Forcing a security prodiver to be 'trusted'
0 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Christopher_Schultz
Posted On:   Thursday, October 31, 2002 07:30 AM

I am working on an application that is being ported from JDK 1.3 to 1.4. We were using the old JCE provided by Sun as an add-on with a third-party security provider, ABA. Now that we have moved to JDK 1.4, I'm having trouble getting the ABA provider to work. I have tried to use the default providers that came with the new JDK, but their DES dialect is slightly different than that of the ABA provider. Here is the exception that I get: java.lang.ExceptionInInitializerError at Crypt.main(Crypt.java:26) Caused by: java.lang.RuntimeException: java.lang.SecurityException: The provider ABA may not be signed by a trusted party at com.nsi.imagecafe.core.util.EncryptionUtil.    More>>

I am working on an application that is being ported from JDK 1.3 to 1.4. We were using the old JCE provided by Sun as an add-on with a third-party security provider, ABA.



Now that we have moved to JDK 1.4, I'm having trouble getting the ABA provider to work. I have tried to use the default providers that came with the new JDK, but their DES dialect is slightly different than that of the ABA provider.



Here is the exception that I get:



			
java.lang.ExceptionInInitializerError
at Crypt.main(Crypt.java:26)
Caused by: java.lang.RuntimeException: java.lang.SecurityException:
The provider ABA may not be signed by a trusted party
at com.nsi.imagecafe.core.util.EncryptionUtil. (EncryptionUtil.java:145)
... 1 more


I've tried adding the ABAProvider class to the list of providers in the java.security file. Placing that provider as the primary provider causes all kilds of havoc in the JDK:



			
java.lang.ExceptionInInitializerError
at javax.crypto.SecretKeyFactory.getInstance(DashoA6275)
at com.nsi.imagecafe.core.util.EncryptionUtil. (EncryptionUtil.java:121)
at Crypt.main(Crypt.java:26)
Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
at javax.crypto.SunJCE_b. (DashoA6275)
... 3 more


Placing that provider as the last provider in the list seems to have no effect, as I get the same exception.



Does anyone have any ideas about how to force the JDK to 'trust' thie provider?



This FAQ entry suggests that the JAR file must be signed by Sun or IBM in order to use it. Is that accurate? Is there any way to relax security settings that make it impossible for me to use my own security provider?



Any help would be greatly appreciated.



-chris
   <<Less
About | Sitemap | Contact