Thanks a lot Shawn, Upgrading WAS to 5.1.1.6 has got rid of the SHA1PRNG error and adding BouncyCastle to the crypto providers has sorted out the problem with the encryption and the ISO padding.
All works fine now! Juan -----Original Message----- From: Shawn McKinney [mailto:[EMAIL PROTECTED] Sent: 16 September 2005 14:08 To: [email protected] Subject: Re: Errors during Signature verification and Encryption with WAS I have 2 possible suggestions - 1. upgrade your WAS server to fixpack 1. This will bump the JVM to 1.4. 2. Try installing the BouncyCastle crypto provider into your WAS JVM. --- Juan Cervera <[EMAIL PROTECTED]> wrote: > Hi, > > I'm having a couple of error with WAS 5.1 and WSS4J. > > The first one, produces an error in the WAS logs but all works fine > ... > quite interesting. The error happens during signature verification: > > [9/16/05 11:13:24:859 BST] 5616f41a SystemErr R > java.security.NoSuchAlgorithmException: SHA1PRNG SecureRandom not > available > [9/16/05 11:13:24:859 BST] 5616f41a SystemErr R > at > java.security.Security.getAlgClassName(Security.java(Compiled > Code)) > [9/16/05 11:13:24:860 BST] 5616f41a SystemErr R > at > java.security.Security.getAlgClassName(Security.java:598) > [9/16/05 11:13:24:860 BST] 5616f41a SystemErr R > at > java.security.Security.getImpl(Security.java:1079) > [9/16/05 11:13:24:860 BST] 5616f41a SystemErr R > at > java.security.SecureRandom.getInstance(SecureRandom.java:241) > [9/16/05 11:13:24:866 BST] 5616f41a SystemErr R > at at > org.apache.ws.security.message.token.UsernameToken.<clinit>(UsernameToke > n.java:72).null(Unknown Source) > [9/16/05 11:13:24:866 BST] 5616f41a SystemErr R > at > org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSSecurityEng > ine.java:509) > [9/16/05 11:13:24:866 BST] 5616f41a SystemErr R > at > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurity > Engine.java:320) > [9/16/05 11:13:24:866 BST] 5616f41a SystemErr R > at > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurity > Engine.java:245) > [9/16/05 11:13:24:866 BST] 5616f41a SystemErr R > at > org.apache.ws.axis.security.WSDoAllReceiver.invoke(WSDoAllReceiver.java: > 156) > [9/16/05 11:13:24:866 BST] 5616f41a SystemErr R > at > org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.j > ava:32) > > but the regular log says: > [9/16/05 11:13:24:785 BST] 5616f41a CryptoFactory I > org.apache.ws.security.components.crypto.CryptoFactory > Using Crypto > Engine > [org.apache.ws.security.components.crypto.Merlin] > [9/16/05 11:13:24:968 BST] 5616f41a Reference I > org.apache.xml.security.signature.Reference > Verification successful for > URI "#id-21909041" > > And in fact the message gets answered without problems afterwards ... > I have read that this error may be due to IBM having their own version > of the SHA1PRNG algorithm, which seems to be called "IBM SHA1PRNG". > Not sure if there is a way though to get rid of this error message. > > > The other error I have is more serious as is stopping me to perform > encryption: > > WSHandler: Encryption: error during message > processingorg.apache.ws.security.WSSecurityException: > An unsupported > signature or encrypti > on algorithm was used; nested exception is: > > org.apache.xml.security.encryption.XMLEncryptionException: > Paddding: > ISO10126Padding not implemented > Original Exception was > javax.crypto.NoSuchPaddingException: Paddding: > ISO10126Padding not implemented; nested exception > is: > org.apache.ws.security.WSSecurityException: > WSHandler: Encryption: > error during message > processingorg.apache.ws.security.WSSecurityEx > ception: An unsupported signature or encryption algorithm was used; > nested exception is: > > org.apache.xml.security.encryption.XMLEncryptionException: > Paddding: > ISO10126Padding not implemented > Original Exception was > javax.crypto.NoSuchPaddingException: Paddding: > ISO10126Padding not implemented > > Not sure what this ISO10126Padding is and if it is > again a problem with > IBM's Java 1.4 and if I can sort it out in some way > or not. Any ideas? > > Any help is welcomed > > Thanks, > > Juan > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
