Hello everyone, Maybe this question has been asked many times, but I have a problem that I can't find a solution for,.
To summarize, I have: A Java program WAR on Tomcat, and Tomcat must contain a provider to call an encryption module to obtain keys. The Tomcat version is 10.1.26 In Java 11, to specify where the pass/crt of the module is located, I specify it in the java.security file as follows: properties Copier le code # # List of providers and their preference orders (see above): # security.provider.1=SUN security.provider.2=SunRsaSign security.provider.3=SunEC security.provider.4=SunJSSE security.provider.5=SunJCE security.provider.6=SunJGSS security.provider.7=SunSASL security.provider.8=XMLDSig security.provider.9=SunPCSC security.provider.10=JdkLDAP security.provider.11=JdkSASL security.provider.12=SunPKCS11 /opt/tomcat/webapps/prgmwar/WEB-INF/classes/Crypto.properties The Crypto.properties file contains the name of the provider to use and the library to call the Sun PKCS#11 provider: library=lib.so name=cryptto Which is used in the application parameter (SunPKCS11 is normal, WL, and the documentation states it): module.titi.providerName=SunPKCS11-cryptto However, it is clearly stated that in Java 17, this solution is no longer supported, and it must be done differently; otherwise, I get errors in Catalina. It is stated not to put the path in the java.security file and to leave: security.provider.12=SunPKCS11 I have tried several solutions, putting the path in setenv, in catalina.sh with the option: JAVA_OPTS="$JAVA_OPTS -Djava.security.properties=file:/toto.file" CATALINA_OPTS="$CATALINA_OPTS -Djava.security.properties=file:/toto.file" With the file containing the path: toto.file: security.provider.12=SunPKCS11 /opt/tomcat/webapps/prgmwar/WEB-INF/classes/Crypto.properties Almost everywhere I could put it. But in catalina.out, I still get the same error with Tomcat: /opt/tomcat/webapps/prgmwar/WEB-INF/classes/appli.properties -> it loads the application HSM-SERVICE|WARN|http-nio-8080-exec-1||GET appli||SecurityModuleFactory|Module appli ignored: error during initialization When it searches for the provider, it can't find it because it doesn't have: security.provider.12= SunPKCS11 /opt/tomcat/webapps/prgmwar/WEB-INF/classes/Crypto.properties Provider "SunPKCS11-crypt" unknown However, it works very well in a normal Java JAR (without Tomcat), for example, to list the keys, because I directly list the provider's location via the -D option of Java: DEBUG [main] (SecurityModuleFactory.java:112) - Loading crypt module. DEBUG [main] (SecurityModuleFactory.java:125) - -> SunPKCS11-crypt Security.java:125) DEBUG [main] (SecurityModule.java:59) - Creating HardwareSecurityModule crypt crypt - Beginning listKeys (SecurityModule.java:121) - name = riri So my library works... My question is, how do we do in Java 17 what I did in Java 8 in : java.security: security.provider.12=SunPKCS11 /opt/tomcat/webapps/prgmwar/WEB-INF/classes/Crypto.properties Please don't look for any flaws in the variable names as I have just changed them. Thank you very much, aughra
publickey - aughra@aughra.net - 0x1BA69EE9.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
