Published on WSO2 Oxygen Tank (http://wso2.org)

How to Rectify the Security Error that Occurs when WSAS is Started on Sun Solaris?

By afkham_azeez
Created 2007-10-17 21:41

There have been many reports about a security encryption error when WSO2 WSAS is deployed on Sun Solaris. This error shows up when you start up WSAS on a Solaris box. However, this error is related to the default security configuration for the JDK installed on Sun Solaris.

Here is a typical stacktrace this exception generates:

Exception in thread "main" java.lang.ExceptionInInitializerError
at javax.crypto.Cipher.getInstance(DashoA12275)
at javax.crypto.Cipher.getInstance(DashoA12275)
at org.wso2.wsf.common.tools.security.CryptoUtil.encrypt(CryptoUtil.java:74)
at org.wso2.wsf.common.tools.security.CryptoUtil.encryptAndBase64Encode(CryptoUtil.java:95)
at org.wso2.wsas.util.KeyStoreUtil.persistKeyStore(KeyStoreUtil.java:83)
at org.wso2.wsas.transport.jetty.HttpsTransportListener.start(HttpsTransportListener.java:100)
at org.apache.axis2.engine.ListenerManager.start(ListenerManager.java:126)
at org.wso2.wsas.ServerManager.initListenerManager(ServerManager.java:452)
at org.wso2.wsas.ServerManager.start(ServerManager.java:128)
at org.wso2.wsas.Main.startServer(Main.java:115)
at org.wso2.wsas.Main.main(Main.java:191)
 Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
at javax.crypto.SunJCE_b.(DashoA12275)
... 11 more
 Caused by: java.security.PrivilegedActionException:
java.security.InvalidKeyException: Public key presented not for certificate
signature
at java.security.AccessController.doPrivileged(Native Method)
... 12 more
 Caused by: java.security.InvalidKeyException: Public key presented not for certificate signature
at org.bouncycastle.jce.provider.X509CertificateObject.checkSignature(Unknown
Source)
at org.bouncycastle.jce.provider.X509CertificateObject.verify(Unknown
Source)
at javax.crypto.SunJCE_b.c(DashoA12275)
at javax.crypto.SunJCE_b.b(DashoA12275)
at javax.crypto.SunJCE_q.run(DashoA12275)
... 13 more

WSAS encrypts all passwords stored in its database. The security provider used by WSAS is BouncyCastleProvider. The JDK has to be configured to be able to pick up this provider.

Follow these steps to rectify this error:

  1. Locate the file $JAVA_HOME/jre/lib/security/java.security, open it in your favorite editor.
  2. Go to the section titled "List of providers and their preference orders"
  3. Add a new provider as follows: 
    security.provider.n=org.bouncycastle.jce.provider.BouncyCastleProvider

    where n = the location of the provider you just added. e.g.:

    security.provider.8=org.bouncycastle.jce.provider.BouncyCastleProvider

Also note that this error may occur on any JDK. If this happens, the fix is the same as mentioned in this document.

Applies To

1. WSO2 WSAS - versions 1.1 and higher

2. Sun Solaris operating system - any version

More Information

WSO2 WSAS How To Series [0]

 

Source URL:
http://wso2.org/library/2731