java.lang.SecurityException: Signature classes have been tampered with

Hi folks,

Playing around with an nCipher HSM on Solaris 9 using Java 1.5 update 11.

- Configured java.security like this:

security.provider.1=com.ncipher.fixup.provider.nCipherRSAPrivateEncrypt

security.provider.2=com.ncipher.provider.km.nCipherKM

security.provider.3=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/sunpkcs11-solaris.cfg

security.provider.4=etc.

- We ARE ABLE to use keytool successfully with the nCipher store type (ncipher.sworld), generating keys, CSRs, importing certificates, all works fine

- When we want to decrypt something using the nCipher security provider, we get the following error the first time in a session:

2007-02-16 11:42:46,590 [http-8080-Processor4] ERROR org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/CPDM].[PubDepubServlet] - Servlet.service() for servlet PubDepubServlet threw exception

java.lang.ExceptionInInitializerError

at javax.crypto.Cipher.getInstance(DashoA12275)

at org.bouncycastle.cms.KeyTransRecipientInformation.getContentStream(Unknown Source)

at org.bouncycastle.cms.RecipientInformation.getContent(Unknown Source)

at com.getronics.cpdm.bridge.components.smime.SMimeProcessorImpl.decryptSMimeEnvelope(SMimeProcessorImpl.java:88)

at com.getronics.cpdm.bridge.BridgeServicesImpl.decryptSMimeEnvelope(BridgeServicesImpl.java:175)

at com.getronics.cpdm.business.components.webhelper.WebHelperImpl.processPubDepubRequest(WebHelperImpl.java:65)

at com.getronics.cpdm.business.BusinessServicesImpl.processPubDepubRequest(BusinessServicesImpl.java:50)

at com.getronics.cpdm.servlets.PubDepubServlet.doPost(PubDepubServlet.java:48)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)

at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)

at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)

at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)

at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)

at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)

at java.lang.Thread.run(Unknown Source)

Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs

at javax.crypto.SunJCE_b.<clinit>(DashoA12275)

... 25 more

Caused by: java.lang.SecurityException: Signature classes have been tampered with

at javax.crypto.SunJCE_b.d(DashoA12275)

at javax.crypto.SunJCE_b.c(DashoA12275)

at javax.crypto.SunJCE_r.run(DashoA12275)

at java.security.AccessController.doPrivileged(Native Method)

... 26 more

- The second time we try in that same session, we get:

2007-02-16 12:50:27,924 [http-8080-Processor3] ERROR org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/CPDM].[PubDepubServlet] - Servlet.service() for servlet PubDepubServlet threw exception

java.lang.NoClassDefFoundError