Return-Path: Delivered-To: apmail-ws-axis-user-archive@www.apache.org Received: (qmail 86870 invoked from network); 15 Nov 2006 16:01:00 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 15 Nov 2006 16:01:00 -0000 Received: (qmail 17462 invoked by uid 500); 15 Nov 2006 16:00:58 -0000 Delivered-To: apmail-ws-axis-user-archive@ws.apache.org Received: (qmail 17449 invoked by uid 500); 15 Nov 2006 16:00:58 -0000 Mailing-List: contact axis-user-help@ws.apache.org; run by ezmlm Precedence: bulk Reply-To: axis-user@ws.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list axis-user@ws.apache.org Received: (qmail 17438 invoked by uid 99); 15 Nov 2006 16:00:58 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 15 Nov 2006 08:00:58 -0800 X-ASF-Spam-Status: No, hits=2.0 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: domain of yuvalkashtan@gmail.com designates 66.249.92.170 as permitted sender) Received: from [66.249.92.170] (HELO ug-out-1314.google.com) (66.249.92.170) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 15 Nov 2006 08:00:44 -0800 Received: by ug-out-1314.google.com with SMTP id j40so152299ugd for ; Wed, 15 Nov 2006 08:00:23 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:mime-version:to:subject:content-type; b=rwwSlBh4lcQGLksxjkq1+15vc9cc19oSateRy9dF8rMmDyx+56F1os885iV6lh5EUUcAIm3Bq42hYi1kL3POrRIrhFZ2aTbikzvoSsSpHfw65Kf+rp0d2B2afgV67A5LMG9ZGqyAWbJcIaKODDMr1ysmavMRJbrqK8sp0B9+HiM= Received: by 10.67.21.11 with SMTP id y11mr3162178ugi.1163606422461; Wed, 15 Nov 2006 08:00:22 -0800 (PST) Received: from ?10.0.0.14? ( [192.117.171.163]) by mx.google.com with ESMTP id u1sm1080183uge.2006.11.15.08.00.21; Wed, 15 Nov 2006 08:00:22 -0800 (PST) Message-ID: <455B3969.2040809@gmail.com> Date: Wed, 15 Nov 2006 17:59:37 +0200 From: Yuval Kashtan User-Agent: Thunderbird 1.5.0.7 (X11/20061004) MIME-Version: 1.0 To: axis-user@ws.apache.org Subject: Default SSL context init failed: SunX509 KeyManagerFacroty nor avilable on IBM JVM Content-Type: multipart/alternative; boundary="------------040901010907090908050405" X-Virus-Checked: Checked by ClamAV on apache.org --------------040901010907090908050405 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Hello, I have a java application which uses SSL (alongside other cryptography services). When executed in Sun JVM it works just fine. But when I try to execute on IBM JVM (AIX machine comes only with IBM JVM), I get the following error: appProceed com.trisixtysecurity.agent.tools.AgentRegister(581)java.net.SocketException: Default SSL context init failed: SunX509 KeyManagerFactory not available ->at org.apache.axis.AxisFault.makeFault(AxisFault.java:101) Caused by: java.net.SocketException: Default SSL context init failed: SunX509 KeyManagerFactory not available ->at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:5) ->at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:92) ->at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191) ->at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404) ->at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138) ->at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) ->at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) ->at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) ->at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165) ->at org.apache.axis.client.Call.invokeEngine(Call.java:2784) ->at org.apache.axis.client.Call.invoke(Call.java:2767) ->at org.apache.axis.client.Call.invoke(Call.java:2443) ->at org.apache.axis.client.Call.invoke(Call.java:2366) ->at org.apache.axis.client.Call.invoke(Call.java:1812) ->at com.trisixtysecurity.agent.amapi.AgentManagerServiceSoapStub.confirmRegsitration(AgentManagerServiceSoapStub. java:465) ->at com.trisixtysecurity.agent.tools.AgentRegister.appProceed(AgentRegister.java:542) ->at com.trisixtysecurity.agent.common.StdCommandLineApp.invoke(StdCommandLineApp.java:628) ->at com.trisixtysecurity.agent.common.StdCommandLineApp.mainRoutine(StdCommandLineApp.java:710) ->at com.trisixtysecurity.agent.tools.AgentRegister.main(AgentRegister.java:1166) some additional trace: Importing certificate serverSignCert.cer to truststore /opt/TriSixty/Agent/conf/security/hbTest/agentTrusted.pfx Imported certificate serverSignCert.cer to truststore /opt/TriSixty/Agent/conf/security/hbTest/agentTrusted.pfx X509KeyManager passed to SSLContext.init(): need an X509ExtendedKeyManager for SSLEngine use Installed Providers = IBMJSSE2 IBMJCE IBMJGSSProvider IBMCertPath IBMSASL JsseJCE: Using SecureRandom from provider IBMJCE version 1.2 trigger seeding of SecureRandom done seeding SecureRandom JsseJCE: Using cipher AES/CBC/NoPadding from provider IBMJCE version 1.2 export control - checking the cipher suites export control - no cached value available... export control - storing legal entry into cache... setting up default SSLSocketFactory use default IbmJSSE2 impl class: com.ibm.jsse2.SSLSocketFactoryImpl class com.ibm.jsse2.SSLSocketFactoryImpl is loaded init keymanager of type SunX509 Default SSL context init failed: java.security.NoSuchAlgorithmException: SunX509 KeyManagerFactory not available use dummy SSLSocketFactory due to java.lang.RuntimeException: Default SSL context init failed: SunX509 KeyManagerFac tory not available java.net.SocketException: Default SSL context init failed: SunX509 KeyManagerFactory not available The code does not include any reference to com.sun.* or sun.* (even though it used to). I am using a privatly developed KeyManager and the keystore files are all JKS format (I've tried also PKCS12 and JCEKS). Any ideas on how to solve it will really be appreciated. I would also be glad to hear from anyone who successfully used axis on IBM AIX. Also I've notices the following remark inside the code of org.apache.axis.components.net: ///** * SSL socket factory. It _requires_ a valid RSA key and * JSSE. (borrowed code from tomcat) * * THIS CODE STILL HAS DEPENDENCIES ON sun.* and com.sun.* * * @author Davanum Srinivas (dims@yahoo.com) */ //Which seems to indicate that maybe the problem is in the axis code? Thanks, Yuval Kashtan. --------------040901010907090908050405 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Hello,

I have a java application which uses SSL (alongside other cryptography services).

When executed in Sun JVM it works just fine.


But when I try to execute on IBM JVM (AIX machine comes only with IBM JVM),

I get the following error:

appProceed com.trisixtysecurity.agent.tools.AgentRegister(581)java.net.SocketExcepti= on:
=C2=A0Default SSL context init failed: SunX509 KeyManagerFactory not available
->at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
=C2=A0Caused by:=C2=A0 java.net.SocketException: Default SSL context init= failed: SunX509 KeyManagerFactory not available
=C2=A0 ->at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:= 5)
=C2=A0 ->at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory= =2Ejava:92)
=C2=A0 ->at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)<= br> =C2=A0 ->at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:4= 04)
=C2=A0 ->at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
= =C2=A0 ->at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.ja= va:32)
=C2=A0 ->at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:11= 8)
=C2=A0 ->at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) =C2=A0 ->at org.apache.axis.client.AxisClient.invoke(AxisClient.java:1= 65)
=C2=A0 ->at org.apache.axis.client.Call.invokeEngine(Call.java:2784) =C2=A0 ->at org.apache.axis.client.Call.invoke(Call.java:2767)
=C2=A0 ->at org.apache.axis.client.Call.invoke(Call.java:2443)
=C2=A0 ->at org.apache.axis.client.Call.invoke(Call.java:2366)
=C2=A0 ->at org.apache.axis.client.Call.invoke(Call.java:1812)
=C2=A0 ->at com.trisixtysecurity.agent.amapi.AgentManagerServiceSoapStub.confirmRegsi= tration(AgentManagerServiceSoapStub.
java:465)
=C2=A0 ->at com.trisixtysecurity.agent.tools.AgentRegister.appProceed(AgentRegister.j= ava:542)
=C2=A0 ->at com.trisixtysecurity.agent.common.StdCommandLineApp.invoke(StdCommandLine= App.java:628)
=C2=A0 ->at com.trisixtysecurity.agent.common.StdCommandLineApp.mainRoutine(StdComman= dLineApp.java:710)
=C2=A0 ->at com.trisixtysecurity.agent.tools.AgentRegister.main(AgentRegister.java:11= 66)


some additional trace:<= /p>

Importing certificate serverSignCert.cer to truststore /opt/TriSixty/Agent/conf/security/hbTest/agentTrusted.pfx
Imported certificate serverSignCert.cer to truststore /opt/TriSixty/Agent/conf/security/hbTest/agentTrusted.pfx
X509KeyManager passed to SSLContext.init():=C2=A0 need an X509ExtendedKeyManager for SSLEngine use
Installed Providers =3D
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 IBMJSSE2
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 IBMJCE
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 IBMJGSSProvider
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 IBMCertPath
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 IBMSASL
JsseJCE:=C2=A0 Using SecureRandom=C2=A0 from provider IBMJCE version 1.2<= br> trigger seeding of SecureRandom
done seeding SecureRandom
JsseJCE:=C2=A0 Using cipher AES/CBC/NoPadding from provider IBMJCE versio= n 1.2
export control - checking the cipher suites
export control - no cached value available...
export control - storing legal entry into cache...
setting up default SSLSocketFactory
use default IbmJSSE2 impl class: com.ibm.jsse2.SSLSocketFactoryImpl
class com.ibm.jsse2.SSLSocketFactoryImpl is loaded
init keymanager of type SunX509
Default SSL context init failed: java.security.NoSuchAlgorithmException: SunX509 KeyManagerFactory not available
use dummy SSLSocketFactory due to java.lang.RuntimeException: Default SSL context init failed: SunX509 KeyManagerFac
tory not available
java.net.SocketException: Default SSL context init failed: SunX509 KeyManagerFactory not available


The code does not include any reference to com.sun.* or sun.* (even though it used to).

=


I am using a privatly developed KeyManager and the keystore files are all JKS format (I've tried also PKCS12 and JCEKS).



Any ideas on how to solve it will really be appreciated.

I would also be glad to= hear from anyone who successfully used axis on IBM AIX.



Also I've notices the following remark inside the code of org.apache.axis.components.net:

/**
 * SSL socket factory. It _requires_ a valid RSA key and
 * JSSE. (borrowed code from tomcat)
 *=20
 * THIS CODE STILL HAS DEPENDENCIES ON sun.* and com.sun.*
 *
 * @author Davanum Srinivas (dims@yahoo.com)
 */

Which seems to indicate that maybe the problem is i=
n the axis code?


Thanks,
Yuval Kashtan.
--------------040901010907090908050405--