Re: [JBoss-dev] Adding JCE providers at runtime.
How do I exclude classes from the aspect manager? Can it be done from the sar? -jason On Feb 12, 2004, at 4:59 PM, Scott M Stark wrote: Try excluding BC classes from being intercepted and see if it works. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Essington Sent: Thursday, February 12, 2004 3:09 PM To: [EMAIL PROTECTED] Subject: Re: [JBoss-dev] Adding JCE providers at runtime. Hi Scott I think the problem is being caused by the AspectManagerService. If I take this out of conf/jboss-service.xml the provider will install just fine, but when it's running, I get the java.lang.SecurityException: The provider BC may not be signed by a trusted party exception. So for the record this guy: mbean code=org.jboss.aop.deployment.AspectManagerService name=jboss.aop:service=AspectManager attribute name=MethodFilterALL/attribute attribute name=FieldFilterALL/attribute attribute name=ConstructorFilterALL/attribute attribute name=ConvertAlltrue/attribute /mbean was giving me the trouble. I haven't looked at the AspectManagerService at all, so I am not sure why it's messing things up, but I am certain that when I comment it out (with nothing in the deploy directory other than your bouncycastle.sar) the provider loads fine. -jason --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ JBoss-Development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
Re: [JBoss-dev] Adding JCE providers at runtime.
Hi Scott
I think the problem is being caused by the AspectManagerService. If I
take this out of conf/jboss-service.xml the provider will install just
fine, but when it's running, I get the java.lang.SecurityException: The
provider BC may not be signed by a trusted party exception.
So for the record this guy:
mbean code=org.jboss.aop.deployment.AspectManagerService
name=jboss.aop:service=AspectManager
attribute name=MethodFilterALL/attribute
attribute name=FieldFilterALL/attribute
attribute name=ConstructorFilterALL/attribute
attribute name=ConvertAlltrue/attribute
/mbean
was giving me the trouble.
I haven't looked at the AspectManagerService at all, so I am not sure
why it's messing things up, but I am certain that when I comment it out
(with nothing in the deploy directory other than your bouncycastle.sar)
the provider loads fine.
-jason
On Feb 10, 2004, at 10:01 PM, Scott M Stark wrote:
The following MBean works fine for me:
package test;
import java.security.Security;
import javax.crypto.Cipher;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
/**
* @author [EMAIL PROTECTED]
* @version $Revision:$
*/
public class BouncyCastle
implements BouncyCastleMBean
{
public void start() throws Exception
{
BouncyCastleProvider bcp = new BouncyCastleProvider();
Security.addProvider(bcp);
Cipher c = Cipher.getInstance(RSA, BC);
System.out.println(Created RSA cipher: +c+, provider:
+c.getProvider());
}
public void stop() throws Exception
{
BouncyCastleProvider bcp = new BouncyCastleProvider();
Security.removeProvider(bcp.getName());
}
}
jboss-service.xml:
server
mbean code=test.BouncyCastle
name=jboss.security:provider=BouncyCastle /
/server
bouncycastle.sar contents:
[EMAIL PROTECTED] crypto-121]$ jar -tf output/bouncycastle.sar
META-INF/MANIFEST.MF
META-INF/jboss-service.xml
test/BouncyCastle.class
test/BouncyCastleMBean.class
bcprov-jdk14-121.jar
20:56:32,972 INFO [MainDeployer] Starting deployment of package:
file:/cvs/J
Boss3.2/jboss-3.2/build/output/jboss-3.2.4RC1/server/default/deploy/
boun
cycastle.sar
20:56:35,656 INFO [STDOUT] Created RSA cipher:
[EMAIL PROTECTED], provider: BC version 1.21
20:56:35,666 INFO [MainDeployer] Deployed package:
file:/cvs/JBoss3.2/jboss-
3.2/build/output/jboss-3.2.4RC1/server/default/deploy/bouncycastle.sar
Scott Stark
Chief Technology Officer
JBoss Group, LLC
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Jason Essington
Sent: Tuesday, February 03, 2004 9:59 AM
To: [EMAIL PROTECTED]
Subject: Re: [JBoss-dev] Adding JCE providers at runtime.
Interestingly enough, I can dynamically load the BC provider if I place
the jar in the $JAVA_HOME/lib/ext directory, but it certainly doesn't
want to load (properly) from anywhere else ($JBOSS_HOME/lib,
$JBOSS_HOME/server/default/lib,
$JBOSS_HOME/server/default/deploy/jboss-net.sar).
On Feb 2, 2004, at 9:33 AM, Jason Essington wrote:
On Feb 1, 2004, at 6:58 AM, Scott M Stark wrote:
I have not tried this, but others said they have done it.
Then I certainly must be doing something wrong
Where are you putting the jar
In the jboss-net.sar along with other Web Service Security support
libraries.
and how is the BouncyCastle provider being installed?
In a static initializer the following code is called:
java.security.Security.addProvider(new
org.bouncycastle.jce.provider.BouncyCastleProvider());
This code doesn't throw any exception, so the jar containing the
provider is found just fine.
but later when an attempt is made to access a cypher (RSA) that is
supplied by BC using the code:
cipher = Cipher.getInstance(RSA);
yields an exception saying something about no provicer for that
cipher, however calling
cipher = Cipher.getInstance(RSA, BC); basically forcing the
use
of the Bouncy castle provider, yields the previously mentioned
SecurityException.
Should I be adding the provider in a different way, or perhaps from a
different place?
-jason
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
JBoss-Development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
JBoss-Development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
RE: [JBoss-dev] Adding JCE providers at runtime.
Try excluding BC classes from being intercepted and see if it works. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Essington Sent: Thursday, February 12, 2004 3:09 PM To: [EMAIL PROTECTED] Subject: Re: [JBoss-dev] Adding JCE providers at runtime. Hi Scott I think the problem is being caused by the AspectManagerService. If I take this out of conf/jboss-service.xml the provider will install just fine, but when it's running, I get the java.lang.SecurityException: The provider BC may not be signed by a trusted party exception. So for the record this guy: mbean code=org.jboss.aop.deployment.AspectManagerService name=jboss.aop:service=AspectManager attribute name=MethodFilterALL/attribute attribute name=FieldFilterALL/attribute attribute name=ConstructorFilterALL/attribute attribute name=ConvertAlltrue/attribute /mbean was giving me the trouble. I haven't looked at the AspectManagerService at all, so I am not sure why it's messing things up, but I am certain that when I comment it out (with nothing in the deploy directory other than your bouncycastle.sar) the provider loads fine. -jason smime.p7s Description: S/MIME cryptographic signature
RE: [JBoss-dev] Adding JCE providers at runtime.
The following MBean works fine for me:
package test;
import java.security.Security;
import javax.crypto.Cipher;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
/**
* @author [EMAIL PROTECTED]
* @version $Revision:$
*/
public class BouncyCastle
implements BouncyCastleMBean
{
public void start() throws Exception
{
BouncyCastleProvider bcp = new BouncyCastleProvider();
Security.addProvider(bcp);
Cipher c = Cipher.getInstance(RSA, BC);
System.out.println(Created RSA cipher: +c+, provider:
+c.getProvider());
}
public void stop() throws Exception
{
BouncyCastleProvider bcp = new BouncyCastleProvider();
Security.removeProvider(bcp.getName());
}
}
jboss-service.xml:
server
mbean code=test.BouncyCastle
name=jboss.security:provider=BouncyCastle /
/server
bouncycastle.sar contents:
[EMAIL PROTECTED] crypto-121]$ jar -tf output/bouncycastle.sar
META-INF/MANIFEST.MF
META-INF/jboss-service.xml
test/BouncyCastle.class
test/BouncyCastleMBean.class
bcprov-jdk14-121.jar
20:56:32,972 INFO [MainDeployer] Starting deployment of package:
file:/cvs/J
Boss3.2/jboss-3.2/build/output/jboss-3.2.4RC1/server/default/deploy/boun
cycastle.sar
20:56:35,656 INFO [STDOUT] Created RSA cipher:
[EMAIL PROTECTED], provider: BC version 1.21
20:56:35,666 INFO [MainDeployer] Deployed package:
file:/cvs/JBoss3.2/jboss-
3.2/build/output/jboss-3.2.4RC1/server/default/deploy/bouncycastle.sar
Scott Stark
Chief Technology Officer
JBoss Group, LLC
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Jason Essington
Sent: Tuesday, February 03, 2004 9:59 AM
To: [EMAIL PROTECTED]
Subject: Re: [JBoss-dev] Adding JCE providers at runtime.
Interestingly enough, I can dynamically load the BC provider if I place
the jar in the $JAVA_HOME/lib/ext directory, but it certainly doesn't
want to load (properly) from anywhere else ($JBOSS_HOME/lib,
$JBOSS_HOME/server/default/lib,
$JBOSS_HOME/server/default/deploy/jboss-net.sar).
On Feb 2, 2004, at 9:33 AM, Jason Essington wrote:
On Feb 1, 2004, at 6:58 AM, Scott M Stark wrote:
I have not tried this, but others said they have done it.
Then I certainly must be doing something wrong
Where are you putting the jar
In the jboss-net.sar along with other Web Service Security support
libraries.
and how is the BouncyCastle provider being installed?
In a static initializer the following code is called:
java.security.Security.addProvider(new
org.bouncycastle.jce.provider.BouncyCastleProvider());
This code doesn't throw any exception, so the jar containing the
provider is found just fine.
but later when an attempt is made to access a cypher (RSA) that is
supplied by BC using the code:
cipher = Cipher.getInstance(RSA);
yields an exception saying something about no provicer for that
cipher, however calling
cipher = Cipher.getInstance(RSA, BC); basically forcing the
use
of the Bouncy castle provider, yields the previously mentioned
SecurityException.
Should I be adding the provider in a different way, or perhaps from a
different place?
-jason
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
JBoss-Development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
Re: [JBoss-dev] Adding JCE providers at runtime.
Interestingly enough, I can dynamically load the BC provider if I place the jar in the $JAVA_HOME/lib/ext directory, but it certainly doesn't want to load (properly) from anywhere else ($JBOSS_HOME/lib, $JBOSS_HOME/server/default/lib, $JBOSS_HOME/server/default/deploy/jboss-net.sar). On Feb 2, 2004, at 9:33 AM, Jason Essington wrote: On Feb 1, 2004, at 6:58 AM, Scott M Stark wrote: I have not tried this, but others said they have done it. Then I certainly must be doing something wrong Where are you putting the jar In the jboss-net.sar along with other Web Service Security support libraries. and how is the BouncyCastle provider being installed? In a static initializer the following code is called: java.security.Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); This code doesn't throw any exception, so the jar containing the provider is found just fine. but later when an attempt is made to access a cypher (RSA) that is supplied by BC using the code: cipher = Cipher.getInstance(RSA); yields an exception saying something about no provicer for that cipher, however calling cipher = Cipher.getInstance(RSA, BC); basically forcing the use of the Bouncy castle provider, yields the previously mentioned SecurityException. Should I be adding the provider in a different way, or perhaps from a different place? -jason Scott Stark Chief Technology Officer JBoss Group, LLC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Essington Sent: Friday, January 30, 2004 3:47 PM To: [EMAIL PROTECTED] Subject: [JBoss-dev] Adding JCE providers at runtime. I am trying to add the BouncyCastle Security Provider at runtime. The call to java.security.Security.addProvider() seems to succeed, but later attempts to use the provider cause a SecurityException with the message The provider BC may not be signed by a trusted party. This jar works fine from command line apps, and if it is installed in the jre (jar added to the lib/ext dir and an entry made into the java.security file), so there is no problem in the signed jar. Is this maybe a classloader problem where java.security can't find the cacerts file to verify the jar? What else could be causing the problem? -jason --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ JBoss-Development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development -jason --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ JBoss-Development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
Re: [JBoss-dev] Adding JCE providers at runtime.
On Feb 1, 2004, at 6:58 AM, Scott M Stark wrote: I have not tried this, but others said they have done it. Then I certainly must be doing something wrong Where are you putting the jar In the jboss-net.sar along with other Web Service Security support libraries. and how is the BouncyCastle provider being installed? In a static initializer the following code is called: java.security.Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); This code doesn't throw any exception, so the jar containing the provider is found just fine. but later when an attempt is made to access a cypher (RSA) that is supplied by BC using the code: cipher = Cipher.getInstance(RSA); yields an exception saying something about no provicer for that cipher, however calling cipher = Cipher.getInstance(RSA, BC); basically forcing the use of the Bouncy castle provider, yields the previously mentioned SecurityException. Should I be adding the provider in a different way, or perhaps from a different place? -jason Scott Stark Chief Technology Officer JBoss Group, LLC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Essington Sent: Friday, January 30, 2004 3:47 PM To: [EMAIL PROTECTED] Subject: [JBoss-dev] Adding JCE providers at runtime. I am trying to add the BouncyCastle Security Provider at runtime. The call to java.security.Security.addProvider() seems to succeed, but later attempts to use the provider cause a SecurityException with the message The provider BC may not be signed by a trusted party. This jar works fine from command line apps, and if it is installed in the jre (jar added to the lib/ext dir and an entry made into the java.security file), so there is no problem in the signed jar. Is this maybe a classloader problem where java.security can't find the cacerts file to verify the jar? What else could be causing the problem? -jason --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ JBoss-Development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
RE: [JBoss-dev] Adding JCE providers at runtime.
I have not tried this, but others said they have done it. Where are you putting the jar and how is the BouncyCastle provider being installed? Scott Stark Chief Technology Officer JBoss Group, LLC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Essington Sent: Friday, January 30, 2004 3:47 PM To: [EMAIL PROTECTED] Subject: [JBoss-dev] Adding JCE providers at runtime. I am trying to add the BouncyCastle Security Provider at runtime. The call to java.security.Security.addProvider() seems to succeed, but later attempts to use the provider cause a SecurityException with the message The provider BC may not be signed by a trusted party. This jar works fine from command line apps, and if it is installed in the jre (jar added to the lib/ext dir and an entry made into the java.security file), so there is no problem in the signed jar. Is this maybe a classloader problem where java.security can't find the cacerts file to verify the jar? What else could be causing the problem? -jason --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ JBoss-Development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
[JBoss-dev] Adding JCE providers at runtime.
I am trying to add the BouncyCastle Security Provider at runtime. The call to java.security.Security.addProvider() seems to succeed, but later attempts to use the provider cause a SecurityException with the message The provider BC may not be signed by a trusted party. This jar works fine from command line apps, and if it is installed in the jre (jar added to the lib/ext dir and an entry made into the java.security file), so there is no problem in the signed jar. Is this maybe a classloader problem where java.security can't find the cacerts file to verify the jar? What else could be causing the problem? -jason --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ JBoss-Development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
