Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Exception while using RSA BSAFE CryptoJ in Weblogic 7.0 (SP2)

9 views
Skip to first unread message

Gops

unread,
Feb 18, 2004, 4:08:58 AM2/18/04
to

I need to verify the digital signature in the application (Web Tier - Servlet)
and i have got the RSA - BSafe license and tried using the RSA API and this works
fine in the stand alone environment. (weblogic.jar is not part of the classpath).
I have tried the same program in the Weblogic environment the BSAFE jar's are
kept in the classpath prior to weblogic.jar and while starting the server i am
getting the following exception and server continues to start. (Security configuration
doesn't changed)

=============================================
<18/02/2004 16:59:46> <Alert> <WebLogicServer> <000297> <Inconsistent security
configuration, java.lang.NoSuchMethodError>
java.lang.NoSuchMethodError
at com.rsa.jsafe.JA_AlgID.berDecode(JA_AlgID.java:94)
at com.rsa.jsafe.JA_AlgID.berDecodeAlgID(JA_AlgID.java:29)
at com.rsa.certj.cert.X509Certificate.setSignatureAlgorithm(X509Certificate.java:893)
at com.rsa.certj.cert.X509Certificate.setInnerDER(X509Certificate.java:764)
at com.rsa.certj.cert.X509Certificate.setCertBER(X509Certificate.java:428)
at com.rsa.certj.cert.X509Certificate.<init>(X509Certificate.java:328)
at com.rsa.certj.cert.X509Certificate.<init>(X509Certificate.java:306)
at utils.ValidateCertChain.convertChain(ValidateCertChain.java:258)
at utils.ValidateCertChain.validateServerCertChain(ValidateCertChain.java:304)
at weblogic.security.service.SSLManager.getServerCertificate(SSLManager.java:316)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:154)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:122)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1548)
at weblogic.t3.srvr.T3Srvr.resume(T3Srvr.java:891)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:300)
at weblogic.Server.main(Server.java:32)
<18/02/2004 16:59:46> <Emergency> <Security> <090034> <Not listening for SSL,
java.io.IOException: Inconsistent security configuration, null.>
<18/02/2004 16:59:47> <Notice> <WebLogicServer> <000355> <Thread "ListenThread.Default"
listening on port 7001, ip address 127.0.0.1>
<18/02/2004 16:59:47> <Notice> <Management> <141030> <Starting discovery of Managed
Server... This feature is on by default, you may turn this off by passing -Dweblogic.management.discover=false>
<18/02/2004 16:59:47> <Notice> <WebLogicServer> <000331> <Started WebLogic Admin
Server "IMTServer" for domain "IMTDomain" running in Development Mode>
<18/02/2004 16:59:47> <Notice> <WebLogicServer> <000365> <Server state changed
to RUNNING>
<18/02/2004 16:59:47> <Notice> <WebLogicServer> <000360> <Server started in RUNNING
mode>
==========================================

If the weblogic.jar set first in the classpath and BSAFE jar's kept in the last
the Signature verification fails and iam getting the following exception

========================================================
at com.rsa.jsafe.crypto.ar.f(Unknown Source)
at com.rsa.jsafe.crypto.c7.a(Unknown Source)
at com.rsa.jsafe.crypto.b1.a(Unknown Source)
at com.rsa.jsafe.crypto.av.f(Unknown Source)
at com.rsa.jsafe.crypto.at.e(Unknown Source)
at com.rsa.jsafe.provider.JS_Signature.engineVerify(Unknown Source)

at java.security.Signature$Delegate.engineVerify(Unknown Source)
at java.security.Signature.verify(Unknown Source)

==========================================================

I believe that there seems to be different versions of BSAFE products. Could you
please suggests that in what way i can overcome this issue. Is it possible to
use the BSAFE jar only for the specific application (web application) without
disturbing weblogic envrionment.

Reponses are highly appreciated.


Pavel

unread,
Feb 18, 2004, 12:59:16 PM2/18/04
to

Weblogic is using RSA Crypto-J 3.3.1 The easiest solution is probably to modify
the signature verification code to use 3.3.1 api-s. The alternative solution would
require writing your own classloader for the application that would load BSAFE
classes from your jar.

Pavel.

Aidan Power

unread,
Feb 22, 2004, 11:09:52 PM2/22/04
to
You may package your RSA crypto jar files into WEB-INF/lib and set the
"PreferWebInfClass" feature accordingly:

In wls 7.0 PreferWebInfClasses is set through the Admin console:
* Select your domain -> Web Applications -> YourWebApp ->
"Configuration" tab -> "Other" tab -> check the Prefer Web Inf Classes
checkbox.

Thanks
Aidan

0 new messages