2

I am trying to encrypt some secure information in a mobile application being developed using ADF Mobile. I am using "javax.crypto.Cipher". As per my understanding ADF Mobile packs it's own JVM along with the application's apk/ipa for deployment purposes.But during deployment we are facing the following issue

java.lang.ExceptionInInitializerError
at java.lang.Class.runStaticInitializers(Unknown Source)
at javax.crypto.Cipher.a(Unknown Source)
at javax.crypto.Cipher.getInstance(Unknown Source)

Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
01-08 16:10:19.758: D/CVM(769): at javax.crypto.SunJCE_b.<clinit>(Unknown Source)
01-08 16:10:19.768: D/CVM(769): ... 14 more
01-08 16:10:19.768: D/CVM(769): Caused by: java.lang.SecurityException: Cannot locate    policy or framework files!
01-08 16:10:19.768: D/CVM(769): at javax.crypto.SunJCE_b.g(Unknown Source)
01-08 16:10:19.768: D/CVM(769): at javax.crypto.SunJCE_b.f(Unknown Source)
01-08 16:10:19.768: D/CVM(769): at javax.crypto.SunJCE_t.run(Unknown Source)

at the following line: Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");

Where will these policy files be? How to check whether they are present or not?

Any help would be greatly appreciated.Please let me know if you need additional info.

cowls
  • 24,013
  • 8
  • 48
  • 78
Sai Chandra Sekhar
  • 43
  • 1
  • 7
  • I know only one place for policy files: `$JRE_HOME/lib/security` it should contains file `cacerts` `java.policy` `java.security` `local_policy.jar` `US_export_policy.jar` – user1516873 Jan 09 '13 at 10:49
  • 1
    And jdk 1.4 is very old and root certificates in cacerts is expired years ago. (should be irrelevant, but who knows) – user1516873 Jan 09 '13 at 10:57
  • Hi, As far as I know ADF mobile doesn't use the default JAVA_HOME for it's JVM.I read somewhere that it packages it's own JVM for which I browsed through the ADF installation directory but to no use.Having it's own JVM might also imply that it probably creates a new cacerts file which is "valid".Well again,the last part is speculation on my end. – Sai Chandra Sekhar Jan 10 '13 at 05:04
  • After digging in a little deeper,I have partially zeroed in on the source of the error.While deploying,the JVM is actually locating the policy files succesfully but it is not being able to load the javax/security/cipher class.I have come to this conclusion after going through the source of Cipher.getInstance(...) where it is printing the message "Cannot locate policy or framework files!" in either cases.Now the issue is "Why JVM is not able to load Cipher.class?" – Sai Chandra Sekhar Jan 10 '13 at 09:24

1 Answers1

0

Looks like problem in Sun JCE provider, and doesn't ADF related. I can reproduce in jdk 1.4_2.19 and JCE 1.2.2 by replacing $JRE_HOME/lib/jce.jar to jce1_2_2.jar. In this case a got 

Exception in thread "main" java.lang.ExceptionInInitializerError
    at javax.crypto.Cipher.a(DashoA6275)
    at javax.crypto.Cipher.getInstance(DashoA6275)
    at Test.main(Test.java:22)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:324)
    at com.intellij.rt.execution.application.AppMain.main(AppMain.java:120)
Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs: java.security.PrivilegedActionException: java.net.MalformedURLException: no protocol: US_export_policy.jar
    at javax.crypto.SunJCE_b.<clinit>(DashoA6275)
    ... 8 more

As workaround you can use BouncyCastle provider (with returning original $JRE_HOME/lib/jce.jar back and removing all SunJCE related in $JRE_HOME/lib/ext). 

public class Test {
    static {
        Security.addProvider(new BouncyCastleProvider());
    }
    public static void main(String[] args) throws Exception {
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding", "BC");
        } catch (Exception ex) {
            ex.printStackTrace();
        }
    }
}
user1516873
  • 5,060
  • 2
  • 37
  • 56