How to Rectify the Security Error that Occurs when WSAS is Started on Sun Solaris?

There have been many reports about a security encryption error when WSO2 WSAS is deployed on Sun Solaris. This error shows up when you start up WSAS on a Solaris box. However, this error is related to the default security configuration for the JDK installed on Sun Solaris.
Date: Wed, 17th Oct, 2007
Level: Intermediate
Reads: 2774 Comments: 0 | Login or register to post comments
Afkham Azeez
Dir
WSO2
afkham_azeez's picture

Here is a typical stacktrace this exception generates:

Exception in thread "main" java.lang.ExceptionInInitializerError
at javax.crypto.Cipher.getInstance(DashoA12275)
at javax.crypto.Cipher.getInstance(DashoA12275)
at org.wso2.wsf.common.tools.security.CryptoUtil.encrypt(CryptoUtil.java:74)
at org.wso2.wsf.common.tools.security.CryptoUtil.encryptAndBase64Encode(CryptoUtil.java:95)
at org.wso2.wsas.util.KeyStoreUtil.persistKeyStore(KeyStoreUtil.java:83)
at org.wso2.wsas.transport.jetty.HttpsTransportListener.start(HttpsTransportListener.java:100)
at org.apache.axis2.engine.ListenerManager.start(ListenerManager.java:126)
at org.wso2.wsas.ServerManager.initListenerManager(ServerManager.java:452)
at org.wso2.wsas.ServerManager.start(ServerManager.java:128)
at org.wso2.wsas.Main.startServer(Main.java:115)
at org.wso2.wsas.Main.main(Main.java:191)
 Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
at javax.crypto.SunJCE_b.(DashoA12275)
... 11 more
 Caused by: java.security.PrivilegedActionException:
java.security.InvalidKeyException: Public key presented not for certificate
signature
at java.security.AccessController.doPrivileged(Native Method)
... 12 more
 Caused by: java.security.InvalidKeyException: Public key presented not for certificate signature
at org.bouncycastle.jce.provider.X509CertificateObject.checkSignature(Unknown
Source)
at org.bouncycastle.jce.provider.X509CertificateObject.verify(Unknown
Source)
at javax.crypto.SunJCE_b.c(DashoA12275)
at javax.crypto.SunJCE_b.b(DashoA12275)
at javax.crypto.SunJCE_q.run(DashoA12275)
... 13 more

WSAS encrypts all passwords stored in its database. The security provider used by WSAS is BouncyCastleProvider. The JDK has to be configured to be able to pick up this provider.

Follow these steps to rectify this error:

  1. Locate the file $JAVA_HOME/jre/lib/security/java.security, open it in your favorite editor.
  2. Go to the section titled "List of providers and their preference orders"
  3. Add a new provider as follows: 
    security.provider.n=org.bouncycastle.jce.provider.BouncyCastleProvider

    where n = the location of the provider you just added. e.g.:

    security.provider.8=org.bouncycastle.jce.provider.BouncyCastleProvider

Also note that this error may occur on any JDK. If this happens, the fix is the same as mentioned in this document.

Applies To

1. WSO2 WSAS - versions 1.1 and higher

2. Sun Solaris operating system - any version

More Information

WSO2 WSAS How To Series

 

library project main code
Popular Content
Learn Cloud
Learn
Cloud

How to deploy a web application in StratosLive using Carbon Studio
The WSO2 Application Server is a reliable application server that can host your enterprise web applications. The WSO2 Application Server as a Service is offered in StratosLive, the WSO2 Platform as a Service. This article explains how a simple web application can be developed and deployed from Carbon Studio to the WSO2 Application Server...
more>

Latest Webinar
KPI definition with Business Activity Monitor 2.0
Different groups within an organization need to monitor different Key Performance Indicators (KPIs) - An operations team will be interested in the response times of business services and loads of each service,..
Thursday, February 9th 2012, 09.00 AM (PST)
Register Now!

Thursday, February 9th 2012, 10.00 AM (GMT)
Register Now!