RE: Cannot set up certs for trusted CAs exception ( JCE and tomcat an d cocoon2.0)

Ignacio J. Ortega Thu, 30 Aug 2001 11:50:00 -0700
Hola Veena:

Are you sure you only place 1 copy of the jars when doing your tests?
That is if you trying to test if works in web-inf, you clean the other
copies in ext/lib and tomcat/lib etc, right ?

THis is a popular topic, just searched and it seems people are getting
this problem in various environments, with various JCE providers!! , no
solutions found...

I think we are facing some kind of "sealing violation bug" here.., some
comments point out that Sun JCE cannot be used with unsigned providers
..

Saludos ,
Ignacio J. Ortega


> -----Mensaje original-----
> De: SUBRAHMANYAM,VEENA (HP-MountainView,ex1)
> [mailto:[EMAIL PROTECTED]]
> Enviado el: jueves 30 de agosto de 2001 20:14
> Para: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'
> Asunto: RE: Cannot set up certs for trusted CAs exception ( JCE and
> tomcat an d cocoon2.0)
> 
> 
> I tried out your  following suggestions on tomcat 3.2.2 - No luck ;-)
>  1. I placed the JCE1.2.1.jar and the jce-provider.jar the 
> tomcat.home/lib,
> and jre/lib/ext, and the webInf/dir.- No luck
>  2. I placed the  following line in the server.xml file.
>     <RequestInterceptor
> className="org.apache.tomcat.request.Jdk12Interceptor" /> 
> (This is all I
> have to do, in order to add    the Jdk12Interceptor. Right?)
>  3. My classpath and path point to jdk1.3 properly.
> 
> I installed the 3.3beta1 . I like it!! but No Luck ;-)
>  1. Since I need to run Cocoon, I replaced the jaxp.jar, and 
> Crimson.jar
> with the xerces.jar.
>  2. All my jars are in web-inf  - no luck
>  3. copied the 2 jce jars and xerces into tomcat /lib and 
> into jre/lib/ext -
> no luck
> 
> Help!!
> 
> Thanx
> :-)
> 
> Veena
> 
> P.S: I don't know if you are interested in scanning the code, but I am
> attaching it just in case....
> It is a cocoon transformer. but the lines that are 
> generateing the erro, are
> lines 453 and on. (i.e)
>             Cipher cipherDes = 
> Cipher.getInstance("DES/ECB/PKCS5Padding");
>             secretKeyDesKey = 
> KeyGenerator.getInstance("DES").generateKey();
>             cipherDes.init(Cipher.ENCRYPT_MODE, secretKeyDesKey);
> 
> 
> The exception is as follows: 
> --------------------------------------------------------------
> --------------
> ------------
> Internal Servlet Error:
> 
> java.lang.ExceptionInInitializerError: 
> java.lang.SecurityException: Cannot
> set up certs for trusted CAs
>       at javax.crypto.b.([DashoPro-V1.2-120198])
>       at javax.crypto.Cipher.getInstance([DashoPro-V1.2-120198])
>       at
> org.apache.cocoon.transformation.XmlEncryptor.encryptElement(X
> MLEncryptionTr
> ansformer.java:453)
>       at
> org.apache.cocoon.transformation.XmlEncryptor.encryptChildNode
> s(XMLEncryptio
> nTransformer.java:335)
>       at
> org.apache.cocoon.transformation.XmlEncryptor.encrypt(XMLEncry
> ptionTransform
> er.java:295)
>       at
> org.apache.cocoon.transformation.XMLEncryptionTransformer.endE
> lement(XMLEncr
> yptionTransformer.java:154)
>       at
> org.apache.xerces.parsers.SAXParser.endElement(SAXParser.java:1403)
>       at
> org.apache.xerces.validators.common.XMLValidator.callEndElemen
> t(XMLValidator
> .java:1436)
>       at
> org.apache.xerces.framework.XMLDocumentScanner$ContentDispatch
> er.dispatch(XM
> LDocumentScanner.java:1205)
>       at
> org.apache.xerces.framework.XMLDocumentScanner.parseSome(XMLDo
> cumentScanner.
> java:381)
>       at 
> org.apache.xerces.framework.XMLParser.parse(XMLParser.java:1035)
>       at
> org.apache.cocoon.components.parser.JaxpParser.parse(JaxpParse
> r.java:72)
>       at
> org.apache.cocoon.generation.StreamGenerator.generate(StreamGe
> nerator.java:1
> 09)
>       at
> org.apache.cocoon.components.pipeline.CachingEventPipeline.pro
> cess(CachingEv
> entPipeline.java:217)
>       at
> org.apache.cocoon.components.pipeline.CachingStreamPipeline.pr
> ocess(CachingS
> treamPipeline.java:361)
>       at
> org.apache.cocoon.www.file_C_.jakarta_tomcat_3_3_b1.webapps.co
> coon.sitemap_x
> map.wildcardMatchN4E6(sitemap_xmap.java:6262)
>       at
> org.apache.cocoon.www.file_C_.jakarta_tomcat_3_3_b1.webapps.co
> coon.sitemap_x
> map.process(sitemap_xmap.java:2497)
>       at
> org.apache.cocoon.www.file_C_.jakarta_tomcat_3_3_b1.webapps.co
> coon.sitemap_x
> map.process(sitemap_xmap.java:2103)
>       at org.apache.cocoon.sitemap.Handler.process(Handler.java:160)
>       at org.apache.cocoon.sitemap.Manager.invoke(Manager.java:103)
>       at org.apache.cocoon.Cocoon.process(Cocoon.java:423)
>       at
> org.apache.cocoon.servlet.CocoonServlet.service(CocoonServlet.
> java:507)
>       at javax.servlet.http.HttpServlet.service(HttpServlet.java)
> 
> 
> 
>  
> 
> 
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, August 29, 2001 10:15 PM
> To: '[EMAIL PROTECTED]'
> Cc: '[EMAIL PROTECTED]'
> Subject: Re: Cannot set up certs for trusted CAs exception ( JCE and
> tomcat an d cocoon2.0)
> 
> 
> Hi,
> 
> Try to place JCE/JSSE in tomcat.home/lib, or even better in the
> jre/lib/ext - and see if this solved the problem. My guess - 
> it's related
> to some code doing a Class.forName() instead of using the 
> context class
> loader or the context loader is not set.( for 3.2.x you _must_ add the
> Jdk12Interceptor if you want the context class loader set. If 
> you haven't
> - that should be the first step. )
> 
> You could also try with 3.3beta1 - class loader has been completely
> redesigned and works pretty well now. I have no problems with JSSE ( I
> tested it today )
> 
> Costin
> 
> 
> 
> On Wed, 29 Aug 2001, SUBRAHMANYAM,VEENA (HP-MountainView,ex1) wrote:
> 
> > Hi
> >
> > I have been experiencing some problems using JCE, in the tomcat
> environment.
> >
> > I am using tomcat 3.2.2, and JCE 1.2.1., xerces_1_4_1.jar, 
> cocoon 2.0 ...
> >
> > I am using JCE to encrypt and decrypt some XML docs. The program to
> encrypt
> > and decrypt works in standalone mode. But when it is run within the
> servlet
> > env, an "java.lang.SecurityException: Cannot set up certs 
> for trusted CAs"
> > exception is thrown at the the following lines of code:
> >  Cipher cipherDes = Cipher.getInstance("DES/ECB/PKCS5Padding");
> >  secretKeyDesKey = KeyGenerator.getInstance("DES").generateKey();
> >
> > (the detailed stack trace is pasted at the bottom of this email)
> >
> > I have found that this exception has been reported to be thrown, by
> various
> > people, in the tomcat archives, due to classloader 
> hierarchy problems,
> > JarURLConnection / WARConnection clashes etc.
> > I have found emails that allude to a fix, if some set of 
> these jars are
> > placed in the tomcat-home/lib dir instead of the
> > tomcat-home/webapps/cocoon/web-inf/lib dir, but have not 
> been able to
> locate
> > further info....(my JCE 1.2.1 related jars, xerces.jar, etc 
> are all in the
> > tomcat-home/webapps/cocoon/web-inf/lib directory).
> >
> > I think this, or a flavor of this problem is a known bug in 
> tomcat...
> >
> > Can someone, give me a workaround or a fix or a guestimate for the
> > resolution?
> >
> > Thanx in advance..
> >
> > Veena
> >
> > P.s:
> >  The exception I get is as follows:
> > ------------------------------------------------------------
> > 2001-08-29 07:09:13 - Ctx( /cocoon ): Exception in: R( 
> /cocoon + /request1
> +
> > null) - java.lang.ExceptionInInitializerError:
> java.lang.SecurityException:
> > Cannot set up certs for trusted CAs
> >         at javax.crypto.b.<clinit>([DashoPro-V1.2-120198])
> >         at javax.crypto.Cipher.getInstance([DashoPro-V1.2-120198])
> >         at
> >
> org.apache.cocoon.transformation.XmlEncryptor.encryptElement(X
> MLEncryptionTr
> > ansformer.java:453)
> >         at
> >
> org.apache.cocoon.transformation.XmlEncryptor.encryptChildNode
> s(XMLEncryptio
> > nTransformer.java:335)
> >         at
> >
> org.apache.cocoon.transformation.XmlEncryptor.encrypt(XMLEncry
> ptionTransform
> > er.java:295)
> >         at
> >
> org.apache.cocoon.transformation.XMLEncryptionTransformer.endE
> lement(XMLEncr
> > yptionTransformer.java:154)
> >         at
> > org.apache.xerces.parsers.SAXParser.endElement(SAXParser.java:1403)
> >         at
> >
> org.apache.xerces.validators.common.XMLValidator.callEndElemen
> t(XMLValidator
> > .java:1385)
> >         at
> >
> org.apache.xerces.framework.XMLDocumentScanner$ContentDispatch
> er.dispatch(XM
> > LDocumentScanner.java:1205)
> >         at
> >
> org.apache.xerces.framework.XMLDocumentScanner.parseSome(XMLDo
> cumentScanner.
> > java:381)
> >         at 
> org.apache.xerces.framework.XMLParser.parse(XMLParser.java:952)
> >         at
> > 
> org.apache.cocoon.components.parser.JaxpParser.parse(JaxpParse
> r.java:72)
> >         at
> >
> org.apache.cocoon.generation.StreamGenerator.generate(StreamGe
> nerator.java:1
> > 09)......
> >
> > ----------------------------------------
> >
> >
> 
>
RE: Cannot set up certs for trusted CAs exception ( JCE and tomcat an d cocoon2.0)

Reply via email to
