Wildfly 24, Java 11.0.11 adding external security provider

Question

I'm trying to use external security provider, like nCipherKM on Wildfly24.0.0 and JDK 11.0.11, however with no luck so far.

I've configured standalone.conf with:

JDK_JAVA_OPTIONS="-cp /opt/nfast/java/classes/nCipherKM.jar"

and

JAVA_OPTS="$JAVA_OPTS $JDK_JAVA_OPTIONS"

And I see wildfly started with that classpath, however, when I want to use it with the application, I'm getting the following in the server.log:

java.security.NoSuchProviderException: no such provider: nCipherKM

In the java.security I have added:

security.provider.13=nCipherKM

Any ideas what I'm missing?

Thanks

Answer 1

After looking into the nCipher user guide I noticed that after I ran this:

`java --module-path /opt/nfast/java/classes com.ncipher.provider.InstallationTest

Installed providers: 1: SUN 2: SunRsaSign 3: SunJSSE 4: SunJCE

Unlimited strength jurisdiction files are installed. The nCipher provider is not correctly installed.`

See, something is not correctly set in the java.security file. So, instead just putting security.provider.13=nCipherKM I actually put

security.provider.13=com.ncipher.provder.km.nCipherKM

The result is:

java --module-path /opt/nfast/java/classes com.ncipher.provider.InstallationTest

Installed providers: 1: SUN 2: SunRsaSign 3: SunJSSE 4: SunJCE 5: nCipherKM

Unlimited strength jurisdiction files are installed. The nCipher provider is installed, but is not registered at the top of the providers list in the java.security file. See the user guide for more information about the recommended system configuration.

nCipher JCE services: Alg.Alias.AlgorithmParameters.DESede ...

Then in the standalone.conf I used the exact --module-path option as I did for the installationTest, like this:

JDK_JAVA_OPTIONS="--module-path /opt/nfast/java/classes" JAVA_OPTS="$JAVA_OPTS $JDK_JAVA_OPTIONS"

And restarted wildfly service.

And, application can now reach the nCipherKM and the key loads with success! :)

Hope this helps someone out there.