No algorithm: SHA1withRSA for provider SUN

Help
2012-08-24
2013-02-26
  • Hubert Kario

    Hubert Kario - 2012-08-24

    When I try to use new TimeStampService using JKS key store I get following exception:

    TSA_EXCEPTION: NoSuchAlgorithmException: no such algorithm: SHA1withRSA for provider SUN; EXCEPTION: NoSuchAlgorithmException: no such algorithm: SHA1withRSA for provider SUN
    

    I've found no way to define which provider should SignServer use to sign the responses, SUN is completely wrong as it supports only DSA keys and signatures.

    First I removed the default worker than  I've created new one using following config file:

    GLOB.WORKERGENID1.CLASSPATH = org.signserver.module.tsa.TimeStampSigner
    GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH = org.signserver.server.cryptotokens.JKSCryptoToken
    WORKERGENID1.NAME=TimeStampSigner
    WORKERGENID1.AUTHTYPE=NOAUTH
    WORKERGENID1.KEYSTOREPATH=/opt/signserver-3.2.2/TimeStampSigner.jks
    WORKERGENID1.DEFAULTTSAPOLICYOID=1.2.3
    

    Using following commands:

    bin/signserver.sh setproperties timeStamper.properties
    bin/signserver.sh reload 1
    bin/signserver.sh getstatus brief all
    keytool -import -file /tmp/CA.pem -keystore /opt/signserver-3.2.2/TimeStampSigner.jks
    keytool -genkeypair -keyalg RSA -keysize 2048 -alias signKey -keystore TimeStampSigner.jks
    keytool -certreq -alias signKey -file /tmp/timeStampServer.csr -keystore TimeStampSigner.jks
    # sign the CSR using CA, save the cert as /tmp/timeStampSigner.pem
    keytool -import -alias signKey -file /tmp/timeStampSigner.pem -keystore TimeStampSigner.jks
    bin/signserver.sh uploadsignercertificate 1 glob /tmp/timeStampSigner.pem
    bin/signserver.sh reload 1
    bin/signserver.sh activatecryptotoken 1
    

    Stacktrace follows:

    2012-08-24 12:52:40,369 ERROR [org.signserver.module.tsa.TimeStampSigner] (http-0.0.0.0-8080-1) NoSuchAlgorithmException: 
    java.security.NoSuchAlgorithmException: no such algorithm: SHA1withRSA for provider SUN
            at sun.security.jca.GetInstance.getService(GetInstance.java:100)
            at sun.security.jca.GetInstance.getInstance(GetInstance.java:218)
            at java.security.Signature.getInstance(Signature.java:384)
            at org.bouncycastle.cms.CMSSignedHelper.getSignatureInstance(Unknown Source)
            at org.bouncycastle.cms.CMSSignedDataGenerator$SignerInf.toSignerInfo(Unknown Source)
            at org.bouncycastle.cms.CMSSignedDataGenerator.generate(Unknown Source)
            at org.bouncycastle.cms.CMSSignedDataGenerator.generate(Unknown Source)
            at org.bouncycastle.tsp.TimeStampTokenGenerator.generate(Unknown Source)
            at org.signserver.server.tsa.org.bouncycastle.tsp.TimeStampResponseGenerator.generate(TimeStampResponseGenerator.java:154)
            at org.signserver.module.tsa.TimeStampSigner.processData(TimeStampSigner.java:360)
            at org.signserver.ejb.WorkerSessionBean.process(WorkerSessionBean.java:293)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
            at java.lang.reflect.Method.invoke(Method.java:616)
            at org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
            at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
            at org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
            at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
            at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
            at sun.reflect.GeneratedMethodAccessor285.invoke(Unknown Source)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
            at java.lang.reflect.Method.invoke(Method.java:616)
            at org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
            at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
            at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
            at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_1834603600.invoke(InvocationContextInterceptor_z_fillMethod_1834603600.java)
            at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
            at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
            at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_1834603600.invoke(InvocationContextInterceptor_z_setup_1834603600.java)
            at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
            at org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
            at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
            at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
            at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
            at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
            at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
            at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
            at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
            at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
            at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
            at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
            at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:190)
            at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
            at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
            at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
            at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
            at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
            at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)
            at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
            at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
            at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
            at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
            at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
            at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
            at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
            at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:176)
            at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:216)
            at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:207)
            at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:164)
            at $Proxy368.process(Unknown Source)
            at org.signserver.web.GenericProcessServlet.processRequest(GenericProcessServlet.java:364)
            at org.signserver.web.GenericProcessServlet.doPost(GenericProcessServlet.java:268)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
            at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
            at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
            at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
            at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
            at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
            at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
            at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
            at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
            at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
            at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
            at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
            at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
            at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
            at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
            at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
            at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
            at java.lang.Thread.run(Thread.java:636)
    
     
  • Hubert Kario

    Hubert Kario - 2012-08-24

    I've fixed it by changing line 157 in

    modules/SignServer-ejb/src/java/org/signserver/server/cryptotokens/KeystoreCryptoToken.java
    

    from

                this.provider = ks.getProvider().getName();
    

    to

                this.provider = "BC";
    

    But I don't know if this is really a bug just misconfiguration on my part…

     
  • Markus Kilås

    Markus Kilås - 2012-08-27

    Normally using a JKS file should work fine.
    Which version of Java are you using and on which OS/distribution?
    If you are using Oracle JDK, have you installed the 'Unlimited Strength Jurisdiction Policy Files' ?

    BR,
    Markus
    PrimeKey Solutions

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks