8

In java 8 to setup a security provider I just needed to add the provider to the java.security file and add the provider external library to lib/ext. Since external libraries are not allowed in further versions how can I add a provider on jdk11?

Until now I tried to add the provider to the java.security file in conf/security folder.

security.provider.1=nCipherKM

I inserted the new provider on top of the list but when I try to .getInstance("providerExample") I still get a NoSuchProviderException.

java.security.NoSuchProvidIrException: no such provider: nCipherKM

The lib jar itself, I do not know where do I have to put or how can I include it to be recognized. If I create a lib/ext folder he says to use -classpath instead but also have no clue on that.

Thank you

EDIT: To complete my question I forgot to mention that im using thorntail and maven 3.6.1 to build the project. The error I get is related to this line:

KeyStore.getInstance("ncipher.sworld", "nCipherKM");

As I said before, when I had java 8 I only had to add the security.provider to the java.security and the nCipherKM.jar to $JAVA_HOME/lib/ext folder.

facl0004
  • 81
  • 1
  • 3
  • 3
    have you followed exactly [`this`](https://docs.oracle.com/en/java/javase/11/security/howtoimplaprovider.html#GUID-FB9C6DB2-DE9A-4EFE-89B4-C2C168C5982D) tutorial, together with adding permissions for your provider? – Michał Krzywański Aug 28 '19 at 13:56
  • Have you put the JAR file with the security provider on the class path? – Alan Bateman Aug 28 '19 at 15:52
  • I have done both things and no luck. It looks like the provider definition in java.security is doing nothing. Putting the jar in the classpath makes no difference since the main problem appears to be the provider registration – facl0004 Aug 28 '19 at 16:11
  • Can you update the question to include the value of `META-INF/services/java.lang.Provider` so that it is clear that it lists the class name of the provider. – Alan Bateman Aug 28 '19 at 16:26
  • How to add a provider in your program has frequently been answered, e.g. [here](https://stackoverflow.com/questions/1286837). Modifying the JDK was never a good solution. – Robert Aug 28 '19 at 17:00
  • Things have moved on a lot since then. The JDK docs have a section on deploying security providers. My guess is that the JAR file with providerExample is missing the services configuration file. – Alan Bateman Aug 28 '19 at 20:06
  • There is no META-INF/services/java.lang.Provider inside the jar im running. But with java 8 i also had no java.lang.Provider there – facl0004 Aug 29 '19 at 11:05
  • @Robert Doing Security.addProvider() works but I would like to avoid doing it programatically if possible. – facl0004 Aug 29 '19 at 11:19
  • @facl0004: But is is the only safe way as long as you don't ship your software with integrated JDK. BTW: Are we taking about a custom crypto provider that you have developed or one of the standard crypto providers? If it is the latter you should explicitly name the used provider. – Robert Aug 29 '19 at 11:25
  • Can you add META-INF/services/java.lang.Provider with the name of your provider and try it? That is how security providers are found when they are deployed on the class path. – Alan Bateman Aug 29 '19 at 17:00
  • 1
    Does anyone have a solution for this? i'm facing the same issue mentioned in the OP. – Asela Senanayake Jan 10 '20 at 05:36

0 Answers0