SunTlsRsaPremasterSecret KeyGenerator not available

Question

I encountered an error when my application tries to load a RSA Algorithm provider class from JAVA. The exception stack is as follow:

javax.jms.JMSException: RSA premaster secret error
at org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:49)
at org.apache.activemq.ActiveMQConnection.syncSendPacket(ActiveMQConnection.java:1255)
at org.apache.activemq.ActiveMQConnection.ensureConnectionInfoSent(ActiveMQConnection.java:1350)
at org.apache.activemq.ActiveMQConnection.setClientID(ActiveMQConnection.java:388)
at com.trendmicro.tmsm.TMSMAgent.open(TMSMAgent.java:63)

Caused by: javax.net.ssl.SSLKeyException: RSA premaster secret error
at com.sun.net.ssl.internal.ssl.RSAClientKeyExchange.<init>(RSAClientKeyExchange.java:97)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:634)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:226)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
at org.apache.activemq.transport.tcp.TcpBufferedOutputStream.flush(TcpBufferedOutputStream.java:115)
at java.io.DataOutputStream.flush(DataOutputStream.java:106)
at org.apache.activemq.transport.tcp.TcpTransport.oneway(TcpTransport.java:167)
at org.apache.activemq.transport.InactivityMonitor.oneway(InactivityMonitor.java:237)
at org.apache.activemq.transport.WireFormatNegotiator.sendWireFormat(WireFormatNegotiator.java:168)
at org.apache.activemq.transport.WireFormatNegotiator.sendWireFormat(WireFormatNegotiator.java:84)
at org.apache.activemq.transport.WireFormatNegotiator.start(WireFormatNegotiator.java:74)
at org.apache.activemq.transport.failover.FailoverTransport.doReconnect(FailoverTransport.java:715)
at org.apache.activemq.transport.failover.FailoverTransport$2.iterate(FailoverTransport.java:115)
at org.apache.activemq.thread.PooledTaskRunner.runTask(PooledTaskRunner.java:122)
at org.apache.activemq.thread.PooledTaskRunner$1.run(PooledTaskRunner.java:43)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:637)

Caused by: java.security.NoSuchAlgorithmException: SunTlsRsaPremasterSecret KeyGenerator not available
at javax.crypto.KeyGenerator.<init>(DashoA13*..)
at javax.crypto.KeyGenerator.getInstance(DashoA13*..)
at com.sun.net.ssl.internal.ssl.JsseJce.getKeyGenerator(JsseJce.java:223)
at com.sun.net.ssl.internal.ssl.RSAClientKeyExchange.<init>(RSAClientKeyExchange.java:89)
... 22 more

I've googled the error message and most of posts says it's because JVM cannot find sunjce_provider.jar. However, I can find the file in /Library/Java/Home/lib/ext folder.

The platform is Mac OS X 10.6 and Java version is 1.6.0_17.

My questions are:

1. Why JVM does not search /Library/Java/Home/lib/ext for jar files?
2. Can we change CLASSPATH or java.ext.dirs property by modify any config file?
3. Any suggestion to solve this problem?

Thanks in advance.

Answer 1

had a similar issue. Adding the classpath to the ext directory fixed it for me. This fix worked for me on windows 7 with java 1.6

java -Djava.ext.dirs=lib -classpath "%java_home%\lib\ext\*" myapp.jar 

Answer 2

I think we find the root cause so here is an answer of my own question.

1. the Java system property "java.ext.dirs" in Mac OS X 10.5 is: /Library/Java/Extensions:/System/Library/Java/Extensions:/System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home/lib/ext. The sunjce_provider.jar should be in /System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home/lib/ext but also be found in /Library/Java/Extensions/ in the problem mac.

2. the sunjce_provider.jar in /Library/Java/Extensions/ belongs to Java Cryptography Extension(JCE) 1.2.2, which has been installed in the mac. JCE 1.2.2 is an optional package of J2SE 1.3.1 and may not includes enough libraries for J2SE 1.4 and later.

3. the Java applcation works normally after all JCE 1.2.2 related jar files have been removed from /Library/Java/Extensions/.