• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Cannot set up certs for trusted CAs: PrivilegedActionException

 
Ranch Hand
Posts: 151
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I get following exception while getting instance of cipher:

[code]
java.lang.ExceptionInInitializerError: java.lang.SecurityException: Cannot set up certs for trusted CAs: java.security.PrivilegedActionException
at javax.crypto.SunJCE_b.<clinit>(DashoA6275)
at javax.crypto.Cipher.a(DashoA6275)
at javax.crypto.Cipher.getInstance(DashoA6275)
at EncryptionDecryptionUtil.encryptData(EncryptionDecryptionUtil.java:69)
[code]

I am running this code under tomcat/jdk 1.2.2 environment. I am using SunJCE provider (jce_1_2_2.jar and sunjce_provider.jar) on the classpath.

For above problem I have tried following things:

1. Updated local JDK 1.2 policy file to grant javax.crypto.CryptoAllPermission permission
2. Tried Security.addProvider / Security.insertProviderAt
//Security.addProvider(new com.sun.crypto.provider.SunJCE());
Security.insertProviderAt(new com.sun.crypto.provider.SunJCE(), 2);

But problem remains same.

Thanks for help!
 
Anand Wadhwani
Ranch Hand
Posts: 151
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Fortunately we were able to solve the problem. We were having this problem on AS400 server and on local PC(WSAD) environment as well.

To resolve on AS400 all we needed is to put the jars under JRE's ext directory: /qibm/ProdData/Java400/jdk13/lib/ext

The problem on local PC in WSAD environment was that JCE license had expired, here are the steps to resolve:

$JAVA_HOME = C:\Program Files\Application Developer\v5.1\runtimes\base_v5\java

1. Go to $JAVA_HOME/jre/lib/security directory --- You should find the file java.security. Edit the file to add the following line to the list of providers:

security.provider.3=com.sun.crypto.provider.SunJCE

The new list looks like this:

#
# List of providers and their preference orders (see above):
#
security.provider.1=com.sun.crypto.provider.SunJCE
security.provider.2=sun.security.provider.Sun
security.provider.3=com.sun.rsajca.Provider

This adds the provider SunJCE to the list of providers.

2. Copy the following files to jre/lib/ext directory:

jce1_2_1.jar
sunjce_provider.jar
US_export_policy.jar
local_policy.jar

3. Additional thing you might want to do is to add following line (as last permission in grant block) in "java.policy" file under $JAVA_HOME/jre/lib/security folder:

permission javax.crypto.CryptoAllPermission;

4. Close all WSAD instances
5. Create a folder �update� in C:\Program Files\IBM\Application Developer\v5.1\runtimes\base_v5
6. Download the �was502_cf5_win.zip� file from
ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixpacks/was50/fixpack2/cumulative/cf5/Windows/was502_cf5_win.zip
OR
Take the file from CVS location �\VSA\Construction\Components\Blowfish�
7. Extract this zip file to �update� directory.
8. Open Command Directory
9. Change the directory location to C:\Program Files\IBM\Application Developer\v5.1\runtimes\base_v5\bin
10. Run setupCmdLine.bat. This is used for setting up the environment.
11. In the same command prompt, change the directory to C:\Program Files\IBM\Application Developer\v5.1\runtimes\base_v5\update
12. Run updateWizard.bat
13. WSAD application installer will pop up in sometime (2-3 Minutes)
14. Select language as English
15. If the installation package is not shown, check the box and manually enter �C:\Program Files\IBM\Application Developer\v5.1\runtimes\base_v5� Do not use Browse.
16. Choose Option �Install Fix Packs� and click Next
17. Check the Fix directory. It should point to �C:\Program Files\IBM\WebSphere Studio\Application Developer\v5.1\runtimes\base_v5\update\fixpacks� and click next.
18. Select Fix pack to install and you are done. It will take about 5-10 minutes to update the files. Once it is done, start the WSAD and the server.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic