No algorithm: SHA1withRSA for provider SUN

Help
2012-08-24
2013-02-26
  • Hubert Kario
    Hubert Kario
    2012-08-24

    When I try to use new TimeStampService using JKS key store I get following exception:

    TSA_EXCEPTION: NoSuchAlgorithmException: no such algorithm: SHA1withRSA for provider SUN; EXCEPTION: NoSuchAlgorithmException: no such algorithm: SHA1withRSA for provider SUN
    

    I've found no way to define which provider should SignServer use to sign the responses, SUN is completely wrong as it supports only DSA keys and signatures.

    First I removed the default worker than  I've created new one using following config file:

    GLOB.WORKERGENID1.CLASSPATH = org.signserver.module.tsa.TimeStampSigner
    GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH = org.signserver.server.cryptotokens.JKSCryptoToken
    WORKERGENID1.NAME=TimeStampSigner
    WORKERGENID1.AUTHTYPE=NOAUTH
    WORKERGENID1.KEYSTOREPATH=/opt/signserver-3.2.2/TimeStampSigner.jks
    WORKERGENID1.DEFAULTTSAPOLICYOID=1.2.3
    

    Using following commands:

    bin/signserver.sh setproperties timeStamper.properties
    bin/signserver.sh reload 1
    bin/signserver.sh getstatus brief all
    keytool -import -file /tmp/CA.pem -keystore /opt/signserver-3.2.2/TimeStampSigner.jks
    keytool -genkeypair -keyalg RSA -keysize 2048 -alias signKey -keystore TimeStampSigner.jks
    keytool -certreq -alias signKey -file /tmp/timeStampServer.csr -keystore TimeStampSigner.jks
    # sign the CSR using CA, save the cert as /tmp/timeStampSigner.pem
    keytool -import -alias signKey -file /tmp/timeStampSigner.pem -keystore TimeStampSigner.jks
    bin/signserver.sh uploadsignercertificate 1 glob /tmp/timeStampSigner.pem
    bin/signserver.sh reload 1
    bin/signserver.sh activatecryptotoken 1
    

    Stacktrace follows:

    2012-08-24 12:52:40,369 ERROR [org.signserver.module.tsa.TimeStampSigner] (http-0.0.0.0-8080-1) NoSuchAlgorithmException: 
    java.security.NoSuchAlgorithmException: no such algorithm: SHA1withRSA for provider SUN
            at sun.security.jca.GetInstance.getService(GetInstance.java:100)
            at sun.security.jca.GetInstance.getInstance(GetInstance.java:218)
            at java.security.Signature.getInstance(Signature.java:384)
            at org.bouncycastle.cms.CMSSignedHelper.getSignatureInstance(Unknown Source)
            at org.bouncycastle.cms.CMSSignedDataGenerator$SignerInf.toSignerInfo(Unknown Source)
            at org.bouncycastle.cms.CMSSignedDataGenerator.generate(Unknown Source)
            at org.bouncycastle.cms.CMSSignedDataGenerator.generate(Unknown Source)
            at org.bouncycastle.tsp.TimeStampTokenGenerator.generate(Unknown Source)
            at org.signserver.server.tsa.org.bouncycastle.tsp.TimeStampResponseGenerator.generate(TimeStampResponseGenerator.java:154)
            at org.signserver.module.tsa.TimeStampSigner.processData(TimeStampSigner.java:360)
            at org.signserver.ejb.WorkerSessionBean.process(WorkerSessionBean.java:293)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
            at java.lang.reflect.Method.invoke(Method.java:616)
            at org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
            at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
            at org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
            at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
            at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
            at sun.reflect.GeneratedMethodAccessor285.invoke(Unknown Source)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
            at java.lang.reflect.Method.invoke(Method.java:616)
            at org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
            at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
            at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
            at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_1834603600.invoke(InvocationContextInterceptor_z_fillMethod_1834603600.java)
            at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
            at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
            at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_1834603600.invoke(InvocationContextInterceptor_z_setup_1834603600.java)
            at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
            at org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
            at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
            at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
            at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
            at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
            at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
            at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
            at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
            at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
            at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
            at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
            at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:190)
            at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
            at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
            at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
            at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
            at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
            at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)
            at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
            at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
            at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
            at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
            at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
            at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
            at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
            at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:176)
            at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:216)
            at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:207)
            at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:164)
            at $Proxy368.process(Unknown Source)
            at org.signserver.web.GenericProcessServlet.processRequest(GenericProcessServlet.java:364)
            at org.signserver.web.GenericProcessServlet.doPost(GenericProcessServlet.java:268)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
            at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
            at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
            at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
            at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
            at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
            at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
            at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
            at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
            at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
            at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
            at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
            at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
            at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
            at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
            at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
            at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
            at java.lang.Thread.run(Thread.java:636)
    
     
  • Hubert Kario
    Hubert Kario
    2012-08-24

    I've fixed it by changing line 157 in

    modules/SignServer-ejb/src/java/org/signserver/server/cryptotokens/KeystoreCryptoToken.java
    

    from

                this.provider = ks.getProvider().getName();
    

    to

                this.provider = "BC";
    

    But I don't know if this is really a bug just misconfiguration on my part…

     
  • Markus Kilås
    Markus Kilås
    2012-08-27

    Normally using a JKS file should work fine.
    Which version of Java are you using and on which OS/distribution?
    If you are using Oracle JDK, have you installed the 'Unlimited Strength Jurisdiction Policy Files' ?

    BR,
    Markus
    PrimeKey Solutions