CODEWITHSUNDEEP
javaweb-servicessslwebsphere-7
ScrappyDev
ScrappyDev

Reputation: 2778

java.lang.SecurityException: The Jar (/opt/WebSphere/AppServer7/plugins/com.ibm.ws.security.crypto.jar) is not signed by a trusted signer

I'm getting a Jar is not signed by trusted signer issue, when the application is running on WebSphere 7.
However I am not getting an error when I run it locally on Tomcat 7 with the jdk1.6.0_45.

I added Security.insertProviderAt(new BouncyCastleProvider(), 1); in order to use BouncyCastles's provider instead of the default one. This allows us to hit a web service that is forcing TLSv1.0 as the SSL Protocol.

Suspected Cause

static {
    Security.insertProviderAt(new BouncyCastleProvider(), 1);
}

The Class where the error happens

@WebServiceClient(name = "Outbound_Service", targetNamespace = WS_NAMESPACE)
public class SmsOutBoundClientWSImpl extends Service implements SmsOutBoundClient {

    private static final int CONNECT_TIMEOUT = 10000;
    private static final int REQUEST_TIMEOUT = 30000;

    private static final QName serviceName = new QName(WS_NAMESPACE, "Outbound_Service");

    private static final Logger logger = Logger.getLogger(SmsOutBoundClientWSImpl.class); 

    private URL smsUrl;
    private EnterpriseTextMessagingOutboundPortType mService;

    private String applicationID;
    private String refNumber;
    private String source;
    private String deliveryReceiptRegisteredInd;

    static {
        Security.insertProviderAt(new BouncyCastleProvider(), 1);
    }

    public SmsOutBoundClientWSImpl(URL wsdlUrl){
        super(wsdlUrl, serviceName); <<<<<<<<<<<<< ERROR Happens at this line
        this.smsUrl=wsdlUrl;
        this.mService = this.getEmsSoapHttpPort();
        setRequestContextProperties();
    }

    public SmsOutBoundClientWSImpl(URL wsdlUrl, WebServiceFeature... features) {
        super(wsdlUrl, serviceName);
        this.smsUrl=wsdlUrl;
        this.mService = this.getEmsSoapHttpPort(features);
        setRequestContextProperties();
    }
***** Etc. *****
}

Stack Trace:

Caused by: java.lang.SecurityException: The Jar (/opt/WebSphere/AppServer7/plugins/com.ibm.ws.security.crypto.jar) is not signed by a trusted signer
    at javax.net.ssl.SSLJsseUtil.a(SSLJsseUtil.java:93)
    at javax.net.ssl.SSLJsseUtil.b(SSLJsseUtil.java:90)
    at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:6)
    at javax.net.ssl.HttpsURLConnection.getDefaultSSLSocketFactory(HttpsURLConnection.java:16)
    at javax.net.ssl.HttpsURLConnection.<init>(HttpsURLConnection.java:19)
    at com.ibm.net.ssl.www2.protocol.https.b.<init>(b.java:83)
    at com.ibm.net.ssl.www2.protocol.https.Handler.openConnection(Handler.java:11)
    at com.ibm.net.ssl.www2.protocol.https.Handler.openConnection(Handler.java:6)
    at java.net.URL.openConnection(URL.java:957)
    at org.apache.axis2.jaxws.util.WSDL4JWrapper$3.run(WSDL4JWrapper.java:319)
    at org.apache.axis2.java.security.AccessController.doPrivileged(AccessController.java:132)
    at org.apache.axis2.jaxws.util.WSDL4JWrapper.openConnection(WSDL4JWrapper.java:317)
    at org.apache.axis2.jaxws.util.WSDL4JWrapper.getURLConnection(WSDL4JWrapper.java:296)
    at org.apache.axis2.jaxws.util.WSDL4JWrapper.access$000(WSDL4JWrapper.java:77)
    at org.apache.axis2.jaxws.util.WSDL4JWrapper$2.run(WSDL4JWrapper.java:306)
    at org.apache.axis2.java.security.AccessController.doPrivileged(AccessController.java:132)
    at org.apache.axis2.jaxws.util.WSDL4JWrapper.getPrivilegedURLConnection(WSDL4JWrapper.java:304)
    at org.apache.axis2.jaxws.util.WSDL4JWrapper.commonPartsURLConstructor(WSDL4JWrapper.java:184)
    at org.apache.axis2.jaxws.util.WSDL4JWrapper.<init>(WSDL4JWrapper.java:156)
    at org.apache.axis2.jaxws.description.impl.ServiceDescriptionImpl.setupWsdlDefinition(ServiceDescriptionImpl.java:1191)
    at org.apache.axis2.jaxws.description.impl.ServiceDescriptionImpl.<init>(ServiceDescriptionImpl.java:245)
    at org.apache.axis2.jaxws.description.impl.ServiceDescriptionImpl.<init>(ServiceDescriptionImpl.java:168)
    at org.apache.axis2.jaxws.description.impl.DescriptionFactoryImpl.createServiceDescription(DescriptionFactoryImpl.java:142)
    at org.apache.axis2.jaxws.description.impl.DescriptionFactoryImpl.createServiceDescription(DescriptionFactoryImpl.java:79)
    at org.apache.axis2.jaxws.description.DescriptionFactory.createServiceDescription(DescriptionFactory.java:76)
    at org.apache.axis2.jaxws.spi.ServiceDelegate.<init>(ServiceDelegate.java:212)
    at org.apache.axis2.jaxws.spi.Provider.createServiceDelegate(Provider.java:71)
    at javax.xml.ws.Service.<init>(Service.java:67)
    at gov.xxxx.pts.api.sms.outbound.SmsOutBoundClientWSImpl.<init>(SmsOutBoundClientWSImpl.java:57)
    at gov.xxxx.pts.api.sms.ws.SmsService.getSmsOutBoundClient(SmsService.java:762)
    at gov.xxxx.pts.api.sms.ws.SmsService.createSmsOutboundProcessor(SmsService.java:672)
    at gov.xxxx.pts.api.sms.ws.SmsService.processTrackEventsAndSaveNotificationRequest(SmsService.java:495)
    at gov.xxxx.pts.api.sms.ws.SmsService.processTrackRequest(SmsService.java:474)
    at gov.xxxx.pts.api.sms.ws.SmsService.nonMobileProviderRequest(SmsService.java:196)
    at gov.xxxx.pts.api.sms.ws.NonMobileProviderRequestWs.nonMobileProviderRequest(NonMobileProviderRequestWs.java:34)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
    at java.lang.reflect.Method.invoke(Method.java:611)
    at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81)
    at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:151)
    at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:171)
    at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:152)
    at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:104)
    at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:367)
    at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:349)
    at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:106)
    at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:259)
    at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)
    at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)
    at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
    at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
    at org.glassfish.jersey.internal.Errors.process(Errors.java:267)
    at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:318)
    at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:236)
    at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:983)
    at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:361)
    at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:372)
    at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:335)
    at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:218)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1694)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1635)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:149)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:369)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:100)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:78)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:168)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
    at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:125)
    at org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
    at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:125)
    at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
    at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:125)
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
    at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:125)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilterChain.java:80)
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:908)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:965)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:508)
    at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:181)
    at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3994)
    at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:276)
    at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:945)
    at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1592)
    at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:191)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:454)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:516)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:307)
    at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:84)
    at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:175)
    at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
    at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
    at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
    at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
    at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
    at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
    ... 1 more

Full Stack Trace:
Full Stack trace is too large for Stack Overflow.
http://pastebin.com/qkvsqR5z

Upvotes: 1

Views: 6098

Answers (2)

Michael Cheng
Michael Cheng

Reputation: 11

You should be able to configure TLS with out-of-the-box WebSphere without resorting to using Bouncy Castle. It is unclear what effect Bouncy Castle has on WebSphere. From administrative console:

  1. Go to SSL certificate and key management > SSL configurations
  2. Select the SSL Configuration, it might be necessary to do it once for each
  3. Go to Quality of protection (QoP)
  4. In the box labeled "Protocol", select TLS.

Also with out of the box WebSphere, you could try <WAS_HOME>/java/bin/jarSigner -verify <WAS_HOME>/plugins/com.ibm.ws.security.crypto.jar. If it does not verify, there is something wrong with the installation.

Upvotes: 1

Vikrant Kashyap
Vikrant Kashyap

Reputation: 6846

Here you are using jdk v1.6.** and Tomcat V_7 but there might be a chance that whatever jar you try to add to your lib is compiled in jdk v1.7 or upper versions.

So, this issues came only because of this reason. You may download a jar which is compiled in java V_6.** or Update your Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files. Either of these two may solve your problem.

Java jce7 Link to download

You may find your solution The jurisdiction policy files are not signed by a trusted signer Too.

Upvotes: 0

Related Questions