I am using the JCE to encrypt and decrypt in my project. I have installed the necessary java security jars under $JAVA_HOME/jre/lib/security. Also in my development environment in eclipse I am pointing to the correct jre. Everything works fine in eclipse. But when I build the project with maven , it fails with the following exeption
The jurisdiction policy files are not signed by a trusted signer!
Things tried so far.
Tried a hack by initializing the following block of code before anything else
try {
Field field = Class.forName("javax.crypto.JceSecurity").getDeclaredField("isRestricted");
field.setAccessible(true);
field.set(null, java.lang.Boolean.FALSE);
} catch (ClassNotFoundException | NoSuchFieldException | SecurityException | IllegalArgumentException | IllegalAccessException ex) {
ex.printStackTrace(System.err);
}
Also tried changing the pom.xml by adding the following plugin
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>1.1.1</version>
<executions>
<execution>
<id>enforce</id>
<configuration>
<rules>
<evaluateBeanshell>
<condition>javax.crypto.Cipher.getMaxAllowedKeyLength("AES") > 128</condition>
</evaluateBeanshell>
</rules>
</configuration>
<goals>
<goal>enforce</goal>
</goals>
</execution>
</executions>
</plugin>
I have confirmed that the version of the policy jars matches the Java version on my machine. Is there a way to configure maven to use these jars? (Without having to use another library like Bouncy Castle) Thanks.
Download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files in order to get the unlimited strength version and use it for both build and runtime.