Meaningless Drivel is fun!*
The moose likes Security and the fly likes java.security configuring and JSSE Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "java.security configuring and JSSE" Watch "java.security configuring and JSSE" New topic
Author

java.security configuring and JSSE

Edward Rice
Greenhorn

Joined: Mar 16, 2004
Posts: 5
Hi
We use a version of websphere 4. A part of our webapp is using soap (3rd party) with ssl. For this we need the sun jsse provider and we cannot use the default ibmjsse provider. So when we add the sun jsse and jce libs to jre/ext and change the java.security file, our soap client works fine. There is only one but. If we make give the ibm jsse provider higher priorty over the sun one, things go pear-shaped with our soap client/libs. A business/security requirement is that websphere won't support the sun jsse provider so we have to give the ibm jsse provider a higher priority than the sun provider. Even if we dynamically specify in our soap client that we want to use the sun provider, it goes wrong. There should be a way to sort this, but we're stuck.
Any security expert any ideas?
Thanks a million for even getting to this point!
Ed
p.s.
-This works.
security.provider.1=com.sun.crypto.provider.SunJCE
security.provider.2=sun.security.provider.Sun
security.provider.3=com.sun.rsajca.Provider
security.provider.4=com.sun.net.ssl.internal.ssl.Provider
security.provider.5=com.ibm.crypto.provider.IBMJCE
security.provider.6=com.ibm.jsse.JSSEProvider

This does not work...
security.provider.1=com.sun.crypto.provider.SunJCE
security.provider.2=sun.security.provider.Sun
security.provider.3=com.sun.rsajca.Provider
security.provider.6=com.sun.net.ssl.internal.ssl.Provider
security.provider.5=com.ibm.crypto.provider.IBMJCE
security.provider.4=com.ibm.jsse.JSSEProvider
+ dynamically asking for the sun provider in our soap client.
Edward Rice
Greenhorn

Joined: Mar 16, 2004
Posts: 5
An additional question, if you dynamically set the SecurityProvider in your client code, I presume that is set for the complete jre, and not just for that class instance only.
In a multi-threaded environment such as a webserver, this would be problematic I suppose?
Ed
Andrew McKeown
Greenhorn

Joined: May 19, 2004
Posts: 2
I have gotten IBMJSSE to to work with Sun's JDK 1.4.2 and TOMCAT 4.1. This configuration also supports IBM Emerging Technology Toolkit. The entries in java.security are as follows

security.provider.1=sun.security.provider.Sun
security.provider.3=com.ibm.jsse.JSSEProvider
security.provider.4=com.ibm.crypto.provider.IBMJCE
security.provider.5=com.sun.rsajca.Provider
security.provider.6=com.ibm.security.cert.IBMCertPath
security.provider.7=com.ibm.security.jgss.IBMJGSSProvider

Further on down set

ssl.KeyManagerFactory.algorithm=IbmX509
ssl.TrustManagerFactory.algorithm=IbmX509

Hope this helps you out.
Andrew McKeown
Greenhorn

Joined: May 19, 2004
Posts: 2
I forgot to mention that this will also work with Websphere 4.0
uud ashr
Greenhorn

Joined: May 25, 2005
Posts: 1
Sorry, where can I get the IBMJSSE only, without having the IBMJdk?
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: java.security configuring and JSSE
 
Similar Threads
IBMJCE Provider NoSuchAlgorithmException PBEWithSHAAnd3KeyTripleDES
javax.crypto.Cipher.a (DashoA6275) noClassDefFoundError
JSEE unknown protocol: https
Issue using Java cryptography.
Algorithm AES not available