java.security.NoSuchAlgorithmException on java 7 and Solaris

Question

We get an java.security.NoSuchAlgorithmException when we run ftpsClient.connect() on java7 (HotSpot jdk1.7.0_07) on Solaris. The same code works just fine on java7 on Windows 7 and on Linux with the same jdk-version.

Here is a small testprogram which works in Windows and Linux, but falls flat on Solaris:

public static void main(String[] args) {
      try {
         SSLFTPClient client = new SSLFTPClient();
         client.setRemoteHost(host);
         client.setRemotePort(port);
         client.setConnectMode(FTPConnectMode.PASV);
         client.setImplicitFTPS(true);
         client.getRootCertificateStore().importPEMFile(pemFilePath);
         client.setValidateServer(true);
         SSLFTPStandardValidator.MAX_CERTIFICATE_CHAIN_LENGTH = 3;
         SSLFTPStandardValidator sslftpStandardValidator = new SSLFTPStandardValidator(commonName);
         client.setCustomValidator(sslftpStandardValidator);

         System.out.println("Connecting to " + client.getRemoteHost() + ":" + client.getRemotePort());
         client.connect();
         System.out.println("Connection established, running auth");
         client.auth(SSLFTPClient.PROT_PRIVATE);
         System.out.println("Auth ok, attempt login.");
         client.login(user, passwd);
         System.out.println("Login ok, listing directories");
         
         String[] dirs = client.dir();
         System.out.println("Directories (" + dirs.length + "):");
         for (String dir : dirs) {
            System.out.println(dir);
         }
      } catch (SSLFTPCertificateException e) {
         e.printStackTrace();
         e.printCertificates();
      } catch (Exception e) {
         System.out.println(e);
         e.printStackTrace();
      }
   }

The following exception is thrown when client.connect() is called:

java.security.NoSuchAlgorithmException: algorithm RSA/ECB/PKCS1Padding is not available from provider CryptixEDT
        at xjava.security.IJCE.a(IJCE.java:506)
        at xjava.security.IJCE.getImplementationClass(IJCE.java:452)
        at xjava.security.IJCE.getImplementation(IJCE.java:405)
        at xjava.security.Cipher.b(Cipher.java:535)
        at xjava.security.Cipher.getInstance(Cipher.java:482)
        at com.enterprisedt.net.puretls.i.a(SSLClientKeyExchange.java:75)
        at com.enterprisedt.net.puretls.m.a(SSLHandshake.java:222)
        at com.enterprisedt.net.puretls.m.a(SSLHandshake.java:217)
        at com.enterprisedt.net.puretls.n.l(SSLHandshakeClient.java:309)
        at com.enterprisedt.net.puretls.n.c(SSLHandshakeClient.java:142)
        at com.enterprisedt.net.puretls.m.a(SSLHandshake.java:168)
        at com.enterprisedt.net.puretls.j.a(SSLConn.java:161)
        at com.enterprisedt.net.puretls.SSLSocket.internalSocket(SSLSocket.java:116)
        at com.enterprisedt.net.puretls.SSLSocket.<init>(SSLSocket.java:69)
        at com.enterprisedt.net.ftp.ssl.SSLFTPClient.connect(SSLFTPClient.java:853)
        at example.FtpsAttempt.main(FtpsAttempt.java:33)
Exception in thread "main" java.lang.InternalError: java.security.NoSuchAlgorithmException: algorithm RSA/ECB/PKCS1Padding is not available from provider CryptixEDT
        at com.enterprisedt.net.puretls.i.a(SSLClientKeyExchange.java:100)
        at com.enterprisedt.net.puretls.m.a(SSLHandshake.java:222)
        at com.enterprisedt.net.puretls.m.a(SSLHandshake.java:217)
        at com.enterprisedt.net.puretls.n.l(SSLHandshakeClient.java:309)
        at com.enterprisedt.net.puretls.n.c(SSLHandshakeClient.java:142)
        at com.enterprisedt.net.puretls.m.a(SSLHandshake.java:168)
        at com.enterprisedt.net.puretls.j.a(SSLConn.java:161)
        at com.enterprisedt.net.puretls.SSLSocket.internalSocket(SSLSocket.java:116)
        at com.enterprisedt.net.puretls.SSLSocket.<init>(SSLSocket.java:69)
        at com.enterprisedt.net.ftp.ssl.SSLFTPClient.connect(SSLFTPClient.java:853)
        at example.FtpsAttempt.main(FtpsAttempt.java:33)

The kicker is that the same code works on Solaris if I run with jdk1.6.0_32.
Any help would be very much appreciated.

/Anders

Answer 1

I managed to get it working. The short version is: run the following at any time BEFORE you create the SSLFTPClient

Security.removeProvider("SunPKCS11-Solaris");

The long version is:
I tried to list the security providers and all algorithms on both the Linux and the Solaris system. I listed them like so:

            for (Provider provider: Security.getProviders()) {
                           System.out.println(provider.getName());
                           for (String key: provider.stringPropertyNames())
                                         System.out.println("\t" + key + "\t" + provider.getProperty(key));
            }
 

I found that the algorithm which is not found (RSA/ECB/PKCS1Padding) when I run my FTPS-program was from a Solaris-specific provider (namely SunPKCS11-Solaris). Then I just tried to remove that provider entirely before setting up the ftps connection and that really did the trick!
With the single line

Security.removeProvider("SunPKCS11-Solaris");

before the creating the SSLFTPClient the program ran on Solaris as smoothly as if it was on the Linux box!

Answer 2

An alternative:

1. Open the install_dir/jre/lib/security/java.security file where install_dir is the directory where SSP is installed.

The first two entries in the file are displayed below:

security.provider.1=sun.security.pkcs11.SunPKCS11 ${java.home} /lib/security/sunpkcs11-solaris.cfg
security.provider.2=sun.security.provider.Sun

2. Comment out the first entry for security.provider.1.

3. Make a copy of the second entry and renumber it to security.provider.1. Following is a sample of the new line:

security.provider.1=sun.security.provider.Sun

Leave the second entry as security.provider.2=sun.security.provider.Sun. Although the first two entries are the same, you do not have to renumber all security provider lines.

4. Save and close the java.security file.