You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Yuval Kashtan <yu...@gmail.com> on 2006/11/15 16:59:37 UTC

Default SSL context init failed: SunX509 KeyManagerFacroty nor avilable on IBM JVM

Hello,

I have a java application which uses SSL (alongside other cryptography
services).

When executed in Sun JVM it works just fine.


But when I try to execute on IBM JVM (AIX machine comes only with IBM JVM),

I get the following error:

appProceed
com.trisixtysecurity.agent.tools.AgentRegister(581)java.net.SocketException:
 Default SSL context init failed: SunX509 KeyManagerFactory not available
->at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
 Caused by:  java.net.SocketException: Default SSL context init failed:
SunX509 KeyManagerFactory not available
  ->at
javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:5)
  ->at
org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:92)
  ->at
org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
  ->at
org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
  ->at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
  ->at
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
  ->at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
  ->at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
  ->at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
  ->at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
  ->at org.apache.axis.client.Call.invoke(Call.java:2767)
  ->at org.apache.axis.client.Call.invoke(Call.java:2443)
  ->at org.apache.axis.client.Call.invoke(Call.java:2366)
  ->at org.apache.axis.client.Call.invoke(Call.java:1812)
  ->at
com.trisixtysecurity.agent.amapi.AgentManagerServiceSoapStub.confirmRegsitration(AgentManagerServiceSoapStub.
java:465)
  ->at
com.trisixtysecurity.agent.tools.AgentRegister.appProceed(AgentRegister.java:542)
  ->at
com.trisixtysecurity.agent.common.StdCommandLineApp.invoke(StdCommandLineApp.java:628)
  ->at
com.trisixtysecurity.agent.common.StdCommandLineApp.mainRoutine(StdCommandLineApp.java:710)
  ->at
com.trisixtysecurity.agent.tools.AgentRegister.main(AgentRegister.java:1166)


some additional trace:

Importing certificate serverSignCert.cer to truststore
/opt/TriSixty/Agent/conf/security/hbTest/agentTrusted.pfx
Imported certificate serverSignCert.cer to truststore
/opt/TriSixty/Agent/conf/security/hbTest/agentTrusted.pfx
X509KeyManager passed to SSLContext.init():  need an
X509ExtendedKeyManager for SSLEngine use
Installed Providers =
        IBMJSSE2
        IBMJCE
        IBMJGSSProvider
        IBMCertPath
        IBMSASL
JsseJCE:  Using SecureRandom  from provider IBMJCE version 1.2
trigger seeding of SecureRandom
done seeding SecureRandom
JsseJCE:  Using cipher AES/CBC/NoPadding from provider IBMJCE version 1.2
export control - checking the cipher suites
export control - no cached value available...
export control - storing legal entry into cache...
setting up default SSLSocketFactory
use default IbmJSSE2 impl class: com.ibm.jsse2.SSLSocketFactoryImpl
class com.ibm.jsse2.SSLSocketFactoryImpl is loaded
init keymanager of type SunX509
Default SSL context init failed: java.security.NoSuchAlgorithmException:
SunX509 KeyManagerFactory not available
use dummy SSLSocketFactory due to java.lang.RuntimeException: Default
SSL context init failed: SunX509 KeyManagerFac
tory not available
java.net.SocketException: Default SSL context init failed: SunX509
KeyManagerFactory not available


The code does not include any reference to com.sun.* or sun.* (even
though it used to).


I am using a privatly developed KeyManager and the keystore files are
all JKS format (I've tried also PKCS12 and JCEKS).



Any ideas on how to solve it will really be appreciated.

I would also be glad to hear from anyone who successfully used axis on
IBM AIX.



Also I've notices the following remark inside the code of
org.apache.axis.components.net:

///**
 * SSL socket factory. It _requires_ a valid RSA key and
 * JSSE. (borrowed code from tomcat)
 * 
 * THIS CODE STILL HAS DEPENDENCIES ON sun.* and com.sun.*
 *
 * @author Davanum Srinivas (dims@yahoo.com)
 */

//Which seems to indicate that maybe the problem is in the axis code?



Thanks,
Yuval Kashtan.