4 Replies Latest reply on Oct 10, 2012 9:37 AM by rwelty

more adventures with crypto: SunTlsRsaPremasterSecret Key Generator not...

rwelty Oct 9, 2012 10:54 AM

attempting to connect to an https server (Fuse ESB 7.0.1, Sun/Oracle jdk 6_35, CentOs 6 linux, camel-http4):

javax.net.ssl.SSLKeyException: RSA premaster secret error

at com.sun.net.ssl.internal.ssl.RSAClientKeyExchange.(RSAClientKeyExchange.java:97)[:1.6]

at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:744)[:1.6]

...

Caused by: java.security.NoSuchAlgorithmException: SunTlsRsaPremasterSecret Key

Generator not available

apparently there is some sort of problem preventing the sunjce_provider.jar file from showing up. any suggestions?

thanks,

richard

1. Re: more adventures with crypto: SunTlsRsaPremasterSecret Key Generator not...

rwelty Oct 9, 2012 11:40 AM (in response to rwelty)

after some poking about with google, i found this:

link: http://mail-archives.apache.org/mod_mbox/servicemix-dev/201006.mbox/%3C22034643.22591277327211783.JavaMail.jira@thor%3E

which suggests that the problem might be the path to the jre/lib/ext directory as set by the bin/karaf script. i adjusted my $JAVA_HOME and $JAVA and retried, but the behavior hasn't changed.

richard
Actions
2. Re: more adventures with crypto: SunTlsRsaPremasterSecret Key Generator not...

rwelty Oct 9, 2012 2:44 PM (in response to rwelty)

do the sun jce policy jars need to be installed differently for Fuse ESB?
Actions
3. Re: more adventures with crypto: SunTlsRsaPremasterSecret Key Generator not...

ffang Oct 9, 2012 10:24 PM (in response to rwelty)

Hi,

The issue SMX4-537 is quite old and already get fixed long time ago, now the
JAVA_EXT_DIRS="$/jre/lib/ext:$/lib/ext:$/lib/ext"
which cover all possible ext folder.
Somehow the SUN JCE security provider isn't available in your env, it might be a JDK/JRE specific issue or your JDK/JRE security/java.security messed up.
First you need ensure you have sunjce_provider.jar in
$/jre/lib/ext:$/lib/ext
and your $/jre/lib/security/java.security have
security.provider.n=com.sun.crypto.provider.SunJCE
If this still doesn't work for you, could you please also try the approach we discussed in , which means
1.copy sunjce_provider.jar into $FUSE_ESB/lib/ext
2.modify $FUES_ESB/etc/config.properties, add com.sun.crypto.provider.SunJCE to org.apache.karaf.security.providers property
3. edit org.osgi.framework.bootdelegation if necessary

http://fusesource.com/forums/message.jspa?messageID=15555

Freeman
Actions
4. Re: more adventures with crypto: SunTlsRsaPremasterSecret Key Generator not...

rwelty Oct 10, 2012 9:37 AM (in response to ffang)

i reviewed the SunJCE setup and it appears to be correct, however, it wasn't working. i copied the provider jar to the fuse lib/ext directory and added the provider there as you suggested, and it now appears to be working.

i have no idea why it was failing before but i'm on a short timeline here, so getting it working is good enough for me right now.

thanks,
richard
Actions

Go to original post