Hi Costin, I tried first setting "ReloadInterceptor fullReload="false" ", and then tried bt taking that line out entirely. Still the same exception. I shall now try the openjce... Thank you for all your help and suggestions. I shall let you know how this goes.. :-) Veena -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 30, 2001 12:17 PM To: SUBRAHMANYAM,VEENA (HP-MountainView,ex1) Cc: '[EMAIL PROTECTED]' Subject: RE: Cannot set up certs for trusted CAs exception ( JCE and tomca t an d cocoon2.0) On Thu, 30 Aug 2001, SUBRAHMANYAM,VEENA (HP-MountainView,ex1) wrote: > 2. I placed the following line in the server.xml file. > <RequestInterceptor > className="org.apache.tomcat.request.Jdk12Interceptor" /> (This is all I > have to do, in order to add the Jdk12Interceptor. Right?) Yes. > I installed the 3.3beta1 . I like it!! but No Luck ;-) Thanks :-) > It is a cocoon transformer. but the lines that are generateing the erro, are > lines 453 and on. (i.e) > Cipher cipherDes = Cipher.getInstance("DES/ECB/PKCS5Padding"); > secretKeyDesKey = KeyGenerator.getInstance("DES").generateKey(); > cipherDes.init(Cipher.ENCRYPT_MODE, secretKeyDesKey); Ok, so it seems javax.crypto.Cipher has problems getting an instance - which is probably part of a crypto provider. My guess that it's related with class loaders fails - if you indeed tried with the jar files in jre/lib/ext, it should have found it. Well, it may be something else - and if this is the case it may be hard to fix. Could you try again in 3.3, with ReloadInterceptor removed from server.xml ? If it sound strange, what this does is eliminate the DependClassLoader that is used to collect dependencies for reloading, and leaves the webapp to use the 'plain' URLClassLoader. My guess is that we may have problems because the provider for JCE must be signed, and DependClassLoader doesn't deal with signatures right now. If this is the case, please let me know. BTW, if it fails - I would go to openjce.org and try it with a debugger, they seem to have a clean room impl. with source code. Looking at their Cipher.java, I couldn't find anything related with jar signing - or anything that would fail - so please try that one too. Costin > The exception is as follows: > ---------------------------------------------------------------------------- > ------------ > Internal Servlet Error: > > java.lang.ExceptionInInitializerError: java.lang.SecurityException: Cannot > set up certs for trusted CAs > at javax.crypto.b.([DashoPro-V1.2-120198]) > at javax.crypto.Cipher.getInstance([DashoPro-V1.2-120198]) > at > org.apache.cocoon.transformation.XmlEncryptor.encryptElement(XMLEncryptionTr > ansformer.java:453) > at > org.apache.cocoon.transformation.XmlEncryptor.encryptChildNodes(XMLEncryptio > nTransformer.java:335) > at > org.apache.cocoon.transformation.XmlEncryptor.encrypt(XMLEncryptionTransform > er.java:295) > at > org.apache.cocoon.transformation.XMLEncryptionTransformer.endElement(XMLEncr > yptionTransformer.java:154) > at > org.apache.xerces.parsers.SAXParser.endElement(SAXParser.java:1403) > at > org.apache.xerces.validators.common.XMLValidator.callEndElement(XMLValidator > .java:1436) > at > org.apache.xerces.framework.XMLDocumentScanner$ContentDispatcher.dispatch(XM > LDocumentScanner.java:1205) > at > org.apache.xerces.framework.XMLDocumentScanner.parseSome(XMLDocumentScanner. > java:381) > at org.apache.xerces.framework.XMLParser.parse(XMLParser.java:1035) > at > org.apache.cocoon.components.parser.JaxpParser.parse(JaxpParser.java:72) > at > org.apache.cocoon.generation.StreamGenerator.generate(StreamGenerator.java:1 > 09) > at > org.apache.cocoon.components.pipeline.CachingEventPipeline.process(CachingEv > entPipeline.java:217) > at > org.apache.cocoon.components.pipeline.CachingStreamPipeline.process(CachingS > treamPipeline.java:361) > at > org.apache.cocoon.www.file_C_.jakarta_tomcat_3_3_b1.webapps.cocoon.sitemap_x > map.wildcardMatchN4E6(sitemap_xmap.java:6262) > at > org.apache.cocoon.www.file_C_.jakarta_tomcat_3_3_b1.webapps.cocoon.sitemap_x > map.process(sitemap_xmap.java:2497) > at > org.apache.cocoon.www.file_C_.jakarta_tomcat_3_3_b1.webapps.cocoon.sitemap_x > map.process(sitemap_xmap.java:2103) > at org.apache.cocoon.sitemap.Handler.process(Handler.java:160) > at org.apache.cocoon.sitemap.Manager.invoke(Manager.java:103) > at org.apache.cocoon.Cocoon.process(Cocoon.java:423) > at > org.apache.cocoon.servlet.CocoonServlet.service(CocoonServlet.java:507) > at javax.servlet.http.HttpServlet.service(HttpServlet.java) > > > > > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, August 29, 2001 10:15 PM > To: '[EMAIL PROTECTED]' > Cc: '[EMAIL PROTECTED]' > Subject: Re: Cannot set up certs for trusted CAs exception ( JCE and > tomcat an d cocoon2.0) > > > Hi, > > Try to place JCE/JSSE in tomcat.home/lib, or even better in the > jre/lib/ext - and see if this solved the problem. My guess - it's related > to some code doing a Class.forName() instead of using the context class > loader or the context loader is not set.( for 3.2.x you _must_ add the > Jdk12Interceptor if you want the context class loader set. If you haven't > - that should be the first step. ) > > You could also try with 3.3beta1 - class loader has been completely > redesigned and works pretty well now. I have no problems with JSSE ( I > tested it today ) > > Costin > > > > On Wed, 29 Aug 2001, SUBRAHMANYAM,VEENA (HP-MountainView,ex1) wrote: > > > Hi > > > > I have been experiencing some problems using JCE, in the tomcat > environment. > > > > I am using tomcat 3.2.2, and JCE 1.2.1., xerces_1_4_1.jar, cocoon 2.0 ... > > > > I am using JCE to encrypt and decrypt some XML docs. The program to > encrypt > > and decrypt works in standalone mode. But when it is run within the > servlet > > env, an "java.lang.SecurityException: Cannot set up certs for trusted CAs" > > exception is thrown at the the following lines of code: > > Cipher cipherDes = Cipher.getInstance("DES/ECB/PKCS5Padding"); > > secretKeyDesKey = KeyGenerator.getInstance("DES").generateKey(); > > > > (the detailed stack trace is pasted at the bottom of this email) > > > > I have found that this exception has been reported to be thrown, by > various > > people, in the tomcat archives, due to classloader hierarchy problems, > > JarURLConnection / WARConnection clashes etc. > > I have found emails that allude to a fix, if some set of these jars are > > placed in the tomcat-home/lib dir instead of the > > tomcat-home/webapps/cocoon/web-inf/lib dir, but have not been able to > locate > > further info....(my JCE 1.2.1 related jars, xerces.jar, etc are all in the > > tomcat-home/webapps/cocoon/web-inf/lib directory). > > > > I think this, or a flavor of this problem is a known bug in tomcat... > > > > Can someone, give me a workaround or a fix or a guestimate for the > > resolution? > > > > Thanx in advance.. > > > > Veena > > > > P.s: > > The exception I get is as follows: > > ------------------------------------------------------------ > > 2001-08-29 07:09:13 - Ctx( /cocoon ): Exception in: R( /cocoon + /request1 > + > > null) - java.lang.ExceptionInInitializerError: > java.lang.SecurityException: > > Cannot set up certs for trusted CAs > > at javax.crypto.b.<clinit>([DashoPro-V1.2-120198]) > > at javax.crypto.Cipher.getInstance([DashoPro-V1.2-120198]) > > at > > > org.apache.cocoon.transformation.XmlEncryptor.encryptElement(XMLEncryptionTr > > ansformer.java:453) > > at > > > org.apache.cocoon.transformation.XmlEncryptor.encryptChildNodes(XMLEncryptio > > nTransformer.java:335) > > at > > > org.apache.cocoon.transformation.XmlEncryptor.encrypt(XMLEncryptionTransform > > er.java:295) > > at > > > org.apache.cocoon.transformation.XMLEncryptionTransformer.endElement(XMLEncr > > yptionTransformer.java:154) > > at > > org.apache.xerces.parsers.SAXParser.endElement(SAXParser.java:1403) > > at > > > org.apache.xerces.validators.common.XMLValidator.callEndElement(XMLValidator > > .java:1385) > > at > > > org.apache.xerces.framework.XMLDocumentScanner$ContentDispatcher.dispatch(XM > > LDocumentScanner.java:1205) > > at > > > org.apache.xerces.framework.XMLDocumentScanner.parseSome(XMLDocumentScanner. > > java:381) > > at org.apache.xerces.framework.XMLParser.parse(XMLParser.java:952) > > at > > org.apache.cocoon.components.parser.JaxpParser.parse(JaxpParser.java:72) > > at > > > org.apache.cocoon.generation.StreamGenerator.generate(StreamGenerator.java:1 > > 09)...... > > > > ---------------------------------------- > > > > > >
RE: Cannot set up certs for trusted CAs exception ( JCE and tomca t an d cocoon2.0)
SUBRAHMANYAM,VEENA (HP-MountainView,ex1) Thu, 30 Aug 2001 13:07:19 -0700
- RE: Cannot set up certs for trust... SUBRAHMANYAM,VEENA (HP-MountainView,ex1)
- SUBRAHMANYAM,VEENA (HP-MountainView,ex1)
