9 Replies Latest reply: Mar 15, 2005 3:31 PM by 425612 RSS

    problem of   jce  with oracle9 jvm

    24216
      i have loaded my java class which use the Sun JCE 1.2.2 to Oracle9i,
      but it can be run.
      the exception is:

      java.lang.ExceptionInInitializerError:
      java.lang.SecurityException: Cannot set up certs for trusted CAs: java.net.MalformedURLException: no protocol: US_export_policy.jar
      at javax.crypto.SunJCE_b.<clinit>(DashoA6275)
      at javax.crypto.Cipher.a(DashoA6275)
      at javax.crypto.Cipher.getInstance(DashoA6275)

      can u help me?
        • 1. Re: problem of   jce  with oracle9 jvm
          Avi Abrami
          21213,
          Oracle 9i embedded JVM is compatible with version java version 1.3, so I think you need to use a version of JCE which is compatible with java 1.3, no?

          Good Luck,
          Avi.
          • 2. Re: problem of   jce  with oracle9 jvm
            24216
            Hi Avi

            Thank you for your advice

            On the site of JCE 1.2.2 (java.sun.com) has a message about JCE1.2.2 that is " JCE 1.2.2 is an older release that can be installed as an optional package to the Java 2 SDK, versions 1.2.x and 1.3.x.#

            so i think the problem maybe the oracle9i cann't support with JCE Based Java Stored Procedure now.

            I also load the JCE java file to the DB.
            jce1_2_2.jar
            sunjce_provider.jar
            local_policy.jar
            US_export_policy.jar

            I 'll try to test jce 1.2.1.


            Regards
            --David Du
            • 3. Re: problem of   jce  with oracle9 jvm
              24216
              Hi Avi

              I also did a test with JCE 1.2.1 ,thye error same as JCE1.2.2.

              *** 2005-01-17 15:09:03.000
              *** SESSION ID:(9.748) 2005-01-17 15:09:03.000
              java.lang.ExceptionInInitializerError:
              java.lang.SecurityException: Cannot set up certs for trusted CAs
              at javax.crypto.b.<clinit>([DashoPro-V1.2-120198])
              at javax.crypto.Cipher.getInstance([DashoPro-V1.2-120198])
              at my.MyCrypt.<init>(MyCrypt.java:62)
              • 4. Re: problem of   jce  with oracle9 jvm
                428006
                Hi,
                you may try to add CA certificate to cacerts file in lib/security in one of Oracle's JAVA_HOME.

                Use keytool. That may help, please tell me when You succeed.
                • 5. Re: problem of   jce  with oracle9 jvm
                  437232
                  I have a similar problem. I am trying to execute an HTTP post to a server protected by NTLM authentication from oracle 9i. I am using the Jakarta commons HTTP client (2.0.2) and the JCE 1.2.2. I had tested this outside Oracle with a sun jre 1.3.1_15 with no problems. When I execute my post it seems to be missing a class:

                  java.lang.NoClassDefFoundError
                  at javax.crypto.Cipher.a(DashoA6275)
                  at javax.crypto.Cipher.getInstance(DashoA6275)
                  at org.apache.commons.httpclient.NTLM.getCipher(NTLM.java:119)
                  at org.apache.commons.httpclient.NTLM.encrypt(NTLM.java:170)
                  ...

                  Does anyone have any ideas?

                  thanks in advance.
                  d.
                  • 6. Re: problem of   jce  with oracle9 jvm
                    Avi Abrami
                    People,
                    Please excuse me, but I am unfamiliar with JCE. However, I believe that the OracleJVM that comes with the Oracle 9i database is fully compliant with SUN's JDK version 1.3. Therefore, I imagine that the OracleJVM should support JCE. Unfortunately, there's not much more I can offer.

                    As Maciej mentioned, there is a "jdk/jre/lib/security/cacerts" subdirectory (under the "ORACLE_HOME" directory) -- but I don't know what you are meant to do with it.

                    Sorry I can't be any more help.

                    Good Luck,
                    Avi.
                    • 7. Re: problem of   jce  with oracle9 jvm
                      437232
                      It may be the cacerts file is not appropriate (I am no expert in JCE either), but I note that when I ran my application in the external sun JDK I did not have to add certificates (the JCE is used to create NTLM authentication credentials and I provide all the required information in the program code). Also, the cacerts file under my sun jre 1.3 seems to be very similar to the one stored under my oracle home (but they are not identifical to a binary diff).

                      I think that this is more likely a resource load problem, as the JCE has a plugable provider interface and is likely to make heavy use loading class files and other resources by name.

                      I don't really have time to investigate this further. I can work around the problem by using a different authentication scheme in my application. However, since the JCE is part of the Java 1.4 specification and this spec is used, I believe, in the Oracle 10g release and I will likely have an chance to look at running my code in 10g in the next few weeks, I will post a quick note to say if the same code works there or not.

                      cheers,

                      d.
                      • 8. Re: problem of   jce  with oracle9 jvm
                        82532
                        It most likely will. I have deployed a number of JCE applications into 10g without any problems.
                        • 9. Re: problem of   jce  with oracle9 jvm
                          425612
                          To use the javax.crypto.* within my Java Stored Procedure on Oracle 9i, I had to load the jce1_2_2.jar as a resource, using the loadjava utility.

                          I am using DESede encryption type to encrypt/decrypt data on database, and therefore am using the Sun Provider. I also had to use loadjava to load the sunjce_provider.jar as a resource before I was able to compile my Java SP.

                          Hope this helps.
                          Steve