1

I am trying to load JCKES keystore which is using SunJCE provider in my application which is running IBM JDK 8 (power linux).

To enable my application to load keystore, I have done below steps:

  • Extracted sun package from oracle jdk's rt.jar, created sun.jar with extracted package and added sun.jar in IBM JDK lib ext folder.
  • Copied sunjce_provider jar from oracle JDK to IBM JDK lib ext folder.
  • Sun jars are taken from oracle JDK installed on windows.
  • Added com.sun.crypto.provider.SunJCE provider in java.security file of IBM JDK.

Please let me know what more changes are needed to load the keystore.

Here is the code which is trying to load the keystore:

    File file = new File(keystorelocation);
    KeyStore ks = KeyStore.getInstance("JCEKS");
    FileInputStream is = new FileInputStream(file);
    ks.load(is, password);

However, my application fails to start with error:

Exception in thread "main" java.lang.IllegalAccessError: Class com/sun/crypto/provider/SunJCE illegally accessing "package private" member of class sun/security/provider/SunEntries
    at com.sun.crypto.provider.SunJCE.putEntries(SunJCE.java:128)
    at com.sun.crypto.provider.SunJCE.<init>(SunJCE.java:111)
    at java.lang.J9VMInternals.newInstanceImpl(Native Method)
    at java.lang.Class.newInstance(Class.java:2038)
    at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:233)
    at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:218)
    at java.security.AccessController.doPrivileged(AccessController.java:682)

If I remove SunJCE provider entry from java.security file, application starts successfully, but I get below error while trying to load keystore:

Invalid secret key format
    at com.ibm.crypto.provider.JceKeyStore.engineLoad(Unknown Source)
    at java.security.KeyStore.load(KeyStore.java:1456)

And If I do not add any Sun jars in IBM JDK, I get below error while trying to load keystore:

java.io.IOException: com.sun.crypto.provider.SealedObjectForKeyProtector
    at com.ibm.crypto.provider.JceKeyStore.engineLoad(Unknown Source)
    at java.security.KeyStore.load(KeyStore.java:1456)

Thanks!

Improve this question
Related questions
2
Using Sun JCE provider on top of IBM SDK
54
How do I import an existing Java keystore (.jks) file into a Java installation?
7
How to import a jks certificate in java trust store
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Browse other questions tagged or ask your own question.