About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Troubleshooting
Problem
After upgrading the Java used by WebSphere Application Service (WAS) from 1.6 to 1.8, can't access content stored on FileNet Content Platform Engine (CPE) encrypted storage device with 256 bit encryption keys
Symptom
Error in CPE p8_server_error.log
2018-01-12T16:00:14.079 D6B086AE ENG FNRCC0193E - ERROR method name:
getCipher principal name: ibmuser Global Transaction: false User
Transaction: false Exception Info: Content Engine failed to encrypt or
decrypt content for the following reason: The initialization of a
cryptographic cipher instance failed. Message was: Illegal key size
com.filenet.api.exception.EngineRuntimeException: FNRCC0193E:
CONTENT_CIPHER_FAILURE: Content Engine failed to encrypt or decrypt
content for the following reason: The initialization of a cryptographic
cipher instance failed. Message was: Illegal key size
at com.filenet.engine.content.ContentEncryption.
getCipher(ContentEncryption.java:210)
at com.filenet.engine.content.ContentEncryption.
getDecryptionCipher(ContentEncryption.java:174)
at com.filenet.engine.content.ContentElementInfo.
getDecryptionCipher(ContentElementInfo.java:713)
at com.filenet.engine.content.ContentElementInfo.
getDecryptedDecompressedStream(ContentElementInfo.java:726)
at com.filenet.engine.content.
GetContentHandler$GetContentState.reconnectInputStream
(GetContentHandler.java:1239)
at com.filenet.engine.content.
GetContentHandler$GetContentState.<init>(GetContentHandler.java:1197)
at com.filenet.engine.content.GetContentHandler.
startNewRequest(GetContentHandler.java:878)
at com.filenet.engine.content.GetContentHandler.
getContent(GetContentHandler.java:417)
at com.filenet.engine.jca.impl.RequestBrokerImpl.
getContent(RequestBrokerImpl.java:343)
at com.filenet.engine.jca.impl.RequestBrokerImpl.
getContent(RequestBrokerImpl.java:242)
at com.filenet.engine.ejb.EngineCoreBean._getContent
(EngineCoreBean.java:107)
at com.filenet.engine.ejb.EngineCoreBean.getContent
(EngineCoreBean.java:79)
at com.filenet.engine.ejb.
EJSLocalStatelessEngineCore_22877cb1.getContent(Unknown Source)
at com.filenet.engine.ejb.EngineBean.getContent
(EngineBean.java:315)
at com.filenet.apiimpl.transport.ejbstubs.
EJSLocalStatelessEngine_2e64c374.getContent(Unknown Source)
at com.filenet.apiimpl.transport.ejb.EnginePortLocal.
getContent(EnginePortLocal.java:79)
at com.filenet.apiimpl.wsi.ServiceSessionNst$2.run
(ServiceSessionNst.java:1370)
at java.security.AccessController.doPrivileged
(AccessController.java:686)
at javax.security.auth.Subject.doAs(Subject.java:569)
at com.ibm.websphere.security.auth.WSSubject.doAs
(WSSubject.java:196)
at com.ibm.websphere.security.auth.WSSubject.doAs
(WSSubject.java:153)
at sun.reflect.GeneratedMethodAccessor27.invoke(Unknown
Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke
(DelegatingMethodAccessorImpl.java:55)
at java.lang.reflect.Method.invoke(Method.java:508)
at com.filenet.apiimpl.util.J2EEUtilWS.doAs(J2EEUtilWS.
java:239)
at com.filenet.apiimpl.wsi.ServiceSessionNst.
sMakeInternalEJBCall(ServiceSessionNst.java:1223)
at com.filenet.apiimpl.wsi.ServiceSessionNst.
sHandleIncomingRequest(ServiceSessionNst.java:1067)
at com.filenet.engine.wsi.ListenerNst.service
(ListenerNst.java:179)
at javax.servlet.http.HttpServlet.service(HttpServlet.
java:668)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.
service(ServletWrapper.java:1233)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.
handleRequest(ServletWrapper.java:782)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.
handleRequest(ServletWrapper.java:481)
at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.
handleRequest(ServletWrapperImpl.java:178)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.
invokeFilters(WebAppFilterManager.java:1114)
at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.
handleRequest(CacheServletWrapper.java:87)
at com.ibm.ws.webcontainer.WebContainer.handleRequest
(WebContainer.java:949)
at com.ibm.ws.webcontainer.WSWebContainer.handleRequest
(WSWebContainer.java:1817)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready
(WCChannelLink.java:200)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.
handleDiscrimination(HttpInboundLink.java:463)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.
handleNewRequest(HttpInboundLink.java:530)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.
processRequest(HttpInboundLink.java:316)
at com.ibm.ws.http.channel.inbound.impl.
HttpICLReadCallback.complete(HttpICLReadCallback.java:88)
at com.ibm.ws.tcp.channel.impl.
AioReadCompletionListener.futureCompleted(AioReadCompletionListener.
java:175)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback
(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture.
fireCompletionActions(AsyncChannelFuture.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.
java:138)
at com.ibm.io.async.ResultHandler.complete
(ResultHandler.java:204)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop
(ResultHandler.java:775)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.
java:905)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.
java:1892)
Caused by: java.security.InvalidKeyException: Illegal key size
at javax.crypto.Cipher.a(Unknown Source)
at javax.crypto.Cipher.a(Unknown Source)
at javax.crypto.Cipher.a(Unknown Source)
at javax.crypto.Cipher.init(Unknown Source)
at javax.crypto.Cipher.init(Unknown Source)
at com.filenet.engine.content.ContentEncryption.
getCipher(ContentEncryption.java:203)
... 49 more
Cause
Unrestricted encryption policy files were replaced with the default version when Java was updated from 6 to 8
Environment
FileNet CPE on WAS using 256 bit encryption keys for encrypted storage.
Diagnosing The Problem
When comparing the default local_policy file in the local_policy.jar located in <YOUR_WAS_INSTALL_DIR>\AppServer\java\jre\lib\security to the unrestricted version there will be several extra lines in the default version indicating it's not the unrestricted version.
Resolving The Problem
Download and apply the Unrestricted SDK JCE policy files:
- Dowload the files from here:
https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=jcesdk - Provide your IBM ID and password and click Sign in. (Or register with IBM if you don't have an account to download the files.)
- On the Unrestricted SDK JCE policy files page, select the first option that includes Java 5 thought Java 8 GA , and all later releases and then click Continue.
- View the license agreement and then select I Agree.
- Click Download Now.
- Install the files:
- Extract the file: unrestrictedpolicyfiles..zip into a directory
of your choice. - Copy the .jar files from the extraction directory to:
<YOUR_WAS_INSTALL_DIR>\AppServer\java\jre\lib\security - Restart the WAS server.
[{"Product":{"code":"SSNW2F","label":"FileNet P8 Platform"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Content Engine","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"5.2;5.2.1;5.5.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Was this topic helpful?
Document Information
More support for:
FileNet P8 Platform
Software version:
5.2, 5.2.1, 5.5.0
Operating system(s):
AIX, Linux, Solaris, Windows
Document number:
303105
Modified date:
17 June 2018
UID
swg22012689
