Java NoSuchAlgorithmException - SunJSSE, sun.security.ssl.SSLContextImpl$DefaultSSLContext

Question

Background

I have been using the Authorize.net SDK in an Eclipse project of it's own. Everything was working great. I then needed to add it to my main project. I added the dependencies to the class path and the copied in the block of code that I needed. It should have worked.

Problem

Long story short, the code wouldn't work where I placed it. However, it will work when I bring it right out to the main method in the project.

In the place it won't work I stepped through the code with the debugger and found the following exception:

java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)

thrown at:

HttpResponse httpResponse = httpClient.execute(httpPost);

Note: httpClient = DefaultHttpClient from Apache

I'm completely stumped now. Don't what is causing this error. In Eclipse both products appear to be targeting the same JRE. They also both have httpclient-4.0.1.jar. Note that The problematic project also has some other dependencies that the working project doesnt { boneCP, guava, mysql_connector_java, protobuf }

I don't think the extra jars are the cause as the problem code works at a different location in the project.

Any ideas on what is wrong are greatly appreciated, i've spent the day debugging this and don't know where to go next.

Thanks.

Answer 1

I use HttpURLConnection and see error java.security.NoSuchAlgorithmException. I use below codes and solved problem.

SSLContext sslContext = SSLContext.getInstance("SSL"); // or "SSL" depending on your requirements
sslContext.init(null, null, new SecureRandom());

((HttpsURLConnection) connection).setSSLSocketFactory(sslContext.getSocketFactory());

Answer 2

I ran into this error message using typesafe config. I noticed that the error message was preceeded by these log messages:

javax.net.ssl|DEBUG|0A|pool-1-thread-1|2023-07-13 07:23:27.048 CEST|TrustStoreManager.java:161|Inaccessible trust store: /srv/truststore.jks
javax.net.ssl|DEBUG|0A|pool-1-thread-1|2023-07-13 07:23:27.050 CEST|TrustStoreManager.java:112|trustStore is: /usr/lib/jvm/java-11-openjdk-amd64/lib/security/cacerts

So even though I had used -Djavax.net.ssl.trustStore=./truststore.jks when starting the application, it would not stick and the application tried to access a different truststore. The explanation was that /srv/truststore.jks was configured in the reference.conf, overwrote the value of the system property in the code, did not exist locally and did not match the one I wanted to use. Then, a default truststore was used by Java, which of course did not have the correct certificates.

The reference.conf could be overridden by -DtrustStore=./truststore.jks on application start, no further credentials needed.

Answer 3

You can try un-disabling of MD2 by re-enabling it by editing JDK_HOME/jre/lib/security/java.security. Simply comment the following line: From jdk.certpath.disabledAlgorithms=MD2 to #jdk.certpath.disabledAlgorithms=MD2

Answer 4

similar issue - had this bug when running from within intellij, did not have it when running from maven.

turns out that IntelliJ was internally using bad java:

/usr/lib/jvm/java-1.11.0-openjdk-amd64/bin/java --version
openjdk 11.0.12 2021-07-20

while maven was using good java:

/usr/local/buildtools/java/jdk11/bin/java --version
openjdk 11.0.11 2021-08-03

probably one of these had some of the above keystore problems.

Answer 5

I had the similar issue. The problem was in the passwords: the Keystore and private key used different passwords. (KeyStore explorer was used)

After creating Keystore with the same password as private key had the issue was resolved.

Answer 6

I've had a similar issue with this error. In my case, I was entering the incorrect password for the Keystore.

I changed the password for the Keystore to match what I was entering (I didn't want to change the password I was entering), but it still gave the same error.

keytool -storepasswd -keystore keystore.jks

Problem was that I also needed to change the Key's password within the Keystore.

When I initially created the Keystore, the Key was created with the same password as the Keystore (I accepted this default option). So I had to also change the Key's password as follows:

keytool -keypasswd  -alias my.alias -keystore keystore.jks

Answer 7

Well after doing some more searching I discovered the error may be related to other issues as invalid keystores, passwords etc.

I then remembered that I had set two VM arguments for when I was testing SSL for my network connectivity.

I removed the following VM arguments to fix the problem:

-Djavax.net.ssl.keyStore=mySrvKeystore -Djavax.net.ssl.keyStorePassword=123456

Note: this keystore no longer exists so that's probably why the Exception.