Hi
I have debugged a bit further and the problem occurs not in WSS4J but in
XML Security. And the code does not specifiy the bouncy castle provider:
instance._contextCipher = Cipher.getInstance(jceAlgorithm);
The chiper that returns are a com.ibm.crypto.provider.DESedeChiper and
not from BC. So I am going to change this line and specifiy the
BouncyCastle provider when calling getInstance and hopefully this helps
Websphere to return the right provider.
Regards,
Markus
Markus Backman wrote:
Hi
I have tried to change the location of the bouncycastle jar, in the
ext lib, the war files lib dir and the ear. Nothing seams to work. The
wss4j code used the following to get the padding mechanism (as far as
I can tell. I am going to takes this on their dev mailinglist also).
Cipher.getInstance("RSA/NONE/OAEPPADDING", "BC");
So it mentions the BC as provider so it must be something that is
wrong with the Websphere 5.1.2 enviroment. A possible solution is to
make changes to the wss4j code to ignore BC and use algorithm
supported by IBM JCE. But I havn't investigated the amount of work
this would require.
I also been in contact with Benjamin Francioni that posted the first
question about websphere and bouncycastle on this mailinglist (link in
my previous mail). And he didn't find any solution to the problem so
he used jakarta tomcat instead. Below is a cut from he's answer:
Unfortunately, I didn't solve this problem:
IBM JRE doesn't support this algo.
IBM JRE doesn't support BouncyCastle that implements this algo.
IBM support wasn't able to help me .
So I decided myself to use Tomcat with a Sun JVM.
So it seams that this is a very annoying limit in the IBM websphere
product. Hopefully I will get some form of response for this problem
by IBM and put some pressure on them to make it work in future
versions so that Bouncycastle can be used also under a IBM jre.
Regards,
Markus
David Hook wrote:
The only thing I can suggest is it's a class loader issue, although I've
no idea how it would be caused. Does your use of the padding mechanism
explicitly mention BC? That might help, other than that I'd try moving
the provider jar around if possible.
Regards,
David
On Wed, 2006-05-03 at 17:25 +0200, Markus Backman wrote:
Hi
The problem I have encountered was during a development of a WSS4J
(Web Service Security four Java) based Web Service. WSS4J has
requirement that BouncyCastle is availible as a provider. The following
description states the enviroment and the development process not only
for the use of bouncycastle but also the WSS4J.
I have successfully managed to secure an Axis based Web Service with
WSS4J. During the development I used SUNs JDK1.4.2_11 and Jakarta
Tomcat 5.0.30. I ran the test client and the deployed Web Service on
the same machine both running under jre1.4.2_11. This due to make
sure that it ran on the only requirement we have on the client
platform, jre1.4.2 or later. This testcases worked fine. But as the
company I work for has Websphere 5.1 as J2EE servers I started to
move the Web Service to WSAD and a Websphere 5.1 server. When doing
so I ran into a problem. I know WSS4J has a requriment on
BouncyCastle so I started with updating the java.security file under
the IBM 1.4 jre Websphere 5.1 is running on. I added the
BouncyCastle provider as number 4, as number one needs to be suns
default and 2 and 3 needs to be to IBM providers as the server would
start otherwise, and started the server. I ran the testclient(under
SUNs jre 1.4.2_11) again but recieved the following exception on
the server.
"Original Exception was javax.crypto.NoSuchPaddingException:
Padding: ISO10126Padding not implemented"
A quick check on BouncyCastles website stated that ISO10126Padding
is implemented. So the BouncyCastle provider can't be correctly
installed on the Websphere 5.1 server. A google later showed that a
small number of people encountered this before, but with no
description on what the solution are, for example:
http://article.gmane.org/gmane.comp.encryption.bouncy-castle.devel/2378/match=com+ibm+security+bootstrap+jdkmessagedigest+sha1
Has anyone successfully deployed BouncyCastle in a Websphere 5.1.2
enviroment? If so how did you set up your java.security file?
I am using WSS4J 1.1.0 that ships with bcprov-jdk13-128.jar. I have
placed
it in the ext lib under the IBM jre(1.4) that runs the 5.1.2 server.
I am desperate for some assistance.
Thanks
Markus
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
