Failed to authenticate Bouncy castle provider by JCE

maliksajidhussain · July 4, 2024, 7:45am

Hi, I have compile the MOSIP key manager 1.2.0.1 version locally and running in my local test environment. I am able to create the Root and Master keys using key manager inside softhsm and its all working. I’m failing to create a Base key. and getting

“errorCode”: “KER-KMS-500”,
“message”: “JCE cannot authenticate the provider BC”

I investigated the issue I found in the KeyGeneratorUtils method getKeyGenerator while creating javax.crypto.KeyGenerator object for symmetric key failed and throws "JCE cannot authenticate the provider BC. I am using JDK 11 and running in eclipse. Wondering what causing this error. As per my understanding the BC version 1.66 15On is using while it should use the 18On version. May be this cause this error. I also tried to update the bouncy castle provider version in POM. But after compilation I see no change in dependency. Can you please let me know how to fix this issue in local environment.

keshavs · July 5, 2024, 5:21am

Dear @maliksajidhussain ,

Welcome to the community and thank you for reaching out. One of our expert colleagues will look into your query and respond here.

Best Regards
Team MOSIP

maliksajidhussain · July 5, 2024, 6:24am

Thanks @keshavs looking forward for experts help.

maliksajidhussain · July 8, 2024, 12:24pm

Hi @keshavs waiting for the expert opinion on this issue.

mahammedtaheer · July 9, 2024, 11:59am

Hi @maliksajidhussain

I think the bouncycastle provider did not got added in security providers list.

Is it possible for you to share the full logs of keymanager service including the exception stacktrace?

Thanks,
Mahammed Taheer

maliksajidhussain · July 9, 2024, 12:03pm

Hi @mahammedtaheer Thanks for the reply. Here is the complete logs that print inside eclipse

{"@timestamp":"2024-07-09T17:00:48.765+05:00","@version":"1","message":"sessionId - applicationId - ID_REPO - Request received to getCertificate","logger_name":"io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:48.766+05:00","@version":"1","message":"sessionId - referenceId - Optional[demographic_data] - Request received to getCertificate","logger_name":"io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:48.766+05:00","@version":"1","message":"sessionId -  -  - Reference Id is present. Will get Certificate from DB store","logger_name":"io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:48.766+05:00","@version":"1","message":"sessionId - applicationId - ID_REPO - Getting public key from DB Store","logger_name":"io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:48.766+05:00","@version":"1","message":"sessionId - timestamp - 2024-07-09T12:00:48.766696300 - Getting public key from DB Store","logger_name":"io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:48.766+05:00","@version":"1","message":"sessionId - referenceId - demographic_data - Getting public key from DB Store","logger_name":"io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:48.766+05:00","@version":"1","message":"sessionId -  -  - Getting key alias","logger_name":"io.mosip.kernel.keymanagerservice.helper.KeymanagerDBHelper","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:48.771+05:00","@version":"1","message":"sessionId -  -  - Fetching Key Policy for keyPolicyName(Cache): ID_REPO","logger_name":"io.mosip.kernel.keymanagerservice.helper.KeymanagerDBHelper","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:48.774+05:00","@version":"1","message":"sessionId -  -  - Fetching Key Policy for keyPolicyName(Cache): BASE","logger_name":"io.mosip.kernel.keymanagerservice.helper.KeymanagerDBHelper","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:48.783+05:00","@version":"1","message":"sessionId - ID_REPO - demographic_data - PreExpireDays found as key policy:30","logger_name":"io.mosip.kernel.keymanagerservice.helper.KeymanagerDBHelper","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:48.783+05:00","@version":"1","message":"sessionId - keyAlias - [] - keyAlias","logger_name":"io.mosip.kernel.keymanagerservice.helper.KeymanagerDBHelper","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:48.783+05:00","@version":"1","message":"sessionId - currentKeyAlias - [] - currentKeyAlias","logger_name":"io.mosip.kernel.keymanagerservice.helper.KeymanagerDBHelper","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:48.783+05:00","@version":"1","message":"sessionId - currentKeyAlias - 0 - CurrentKeyAlias size is zero. Will create new Keypair for this applicationId, referenceId and timestamp","logger_name":"io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:49.296+05:00","@version":"1","message":"sessionId - applicationId - ID_REPO - Getting Certificate from KeyStore.","logger_name":"io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:49.296+05:00","@version":"1","message":"sessionId - timestamp - 2024-07-09T12:00:48.766696300 - Getting Certificate from KeyStore.","logger_name":"io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:49.296+05:00","@version":"1","message":"sessionId -  -  - Getting key alias","logger_name":"io.mosip.kernel.keymanagerservice.helper.KeymanagerDBHelper","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:49.298+05:00","@version":"1","message":"sessionId - ID_REPO -  - PreExpireDays found as key policy:60","logger_name":"io.mosip.kernel.keymanagerservice.helper.KeymanagerDBHelper","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:49.299+05:00","@version":"1","message":"sessionId - keyAlias - [KeyAlias(alias=6b81597c-2538-43c8-87fc-94318ca8221d, applicationId=ID_REPO, referenceId=, keyGenerationTime=2024-07-02T09:46:53.295161, keyExpiryTime=2027-07-02T09:46:53.295161, status=null, certThumbprint=F2F9EC1FF8241171635B44E9EC7ACC061A9540E68D1FFAFD74CDB480F456D227, uniqueIdentifier=9EC3D4E5B65209390F028ACA695ED35158142B06)] - keyAlias","logger_name":"io.mosip.kernel.keymanagerservice.helper.KeymanagerDBHelper","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:49.299+05:00","@version":"1","message":"sessionId - currentKeyAlias - [KeyAlias(alias=6b81597c-2538-43c8-87fc-94318ca8221d, applicationId=ID_REPO, referenceId=, keyGenerationTime=2024-07-02T09:46:53.295161, keyExpiryTime=2027-07-02T09:46:53.295161, status=null, certThumbprint=F2F9EC1FF8241171635B44E9EC7ACC061A9540E68D1FFAFD74CDB480F456D227, uniqueIdentifier=9EC3D4E5B65209390F028ACA695ED35158142B06)] - currentKeyAlias","logger_name":"io.mosip.kernel.keymanagerservice.helper.KeymanagerDBHelper","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:49.299+05:00","@version":"1","message":"sessionId - currentKeyAlias - 6b81597c-2538-43c8-87fc-94318ca8221d - CurrentKeyAlias size is one fetching keypair using this alias","logger_name":"io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:49.301+05:00","@version":"1","message":"sessionId - KeyStoreImpl - KeyStoreImpl - reloading provider","logger_name":"io.mosip.kernel.keymanager.hsm.impl.pkcs.PKCS11KeyStoreImpl","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:49.389+05:00","@version":"1","message":"sessionId - applicationId - BASE - Getting expiry policy","logger_name":"io.mosip.kernel.keymanagerservice.helper.KeymanagerDBHelper","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
{"@timestamp":"2024-07-09T17:00:50.236+05:00","@version":"1","message":"Exception Root Cause: JCE cannot authenticate the provider BC ","logger_name":"io.mosip.kernel.core.exception.ExceptionUtils","thread_name":"http-nio-8088-exec-1","level":"ERROR","level_value":40000,"appName":"kernel-keymanager-service","traceId":"bbea45f2dd1e361d","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"bbea45f2dd1e361d","X-B3-SpanId":"bbea45f2dd1e361d","X-B3-TraceId":"bbea45f2dd1e361d","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}

maliksajidhussain · July 9, 2024, 12:16pm

BC provider addition in security provider list is not an issue. I confirm by printing the providers list just before generating the asymmetric key. Here is the printed providers list.

{"@timestamp":"2024-07-09T17:15:14.092+05:00","@version":"1","message":"sessionId - applicationId - BASE - Getting expiry policy","logger_name":"io.mosip.kernel.keymanagerservice.helper.KeymanagerDBHelper","thread_name":"http-nio-8088-exec-1","level":"INFO","level_value":20000,"appName":"kernel-keymanager-service","traceId":"a2dc6b4c8f24eeb6","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"a2dc6b4c8f24eeb6","X-B3-SpanId":"a2dc6b4c8f24eeb6","X-B3-TraceId":"a2dc6b4c8f24eeb6","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}
BC
SUN
SunRsaSign
SunEC
SunJSSE
SunJCE
SunJGSS
SunSASL
XMLDSig
SunPCSC
JdkLDAP
JdkSASL
SunMSCAPI
SunPKCS11
SunPKCS11-SoftHSM2
{"@timestamp":"2024-07-09T17:15:14.886+05:00","@version":"1","message":"Exception Root Cause: JCE cannot authenticate the provider BC ","logger_name":"io.mosip.kernel.core.exception.ExceptionUtils","thread_name":"http-nio-8088-exec-1","level":"ERROR","level_value":40000,"appName":"kernel-keymanager-service","traceId":"a2dc6b4c8f24eeb6","spanExportable":"false","req.requestURI":"/v1/keymanager/getCertificate","X-Span-Export":"false","req.queryString":"applicationId=ID_REPO&referenceId=demographic_data","req.method":"GET","req.userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","spanId":"a2dc6b4c8f24eeb6","X-B3-SpanId":"a2dc6b4c8f24eeb6","X-B3-TraceId":"a2dc6b4c8f24eeb6","req.remoteHost":"192.168.18.248","req.requestURL":"http://192.168.18.248:8088/v1/keymanager/getCertificate"}

maliksajidhussain · July 9, 2024, 12:25pm

Possibly the issue with the BC jars signer certificate. I verify the bcprov-jdk15on-1.66.jar file and its shows this warning.

Warning:
This jar contains entries whose signer certificate has expired.
This jar contains entries whose certificate chain is invalid. Reason: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
The DSA signing key has a keysize of 1024 which is considered a security risk. This key size will be disabled in a future update.

Possibly using an older version of jar. I tried the latest version by changing the bc version. But it has not effect on the target compiled keymanager jar. Its include the 1.66 version.

mahammedtaheer · July 15, 2024, 3:07pm

Hi @maliksajidhussain

Apologize for the late reply.

Are you able to resolve the issue?

Are you trying to run the keymanager service in windows environment?

Which version of JDK you are using? Oracle JDK or OpenJDK?

If you are using Oracle JDK, can you please switch to OpenJDK and try.

Thanks,
Mahammed Taheer

maliksajidhussain · September 4, 2024, 10:58am

Hi @mahammedtaheer

Thanks for the reply. I recheck the JDK. Previously I was using Oracle JDK which causing this error. After changing to OpenJDK I’m able to generate key.

Topic		Replies	Views
HSM ERROR id-authentication-internal-service Developer	4	379	November 11, 2022
KeyManager service error: pkcs11.wrapper.PKCS11Exception: CKR_GENERAL_ERROR keymanager	12	1197	March 28, 2023
Id-authentication-internal-service HSM error Developer	0	247	November 8, 2022
Keymanager hsm error Support	4	139	February 27, 2024
ID Authentication Deployment Problem (MOSIP v1.2.0.1-B1)	9	265	September 29, 2023

Failed to authenticate Bouncy castle provider by JCE

Related Topics