Hi
I have tried to change the location of the bouncycastle jar, in the ext
lib, the war files lib dir and the ear. Nothing seams to work. The wss4j
code used the following to get the padding mechanism (as far as I can
tell. I am going to takes this on their dev mailinglist also).
Cipher.getInstance("RSA/NONE/OAEPPADDING", "BC");
So it mentions the BC as provider so it must be something that is wrong
with the Websphere 5.1.2 enviroment. A possible solution is to make
changes to the wss4j code to ignore BC and use algorithm supported by
IBM JCE. But I havn't investigated the amount of work this would require.
I also been in contact with Benjamin Francioni that posted the first
question about websphere and bouncycastle on this mailinglist (link in
my previous mail). And he didn't find any solution to the problem so he
used jakarta tomcat instead. Below is a cut from he's answer:
Unfortunately, I didn't solve this problem:
IBM JRE doesn't support this algo.
IBM JRE doesn't support BouncyCastle that implements this algo.
IBM support wasn't able to help me .
So I decided myself to use Tomcat with a Sun JVM.
So it seams that this is a very annoying limit in the IBM websphere
product. Hopefully I will get some form of response for this problem by
IBM and put some pressure on them to make it work in future versions so
that Bouncycastle can be used also under a IBM jre.
Regards,
Markus
David Hook wrote:
The only thing I can suggest is it's a class loader issue, although I've
no idea how it would be caused. Does your use of the padding mechanism
explicitly mention BC? That might help, other than that I'd try moving
the provider jar around if possible.
Regards,
David
On Wed, 2006-05-03 at 17:25 +0200, Markus Backman wrote:
Hi
The problem I have encountered was during a development of a WSS4J
(Web Service Security four Java) based Web Service. WSS4J has
requirement that BouncyCastle is availible as a provider. The following
description states the enviroment and the development process not only
for the use of bouncycastle but also the WSS4J.
I have successfully managed to secure an Axis based Web Service with
WSS4J. During the development I used SUNs JDK1.4.2_11 and Jakarta Tomcat
5.0.30. I ran the test client and the deployed Web Service on the same
machine both running under jre1.4.2_11. This due to make sure that it
ran on the only requirement we have on the client platform, jre1.4.2 or
later. This testcases worked fine. But as the company I work for has
Websphere 5.1 as J2EE servers I started to move the Web Service to WSAD
and a Websphere 5.1 server. When doing so I ran into a problem. I know
WSS4J has a requriment on BouncyCastle so I started with updating the
java.security file under the IBM 1.4 jre Websphere 5.1 is running on. I
added the BouncyCastle provider as number 4, as number one needs to be
suns default and 2 and 3 needs to be to IBM providers as the server
would start otherwise, and started the server. I ran the
testclient(under SUNs jre 1.4.2_11) again but recieved the following
exception on the server.
"Original Exception was javax.crypto.NoSuchPaddingException: Padding:
ISO10126Padding not implemented"
A quick check on BouncyCastles website stated that ISO10126Padding is
implemented. So the BouncyCastle provider can't be correctly installed
on the Websphere 5.1 server. A google later showed that a small number
of people encountered this before, but with no description on what the
solution are, for example:
http://article.gmane.org/gmane.comp.encryption.bouncy-castle.devel/2378/match=com+ibm+security+bootstrap+jdkmessagedigest+sha1
Has anyone successfully deployed BouncyCastle in a Websphere 5.1.2
enviroment? If so how did you set up your java.security file?
I am using WSS4J 1.1.0 that ships with bcprov-jdk13-128.jar. I have placed
it in the ext lib under the IBM jre(1.4) that runs the 5.1.2 server.
I am desperate for some assistance.
Thanks
Markus
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
