SunTlsRsaPremasterSecret KeyGenerator not available

问题:

I encountered an error when my application tries to load a RSA Algorithm provider class from JAVA. The exception stack is as follow:

javax.jms.JMSException: RSA premaster secret error at org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:49) at org.apache.activemq.ActiveMQConnection.syncSendPacket(ActiveMQConnection.java:1255) at org.apache.activemq.ActiveMQConnection.ensureConnectionInfoSent(ActiveMQConnection.java:1350) at org.apache.activemq.ActiveMQConnection.setClientID(ActiveMQConnection.java:388) at com.trendmicro.tmsm.TMSMAgent.open(TMSMAgent.java:63)  Caused by: javax.net.ssl.SSLKeyException: RSA premaster secret error at com.sun.net.ssl.internal.ssl.RSAClientKeyExchange.(RSAClientKeyExchange.java:97) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:634) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:226) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623) at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59) at org.apache.activemq.transport.tcp.TcpBufferedOutputStream.flush(TcpBufferedOutputStream.java:115) at java.io.DataOutputStream.flush(DataOutputStream.java:106) at org.apache.activemq.transport.tcp.TcpTransport.oneway(TcpTransport.java:167) at org.apache.activemq.transport.InactivityMonitor.oneway(InactivityMonitor.java:237) at org.apache.activemq.transport.WireFormatNegotiator.sendWireFormat(WireFormatNegotiator.java:168) at org.apache.activemq.transport.WireFormatNegotiator.sendWireFormat(WireFormatNegotiator.java:84) at org.apache.activemq.transport.WireFormatNegotiator.start(WireFormatNegotiator.java:74) at org.apache.activemq.transport.failover.FailoverTransport.doReconnect(FailoverTransport.java:715) at org.apache.activemq.transport.failover.FailoverTransport$2.iterate(FailoverTransport.java:115) at org.apache.activemq.thread.PooledTaskRunner.runTask(PooledTaskRunner.java:122) at org.apache.activemq.thread.PooledTaskRunner$1.run(PooledTaskRunner.java:43) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:637)  Caused by: java.security.NoSuchAlgorithmException: SunTlsRsaPremasterSecret KeyGenerator not available at javax.crypto.KeyGenerator.(DashoA13*..) at javax.crypto.KeyGenerator.getInstance(DashoA13*..) at com.sun.net.ssl.internal.ssl.JsseJce.getKeyGenerator(JsseJce.java:223) at com.sun.net.ssl.internal.ssl.RSAClientKeyExchange.(RSAClientKeyExchange.java:89) ... 22 more 

I've googled the error message and most of posts says it's because JVM cannot find sunjce_provider.jar. However, I can find the file in /Library/Java/Home/lib/ext folder.

The platform is Mac OS X 10.6 and Java version is 1.6.0_17.

My questions are:

1. Why JVM does not search /Library/Java/Home/lib/ext for jar files?
2. Can we change CLASSPATH or java.ext.dirs property by modify any config file?
3. Any suggestion to solve this problem?

Thanks in advance.

回答1:

I've had the same problem after upgrading to new Java version on Mac. My (maven) project ran OK from command line but got the "SunTlsRsaPremasterSecret" error in Eclipse.

The solution was to remove Installed JREs in Eclipse configuration and add them again (using the "Search..." button).

回答2:

had a similar issue. Adding the classpath to the ext directory fixed it for me. This fix worked for me on windows 7 with java 1.6

java -Djava.ext.dirs=lib -classpath "%java_home%\lib\ext\*" myapp.jar  

回答3:

I think we find the root cause so here is an answer of my own question.

1. the Java system property "java.ext.dirs" in Mac OS X 10.5 is: /Library/Java/Extensions:/System/Library/Java/Extensions:/System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home/lib/ext. The sunjce_provider.jar should be in /System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home/lib/ext but also be found in /Library/Java/Extensions/ in the problem mac.

2. the sunjce_provider.jar in /Library/Java/Extensions/ belongs to Java Cryptography Extension(JCE) 1.2.2, which has been installed in the mac. JCE 1.2.2 is an optional package of J2SE 1.3.1 and may not includes enough libraries for J2SE 1.4 and later.

3. the Java applcation works normally after all JCE 1.2.2 related jar files have been removed from /Library/Java/Extensions/.

回答4:

It happened to me while launching the tomcat server from eclipse. I solved it by changing the configuration in Windows -> Preferences -> Java -> Installed JREs -> Edit. I had to update all the JRE system libraries with the corresponding jars from the folders in:

• %JAVA_HOME%/jre/lib/ext
• %JAVA_HOME%/jre/lib/

It seems that after the last update I have changed the JRE_Home but forgot those libraries.

回答5:

Had to spend almost a day on this while trying to use JavaMail in Eclipse Luna. Tried all approaches suggested in various forums, but no luck.

Digged into the complete flow and found the exception arising due to Class is on BootClassPath

from KeyAgreement.getInstance()->JceSecurity.canUseProvider()->JceSecurity.getVerificationResult()->JarVerifier.verify()

void verify() throws JarException, IOException { if (jarURL == null) { throw new JarException("Class is on the bootclasspath"); }.......

I removed sunjce_provider jar from \ext\ folder and can send mail now. This might not be right but atleast a quick workaround.

Refer Eclipse bug.

回答6:

I also had this issue, noticed that the problem was in my Eclipse configuration.

Window > Preferences > Java > Installed JREs > jdk8_64bit > Edit... 

The path of my sunjce_provider.jar was pointing to jdk8_64bit\lib\ext\sunjce.provider.jar. It should point to the JRE's equivalent in jdk8_64bit\jre\lib\ext\sunjce.provider.jar.

文章来源: SunTlsRsaPremasterSecret KeyGenerator not available