Help : java.security.UnrecoverableKeyException: excess private key

Hi,
I require help for the exception "java.security.UnrecoverableKeyException: excess private key"
When i am trying to generate digital signature using PKCS7 format using bouncyCastle API, it gives the "java.security.UnrecoverableKeyException: excess private key" exception.
The full stack trace is as follows
------------------------------------------------------------------------java.security.UnrecoverableKeyException: excess private key
     at sun.security.provider.KeyProtector.recover(KeyProtector.java:311)
     at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:120)
     at java.security.KeyStore.getKey(KeyStore.java:289)
     at com.security.Security.generatePKCS7Signature(Security.java:122)
     at com.ibm._jsp._SendSecureDetail._jspService(_SendSecureDetail.java:2282)
     at com.ibm.ws.jsp.runtime.HttpJspBase.service(HttpJspBase.java:93)
I had tested the program under following scenarios...
The Java Program for generating the digital signature independently worked successfully(without any change in policy files or java.security file) I have tested this independently on Sun's JDK 1.4, 1.6
For IBM JDK 1.4 on Windows machine for WAS(Webshere Application Server) 6.0, The Program for generating the digital signature using PKCS7 works fine, but it required IBM Policy files(local_policy.jar, US_export_policy.jar) and updation in java.security file
But the problem occurs in Solaris 5.10, WAS 6.0 where Sun JDK 1.4.2_6 is used.
I copied the unlimited strength policy files for JDK 1.4.2 from Sun's site(because the WAS 6.0 is running on Sun's JDK intead of IBM JDK)...
I changed the java.security file as follows(only changed content)
security.provider.1=sun.security.provider.Sun
security.provider.2=com.ibm.security.jgss.IBMJGSSProvider
security.provider.3=com.ibm.crypto.fips.provider.IBMJCEFIPS
security.provider.4=com.ibm.crypto.provider.IBMJCE
security.provider.5=com.ibm.jsse2.IBMJSSEProvider2
security.provider.6=com.ibm.jsse.IBMJSSEProvider
security.provider.7=com.ibm.security.cert.IBMCertPath
security.provider.8=com.ibm.security.cmskeystore.CMSProvider
I have used PKCS12(PFX) file for digital signature
which is same for all environment(i have described as above)
I copied the PFX file from windows to solaris using WinSCP in binary format so the content of certificate won't get currupted.
I can not change the certificate because it's given by the company and which is working in other enviroments absolutely fine(just i have described above)
I have gone though the "http://forums.sun.com/thread.jspa?threadID=408066" and other URLs too. but none of them helped...
So what could be the problem for such exception?????
I am on this issue since last one month...
I know very little about security.
Thanks in advance
PLEASE HELP ME(URGENT)
Edited by: user10935179 on Sep 27, 2010 2:47 AM
Edited by: user10935179 on Sep 27, 2010 2:54 AM

user10935179 wrote:
The Java Program for generating the digital signature independently worked successfully(without any change in policy files or java.security file) If the program was working fine without changing the java.security policy file, why have you changed it to put the IBM Providers ahead of the SunRsaSign provider?
While I cannot be sure (because I don't have an IBM provider to test this), the error is more than likely related to the fact that the IBM Provider implementations for handling RSA keys internally are different from the SunRsaSign provider. Since you've now forced the IBM provider ahead of the original Sun provider, you're probably running into interpretation issues of the encoded objects inside the keystore.
Change your java.security policy back to the default order, and put your IBM Providers at the end of the original list and run your application to see what happens.
Arshad Noor
StrongAuth, Inc.

Similar Messages

  • Urgent help java security problem

    hi,
    i am trying to run simple message example in tahiti but all the time i got this error:
    java.security.AccessControlException: acces denied (com.ibm.aglets.security.contextPermission atp://mycomputername:4434/@ReplyChild create) java.lang.NullPointerException
    please i have to submit this code iknow it is right but what is the problem??why i am getting this error??please help

    Well what you are doing is trying to access a local file from an Applet, an operation that won't be permitted by the default applet security model.
    I guess what you want is to fetch the file from a directory related to the path of the applet classes. To do this you need to use the URL class and the associated constructors of the ImageIcon class. To form the URL to the image file:
    String fileName="warning.gif";
    URL codeBase= this.getCodeBase();
    URL imageURL= new URL(codeBase, fileName);
    ImageIcon warning = new ImageIcon(imageURL);

  • Help Reading Iplanet private key

    hi,
    I am trying to implement PKC7 format message in our project.i was able to read weblogic private key and sign it. where as in IPLANET the key is in a .db file .can any one help in extracting the iplanet private key
    Thanks in advance
    Bala.J

    Start with a google search for *ssh private key site:apple.com*

  • SSL: how to use Multiple Private key/Certificate pair for authentication.

    Hi all,
    i am implementing SSL in java using X509 Certificate/private key combination.
    i have two set of private key/certificate pair.
    one is factory default and another is generated at run time.
    my problem is to try ssl connection with both pairs on same tcp/ip connection.
    e.g. on server side: first try ssl connection with factory default certificate, if it fails try connecting with generated certificate on same tcp/ip connection.
    on client side: if generated certificate(this certificate was generated at server side) is present first perform server authentication using this certificate otherwise authenticate server with factory default certificate.
    can someone please help and let me know how do i need to configure both ends(client and server) for achieving the same.
    Thanks In Advance
    Saurabh Ahuja

    Client code does not contain any default truststore and needs a certificate for authentication.Of course it does. OpenSSL has a way of doing that: some kind of equivalent for the truststore. None of the stuff you've posted here about generating certificates at runtime has any bearing on that problem.
    It's like this. The idea of PKI with SSL is as follows:
    - the server has a private key and a signed certificate. Preferably it's signed by a CA that the client already trusts, otherwise if it's self-signed it has to be exported from the server's keystore and imported into the truststores of all the clients.
    - the client has a truststore that trusts the server, one way or the other, see above.
    - the server's private key is private to it. Nobody else has it. Nobody else can ever get it. If it ever leaks, the server is compromised, and server authentication via that private key now means absolutely nothing. You have lost security.
    - the server sends its cert to the client along with a digital signature signed by its private key.
    - the client (a) decides whether it trusts the cert, via its truststore, and (b) verifies the digital signature, which establishes that the server owns the certificate.
    At this point the server is authenticated to the client and the SSL connection is open. It can now be used as an ordinary socket connection.
    If you want client authentication too, you need all the above in reverse as well, i.e. reading server for client and client for server throughout. Note particularly that each client must have its own private key. Otherwise the private key isn't private, so signing something with it doesn't establish ownership, so client authentication isn't valid.
    You need to understand all this stuff and relate it to the apparently broken security design of your application. Generating a private key and a certificate at runtime is complete nonsense within the context of PKI and SSL. It proves nothing, establishes nothing, authenticates nothing; it just wastes time.

  • Reading private key: works in jdk 1.5, but throws exception in 1.4

    Hello,
    I am trying to read an RSA private key from a file. I am using the following code snippet:
    KeySpec spec = new RSAPrivateKeySpec(modulus, pExp);
    KeyFactory factory = KeyFactory.getInstance("RSA");
    PrivateKey key = factory.generatePrivate(spec);
    This runs perfectly fine under jdk 1.5 on keys I generate with OpenSSL. However, if I recompile and run under jdk 1.4, I get the following exception:
    java.security.spec.InvalidKeySpecException: Unknown key spec.
         at com.sun.net.ssl.internal.ssl.JS_KeyFactory.engineGeneratePrivate(DashoA6275)
         at com.sun.net.ssl.internal.ssl.JSA_RSAKeyFactory.engineGeneratePrivate(DashoA6275)
         at java.security.KeyFactory.generatePrivate(KeyFactory.java:237)
    I have also tried using RSAPrivateCrtKeySpec but I get the same error. Can anyone shed some light on what is going on?
    Thank you.

    'Unlimited Strength Jurisdiction Policy Files 1.4' Could be the solution.
    I had a similar problem with java 1.4 and those files do the work.
    ... finally the problem was that the password that protectd the keystore had 7 characters, using one of 5 characters works ok...

  • Java.security.InvalidKeyException: Unsupported key type: SunPKCS11-MyPKCS11

    I am having a very strange issue with my CAC card. I wrote a small Java program to login into ProjectForge.mil webservice
    ICollabNetSoap m_sfSoap = (ICollabNetSoap)
    ClientSoapStubFactory.getSoapStub(ICollabNetSoap.class, "https://project.forge.mil/");
    String sessionId = m_sfSoap.login("", "");
    After entering CAC PIN, it is throwing exception saying that "javax.net.ssl.SSLHandshakeException: Received fatal alert: unsupported_certificate".
    More specific exception is:
    Caused by: java.security.InvalidKeyException: Unsupported key type: SunPKCS11-MyPKCS11 RSA private key, 2048 bits (id 39632224, token object, sensitive, unextractable)
    Note: I have asked three of my co-workers to run the same program using their CAC's and seems to be working fine.
    Only the difference between their CACs and mine is CA(Certificate Authority Value. Their's is 24 and where as mine is 25). It looks like JVM was not able to understand the private key of my CAC.
    On the other note, my CAC cworks fine with web service client application that was written in .Net.
    I am using Jdk-1.6.0_26 and I have already downloaded and installed latest jce .jar files.
    Any help is greatly appreciated
    Here are the exception details:
    =======================================
    [java] Tue Aug 02 17:07:54 MST 2011 URL assignment worked
    [java] Tue Aug 02 17:07:54 MST 2011 Trying login...
    [java] Exception in thread "main" AxisFault
    [java] faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
    [java] faultSubcode:
    [java] faultString: javax.net.ssl.SSLHandshakeException: Received fatal alert: unsupported_certificate
    [java] faultActor:
    [java] faultNode:
    [java] faultDetail:
    [java] {http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: Received fatal alert: unsupported_certificate
    [java] at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
    [java] at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
    [java] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1720)
    [java] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:954)
    [java] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
    [java] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165)
    [java] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)
    [java] at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
    [java] at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
    [java] at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
    [java] at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
    [java] at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
    [java] at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
    [java] at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
    [java] at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
    [java] at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
    [java] at org.apache.axis.client.Call.invoke(Call.java:2767)
    [java] at org.apache.axis.client.Call.invoke(Call.java:2443)
    [java] at org.apache.axis.client.Call.invoke(Call.java:2366)
    [java] at org.apache.axis.client.Call.invoke(Call.java:1812)
    [java] at com.collabnet.ce.soap50.webservices.cemain.CollabNetSoapStub.login(CollabNetSoapStub.java:115)
    [java] at com.collab.examples.LoginTF.main(LoginTF.java:30)
    [java] {http://xml.apache.org/axis/}hostname:GDYL8420N5B
    [java] javax.net.ssl.SSLHandshakeException: Received fatal alert: unsupported_certificate
    [java] at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
    [java] at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154)
    [java] at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
    [java] at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
    [java] at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
    [java] at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
    [java] at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
    [java] at org.apache.axis.client.Call.invoke(Call.java:2767)
    [java] at org.apache.axis.client.Call.invoke(Call.java:2443)
    [java] at org.apache.axis.client.Call.invoke(Call.java:2366)
    [java] at org.apache.axis.client.Call.invoke(Call.java:1812)
    [java] at com.collabnet.ce.soap50.webservices.cemain.CollabNetSoapStub.login(CollabNetSoapStub.java:115)
    [java] at com.collab.examples.LoginTF.main(LoginTF.java:30)
    [java] Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: unsupported_certificate
    [java] at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
    [java] at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
    [java] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1720)
    [java] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:954)
    [java] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
    [java] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165)
    [java] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)
    [java] at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
    [java] at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
    [java] at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
    [java] at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
    [java] ... 11 more
    [java] Java Result: 1
    ==================================================================
    I have captured more specific exception which says
    Caused by: java.security.InvalidKeyException: Unsupported key type: SunPKCS11-MyPKCS11 RSA private key, 2048 bits (id 39632224, token object, sensitive, unextractable)

    Thanks, I have installed OpenSSL.
    Here is the PEM copy of my certificate
    ==================================================
    -----BEGIN CERTIFICATE-----
    MIIElTCCA32gAwIBAgIDG5RgMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAlVT
    MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UE
    CxMDUEtJMRIwEAYDVQQDEwlET0QgQ0EtMjUwHhcNMTEwMzI1MDAwMDAwWhcNMTIw
    NTI4MjM1OTU5WjCBjDELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJu
    bWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kxEzARBgNVBAsTCkNPTlRS
    QUNUT1IxMjAwBgNVBAMTKVlBUlJBUFVSRUREWS5TT01BU0VLSEFSQS5SRUREWS4x
    Mzg2Nzc5MDM4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPjzB0Lk
    FAMegXbka3944sAm2jq7qKGnpIYhL82/gAj7zJzAPJsoE66L9spiEoDfh0osy2pO
    wqH/0NfQdGjgIGjDG2OrKhTxYXBqKZk2p7V84H4RK5duB8JU7B7R7uY+U9RkyiNd
    YuSycGXKULGa5eow/OCCI3iN8A+4NjpvswKhw3WvWhDow4xl1x6E6I89RhscU78z
    D6VtamidLK8mCWDihplmSFtCCCK5RsUjv/KuZcASAHe3Tb7di2Fb68liS5Yhf5v7
    SrezRYHbHpAZMOImy74t1UzcGkHFkE5kO4SPbAcVyhMwzE3aZNubXl5biQCEmxqh
    80HvckcQj+b5TwIDAQABo4IBMjCCAS4wHwYDVR0jBBgwFoAULgtl+dZl3kujJXWk
    oS6FIUBzuQowNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2NybC5kaXNhLm1pbC9j
    cmwvRE9EQ0FfMjUuY3JsMA4GA1UdDwEB/wQEAwIGwDAjBgNVHSAEHDAaMAsGCWCG
    SAFlAgELCTALBglghkgBZQIBCxMwHQYDVR0OBBYEFFhzyfk4PpY2JzyrNAH+ka4n
    MDLRMGMGCCsGAQUFBwEBBFcwVTAxBggrBgEFBQcwAoYlaHR0cDovL2NybC5kaXNh
    Lm1pbC9zaWduL0RPRENBXzI1LmNlcjAgBggrBgEFBQcwAYYUaHR0cDovL29jc3Au
    ZGlzYS5taWwwGwYDVR0JBBQwEjAQBggrBgEFBQcJBDEEEwJVUzANBgkqhkiG9w0B
    AQUFAAOCAQEATpknlaaGiKZRNL+8YNgVy2kQDEFgdg/O4tB7NBRq3PiyUodnpOur
    2WbML+ViDMv7IxKEKUGnOgpc9CRNCR3+NERmaeVShlQwfF/3PjZ/DWiSuSMD79qC
    Y+tom4AkV69kLKl/O07Ql+jYh+Uy1x+MGWm46QsdOU5kwXHvPrgBI+5IpOrhXAW9
    DmOfTbdpmQvQHBC8nnLscrolQutLQtOIN60mRZmJG1x762sGNQsFgO8fTOus+C8v
    rlGafWRi/BJxlQCB3qb5nvI1TI68DLlqvgvX8IR7fpL/tq222PDAorpGf23YpSQt
    9x1xD5aZLkgYIICa6/L1Yus9FjtCR6eHug==
    -----END CERTIFICATE-----
    =======================================================

  • Security.Cryptography - The specified path is invalid. while accessing the private key stored in LocalMachine store

    Hello,
    I have C# dll which is invoked through a C++ cgi executable which is deployed on apache 2.2. I am getting the following error when I am trying to access the private key of a certificate which is stored in the Localmachine store. It works fine while
    debugging in visual studio.
    It also works fine when I try to access the same certificate from the current user store through apache.
    I have tried running apache as "SYSTEM", even then I get the same error.
    I have followed the right process to import the certificate into the localmachine store through mmc. 
    Error Message:
    The specified path is invalid.
     caused by mscorlib
       at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
       at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
       at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
       at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
       at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
       at SamlImplLib.SamlImpl.GetSamlResponse(String sInParamXml, String sInAttrXml)
    The above error is not really helpful as it doesnt tell me which path is invalid as I am not passing any path in my code. I am just accessing the certificate through the X509Certificate2 store
    Thanks in advance

    Hi,
    This is probably because the worker process identity does not have read permission to the machine key store.
    And I agree with you. "The specified path is invalid" is a typical misleading message.
    You may need to clarify the difference between "SYSTEM- User" and "Current-user "through apache. Good Luck!
    Best regards,
    Kristin
    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click
    HERE to participate the survey.

  • Acrobat 9 Pro / Files with public+private key security

    Hi,
    I'm working at a Software Company. We want to create the Help Documents for our Software in PDF.
    We want to take care, that those PDF documents cannot be opened without our Software.
    My idea is to certificate the PDFs with a public key and the private key is hidden in our program.
    I tested a lot and read the manual, but it doesn't work.
    Thanx for some hints.
    Greetings,
    Sven
    Sorry for the lousy English, I'm from Germany.

    You might be able to write some JavaScript to solve the problem, but even in that case you need to be aware that the security of PDFs are not all that secure, particularly if one uses a 3rd party reader. Apparently several of them ignore the PDF security settings and open the PDF anyway. I do not know if that would occur if the PDF were encrypted in some way.
    So much for giving a spin on the topic. Good luck.

  • Java.security.InvalidKeyException: Illegal key size

    Hi,
    I have developed an adf application using jdeveloper 11g which hosts weblogic 10.3.3.0.
    My adf application has to connect to an external application for credit card validation.
    To achieve this i am using a HTTPURLConnection and passing the external address and attributes that has to be written to it.
    The external application which i am trying to connect is secured starts with https://..
    I get an error as soon i am trying to open the "connection.getOutputStream()".
    Following is the error i am getting
    <Oct 8, 2010 10:32:54 AM CDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
    <Oct 8, 2010 10:32:54 AM CDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
    <Oct 8, 2010 10:32:54 AM CDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
    <Oct 8, 2010 10:32:54 AM CDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "OU=Security Communication RootCA2,O=SECOM Trust Systems CO.\,LTD.,C=JP". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
    <Oct 8, 2010 10:32:54 AM CDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=KEYNECTIS ROOT CA,OU=ROOT,O=KEYNECTIS,C=FR". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
    java.security.InvalidKeyException: Illegal key size
         at javax.crypto.Cipher.a(DashoA13*..)
         at javax.crypto.Cipher.init(DashoA13*..)
         at javax.crypto.Cipher.init(DashoA13*..)
         at com.certicom.tls.provider.Cipher.init(Unknown Source)
         at com.certicom.tls.ciphersuite.SecurityParameters.createWriteCipher(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.changeCipherSpec(Unknown Source)
         at com.certicom.tls.record.handshake.ClientStateReceivedCertificate.handle(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
         at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
         at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
         at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
         at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
         at com.certicom.tls.record.WriteHandler.write(Unknown Source)
         at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
         at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
         at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)The code i am using to connect to the external website is as follows.
        URL url;  
        HttpURLConnection connection = null; 
        try {    
          //Create connection  
          url = new URL(targetURL); 
          connection = (HttpURLConnection)url.openConnection();   
          connection.setRequestMethod("POST");
          connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
         connection.setRequestProperty("Content-Length", "" + Integer.toString(urlParameters.getBytes().length));
          connection.setRequestProperty("Content-Language", "en-US");  
          connection.setUseCaches (false); 
           connection.setDoOutput(true); 
           DataOutputStream wr = new DataOutputStream (      
               connection.getOutputStream ());
                wr.writeBytes (urlParameters);  
                wr.flush ();  
          wr.close ();   
                //Get Response   
          InputStream is = connection.getInputStream();  
          System.out.println("after getting input stream");
        BufferedReader rd = new BufferedReader(new InputStreamReader(is));  
          System.out.println("after BUffered reader");
        String line;  
        StringBuffer response = new StringBuffer();  
          System.out.println("after String buffer");
        while((line = rd.readLine()) != null) {     
          response.append(line);   
          response.append('\r');  
          }      rd.close();  
        return response.toString();
        } catch (Exception e) { 
          e.printStackTrace();   
          return null; 
          } finally { 
          if(connection != null) {      
            connection.disconnect();  
        }I am currently totally clueless , i dont understand what steps should i take. Is this error due to some keystore stuff??
    I even tried to replace the policy files in jre as per some blogs but it still does not work.
    I have very limited knowledge of the security issues with weblogic , i will really appreciate if i can get any links or any help in this matter.
    Thanks in advance
    ash

    The messages prior to the exception are very significant:
    <Oct 8, 2010 10:32:54 AM CDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
    <Oct 8, 2010 10:32:54 AM CDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
    <Oct 8, 2010 10:32:54 AM CDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
    <Oct 8, 2010 10:32:54 AM CDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "OU=Security Communication RootCA2,O=SECOM Trust Systems CO.\,LTD.,C=JP". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
    <Oct 8, 2010 10:32:54 AM CDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=KEYNECTIS ROOT CA,OU=ROOT,O=KEYNECTIS,C=FR". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
    java.security.InvalidKeyException: Illegal key size
    So there are at least 4 certificates in your server's truststore that are causing issues.
    Is your weblogic server using CustomIdentityAndStandardTrust? If so, the the keystore is the $JAVA_HOME/jre/lib/security/cacerts
    You should familiarize yourself with keytool ( in $JAVA_HOME/bin ) and consider removing entries from your trust store unless you absolutely need them and are willing to trust any cert signed by them. There's been a thread about some newer Certificate Authorities ( CAs ) that were included as part of a recent java upgrade which have caused similar "unknown OID" issues.
    For your specific endpoint, you can use your browser to invoke the services' wsdl; this will cause your browser to fetch the certificate from that server
    You can then see what CA is used to sign it. Then see whether that CA is in your truststore.
    There is also a thread with a very simple class to test the SSL handshake:
    Re: Use Server Cert in Managed server not working

  • Can java.security packages work with applets? Help required urgently.

    I recently developed an applet using java.security.KeyPairGenerator, from which I called the KeyPairGenerator to generate a pair of keys for RSA.
    The code :
    KeyPairGenerator kpg = new KeyPairGenerator.getInstance("RSA");
    However my applet refused to work and couldn't find the algorithm specified. When I replaced it with DSA, it could work. Why is this happening?

    I think your browser is using older or its own Java Virtual Machine to run the applet.
    For example IE, it has its own Microsoft Virtual Machine and if you choose to use it, it will definately fail. You can try use the JRE 1.4 Release Candidate version. Because the security is bundle with it, not sure with JRE version 1.3
    Or alternatively, you can use the appletviewer to execute the applet. Again, make sure you run the correct version of appletviewer.
    Good Luck.

  • I need to create public and private keys for security certificate and I can't find the certificate. Where is it?

    I purchased a security certificate, and the site tells me that it was successfully installed. I need to export the certificate so that I can create the public and private keys, but I cannot find the certificate to do so.

    Thank you.

  • Please help me , I am having java.security.AccessControlException

    Hi,
    Let me tell you may problem,
    I have an application with its jar file build inside for eg in E:\Projects folder with the name MyApplication,
    also I have build this application and its jar file whose name is MyApplication.jar is inside dist folder.
    Well I go inside this folder and type this command as I have shown below;
    E:\Projects\MyApplication> java -jar "MyApplication.jar"
    there is no error every thing works fine, but if I go to the root folder and
    type the command as I have shown below;
    E:\>java -jar "E:\Projects\MyApplication\dist\MyApplication.jar"
    I get the following error, tell me whats wrong;
    checkPermission Line no:-1 java.security.AccessController.checkPermission(Unknown Source)
    java.security.AccessControlException: access denied (java.io.FilePermission jint
    egra.log write)
    at java.security.AccessControlContext.checkPermission(Unknown Source)
    at java.security.AccessController.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkWrite(Unknown Source)
    at java.io.FileOutputStream.<init>(Unknown Source)
    at java.io.FileOutputStream.<init>(Unknown Source)
    at com.linar.jintegra.Log.logImmediately(Unknown Source)
    at bis.opencontrol.opcconnector.CheckOPCServerOne.checkThisOPCServerAtTh
    isIPaddress(CheckOPCServerOne.java:74)
    at bis.opencontrol.opcconnector.CheckOPCServerOne.run(CheckOPCServerOne.
    java:57)
    at java.lang.Thread.run(Unknown Source)
    at com.mysql.jdbc.Connection.<init>(Connection.java:716)
    Feb 07,2009 8:12:51:212 PM|bis.opencontrol.opcconnector.CheckOPCServerOne.class(
    120)|Thread-12| checkPermission Line no:-1 java.lang.SecurityManager.checkPermis
    sion(Unknown Source)
    java.security.AccessControlException: access denied (java.io.FilePermission jint
    egra.log write)
    at java.security.AccessControlContext.checkPermission(Unknown Source)
    at java.security.AccessController.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkWrite(Unknown Source)
    at java.io.FileOutputStream.<init>(Unknown Source)
    at java.io.FileOutputStream.<init>(Unknown Source)
    at com.linar.jintegra.Log.logImmediately(Unknown Source)
    at bis.opencontrol.opcconnector.CheckOPCServerOne.checkThisOPCServerAtTh
    isIPaddress(CheckOPCServerOne.java:74)
    Well please help me I don't know whats wrong...

    Reset Security Questions
    http://support.apple.com/kb/ht5312
    If you still have problem, call Apple to help reset your Security Question.
    http://support.apple.com/kb/HT5699

  • HELP!!! java.security.AccessControlException: access denied

    Please help!
    I have the project to use the applet to show the form, this applet is needed to read the file from the server side. when i using the jbuilder to coding, it can work to use the appletviewer to run the program to read the file.
    After that i placed the code to the webapp (localhost), when i start up tomcat and use the ie to view the http://localhost:8080/auditForm/AuditForm.html. (this AuditForm.html is embedded the test.class. test.class use to read the file.
    but error was occurred.
    i am using the File Object to read file
    File propertyFile=new File("C:/Tomcat/webapps/XX/WEB-INF/dbconfig.properties");java.security.AccessControlException: access denied (java.io.FilePermission C:\Tomcat\webapps\auditform\test\dbconfig.properties read)
         at java.security.AccessControlContext.checkPermission(Unknown Source)
         at java.security.AccessController.checkPermission(Unknown Source)
         at java.lang.SecurityManager.checkPermission(Unknown Source)
         at java.lang.SecurityManager.checkRead(Unknown Source)
         at java.io.File.canRead(Unknown Source)
         at DBconfig.<init>(DBconfig.java:31)
         at test.init(test.java:19)
         at sun.applet.AppletPanel.run(Unknown Source)
         at java.lang.Thread.run(Unknown Source)
    i am try to set the security policy in jdk, and tomcat, but also cannot work??? is it wrong setting??? how come.
    urgent!!!!

    Hey guys,
    You can access what ever file you want on the originating host i.e. the server.
    Im guessing you guys are testing your applet code probably before it takes the form of an applet. It's fundamental to realise that applets are downloaded to the client and excuted in a 'sandbox' by the java-plugin installed in the client browser. Hence using a File instance pointing somewhere on the C:\ drive is totally pointless as you likely won't have permission to access the client's hard drive anyway. More to the point, it is totally wrong; the property files or movies do not reside on the client machine.... and there is no need to confuse matters by talking about signing Jars.
    My advice is to read the Applet/JApplet APIs which cleary show how to access 'resources' on the server - no extra permissions are needed so it is not even a security issue. Also, you web application usually can not see outside its context/document base so you will need to put the property file or movies in the same directory (or a visible sub-directory) as the applet code/jar itself.
    Hope this info is of some use.
    Warm regards.

  • Importing a PKCS12 private key into java Keystore

    Hi,
    We have an existing private key, stored in a ".p12" file.
    Currently, our existing program will access this file directly to retrieve the private key, however, we need to import this private key into a keystore so it can be retrieved by our new code.
    Does anyone know whether it is possible to do this, and if so, is there any criteria that need to be met.
    If it is possible, then how do we do it?
    Assistance is appreciated!
    Regards
    Steve Williams

    Sorry to cross-post, but I have a similar problem.
    I have an existing certificate (public/private keypair) that I'm using in Microsoft IIS. Using Cert Manager in Windows2000 I export the certificate preserving the private key into a pfx file. I need to import the public/private keypair into the keystore. I also have the original certificate request and reply from Verisign if that helps any. I've looked everywhere and have been unable to find any information about doing this. Please Help!
    If there is a way to do this using keytool that would be great. If someone knows how to programmatically do this that would also be great.
    Thanks in advance,
    Trey Caldwell
    Software Engineer
    Intrannuity, LLC
    [email protected]

  • Is it possible to have a secure FTP connection using private key authentication?

    Is it possible to have a secure FTP connection using private key authentication to connect to a folder on Business Catalyst?

    Hi,
    Not available at this stage as the only options can be found in the SFTP set-up article.
    - http://helpx.adobe.com/business-catalyst/partner/connecting-site-using-ftp-client.html
    Kind regards,
    -Sidney

Maybe you are looking for

  • How do i turn pop up blocker on or off

    how do i turn pop up blocker on or off

  • Local Interfaces Support in 9.0.2 Release 2?

    Does Oracle9iAS 9.0.2 Release 2 support Local Interfaces? The reference I found is as follows: from http://otn.oracle.com/tech/java/oc4j/htdocs/oc4j-how-to.html: Please note that some of the How-To's only work with later versions of Oracle9iAS Contai

  • To copy contact from my motorola L9 to Nokia E63

    Hi, Can you please provide any mathod to copy my contacts from Motorola L9 to my Nokia E63. I had tried all things but there is only way that send business card through bluetooth but is there any other convinient way to copy, Thanks, Hardik, Personal

  • Automatic backorder scheduling upon goods receipt

    Hello, We need backorder scheduling to run automatically upon goods receipt. When material is received we need backorder scheduling (program SDV03V02) to run automatically so that the allocation of materials to sales orders is updated as soon as poss

  • Configuring IIS6.0 with Sun Access manager

    As I am new to Sun java Access manager .I have installed and configured the Sun Access manager 7.1 on Tomcat and able to login to the console also.Now I am looking to configure the web application which resides in IIS 6.0 with Sun Access manager,To d