tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "SUBRAHMANYAM,VEENA (HP-MountainView,ex1)" <veena_subrahman...@hp.com>
Subject RE: Cannot set up certs for trusted CAs exception ( JCE and tomca t an d cocoon2.0)
Date Thu, 30 Aug 2001 20:06:21 GMT
Hi Costin,

I tried first setting "ReloadInterceptor fullReload="false" ", and then
tried bt taking that line out entirely.

Still the same exception.

I shall now try the openjce...

Thank you for all your help and suggestions.

I shall let you know how this goes..

:-)

Veena

-----Original Message-----
From: cmanolache@yahoo.com [mailto:cmanolache@yahoo.com]
Sent: Thursday, August 30, 2001 12:17 PM
To: SUBRAHMANYAM,VEENA (HP-MountainView,ex1)
Cc: 'tomcat-dev@jakarta.apache.org'
Subject: RE: Cannot set up certs for trusted CAs exception ( JCE and
tomca t an d cocoon2.0)


On Thu, 30 Aug 2001, SUBRAHMANYAM,VEENA (HP-MountainView,ex1) wrote:

>  2. I placed the  following line in the server.xml file.
>     <RequestInterceptor
> className="org.apache.tomcat.request.Jdk12Interceptor" /> (This is all I
> have to do, in order to add    the Jdk12Interceptor. Right?)

Yes.


> I installed the 3.3beta1 . I like it!! but No Luck ;-)

Thanks :-)


> It is a cocoon transformer. but the lines that are generateing the erro,
are
> lines 453 and on. (i.e)
>             Cipher cipherDes = Cipher.getInstance("DES/ECB/PKCS5Padding");
>             secretKeyDesKey =
KeyGenerator.getInstance("DES").generateKey();
>             cipherDes.init(Cipher.ENCRYPT_MODE, secretKeyDesKey);

Ok, so it seems javax.crypto.Cipher has problems getting an instance -
which is probably part of a crypto provider. My guess that it's related
with class loaders fails - if you indeed tried with the jar files in
jre/lib/ext, it should have found it.

Well, it may be something else - and if this is the case it may be hard to
fix.

Could you try again in 3.3, with ReloadInterceptor removed from
server.xml ?

If it sound strange, what this does is eliminate the DependClassLoader
that is used to collect dependencies for reloading, and leaves the webapp
to use the 'plain' URLClassLoader.

My guess is that we may have problems because the provider for JCE must be
signed, and DependClassLoader doesn't deal with signatures right now.

If this is the case, please let me know.

BTW, if it fails - I would go to openjce.org and try it with a debugger,
they seem to have a clean room impl. with source code. Looking at
their Cipher.java, I couldn't find anything related with jar signing - or
anything that would fail - so please try that one too.

Costin








> The exception is as follows:
>
----------------------------------------------------------------------------
> ------------
> Internal Servlet Error:
>
> java.lang.ExceptionInInitializerError: java.lang.SecurityException: Cannot
> set up certs for trusted CAs
> 	at javax.crypto.b.([DashoPro-V1.2-120198])
> 	at javax.crypto.Cipher.getInstance([DashoPro-V1.2-120198])
> 	at
>
org.apache.cocoon.transformation.XmlEncryptor.encryptElement(XMLEncryptionTr
> ansformer.java:453)
> 	at
>
org.apache.cocoon.transformation.XmlEncryptor.encryptChildNodes(XMLEncryptio
> nTransformer.java:335)
> 	at
>
org.apache.cocoon.transformation.XmlEncryptor.encrypt(XMLEncryptionTransform
> er.java:295)
> 	at
>
org.apache.cocoon.transformation.XMLEncryptionTransformer.endElement(XMLEncr
> yptionTransformer.java:154)
> 	at
> org.apache.xerces.parsers.SAXParser.endElement(SAXParser.java:1403)
> 	at
>
org.apache.xerces.validators.common.XMLValidator.callEndElement(XMLValidator
> .java:1436)
> 	at
>
org.apache.xerces.framework.XMLDocumentScanner$ContentDispatcher.dispatch(XM
> LDocumentScanner.java:1205)
> 	at
>
org.apache.xerces.framework.XMLDocumentScanner.parseSome(XMLDocumentScanner.
> java:381)
> 	at org.apache.xerces.framework.XMLParser.parse(XMLParser.java:1035)
> 	at
> org.apache.cocoon.components.parser.JaxpParser.parse(JaxpParser.java:72)
> 	at
>
org.apache.cocoon.generation.StreamGenerator.generate(StreamGenerator.java:1
> 09)
> 	at
>
org.apache.cocoon.components.pipeline.CachingEventPipeline.process(CachingEv
> entPipeline.java:217)
> 	at
>
org.apache.cocoon.components.pipeline.CachingStreamPipeline.process(CachingS
> treamPipeline.java:361)
> 	at
>
org.apache.cocoon.www.file_C_.jakarta_tomcat_3_3_b1.webapps.cocoon.sitemap_x
> map.wildcardMatchN4E6(sitemap_xmap.java:6262)
> 	at
>
org.apache.cocoon.www.file_C_.jakarta_tomcat_3_3_b1.webapps.cocoon.sitemap_x
> map.process(sitemap_xmap.java:2497)
> 	at
>
org.apache.cocoon.www.file_C_.jakarta_tomcat_3_3_b1.webapps.cocoon.sitemap_x
> map.process(sitemap_xmap.java:2103)
> 	at org.apache.cocoon.sitemap.Handler.process(Handler.java:160)
> 	at org.apache.cocoon.sitemap.Manager.invoke(Manager.java:103)
> 	at org.apache.cocoon.Cocoon.process(Cocoon.java:423)
> 	at
> org.apache.cocoon.servlet.CocoonServlet.service(CocoonServlet.java:507)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java)
>
>
>
>
>
>
> -----Original Message-----
> From: cmanolache@yahoo.com [mailto:cmanolache@yahoo.com]
> Sent: Wednesday, August 29, 2001 10:15 PM
> To: 'tomcat-dev@jakarta.apache.org'
> Cc: 'tec@orion.nsr.hp.com'
> Subject: Re: Cannot set up certs for trusted CAs exception ( JCE and
> tomcat an d cocoon2.0)
>
>
> Hi,
>
> Try to place JCE/JSSE in tomcat.home/lib, or even better in the
> jre/lib/ext - and see if this solved the problem. My guess - it's related
> to some code doing a Class.forName() instead of using the context class
> loader or the context loader is not set.( for 3.2.x you _must_ add the
> Jdk12Interceptor if you want the context class loader set. If you haven't
> - that should be the first step. )
>
> You could also try with 3.3beta1 - class loader has been completely
> redesigned and works pretty well now. I have no problems with JSSE ( I
> tested it today )
>
> Costin
>
>
>
> On Wed, 29 Aug 2001, SUBRAHMANYAM,VEENA (HP-MountainView,ex1) wrote:
>
> > Hi
> >
> > I have been experiencing some problems using JCE, in the tomcat
> environment.
> >
> > I am using tomcat 3.2.2, and JCE 1.2.1., xerces_1_4_1.jar, cocoon 2.0
...
> >
> > I am using JCE to encrypt and decrypt some XML docs. The program to
> encrypt
> > and decrypt works in standalone mode. But when it is run within the
> servlet
> > env, an "java.lang.SecurityException: Cannot set up certs for trusted
CAs"
> > exception is thrown at the the following lines of code:
> >  Cipher cipherDes = Cipher.getInstance("DES/ECB/PKCS5Padding");
> >  secretKeyDesKey = KeyGenerator.getInstance("DES").generateKey();
> >
> > (the detailed stack trace is pasted at the bottom of this email)
> >
> > I have found that this exception has been reported to be thrown, by
> various
> > people, in the tomcat archives, due to classloader hierarchy problems,
> > JarURLConnection / WARConnection clashes etc.
> > I have found emails that allude to a fix, if some set of these jars are
> > placed in the tomcat-home/lib dir instead of the
> > tomcat-home/webapps/cocoon/web-inf/lib dir, but have not been able to
> locate
> > further info....(my JCE 1.2.1 related jars, xerces.jar, etc are all in
the
> > tomcat-home/webapps/cocoon/web-inf/lib directory).
> >
> > I think this, or a flavor of this problem is a known bug in tomcat...
> >
> > Can someone, give me a workaround or a fix or a guestimate for the
> > resolution?
> >
> > Thanx in advance..
> >
> > Veena
> >
> > P.s:
> >  The exception I get is as follows:
> > ------------------------------------------------------------
> > 2001-08-29 07:09:13 - Ctx( /cocoon ): Exception in: R( /cocoon +
/request1
> +
> > null) - java.lang.ExceptionInInitializerError:
> java.lang.SecurityException:
> > Cannot set up certs for trusted CAs
> >         at javax.crypto.b.<clinit>([DashoPro-V1.2-120198])
> >         at javax.crypto.Cipher.getInstance([DashoPro-V1.2-120198])
> >         at
> >
>
org.apache.cocoon.transformation.XmlEncryptor.encryptElement(XMLEncryptionTr
> > ansformer.java:453)
> >         at
> >
>
org.apache.cocoon.transformation.XmlEncryptor.encryptChildNodes(XMLEncryptio
> > nTransformer.java:335)
> >         at
> >
>
org.apache.cocoon.transformation.XmlEncryptor.encrypt(XMLEncryptionTransform
> > er.java:295)
> >         at
> >
>
org.apache.cocoon.transformation.XMLEncryptionTransformer.endElement(XMLEncr
> > yptionTransformer.java:154)
> >         at
> > org.apache.xerces.parsers.SAXParser.endElement(SAXParser.java:1403)
> >         at
> >
>
org.apache.xerces.validators.common.XMLValidator.callEndElement(XMLValidator
> > .java:1385)
> >         at
> >
>
org.apache.xerces.framework.XMLDocumentScanner$ContentDispatcher.dispatch(XM
> > LDocumentScanner.java:1205)
> >         at
> >
>
org.apache.xerces.framework.XMLDocumentScanner.parseSome(XMLDocumentScanner.
> > java:381)
> >         at
org.apache.xerces.framework.XMLParser.parse(XMLParser.java:952)
> >         at
> > org.apache.cocoon.components.parser.JaxpParser.parse(JaxpParser.java:72)
> >         at
> >
>
org.apache.cocoon.generation.StreamGenerator.generate(StreamGenerator.java:1
> > 09)......
> >
> > ----------------------------------------
> >
> >
>
>

Mime
View raw message