JDK15: Cipher.getInstance throws UnsupportedOperationException

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

JDK15: Cipher.getInstance throws UnsupportedOperationException

Niels Cölle
Hello,

are there any known restrictions in the JCE implementation of  
jdk-1.5.0p2_1?

If I use the native jdk15 I get the Exception below. On other platforms my  
code works:
        - FreeBSD linux-jdk15
  - Windows XP jdk1.5.0_05
        - RedHat EE 3.x jdk1.5.0_05
        - Solaris 8 jdk1.5.0_05
        - Solaris 9 jdk1.5.0_05

I checked jce.jar with jarsigner -verify : OK.
I installed the jce_policy files for 1.5.0 : failed.
I replaced the jce.jar and the security directory with files from one of  
the working platforms : failed (of course?)

Maybe I am searching in the wrong direction, but if I formerly got these  
"java.lang.SecurityException: Cannot set up certs for trusted CAs" errors,  
there was something wrong with the certificates/signatures/policy in  
jre/lib jre/lib/security.
Has anybody new ideas?

Thanks in advance
Niels

java.lang.ExceptionInInitializerError
        at javax.crypto.Cipher.getInstance(DashoA12275)
        at javax.crypto.Cipher.getInstance(DashoA12275)
        at com.coelle_online.Token.init(IAIKToken.java:253)
        at com.coelle_online.GenerateMasterKey.run(GenerateMasterKey.java:59)
        at com.coelle_online.GenerateMasterKey.main(GenerateMasterKey.java:91)
Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
        at javax.crypto.SunJCE_b.<clinit>(DashoA12275)
        ... 5 more
Caused by: java.lang.UnsupportedOperationException
        at  
java.security.cert.CertificateFactorySpi.engineGenerateCertPath(CertificateFactorySpi.java:162)
        at  
java.security.cert.CertificateFactory.generateCertPath(CertificateFactory.java:353)
        at  
sun.security.util.SignatureFileVerifier.getSigners(SignatureFileVerifier.java:464)
        at  
sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:208)
        at  
sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:176)
        at java.util.jar.JarVerifier.processEntry(JarVerifier.java:282)
        at java.util.jar.JarVerifier.update(JarVerifier.java:194)
        at java.util.jar.JarFile.initializeVerifier(JarFile.java:317)
        at java.util.jar.JarFile.getInputStream(JarFile.java:382)
        at  
sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:119)
        at javax.crypto.SunJCE_d.a(DashoA12275)
        at javax.crypto.SunJCE_b.g(DashoA12275)
        at javax.crypto.SunJCE_b.e(DashoA12275)
        at javax.crypto.SunJCE_q.run(DashoA12275)
        at java.security.AccessController.doPrivileged(Native Method)
        ... 6 more
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-java
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: JDK15: Cipher.getInstance throws UnsupportedOperationException

Panagiotis Astithas
Niels Cölle wrote:

> Hello,
>
> are there any known restrictions in the JCE implementation of  
> jdk-1.5.0p2_1?
>
> If I use the native jdk15 I get the Exception below. On other platforms
> my  code works:
>     - FreeBSD linux-jdk15
>      - Windows XP jdk1.5.0_05
>     - RedHat EE 3.x jdk1.5.0_05
>     - Solaris 8 jdk1.5.0_05
>     - Solaris 9 jdk1.5.0_05
>
> I checked jce.jar with jarsigner -verify : OK.
> I installed the jce_policy files for 1.5.0 : failed.
> I replaced the jce.jar and the security directory with files from one
> of  the working platforms : failed (of course?)
>
> Maybe I am searching in the wrong direction, but if I formerly got
> these  "java.lang.SecurityException: Cannot set up certs for trusted
> CAs" errors,  there was something wrong with the
> certificates/signatures/policy in  jre/lib jre/lib/security.
> Has anybody new ideas?
>
> Thanks in advance
> Niels
>
> java.lang.ExceptionInInitializerError
>     at javax.crypto.Cipher.getInstance(DashoA12275)
>     at javax.crypto.Cipher.getInstance(DashoA12275)
>     at com.coelle_online.Token.init(IAIKToken.java:253)
>     at com.coelle_online.GenerateMasterKey.run(GenerateMasterKey.java:59)
>     at com.coelle_online.GenerateMasterKey.main(GenerateMasterKey.java:91)
> Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
>     at javax.crypto.SunJCE_b.<clinit>(DashoA12275)
>     ... 5 more
> Caused by: java.lang.UnsupportedOperationException
>     at  
> java.security.cert.CertificateFactorySpi.engineGenerateCertPath(CertificateFactorySpi.java:162)
>
>     at  
> java.security.cert.CertificateFactory.generateCertPath(CertificateFactory.java:353)
>
>     at  
> sun.security.util.SignatureFileVerifier.getSigners(SignatureFileVerifier.java:464)
>
>     at  
> sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:208)
>
>     at  
> sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:176)
>
>     at java.util.jar.JarVerifier.processEntry(JarVerifier.java:282)
>     at java.util.jar.JarVerifier.update(JarVerifier.java:194)
>     at java.util.jar.JarFile.initializeVerifier(JarFile.java:317)
>     at java.util.jar.JarFile.getInputStream(JarFile.java:382)
>     at  
> sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:119)
>
>     at javax.crypto.SunJCE_d.a(DashoA12275)
>     at javax.crypto.SunJCE_b.g(DashoA12275)
>     at javax.crypto.SunJCE_b.e(DashoA12275)
>     at javax.crypto.SunJCE_q.run(DashoA12275)
>     at java.security.AccessController.doPrivileged(Native Method)
>     ... 6 more

Have you replaced the installed cacerts file with the one from a working
Sun JDK (say Linux)? You can find the installed file in
/usr/local/jdk1.5.0/jre/lib/security/cacerts.

Cheers,
Panagiotis
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-java
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: JDK15: Cipher.getInstance throws UnsupportedOperationException

Niels Cölle
Hello Panagiotis,

> Have you replaced the installed cacerts file with the one from a working
> Sun JDK (say Linux)? You can find the installed file in
> /usr/local/jdk1.5.0/jre/lib/security/cacerts.

Yes, but it did not resolve the problem.

May be it is a problem with name of the algorithm:
I do
Cipher mAesCipher = Cipher.getInstance(AES_ALGORITHM);

where AES_ALGORITHM is:
public static final String AES_ALGORITHM = "AES/CBC/NoPadding";

Security.getProviders gets
[IAIK, SUN version 1.5, SunRsaSign version 1.5, SunJSSE version 1.5, SunJCE
version 1.5, SunJGSS version 1.0, SunSASL version 1.5]

cu
Niels
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-java
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: JDK15: Cipher.getInstance throws UnsupportedOperationException

Panagiotis Astithas
Niels Cölle wrote:

> Hello Panagiotis,
>
>
>>Have you replaced the installed cacerts file with the one from a working
>>Sun JDK (say Linux)? You can find the installed file in
>>/usr/local/jdk1.5.0/jre/lib/security/cacerts.
>
>
> Yes, but it did not resolve the problem.
>
> May be it is a problem with name of the algorithm:
> I do
> Cipher mAesCipher = Cipher.getInstance(AES_ALGORITHM);
>
> where AES_ALGORITHM is:
> public static final String AES_ALGORITHM = "AES/CBC/NoPadding";
>
> Security.getProviders gets
> [IAIK, SUN version 1.5, SunRsaSign version 1.5, SunJSSE version 1.5, SunJCE
> version 1.5, SunJGSS version 1.0, SunSASL version 1.5]

Could you post a small example program that demonstrates the issue? That
would help a lot, I think.

Cheers,
Panagiotis
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-java
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: JDK15: Cipher.getInstance throws UnsupportedOperationException

Niels Cölle
Hello Panagiotis,

> Could you post a small example program that demonstrates the issue? That
> would help a lot, I think.

I think, I found the problem. We are using the IAIK-Provider. If it is
inserted at the first position, the exception is thrown. If it is added as
last Provider, the test works (See my example below).

I am not sure if it is a problem of the IAIK Provider or the JDK. On the
other platforms I mentioned, the code works with IAIK as the first provider
in the list. Without the strong encryption policy! Setting the strong
encryption policy for jdk15 does not help... Strange.

Thanks.
Niels

*** snip ***
import iaik.security.provider.IAIK;

import java.security.GeneralSecurityException;
import java.security.Provider;
import java.security.Security;

import javax.crypto.Cipher;

import org.apache.log4j.BasicConfigurator;
import org.apache.log4j.Logger;

public class TokenTest {
    //
-------------------------------------------------------------------------
    // ATTRIBUTES
    //
-------------------------------------------------------------------------
    public static final String AES_ALGORITHM = "AES/CBC/NoPadding";

    // Token attributes
    private static Logger mLog = null;

    private Cipher mAesCipher;

    /**
     * Constructor, which adds the IAIK Provider at the end of the provider
     * list.
     *
     * @throws Exception
     *             If anything goes wrong, thrown an exception.
     */
    public TokenTest() throws Exception {
        init(false);
    }

    /**
     * Constructor which puts the IAIK Provider at the end or beginning of
the
     * provider list.
     *
     * @param pInsertProvider
     *            <code>true</code> puts the provider at position 1 of the
     *            provider list; <code>false</code> adds the provider at the
     *            end of the provider list.
     * @throws Exception
     *             If anything goes wrong, thrown an exception.
     */
    public TokenTest(final boolean pInsertProvider) throws Exception {
        init(pInsertProvider);
    }

    public Cipher getAesCipher() {
        return mAesCipher;
    }

    /**
     * Does the initialization of the TokenTest. It adds the IAIK Provider
to
     * the provider list and creates an AES-Cipher.
     *
     * @param pInsertProvider
     *            <code>true</code> puts the provider at position 1 of the
     *            provider list; <code>false</code> adds the provider at the
     *            end of the provider list.
     * @throws Exception
     *             If anything goes wrong, thrown an exception.
     */
    private void init(boolean pInsertProvider) throws Exception {
        mLog.debug("Function -init- called");

        // Check, if the IAIK Provider is already in the provider list. If
so,
        // remove it.
        String providerName = (new IAIK()).getName();
        Provider[] aprovider = Security.getProviders();
        for (int i = 0; i < aprovider.length; i++) {
            Provider provider = aprovider[i];
            if (provider.getName().equals(providerName)) {
                mLog.info("Removing provider '" + providerName + "'");
                Security.removeProvider(providerName);
            }
        }
       
        // Add the IAIK provider to the provider list depending on
        // pInsertProvider.
        mLog.info("Adding IAIK Provider as default");
        if (pInsertProvider) {
            Security.insertProviderAt(new IAIK(), 1);
        } else {
            Security.addProvider(new IAIK());
        }

        // Create the AES-Cipher
        try {
            mAesCipher = Cipher.getInstance(AES_ALGORITHM);
        } catch (GeneralSecurityException e) {
            mLog.error("Error getting AES cipher object: " +
e.getMessage());
            throw new Exception("Error getting AES cipher object: "
                    + e.getMessage());
        }
        // Debug
        mLog.debug("Token object initialized");
    }

    public static void main(String pArgs[]) {
        // Configure Log4J logging without a properties file.
        mLog = Logger.getLogger("TokenTest");
        BasicConfigurator.configure();

        // Do the test.
        try {
            // TokenTest(false) works fine, TokenTest(true) throws an
exception.
            TokenTest TokenError = new TokenTest(false);
            // TokenTest TokenError = new TokenTest(true);
            mLog.info("Using " + TokenError.getAesCipher().getAlgorithm());
        } catch (Throwable t) {
            mLog.fatal("An exception was thrown: ", t);
        }

        mLog.info("Finished.");
    }
}
*** snap ***

--
Niels Cölle
Hauptstr. 30
85586 Poing
+49-(0)8121-71620
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-java
To unsubscribe, send any mail to "[hidden email]"