Error occure when I run java com.ncipher.provider.InstallationTest for chek correct instalation provider nCipherKM.
> java com.ncipher.provider.InstallationTest
talled providers:
nCipherKM
SUN
SunRsaSign
SunEC
SunJSSE
SunJCE
SunJGSS
SunSASL
XMLDSig
SunPCSC
SunMSCAPI
Exception in thread "main" java.lang.ExceptionInInitializerError
at javax.crypto.JceSecurity.loadPolicies(JceSecurity.java:378)
at javax.crypto.JceSecurity.setupJurisdictionPolicies(JceSecurity.java:323)
at javax.crypto.JceSecurity.access$000(JceSecurity.java:50)
at javax.crypto.JceSecurity$1.run(JceSecurity.java:85)
at java.security.AccessController.doPrivileged(Native Method)
at javax.crypto.JceSecurity.<clinit>(JceSecurity.java:82)
at javax.crypto.JceSecurityManager.<clinit>(JceSecurityManager.java:65)
at javax.crypto.Cipher.getConfiguredPermission(Cipher.java:2586)
at javax.crypto.Cipher.getMaxAllowedKeyLength(Cipher.java:2610)
at com.ncipher.provider.InstallationTest.unlimitedStrengthJurisdictionPolicyFilesInstalled(InstallationTest.java:130)
at com.ncipher.provider.InstallationTest.main(InstallationTest.java:70)
Caused by: java.lang.SecurityException: Framework jar verification can not be initialized
at javax.crypto.JarVerifier.<clinit>(JarVerifier.java:228)
... 11 more
Caused by: com.ncipher.provider.nCCommunicationException: Error NoUsableModules while opening channel for MessageDigest mech 44 (SHA1Hash)
at com.ncipher.provider.nCHash.openChannel(nCHash.java:208)
at com.ncipher.provider.nCHash.updateChannel(nCHash.java:215)
at com.ncipher.provider.nCHash.flush(nCHash.java:175)
at com.ncipher.provider.nCHash.engineDigest(nCHash.java:91)
at java.security.MessageDigest$Delegate.engineDigest(Unknown Source)
at java.security.MessageDigest.digest(Unknown Source)
at javax.crypto.JarVerifier.getSystemEntropy(JarVerifier.java:857)
at javax.crypto.JarVerifier.testSignatures(JarVerifier.java:744)
at javax.crypto.JarVerifier.access$400(JarVerifier.java:37)
at javax.crypto.JarVerifier$1.run(JarVerifier.java:222)
at javax.crypto.JarVerifier$1.run(JarVerifier.java:187)
at java.security.AccessController.doPrivileged(Native Method)
at javax.crypto.JarVerifier.<clinit>(JarVerifier.java:186)
... 11 more
What I do:
Copy the nCipherKM.jar file from /java/classes to /jre/lib/ext.
Download Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files from oracle and copy local_policy.jar and US_export_policy.jar to у jre/lib/security
Add to jre/lib/security/java.security nCipherKM provider as first:
security.provider.1=com.ncipher.provider.km.mCipherKM
security.provider.2=sun.security.provider.Sun
security.provider.3=sun.security.rsa.SunRsaSign
...
Run:
java com.ncipher.provider.InstallationTest
And get eror.
The issue is that your HSM(s) are not Usable, which means they're not reachable, are in the wrong mode, or in an otherwise unusable state:
Caused by: com.ncipher.provider.nCCommunicationException: Error
NoUsableModules while opening channel for MessageDigest mech 44
(SHA1Hash)
Run /opt/nfast/bin/enquiry to find out what the state of your module(s) is and fix accordingly.
You have nCipherKM as first in the list (as it says you should in the manual) which means your JVM will go to it for all crypto operations including hashing.
Related
I have this problem while building the apk of a React Native application:
Caused by: java.io.IOException: Failed to generate v1 signature
Caused by: java.security.InvalidKeyException: Failed to sign using signer "CERT"
Caused by: java.security.InvalidKeyException: Failed to sign using SHA1withDSA
Caused by: java.security.InvalidKeyException: The security strength of SHA-1 digest algorithm is not sufficient for this key size
Knowing that the keystore was generated using Java 8. And now, I'm using Java 11 in another computer.
Is there a way to solve this problem without generating a new keystore, because the app is already in store ?
Rolling back to Java 8 not working because it's not compatible with the new Version of React Native 0.70.
Yesterday, I upgraded my iMac to macOS Big Sur. When I attempted to launch the Neo4j Console app in Terminal, it returned a series of errors. I was running 3.5.20 of the Community Server.
I thought I could resolve these errors by installing the latest version of the Community Server. I downloaded and installed version 3.5.24. When I attempted to launch the 3.5.24 database, it returned the following errors, which are similar to those version 3.5.20 produced.
Starting Neo4j.
2020-11-17 12:36:06.242+0000 WARN dbms.active_database is deprecated.
2020-11-17 12:36:06.275+0000 INFO ======== Neo4j 3.5.24 ========
2020-11-17 12:36:06.299+0000 INFO Starting...
2020-11-17 12:36:15.159+0000 ERROR Failed to start Neo4j: Starting Neo4j failed: Component 'org.neo4j.server.database.LifecycleManagingDatabase#39993624' was successfully initialized, but failed to start. Please see the attached cause exception "The jurisdiction policy files are not signed by the expected signer! (Policy files are specific per major JDK release.Ensure the correct version is installed.)". Starting Neo4j failed: Component
'org.neo4j.server.database.LifecycleManagingDatabase#39993624' was successfully initialized, but failed to start. Please see the attached cause exception "The jurisdiction policy files are not signed by the expected signer! (Policy files are specific per major JDK release.Ensure the correct version is installed.)".
org.neo4j.server.ServerStartupException: Starting Neo4j failed: Component 'org.neo4j.server.database.LifecycleManagingDatabase#39993624' was successfully initialized, but failed to start. Please see the attached cause exception "The jurisdiction policy files are not signed by the expected signer! (Policy files are specific per major JDK release.Ensure the correct version is installed.)".
at org.neo4j.server.exception.ServerStartupErrors.translateToServerStartupError(ServerStartupErrors.java:45)
at org.neo4j.server.AbstractNeoServer.start(AbstractNeoServer.java:187)
at org.neo4j.server.ServerBootstrapper.start(ServerBootstrapper.java:124)
at org.neo4j.server.ServerBootstrapper.start(ServerBootstrapper.java:91)
at org.neo4j.server.CommunityEntryPoint.main(CommunityEntryPoint.java:32)
Caused by: org.neo4j.kernel.lifecycle.LifecycleException: Component 'org.neo4j.server.database.LifecycleManagingDatabase#39993624' was successfully initialized, but failed to start. Please see the attached cause exception "The jurisdiction policy files are not signed by the expected signer! (Policy files are specific per major JDK release.Ensure the correct version is installed.)".
at org.neo4j.kernel.lifecycle.LifeSupport$LifecycleInstance.start(LifeSupport.java:473)
at org.neo4j.kernel.lifecycle.LifeSupport.start(LifeSupport.java:111)
at org.neo4j.server.AbstractNeoServer.start(AbstractNeoServer.java:180)
... 3 more
Caused by: java.lang.RuntimeException: Error starting org.neo4j.graphdb.facade.GraphDatabaseFacadeFactory, /Users/ciro/Applications/neo4j-community-3.5.24/data/databases
at org.neo4j.graphdb.facade.GraphDatabaseFacadeFactory.initFacade(GraphDatabaseFacadeFactory.java:232)
at org.neo4j.graphdb.facade.GraphDatabaseFacadeFactory.newFacade(GraphDatabaseFacadeFactory.java:148)
at org.neo4j.server.database.CommunityGraphFactory.newGraphDatabase(CommunityGraphFactory.java:41)
at org.neo4j.server.database.LifecycleManagingDatabase.start(LifecycleManagingDatabase.java:90)
at org.neo4j.kernel.lifecycle.LifeSupport$LifecycleInstance.start(LifeSupport.java:452)
... 5 more
Caused by: org.neo4j.kernel.lifecycle.LifecycleException: Component 'org.neo4j.bolt.BoltServer#e156110' was successfully initialized, but failed to start. Please see the attached cause exception "The jurisdiction policy files are not signed by the expected signer! (Policy files are specific per major JDK release.Ensure the correct version is installed.)".
at org.neo4j.kernel.lifecycle.LifeSupport$LifecycleInstance.start(LifeSupport.java:473)
at org.neo4j.kernel.lifecycle.LifeSupport.start(LifeSupport.java:111)
at org.neo4j.graphdb.facade.GraphDatabaseFacadeFactory.initFacade(GraphDatabaseFacadeFactory.java:227)
... 9 more
Caused by: java.lang.ExceptionInInitializerError
at javax.crypto.Cipher.getInstance(Cipher.java:518)
at sun.security.ssl.JsseJce.getCipher(JsseJce.java:189)
at sun.security.ssl.SSLCipher.isTransformationAvailable(SSLCipher.java:483)
at sun.security.ssl.SSLCipher.<init>(SSLCipher.java:472)
at sun.security.ssl.SSLCipher.<clinit>(SSLCipher.java:81)
at sun.security.ssl.CipherSuite.<clinit>(CipherSuite.java:67)
at sun.security.ssl.SSLContextImpl.getApplicableSupportedCipherSuites(SSLContextImpl.java:345)
at sun.security.ssl.SSLContextImpl.access$100(SSLContextImpl.java:46)
at sun.security.ssl.SSLContextImpl$AbstractTLSContext.<clinit>(SSLContextImpl.java:577)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:264)
at java.security.Provider$Service.getImplClass(Provider.java:1728)
at java.security.Provider$Service.newInstance(Provider.java:1686)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
at io.netty.handler.ssl.JdkSslContext.<clinit>(JdkSslContext.java:73)
at io.netty.handler.ssl.SslContext.newServerContextInternal(SslContext.java:465)
at io.netty.handler.ssl.SslContextBuilder.build(SslContextBuilder.java:571)
at org.neo4j.ssl.SslPolicy.nettyServerContext(SslPolicy.java:81)
at org.neo4j.bolt.BoltServer.createSslContext(BoltServer.java:202)
at org.neo4j.bolt.BoltServer.createProtocolInitializer(BoltServer.java:170)
at org.neo4j.bolt.BoltServer.lambda$createConnectors$0(BoltServer.java:149)
at java.util.stream.Collectors.lambda$toMap$58(Collectors.java:1321)
at java.util.stream.ReduceOps$3ReducingSink.accept(ReduceOps.java:169)
at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1384)
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:482)
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:472)
at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708)
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:499)
at org.neo4j.bolt.BoltServer.createConnectors(BoltServer.java:149)
at org.neo4j.bolt.BoltServer.start(BoltServer.java:124)
at org.neo4j.kernel.lifecycle.LifeSupport$LifecycleInstance.start(LifeSupport.java:452)
... 11 more
Caused by: java.lang.SecurityException: Can not initialize cryptographic mechanism
at javax.crypto.JceSecurity.<clinit>(JceSecurity.java:93)
... 45 more
Caused by: java.lang.SecurityException: The jurisdiction policy files are not signed by the expected signer! (Policy files are specific per major JDK release.Ensure the correct version is installed.)
at javax.crypto.JarVerifier.verifyPolicySigned(JarVerifier.java:336)
at javax.crypto.JceSecurity.loadPolicies(JceSecurity.java:378)
at javax.crypto.JceSecurity.setupJurisdictionPolicies(JceSecurity.java:323)
at javax.crypto.JceSecurity.access$000(JceSecurity.java:50)
at javax.crypto.JceSecurity$1.run(JceSecurity.java:85)
at java.security.AccessController.doPrivileged(Native Method)
at javax.crypto.JceSecurity.<clinit>(JceSecurity.java:82)
... 45 more
The database was running just fine before the upgrade. Has anyone experienced this error? Any ideas on how to get the Community Server database working again?
Thanks in advance for your help.
Regards,
Ciro
I was trying to deploy Signal Server according to the guidelines here.
Link
Everything was success in the build part. But when i run the service using this command
java -jar service/target/TextSecureServer-3.21.jar server service/config/config.yml
I am getting below errors.
INFO [2020-09-10 04:52:48,319] io.dropwizard.server.DefaultServerFactory: Registering jersey handler with root path prefix: /
INFO [2020-09-10 04:52:48,320] io.dropwizard.server.DefaultServerFactory: Registering admin handler with root path prefix: /
org.bouncycastle.openssl.PEMException: problem parsing cert: java.security.cert.CertificateException: java.lang.IllegalArgumentException: unknown object in factory: org.bouncycastle.asn1.DERUnknownTag
at org.bouncycastle.openssl.PEMReader$X509CertificateParser.parseObject(Unknown Source)
at org.bouncycastle.openssl.PEMReader.readObject(Unknown Source)
at org.whispersystems.textsecuregcm.push.RetryingApnsClient.initializeCertificate(RetryingApnsClient.java:76)
at org.whispersystems.textsecuregcm.push.RetryingApnsClient.<init>(RetryingApnsClient.java:49)
at org.whispersystems.textsecuregcm.push.APNSender.<init>(APNSender.java:70)
at org.whispersystems.textsecuregcm.WhisperServerService.run(WhisperServerService.java:246)
at org.whispersystems.textsecuregcm.WhisperServerService.run(WhisperServerService.java:151)
at io.dropwizard.cli.EnvironmentCommand.run(EnvironmentCommand.java:44)
at io.dropwizard.cli.ConfiguredCommand.run(ConfiguredCommand.java:87)
at io.dropwizard.cli.Cli.run(Cli.java:78)
at io.dropwizard.Application.run(Application.java:94)
at org.whispersystems.textsecuregcm.WhisperServerService.main(WhisperServerService.java:406)
Caused by: java.security.cert.CertificateException: java.lang.IllegalArgumentException: unknown object in factory: org.bouncycastle.asn1.DERUnknownTag
at org.bouncycastle.jce.provider.JDKX509CertificateFactory.engineGenerateCertificate(Unknown Source)
at java.base/java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:355)
... 12 more
Caused by: java.lang.IllegalArgumentException: unknown object in factory: org.bouncycastle.asn1.DERUnknownTag
at org.bouncycastle.asn1.x509.AlgorithmIdentifier.getInstance(Unknown Source)
at org.bouncycastle.asn1.x509.TBSCertificateStructure.<init>(Unknown Source)
at org.bouncycastle.asn1.x509.TBSCertificateStructure.getInstance(Unknown Source)
at org.bouncycastle.asn1.x509.X509CertificateStructure.<init>(Unknown Source)
at org.bouncycastle.asn1.x509.X509CertificateStructure.getInstance(Unknown Source)
at org.bouncycastle.jce.provider.JDKX509CertificateFactory.readDERCertificate(Unknown Source)
... 14 more
Anyone know the exact issue here ?
Also i didnt change serverSecret & serverPublic under zkConfig. (I dont know how to get these). What it does mean by * # zkgroup config, run using your build jar * as in the documentation ?
Problem solved. This exception came due to improper PEM format of reading cerKey file. Anyhow current crtKey form is PEM only, but it need a extended form of PEM.
i used below command to generate it.
openssl rsa -in cert.key -outform PEM -out cert.key
Then all above errors were disappeared.
I did enter the above command but i got this error
Can't open cert.key for reading, No such file or directory
140021811573184:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:72:fopen('cert.key','r')
140021811573184:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:79:
unable to load Private Key
and I did everything I could I generated all kind of certificate I could find on Internet but no change in result. could you please tell me what to do it's so important to me. thanks alot
In my job I have a requirement to sign XML file with certfifcate from SmartCard. Everything works fine but on 32bit Windows 7 VM.
The problems occur when I try to use the same code on 64bit Windows 10. I get error that "PKCS#11 not found" and "no such algorithm".
I use xades4j package. I've tried probably all solutions found in the web i.e.
Used different .dll libraries (pkcs11.dll, opensc-spy.dll, CPPkiP.dll, esp2003csp11.dll) in both 32 and 64 bits versions.
Placed .dll in both System32 and SysWOW64 directories.
Updated drivers for my reader (IDBridge CT30).
Changed jre to 32bit.
Used solutions from PKCS11 Reference Guide (without xades4j) - it also worked only on 32 bit.
Nothing helps and always the same exceptions occur. If someone have any ideas what else I could do, I will be really thankful for tips.
Best regards.
Caused by: java.security.KeyStoreException: PKCS11 not found
at java.security.KeyStore.getInstance(Unknown Source)
at java.security.KeyStore$Builder$2$1.run(Unknown Source)
at java.security.KeyStore$Builder$2$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
... 7 more
Caused by: java.security.NoSuchAlgorithmException: no such algorithm: PKCS11 for provider SunPKCS11-SmartCard
at sun.security.jca.GetInstance.getService(Unknown Source)
at sun.security.jca.GetInstance.getInstance(Unknown Source)
at java.security.Security.getImpl(Unknown Source)
... 11 more
I found library which solved my problem. It's https://github.com/esig/dss. I used JavaSE11(jdk-11.0.2), pkcs11.dll placed in C:/Windows/System32 directory.
Before run application it is necessary to add VM argument -Djava.security.debug=sunpkcs11,pkcs11
I am trying to set up Java to use NSS for doing some various encryption routines. I understand the JCE necessary to offload these routines to NSS is PKCS11. I have compiled all the NSS binaries, and moved each of the resulting shared objects to /usr/lib/nss:
$ ls /usr/lib/nss/
libfreebl3.so libnss3.so libnssdbm3.so libnssutil3.so libplds4.so libsoftokn3.so
libnspr4.so libnssckbi.so libnsssysinit.so libplc4.so libsmime3.so libsqlite3.so
the nss.cfg file I am using is as follows:
name=NSS
nssLibraryDirectory=/usr/lib/nss
nssDbMode=noDb
attributes=compatibility
However, when running the application, this is the output:
java.security.ProviderException: Initialization failed
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:376)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:103)
...
Caused by: java.io.IOException: libsqlite3.so: cannot open shared object file: No such file or directory/usr/lib/nss/libsoftokn3.so
at sun.security.pkcs11.wrapper.PKCS11.connect(Native Method)
at sun.security.pkcs11.wrapper.PKCS11.<init>(PKCS11.java:138)
at sun.security.pkcs11.wrapper.PKCS11.getInstance(PKCS11.java:151)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:313)
... 5 more
Any ideas???