi Developer Mail List [email protected] https://mail.osgi.org/mailman/listinfo/osgi-dev
<<inline: graycol.gif>>
<<inline: ecblank.gif>>
_______________________________________________ OSGi Developer Mail List [email protected] https://mail.osgi.org/mailman/listinfo/osgi-dev
