000028917 - RSA Key Manager: How to get JSafeJCE Provider to work without modifying the JVM in JBoss?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000028917
Applies ToRSA Product Set: Key Manager
RSA Product/Service Type: Java Client
RSA Version/Condition: 3.5
Platform: Windows
O/S Version: 7 Professional (64 bit)
Product Description: RSA Application Data Protection
IssueAttempting to deploy a WAR file using the DPM client and required jar files with JBOSS the following error shows up
com.rsa.kmc.TransportException: javax.net.ssl.SSLException: JCE cannot authenticate the provider JsafeJCE
  at com.rsa.kmc.w.p.a(Unknown Source)
  at com.rsa.kmc.w.bq.a(Unknown Source)
  at com.rsa.kmc.w.bq.a(Unknown Source)
  at com.rsa.kmc.w.bT.b(Unknown Source)
  at com.rsa.kmc.w.bZ.c(Unknown Source)
  at com.rsa.kmc.w.bZ.a(Unknown Source)
  at com.rsa.kmc.w.bZ.getKeyByKeyClassName(Unknown Source)
  at com.rsa.kmc.w.bZ.encrypt(Unknown Source)
  at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3910)
  at org.apache.catalina.core.StandardContext.start(StandardContext.java:4393)
  at org.jboss.web.tomcat.service.deployers.TomcatDeployment.performDeployInternal(TomcatDeployment.java:310)
  at org.jboss.web.tomcat.service.deployers.TomcatDeployment.performDeploy(TomcatDeployment.java:142)
  at org.jboss.web.deployers.AbstractWarDeployment.start(AbstractWarDeployment.java:461)
  at org.jboss.web.deployers.WebModule.startModule(WebModule.java:118)
  at org.jboss.web.deployers.WebModule.start(WebModule.java:97)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
Caused by: javax.net.ssl.SSLException: JCE cannot authenticate the provider JsafeJCE
  at com.rsa.sslj.x.aG.b(Unknown Source)
  at com.rsa.sslj.x.aG.a(Unknown Source)
  at com.rsa.sslj.x.aG.b(Unknown Source)
  at com.rsa.sslj.x.ap.d(Unknown Source)
  at com.rsa.sslj.x.ap.a(Unknown Source)
  at com.rsa.sslj.x.ap.j(Unknown Source)
  at com.rsa.sslj.x.ap.i(Unknown Source)
  at com.rsa.sslj.x.ap.h(Unknown Source)
  at com.rsa.sslj.x.aR.startHandshake(Unknown Source)
  at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
  at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
  at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:133)
  ... 80 more
Caused by: java.lang.SecurityException: JCE cannot authenticate the provider JsafeJCE
  at javax.crypto.SunJCE_b.a(DashoA13*..)
      at javax.crypto.KeyAgreement.getInstance(DashoA13*..)
  at com.rsa.sslj.x.bp.a(Unknown Source)
  at com.rsa.sslj.x.bq.a(Unknown Source)
  at com.rsa.sslj.x.bm.n(Unknown Source)
  at com.rsa.sslj.x.bm.k(Unknown Source)
  at com.rsa.sslj.x.bm$1.run(Unknown Source)
  at com.rsa.sslj.x.aG$1$1.run(Unknown Source)
      at java.security.AccessController.doPrivileged(Native Method)
  at com.rsa.sslj.x.aG$1.run(Unknown Source)
  ... 88 more
Caused by: java.util.jar.JarException: Cannot parse jar:file:/C:/tool/jboss-5.1.0.GA/server/default/deploy/SARAServices.ear!/SARAServices.war
  at javax.crypto.SunJCE_c.a(DashoA13*..)
  at javax.crypto.SunJCE_b.b(DashoA13*..)
  at javax.crypto.SunJCE_b.a(DashoA13*..)
  ... 98 more
Resolution

Create a file called WEB-INF/jboss-deployment-structure.xml with the following content

<jboss-deployment-structure xmlns="urn:jboss:deployment-structure:1.1">
  <deployment>
  <!-- Error "JCE cannot authenticate the provider JsafeJCE" workaround -->
    <dependencies>
      <module name="deployment.dpm-webapp.war">
      </module>
    </dependencies>
    <resources>
      <!-- To avoid this error with crash : Cannot verify jar:vfs:..../<war filename>/lib/cryptojce-6.1.1.jar!/ -->
      <resource-root path="WEB-INF/lib/cryptojce-6.1.1.jar" use-physical-code-source="true"/>
    </resources>
  </deployment>
</jboss-deployment-structure>

Attachments

    Outcomes