Trick to check unlimited JCE policy has been installed properly
As we all know with the secure connectivity add on, SAP provides us with the PGP module. As part of the installation of this package, there is a guideline to install unlimited JCE on the PI server.
If unlimited JCE is not installed properly, then you get a bounty castle exception on the communication channel while using the PGP module.
What I have seen twice in different projects is that the jar files required for unlimited JCE from Oracle’s website are usually dated older than the actual jars present in the PI system. And due to this, I have seen the technical basis person to ignore these jar files assuming that the latest jars are already available. Also, at times a restart was not taken and hence the unlimited jce policy was never applied.
I have found a handy trick to test if unlimited JCE is properly installed on the PI box or not. I’m not detailing the steps needed to create a message mapping etc as there are enough resources available for that.
- Create a dummy message mapping. Use any existing message type for both source and target.
- Create a text UDF. Import javax.crypto.Cipher and put the below code snippet
getTrace.addWarning("" +Cipher.getMaxAllowedKeyLength("AES")); return "";
Attach this UDF to any target field(Preferably root) and perform a “Display Queue”.
If the trace warning gives a value of 128, then it indicates that the unlimited JCE is not installed properly. If it is installed properly, then 2147483647 should be the value.
Hope this helps the community.