Thanks very much for your reply, David. Now I have something to work with. I tried removing the BouncyCastle jar from my project, but it looks like wss4j requires it. When I remove it, I get an error saying that Cipher can't find a provider supporting the algorithm. I tried it with the algorithms defined in wss4j, namely
AES/CBC/ISO10126Padding and DESede/CBC/ISO10126Padding. this happens both on Sun's java with providers SUN, SunJSSE, SunRsaSign, SunJCE and SunJGSS, and on IBM's java with providers IBMJCE, IBMJSSE, IBMJGSSProvider, IBMCertPath and IBMPKCS11. (I get those by printing out what's returned by Security.getProviders() ). I tried setting the algorithm to "AES" to see if that works, but that causes a null pointer exception in wss4j, so I figure I need to use the ones that are defined in wss4j. So I'm stuck. With IBM's java, I get the class loader issue if I supply the BouncyCastle jar, and I get an UnsupportedAlgorithm exception if I don't. Any hints would be very gratefully appreciated! cheers, Michael Davis > -----Original Message----- > From: David Hook [mailto:[EMAIL PROTECTED] > Sent: Monday, July 16, 2007 8:35 PM > To: Davis, Michael > Cc: [EMAIL PROTECTED] > Subject: Re: [dev-crypto] Bug in Cipher class? > > > > It's a class loader issue - ciphers need to be loaded by the system > class loader as the JCE is loaded by it. If the provider jar > gets loaded > by another untrusted class loader the getInstance() call on > Cipher will > fail with either ClassNotFoundException if no other class loader can > return the class, or ClassCastException if the class is returned by a > class loader but isn't properly annotated. > > You need to make sure the same class loader is picking up the provider > jars as is picking up the JCE classes. > > Regards, > > David > On Mon, 2007-07-16 at 15:08 -0400, [EMAIL PROTECTED] > wrote: > > Hi, > > > > I've asked this question on the Apache xml security mailing > list, but I got no answer. I figure you folks must be experts > on this stuff, so... > > > > I'm developing a web service using Axis2. I'm using its > WS-Security framework to encrypt the xml messages. This > framework ultimately uses the Apache XML Security library, > which has this line of code: > > > > instance._contextCipher = Cipher.getInstance(jceAlgorithm); > > > > This works fine using the Sun jdk1.4, which uses Sun's > jce.jar and sunjce_provider.jar. It also works fine using the > BouncyCastle classes - Sun's Cipher class finds and returns > the appropriate BC class. > > > > However, when I try to run the app on WebSphere 5.1, I get > this error: > > > > java.lang.ClassCastException: com.ibm.crypto.provider.AESCipher > > at javax.crypto.Cipher.getInstance(Unknown Source) > > > > This is getting thrown by IBM's javax.crypto.Cipher class > in ibmjcefw.jar. > > > > This happens even if I manipuate the providers to load the > BC classes first - in that case the class causing the > ClassCastException is > org.bouncycastle.jce.provider.JCEBlockCipher$AES. > > > > Have any of you ever seen this problem before? > > > > Many thanks, > > Michael Davis > > Ottawa > > > > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
