Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Exceptions with BouncyCastle

843811May 9 2006 — edited Jul 19 2006

Hi All:

I have upgraded an application from WAS4.0 to WAS6.0.
The application runs fine in WAS 4 but throws errors in WAS 6 environment.I think it has something to do with the Java version.

Pls help me resolving this problem.
I have spent like a week by now but couldnt figure out what the problem is.
I am not the original developer of this program....I have very less idea how it actually works.

Thanks,
Kethi
Below is the exception

[5/9/06 10:26:15:332 EDT] 0000000a WsServerImpl A WSVR0001I: Server server1 open for e-business
[5/9/06 10:26:18:082 EDT] 00000011 WorkSpaceMana A WKSP0023I: Workspace configuration consistency check is enabled.
[5/9/06 10:26:18:567 EDT] 0000002d ServletWrappe A SRVE0242I: [transfer]: Initialization successful.
[5/9/06 10:26:18:739 EDT] 0000002d WorkSpaceMana A WKSP0023I: Workspace configuration consistency check is enabled.
[5/9/06 10:26:21:692 EDT] 0000002d WorkSpaceMana A WKSP0023I: Workspace configuration consistency check is enabled.
[5/9/06 10:30:46:442 EDT] 0000002f ServletWrappe A SRVE0242I: [authenticationWebApp.jsp]: Initialization successful.
[5/9/06 10:30:49:161 EDT] 0000002f ServletWrappe E SRVE0068E: Could not invoke the service() method on servlet /authenticationWebApp.jsp. Exception thrown : javax.servlet.ServletException
at org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:639)
at com.ibm._jsp._authenticationWebApp._jspService(_authenticationWebApp.java:330)
at com.ibm.ws.jsp.runtime.HttpJspBase.service(HttpJspBase.java:88)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1212)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:629)
at com.ibm.wsspi.webcontainer.servlet.GenericServletWrapper.handleRequest(GenericServletWrapper.java:117)
at com.ibm.ws.jsp.webcontainerext.JSPExtensionServletWrapper.handleRequest(JSPExtensionServletWrapper.java:171)
at com.ibm.ws.jsp.webcontainerext.JSPExtensionProcessor.handleRequest(JSPExtensionProcessor.java:230)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:2837)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:220)
at com.ibm.ws.webcontainer.VirtualHost.handleRequest(VirtualHost.java:204)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1681)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:77)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:421)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:367)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:276)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminaters(NewConnectionInitialReadCallback.java:201)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:103)
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.requestComplete(WorkQueueManager.java:548)
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.attemptIO(WorkQueueManager.java:601)
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.workerRun(WorkQueueManager.java:934)
at com.ibm.ws.tcp.channel.impl.WorkQueueManager$Worker.run(WorkQueueManager.java:1021)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1332)
---- Begin backtrace for Nested Throwables
java.lang.ExceptionInInitializerError
at javax.crypto.SecretKeyFactory.getInstance(Unknown Source)
at com.vw.exsec.EncryptToken.generateKey(EncryptToken.java:53)
at com.vw.exsec.EncryptToken.<clinit>(EncryptToken.java:27)
at com.ibm._jsp._authenticationWebApp._jspService(_authenticationWebApp.java:134)
at com.ibm.ws.jsp.runtime.HttpJspBase.service(HttpJspBase.java:88)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1212)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:629)
at com.ibm.wsspi.webcontainer.servlet.GenericServletWrapper.handleRequest(GenericServletWrapper.java:117)
at com.ibm.ws.jsp.webcontainerext.JSPExtensionServletWrapper.handleRequest(JSPExtensionServletWrapper.java:171)
at com.ibm.ws.jsp.webcontainerext.JSPExtensionProcessor.handleRequest(JSPExtensionProcessor.java:230)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:2837)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:220)
at com.ibm.ws.webcontainer.VirtualHost.handleRequest(VirtualHost.java:204)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1681)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:77)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:421)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:367)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:276)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminaters(NewConnectionInitialReadCallback.java:201)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:103)
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.requestComplete(WorkQueueManager.java:548)
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.attemptIO(WorkQueueManager.java:601)
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.workerRun(WorkQueueManager.java:934)
at com.ibm.ws.tcp.channel.impl.WorkQueueManager$Worker.run(WorkQueueManager.java:1021)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1332)
Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
at javax.crypto.e.<clinit>(Unknown Source)
... 26 more
Caused by: java.security.PrivilegedActionException: java.security.InvalidKeyException: Public key presented not for certificate signature
at java.security.AccessController.doPrivileged1(Native Method)
at java.security.AccessController.doPrivileged(AccessController.java:351)
... 27 more
Caused by: java.security.InvalidKeyException: Public key presented not for certificate signature
at org.bouncycastle.jce.provider.X509CertificateObject.verify(X509CertificateObject.java:608)
at javax.crypto.e.a(Unknown Source)
at javax.crypto.e.c(Unknown Source)
at javax.crypto.f.run(Unknown Source)
... 29 more

[5/9/06 10:30:49:254 EDT] 0000002f ServletWrappe E SRVE0014E: Uncaught service() exception root cause /authenticationWebApp.jsp: java.lang.ExceptionInInitializerError
at javax.crypto.SecretKeyFactory.getInstance(Unknown Source)
at com.vw.exsec.EncryptToken.generateKey(EncryptToken.java:53)
at com.vw.exsec.EncryptToken.<clinit>(EncryptToken.java:27)
at com.ibm._jsp._authenticationWebApp._jspService(_authenticationWebApp.java:134)
at com.ibm.ws.jsp.runtime.HttpJspBase.service(HttpJspBase.java:88)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1212)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:629)
at com.ibm.wsspi.webcontainer.servlet.GenericServletWrapper.handleRequest(GenericServletWrapper.java:117)
at com.ibm.ws.jsp.webcontainerext.JSPExtensionServletWrapper.handleRequest(JSPExtensionServletWrapper.java:171)
at com.ibm.ws.jsp.webcontainerext.JSPExtensionProcessor.handleRequest(JSPExtensionProcessor.java:230)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:2837)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:220)
at com.ibm.ws.webcontainer.VirtualHost.handleRequest(VirtualHost.java:204)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1681)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:77)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:421)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:367)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:276)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminaters(NewConnectionInitialReadCallback.java:201)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:103)
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.requestComplete(WorkQueueManager.java:548)
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.attemptIO(WorkQueueManager.java:601)
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.workerRun(WorkQueueManager.java:934)
at com.ibm.ws.tcp.channel.impl.WorkQueueManager$Worker.run(WorkQueueManager.java:1021)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1332)
Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
at javax.crypto.e.<clinit>(Unknown Source)
... 26 more
Caused by: java.security.PrivilegedActionException: java.security.InvalidKeyException: Public key presented not for certificate signature
at java.security.AccessController.doPrivileged1(Native Method)
at java.security.AccessController.doPrivileged(AccessController.java:351)
... 27 more
Caused by: java.security.InvalidKeyException: Public key presented not for certificate signature
at org.bouncycastle.jce.provider.X509CertificateObject.verify(X509CertificateObject.java:608)
at javax.crypto.e.a(Unknown Source)
at javax.crypto.e.c(Unknown Source)
at javax.crypto.f.run(Unknown Source)
... 29 more

[5/9/06 10:30:49:442 EDT] 0000002f WebApp E SRVE0026E: [Servlet Error]-[authenticationWebApp.jsp]: java.lang.ExceptionInInitializerError
at javax.crypto.SecretKeyFactory.getInstance(Unknown Source)
at com.vw.exsec.EncryptToken.generateKey(EncryptToken.java:53)
at com.vw.exsec.EncryptToken.<clinit>(EncryptToken.java:27)
at com.ibm._jsp._authenticationWebApp._jspService(_authenticationWebApp.java:134)
at com.ibm.ws.jsp.runtime.HttpJspBase.service(HttpJspBase.java:88)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1212)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:629)
at com.ibm.wsspi.webcontainer.servlet.GenericServletWrapper.handleRequest(GenericServletWrapper.java:117)
at com.ibm.ws.jsp.webcontainerext.JSPExtensionServletWrapper.handleRequest(JSPExtensionServletWrapper.java:171)
at com.ibm.ws.jsp.webcontainerext.JSPExtensionProcessor.handleRequest(JSPExtensionProcessor.java:230)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:2837)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:220)
at com.ibm.ws.webcontainer.VirtualHost.handleRequest(VirtualHost.java:204)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1681)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:77)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:421)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:367)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:276)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminaters(NewConnectionInitialReadCallback.java:201)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:103)
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.requestComplete(WorkQueueManager.java:548)
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.attemptIO(WorkQueueManager.java:601)
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.workerRun(WorkQueueManager.java:934)
at com.ibm.ws.tcp.channel.impl.WorkQueueManager$Worker.run(WorkQueueManager.java:1021)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1332)
Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
at javax.crypto.e.<clinit>(Unknown Source)
... 26 more
Caused by: java.security.PrivilegedActionException: java.security.InvalidKeyException: Public key presented not for certificate signature
at java.security.AccessController.doPrivileged1(Native Method)
at java.security.AccessController.doPrivileged(AccessController.java:351)
... 27 more
Caused by: java.security.InvalidKeyException: Public key presented not for certificate signature
at org.bouncycastle.jce.provider.X509CertificateObject.verify(X509CertificateObject.java:608)
at javax.crypto.e.a(Unknown Source)
at javax.crypto.e.c(Unknown Source)
at javax.crypto.f.run(Unknown Source)
... 29 more

[5/9/06 10:30:49:504 EDT] 0000002f ServletWrappe A SRVE0242I: [error.jsp]: Initialization successful.

Below is the java.security file content

security.provider.1=sun.security.provider.Sun
security.provider.2=org.bouncycastle.jce.provider.BouncyCastleProvider
security.provider.3=com.ibm.crypto.provider.IBMJCA
security.provider.4=com.ibm.crypto.provider.IBMJCE
security.provider.5=com.ibm.crypto.provider.IBMJCE
security.provider.6=com.ibm.jsse.IBMJSSEProvider
security.provider.7=com.ibm.jsse2.IBMJSSEProvider2
security.provider.8=com.ibm.security.jgss.IBMJGSSProvider
security.provider.9=com.ibm.security.cert.IBMCertPath
security.provider.10=com.ibm.crypto.pkcs11.provider.IBMPKCS11

Below is the code
public static void generateKey(String keyPath)
{
try
{
try
{
//
// Due to WSAD/Websphere configuration problems force the Crypto Provider to load
//
Security.insertProviderAt(new org.bouncycastle.jce.provider.BouncyCastleProvider(), 1);

//
// Load raw key bytes from disk
//
File file = new File(keyPath);
FileInputStream fis = new FileInputStream(file);
byte[] keyData = new byte[ (int)file.length() ];
//System.out.println("keyData &&&&&&&&&&&&&&& " + keyData);
fis.read(keyData);

//
// Generate key from raw key bytes
//
DESedeKeySpec desKeySpec = new DESedeKeySpec(keyData);
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DESede", "BC"); // specify provider
key = keyFactory.generateSecret(desKeySpec);

// Generate ciper from key
cipher = Cipher.getInstance("DESede/ECB/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, key);

}
catch(Exception e)
{
String msg = new String("Error generating key.");
throw new AuthenticationWebAppException(msg);
}
}
catch(AuthenticationWebAppException e)
{
authenticationWebAppException = e;
}
// debug
//catch(Throwable e)
//{
// System.out.println(e.getMessage());
//}

}

Locked Post

New comments cannot be posted to this locked post.

Locked on Aug 16 2006

Added on May 9 2006

#cryptography

34 comments

1,999 views