|Applies To||RSA BSAFE SSL-J|
RSA BSAFE Cert-J
RSA BSAFE Crypto-J
|Issue||BSAFE: Resolve java.lang.SecurityException: java.security.cert.CertificateException: X.509 not found|
Using the com.rsa.jsafe.provider.JsafeJCE or com.rsa.jsse.JsseProvider provider throws an exception, e.g.
Exception in thread "main" java.lang.ExceptionInInitializerError
The JsafeJCE provider requires the vendor's Java provider to be registered earlier in the list. This is a known problem and there is an open bug to address this (BSFCRYJ-857). The reason for this is that when going through the JCE API, Crypto-J does runs a JAR verification test, testing its own integrity. In order to do that, the verification test tries to load up a Sun (or IBM) CA certificate, and this is done again through a JCE call. Now because the JsafeJCE provider hasn't completed its registration yet, the JCE framework tries to find another provider that can load X.509 certificates and fails if the SUN provider is not registered.
The reason why the X.509 certificate loading goes through the JCE API goes back to Crypto-J 4.0, when there was no X.509 certificate factory available within Crypto-J itself.
Register the provider that implements X.509 in the provider list earlier than the JsafeJCE provider. You can determine the provider by running the code from the Crypto-J sample file JCESample.java, which is called by the JCE samples:
|Legacy Article ID||a56041|