Failed to authenticate Bouncy castle provider by JCE

Hi, I have compile the MOSIP key manager 1.2.0.1 version locally and running in my local test environment. I am able to create the Root and Master keys using key manager inside softhsm and its all working. I’m failing to create a Base key. and getting

“errorCode”: “KER-KMS-500”,
“message”: “JCE cannot authenticate the provider BC”

I investigated the issue I found in the KeyGeneratorUtils method getKeyGenerator while creating javax.crypto.KeyGenerator object for symmetric key failed and throws "JCE cannot authenticate the provider BC. I am using JDK 11 and running in eclipse. Wondering what causing this error. As per my understanding the BC version 1.66 15On is using while it should use the 18On version. May be this cause this error. I also tried to update the bouncy castle provider version in POM. But after compilation I see no change in dependency. Can you please let me know how to fix this issue in local environment.

Dear @maliksajidhussain ,

Welcome to the community and thank you for reaching out. One of our expert colleagues will look into your query and respond here.

Best Regards
Team MOSIP

Thanks @keshavs looking forward for experts help.

Hi @keshavs waiting for the expert opinion on this issue.

Hi @maliksajidhussain

I think the bouncycastle provider did not got added in security providers list.

Is it possible for you to share the full logs of keymanager service including the exception stacktrace?

Thanks,
Mahammed Taheer

Hi @mahammedtaheer Thanks for the reply. Here is the complete logs that print inside eclipse

{"@timestamp":"2024-07-09T17:00:48.765+05:00","@version":"1","message":"sessionId - applicationId - ID_REPO - Request received to getCertificate","logger_name":"io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:48.766+05:00","@version":"1","message":"sessionId - referenceId - Optional[demographic_data] - Request received to getCertificate","logger_name":"io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:48.766+05:00","@version":"1","message":"sessionId -  -  - Reference Id is present. Will get Certificate from DB store","logger_name":"io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:48.766+05:00","@version":"1","message":"sessionId - applicationId - ID_REPO - Getting public key from DB Store","logger_name":"io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:48.766+05:00","@version":"1","message":"sessionId - timestamp - 2024-07-09T12:00:48.766696300 - Getting public key from DB Store","logger_name":"io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:48.766+05:00","@version":"1","message":"sessionId - referenceId - demographic_data - Getting public key from DB Store","logger_name":"io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:48.766+05:00","@version":"1","message":"sessionId -  -  - Getting key alias","logger_name":"io.mosip.kernel.keymanagerservice.helper.KeymanagerDBHelper","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:48.771+05:00","@version":"1","message":"sessionId -  -  - Fetching Key Policy for keyPolicyName(Cache): ID_REPO","logger_name":"io.mosip.kernel.keymanagerservice.helper.KeymanagerDBHelper","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:48.774+05:00","@version":"1","message":"sessionId -  -  - Fetching Key Policy for keyPolicyName(Cache): BASE","logger_name":"io.mosip.kernel.keymanagerservice.helper.KeymanagerDBHelper","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:48.783+05:00","@version":"1","message":"sessionId - ID_REPO - demographic_data - PreExpireDays found as key policy:30","logger_name":"io.mosip.kernel.keymanagerservice.helper.KeymanagerDBHelper","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:48.783+05:00","@version":"1","message":"sessionId - keyAlias - [] - keyAlias","logger_name":"io.mosip.kernel.keymanagerservice.helper.KeymanagerDBHelper","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:48.783+05:00","@version":"1","message":"sessionId - currentKeyAlias - [] - currentKeyAlias","logger_name":"io.mosip.kernel.keymanagerservice.helper.KeymanagerDBHelper","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:48.783+05:00","@version":"1","message":"sessionId - currentKeyAlias - 0 - CurrentKeyAlias size is zero. Will create new Keypair for this applicationId, referenceId and timestamp","logger_name":"io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:49.296+05:00","@version":"1","message":"sessionId - applicationId - ID_REPO - Getting Certificate from KeyStore.","logger_name":"io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:49.296+05:00","@version":"1","message":"sessionId - timestamp - 2024-07-09T12:00:48.766696300 - Getting Certificate from KeyStore.","logger_name":"io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:49.296+05:00","@version":"1","message":"sessionId -  -  - Getting key alias","logger_name":"io.mosip.kernel.keymanagerservice.helper.KeymanagerDBHelper","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:49.298+05:00","@version":"1","message":"sessionId - ID_REPO -  - PreExpireDays found as key policy:60","logger_name":"io.mosip.kernel.keymanagerservice.helper.KeymanagerDBHelper","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:49.299+05:00","@version":"1","message":"sessionId - keyAlias - [KeyAlias(alias=6b81597c-2538-43c8-87fc-94318ca8221d, applicationId=ID_REPO, referenceId=, keyGenerationTime=2024-07-02T09:46:53.295161, keyExpiryTime=2027-07-02T09:46:53.295161, status=null, certThumbprint=F2F9EC1FF8241171635B44E9EC7ACC061A9540E68D1FFAFD74CDB480F456D227, uniqueIdentifier=9EC3D4E5B65209390F028ACA695ED35158142B06)] - keyAlias","logger_name":"io.mosip.kernel.keymanagerservice.helper.KeymanagerDBHelper","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:49.299+05:00","@version":"1","message":"sessionId - currentKeyAlias - [KeyAlias(alias=6b81597c-2538-43c8-87fc-94318ca8221d, applicationId=ID_REPO, referenceId=, keyGenerationTime=2024-07-02T09:46:53.295161, keyExpiryTime=2027-07-02T09:46:53.295161, status=null, certThumbprint=F2F9EC1FF8241171635B44E9EC7ACC061A9540E68D1FFAFD74CDB480F456D227, uniqueIdentifier=9EC3D4E5B65209390F028ACA695ED35158142B06)] - currentKeyAlias","logger_name":"io.mosip.kernel.keymanagerservice.helper.KeymanagerDBHelper","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:49.299+05:00","@version":"1","message":"sessionId - currentKeyAlias - 6b81597c-2538-43c8-87fc-94318ca8221d - CurrentKeyAlias size is one fetching keypair using this alias","logger_name":"io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:49.301+05:00","@version":"1","message":"sessionId - KeyStoreImpl - KeyStoreImpl - reloading provider","logger_name":"io.mosip.kernel.keymanager.hsm.impl.pkcs.PKCS11KeyStoreImpl","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:49.389+05:00","@version":"1","message":"sessionId - applicationId - BASE - Getting expiry policy","logger_name":"io.mosip.kernel.keymanagerservice.helper.KeymanagerDBHelper","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:50.236+05:00","@version":"1","message":"Exception Root Cause: JCE cannot authenticate the provider BC ","logger_name":"io.mosip.kernel.core.exception.ExceptionUtils","thread_name":"http-nio-8088-exec-1","level":"ERROR","level_value":40000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}

BC provider addition in security provider list is not an issue. I confirm by printing the providers list just before generating the asymmetric key. Here is the printed providers list.

{"@timestamp":"2024-07-09T17:15:14.092+05:00","@version":"1","message":"sessionId - applicationId - BASE - Getting expiry policy","logger_name":"io.mosip.kernel.keymanagerservice.helper.KeymanagerDBHelper","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"a2dc6b4c8f24eeb6","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"a2dc6b4c8f24eeb6","X-B3-SpanId":"a2dc6b4c8f24eeb6","X-B3-TraceId":"a2dc6b4c8f24eeb6","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
BC
SUN
SunRsaSign
SunEC
SunJSSE
SunJCE
SunJGSS
SunSASL
XMLDSig
SunPCSC
JdkLDAP
JdkSASL
SunMSCAPI
SunPKCS11
SunPKCS11-SoftHSM2
{"@timestamp":"2024-07-09T17:15:14.886+05:00","@version":"1","message":"Exception Root Cause: JCE cannot authenticate the provider BC ","logger_name":"io.mosip.kernel.core.exception.ExceptionUtils","thread_name":"http-nio-8088-exec-1","level":"ERROR","level_value":40000,"appName":"kernel-keymanager-service","traceId":"a2dc6b4c8f24eeb6","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"a2dc6b4c8f24eeb6","X-B3-SpanId":"a2dc6b4c8f24eeb6","X-B3-TraceId":"a2dc6b4c8f24eeb6","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}

Possibly the issue with the BC jars signer certificate. I verify the bcprov-jdk15on-1.66.jar file and its shows this warning.

Warning:
This jar contains entries whose signer certificate has expired.
This jar contains entries whose certificate chain is invalid. Reason: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
The DSA signing key has a keysize of 1024 which is considered a security risk. This key size will be disabled in a future update.

Possibly using an older version of jar. I tried the latest version by changing the bc version. But it has not effect on the target compiled keymanager jar. Its include the 1.66 version.

Hi @maliksajidhussain

Apologize for the late reply.

Are you able to resolve the issue?

Are you trying to run the keymanager service in windows environment?

Which version of JDK you are using? Oracle JDK or OpenJDK?

If you are using Oracle JDK, can you please switch to OpenJDK and try.

Thanks,
Mahammed Taheer