Hi Jon,
I do have to say I'm not that familiar with your use case. You might want to take a look at TomcatJSS and PKI for examples using JSS. One thing that I will point out is that, rather than directly adding the JSSProvider to the JCE, we let the CryptoManager deal with that: See: https://github.com/dogtagpki/pki/blob/master/base/server/cmscore/src/com/netscape/cmscore/security/JssSubsystem.java#L305 Which calls here: https://github.com/dogtagpki/jss/blob/master/org/mozilla/jss/CryptoManager.java#L437 I'm guessing the latter will give you the clues you seek for initializing the RNG if you want to do it yourself... :) (So I think to directly answer the last question, you either need to initialize the CryptoManager class, or do the work it does (RNG initialization in this current case) and/or the subset of work it does that enables your use cases... so I'd perhaps consider just using the CryptoManager class myself). - Alex ----- Original Message ----- > From: "Jon Moroney" <[email protected]> > To: [email protected] > Sent: Wednesday, November 7, 2018 6:47:08 PM > Subject: [Pki-devel] Integrating JSS into an existing java project > > Hey all, > > Sorry if this question has been covered, I did a cursory search and came up > with nothing. > > I’m trying to integrate the signed JSS jar into my build to be used as a JCE > provider for fips compliance and am running into issues. Using the java > Security class I’m trying to set the JSS provider as the default security > provider > ``` > Security.insertProviderAt(new JSSProvider() ,1); > ``` > This works, however when running my test suite I get about a billion errors > which all seem to trace back to errors around the default PRNG provider. Ex. > ``` > Could not initialize class javax.crypto.JceSecurityManager > ``` > I’ve read that in order to use jss classes directly one needs to initialize > the cryptomanager class. Is this necessary if I just want to use jss as a > JCE provider? If so, how do I know what arguments to pass into the > initialize function? > > Thanks, > Jon > > _______________________________________________ > Pki-devel mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/pki-devel _______________________________________________ Pki-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/pki-devel
