How to Rectify the Security Error that Occurs when WSAS is Started on Sun Solaris?

Archived Content
This article is provided for historical perspective only, and may not reflect current conditions. Please refer to relevant product page for more up-to-date product information and resources.
  • By Afkham Azeez
  • 17 Oct, 2007

Here is a typical stacktrace this exception generates:

Exception in thread "main" java.lang.ExceptionInInitializerError
at javax.crypto.Cipher.getInstance(DashoA12275)
at javax.crypto.Cipher.getInstance(DashoA12275)
at org.wso2.wsf.common.tools.security.CryptoUtil.encrypt(CryptoUtil.java:74)
at org.wso2.wsf.common.tools.security.CryptoUtil.encryptAndBase64Encode(CryptoUtil.java:95)
at org.wso2.wsas.util.KeyStoreUtil.persistKeyStore(KeyStoreUtil.java:83)
at org.wso2.wsas.transport.jetty.HttpsTransportListener.start(HttpsTransportListener.java:100)
at org.apache.axis2.engine.ListenerManager.start(ListenerManager.java:126)
at org.wso2.wsas.ServerManager.initListenerManager(ServerManager.java:452)
at org.wso2.wsas.ServerManager.start(ServerManager.java:128)
at org.wso2.wsas.Main.startServer(Main.java:115)
at org.wso2.wsas.Main.main(Main.java:191)
Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
at javax.crypto.SunJCE_b.(DashoA12275)
... 11 more
Caused by: java.security.PrivilegedActionException:
java.security.InvalidKeyException: Public key presented not for certificate
signature
at java.security.AccessController.doPrivileged(Native Method)
... 12 more
Caused by: java.security.InvalidKeyException: Public key presented not for certificate signature
at org.bouncycastle.jce.provider.X509CertificateObject.checkSignature(Unknown
Source)
at org.bouncycastle.jce.provider.X509CertificateObject.verify(Unknown
Source)
at javax.crypto.SunJCE_b.c(DashoA12275)
at javax.crypto.SunJCE_b.b(DashoA12275)
at javax.crypto.SunJCE_q.run(DashoA12275)
... 13 more

WSAS encrypts all passwords stored in its database. The security provider used by WSAS is BouncyCastleProvider. The JDK has to be configured to be able to pick up this provider.

Follow these steps to rectify this error:

  1. Locate the file $JAVA_HOME/jre/lib/security/java.security, open it in your favorite editor.
  2. Go to the section titled "List of providers and their preference orders"
  3. Add a new provider as follows:
    security.provider.n=org.bouncycastle.jce.provider.BouncyCastleProvider

    where n = the location of the provider you just added. e.g.:

    security.provider.8=org.bouncycastle.jce.provider.BouncyCastleProvider

Also note that this error may occur on any JDK. If this happens, the fix is the same as mentioned in this document.

Applies To

1. WSO2 WSAS - versions 1.1 and higher

2. Sun Solaris operating system - any version

More Information

WSO2 WSAS How To Series