The process is described in the document, "How to Implement a Provider."

该过程在文档“如何实施提供者”中进行了描述。

It involves emailing SunOracle some information (including the CSR you generated for your signing key), then faxing a confirmation document. Getting your signed certificate back can take a week or more, so plan ahead.

它涉及通过电子邮件向SunOracle发送一些信息（包括您为签名密钥生成的 CSR），然后传真一份确认文件。取回您的签名证书可能需要一周或更长时间，因此请提前计划。

You only need to sign your provider if it provides services that are restricted by some (repressive) governments. For example, a Cipherimplementation is a restricted "service," while MessageDigestis an unrestricted service. I assume with the message you're getting, that you are trying to provide a restricted services.

如果您的提供商提供受某些（专制）政府限制的服务，您只需签署该提供商。例如，Cipher实现是受限制的“服务”，MessageDigest而是不受限制的服务。我假设您收到的消息是您正在尝试提供受限制的服务。

If you provide any of these services, there's no way around it:You need a code-signing certificate issued by Sun. (One from IBM might work too; if I recall correctly, their code-signing CA is supported, but I don't know anything about their issuing process.)

如果您提供这些服务中的任何一个，就没有办法绕过它：您需要一个由 Sun 颁发的代码签名证书。（来自 IBM 的一个也可能工作；如果我没记错的话，他们的代码签名 CA 是受支持的，但我对他们的发布过程一无所知。）

You have to sign the JAR with "JCE Code Signing CA". In all current Java distributions, only 2 CAs (Sun and IBM) are built-in (hard-coded) and there is no way to add your own. We tried to work with Sun to sign our provider and it's almost impossible. They wouldn't issue intermediate CA cert, which means you have to go through the trouble every time you make a change.

您必须使用“JCE 代码签名 CA”对 JAR 进行签名。在所有当前的 Java 发行版中，只有 2 个 CA（Sun 和 IBM）是内置的（硬编码）并且无法添加您自己的 CA。我们试图与 Sun 合作签署我们的供应商，但这几乎是不可能的。他们不会颁发中级 CA 证书，这意味着您每次进行更改时都必须经历这些麻烦。

Why don't you just user your own library? You use standard API for interoperability between different JCEs. But that's not realistic for CryptoKi/SmartCard stuff right now, you almost always need to write some custom code to interact with vendor specific API. You can even make your code mimic JCE API to minimize code changes.

为什么不直接使用自己的库？您使用标准 API 来实现不同 JCE 之间的互操作性。但这对于现在的 CryptoKi/SmartCard 来说并不现实，您几乎总是需要编写一些自定义代码来与供应商特定的 API 进行交互。您甚至可以让您的代码模仿 JCE API 以最大限度地减少代码更改。

An alternative is to design your custom provider using OpenJDK. This is the open-source project sponsored by Sun/Oracle, and provides the code base for their official release. OpenJDK does not require providers to be signed. OpenJDK is available (by default, now) on several Linux distributions. Unfortunately, it does not seem to be readily available on Windows or Macintosh. If you're running Windows or Macintosh, I recommend installing Linux into a VM.

另一种方法是使用 OpenJDK 设计您的自定义提供程序。这是由 Sun/Oracle 赞助的开源项目，并为其正式发布提供代码库。OpenJDK 不需要对提供者进行签名。OpenJDK 在几个 Linux 发行版上可用（默认情况下，现在）。不幸的是，它在 Windows 或 Macintosh 上似乎并不容易获得。如果您运行的是 Windows 或 Macintosh，我建议将 Linux 安装到 VM 中。

If you must develop on Windows or Mac, however, you can copy the jce.jar file from an OpenJDK install over jce.jar (in your Java lib directory) of an official install. This will effectively circumvent the Jar authentication process. Be sure to put the original jce.jar file back when you're done developing, though.

但是，如果您必须在 Windows 或 Mac 上进行开发，您可以通过官方安装的 jce.jar（在您的 Java lib 目录中）从 OpenJDK 安装复制 jce.jar 文件。这将有效地绕过 Jar 身份验证过程。但是，请确保在完成开发后将原始 jce.jar 文件放回原处。

Only for extra info, i got this same exception when i build a JAR (Eclipse Juno) with the option "Extract required libraries into generated JAR" instead the correct "Package required libraries into generated JAR"

仅用于额外信息，当我使用选项“将所需的库提取到生成的 JAR 中”而不是正确的“将所需的库打包到生成的 JAR 中”构建 JAR（Eclipse Juno）时，我遇到了同样的异常