You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Christopher Schultz <ch...@christopherschultz.net> on 2017/10/26 13:42:24 UTC
Re: [OT] classloader issue with bouncycastle
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Chris,
Just curious... why are you using BC and not the JVM-provided crypto
provider? What JVM are you using?
- -chris
On 10/18/17 10:56 AM, Chris Cheshire wrote:
> Using bouncy castle v1.58, Tomcat 8.5, java 1.8.
>
> I have the unlimited security policy files installed, the BC jars
> in my WEB-INF/lib directory and in order to register the BC
> provider, I do
>
> static { Security.addProvider(new BouncyCastleProvider()); }
>
> in a utility class that handles the keyring
> setup/encryption/decryption methods for me. This works great until
> I update the jar that contains my utility class and reload the
> webapp. Then I get an exception thrown from it being unable to
> locate the BC provider.
>
> mypackage.crypto.CryptoException:
> org.bouncycastle.openpgp.PGPException: exception on setup:
> java.security.NoSuchAlgorithmException: class configured for
> MessageDigest (provider: BC) cannot be found. at
> mypackage.crypto.PGPUtils.decrypt(PGPUtils.java:304)
> ~[mypackage.jar:na] at
> mypackage.web.action.user.priv.settings.View.view(View.java:139)
> ~[classes/:na] at
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[na:1.8.0_141] at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
ava:62)
>
>
~[na:1.8.0_141]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
orImpl.java:43)
>
>
~[na:1.8.0_141]
> at java.lang.reflect.Method.invoke(Method.java:498)
> ~[na:1.8.0_141] at
> net.sourceforge.stripes.controller.DispatcherHelper$6.intercept(Dispat
cherHelper.java:456)
>
>
[stripes-1.6.0.jar:1.6.0]
> at
> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionC
ontext.java:176)
>
>
[stripes-1.6.0.jar:1.6.0]
> at
> mypackage.web.interceptors.AuthenticateInterceptor.intercept(Authentic
ateInterceptor.java:41)
>
>
[classes/:na]
> at
> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionC
ontext.java:173)
>
>
[stripes-1.6.0.jar:1.6.0]
> at
> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.interc
ept(BeforeAfterMethodInterceptor.java:113)
>
>
[stripes-1.6.0.jar:1.6.0]
> at
> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionC
ontext.java:173)
>
>
[stripes-1.6.0.jar:1.6.0]
> at
> net.sourceforge.stripes.controller.ExecutionContext.wrap(ExecutionCont
ext.java:86)
>
>
[stripes-1.6.0.jar:1.6.0]
> at
> net.sourceforge.stripes.controller.DispatcherHelper.invokeEventHandler
(DispatcherHelper.java:454)
>
>
[stripes-1.6.0.jar:1.6.0]
> at
> net.sourceforge.stripes.controller.DispatcherServlet.invokeEventHandle
r(DispatcherServlet.java:278)
>
>
[stripes-1.6.0.jar:1.6.0]
> at
> net.sourceforge.stripes.controller.DispatcherServlet.service(Dispatche
rServlet.java:160)
>
>
[stripes-1.6.0.jar:1.6.0]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
> [servlet-api.jar:na] at
> net.sourceforge.stripes.controller.DynamicMappingFilter$2.doFilter(Dyn
amicMappingFilter.java:464)
>
>
[stripes-1.6.0.jar:1.6.0]
> at
> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilte
r.java:260)
>
>
[stripes-1.6.0.jar:1.6.0]
> at
> net.sourceforge.stripes.controller.DynamicMappingFilter.doFilter(Dynam
icMappingFilter.java:451)
>
>
[stripes-1.6.0.jar:1.6.0]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
cationFilterChain.java:193)
>
>
[catalina.jar:8.5.23]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
lterChain.java:166)
>
>
[catalina.jar:8.5.23]
> at
> org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.ja
va:176)
>
>
[urlrewritefilter-4.0.3.jar:4.0.3]
> at
> org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145
)
>
>
[urlrewritefilter-4.0.3.jar:4.0.3]
> at
> org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewrit
er.java:92)
>
>
[urlrewritefilter-4.0.3.jar:4.0.3]
> at
> org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewrite
Filter.java:394)
>
>
[urlrewritefilter-4.0.3.jar:4.0.3]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
cationFilterChain.java:193)
>
>
[catalina.jar:8.5.23]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
lterChain.java:166)
>
>
[catalina.jar:8.5.23]
> at
> org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCha
racterEncodingFilter.java:108)
>
>
[catalina.jar:8.5.23]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
cationFilterChain.java:193)
>
>
[catalina.jar:8.5.23]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
lterChain.java:166)
>
>
[catalina.jar:8.5.23]
> at
> ch.qos.logback.classic.helpers.MDCInsertingServletFilter.doFilter(MDCI
nsertingServletFilter.java:51)
>
>
[logback-classic-1.0.9.jar:na]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
cationFilterChain.java:193)
>
>
[catalina.jar:8.5.23]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
lterChain.java:166)
>
>
[catalina.jar:8.5.23]
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperVa
lve.java:199)
>
>
[catalina.jar:8.5.23]
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextVa
lve.java:96)
>
>
[catalina.jar:8.5.23]
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticat
orBase.java:595)
>
>
[catalina.jar:8.5.23]
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.ja
va:140)
>
>
[catalina.jar:8.5.23]
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.ja
va:81)
>
>
[catalina.jar:8.5.23]
> at
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAcces
sLogValve.java:650)
>
>
[catalina.jar:8.5.23]
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValv
e.java:87)
>
>
[catalina.jar:8.5.23]
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java
:342)
>
>
[catalina.jar:8.5.23]
> at
> org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:486)
> [tomcat-coyote.jar:8.5.23] at
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLigh
t.java:66)
>
>
[tomcat-coyote.jar:8.5.23]
> at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractP
rotocol.java:868)
>
>
[tomcat-coyote.jar:8.5.23]
> at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoi
nt.java:1459)
>
>
[tomcat-coyote.jar:8.5.23]
> at
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase
.java:49)
>
>
[tomcat-coyote.jar:8.5.23]
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.j
ava:1149)
>
>
[na:1.8.0_141]
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.
java:624)
>
>
[na:1.8.0_141]
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThr
ead.java:61)
>
>
[tomcat-util.jar:8.5.23]
> at java.lang.Thread.run(Thread.java:748) [na:1.8.0_141] Caused by:
> org.bouncycastle.openpgp.PGPException: exception on setup:
> java.security.NoSuchAlgorithmException: class configured for
> MessageDigest (provider: BC) cannot be found. at
> org.bouncycastle.openpgp.operator.jcajce.JcaPGPDigestCalculatorProvide
rBuilder$1.get(Unknown
>
>
Source) ~[bcpg-jdk15on-157.jar:1.57.0]
> at
> org.bouncycastle.openpgp.operator.PGPUtil.makeKeyFromPassPhrase(Unknow
n
>
>
Source) ~[bcpg-jdk15on-157.jar:1.57.0]
> at
> org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor.makeKeyFromPas
sPhrase(Unknown
>
>
Source) ~[bcpg-jdk15on-157.jar:1.57.0]
> at org.bouncycastle.openpgp.PGPSecretKey.extractKeyData(Unknown
> Source) ~[bcpg-jdk15on-157.jar:1.57.0] at
> org.bouncycastle.openpgp.PGPSecretKey.extractPrivateKey(Unknown
> Source) ~[bcpg-jdk15on-157.jar:1.57.0] at
> mypackage.crypto.PGPUtils.extractPrivateKey(PGPUtils.java:347)
> ~[mypackage.jar:na] at
> mypackage.crypto.PGPUtils.decrypt(PGPUtils.java:263)
> ~[mypackage.jar:na] ... 50 common frames omitted Caused by:
> java.security.NoSuchAlgorithmException: class configured for
> MessageDigest (provider: BC) cannot be found. at
> java.security.Provider$Service.getImplClass(Provider.java:1649)
> ~[na:1.8.0_141] at
> java.security.Provider$Service.newInstance(Provider.java:1592)
> ~[na:1.8.0_141] at
> sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
> ~[na:1.8.0_141] at
> sun.security.jca.GetInstance.getInstance(GetInstance.java:206)
> ~[na:1.8.0_141] at
> java.security.Security.getImpl(Security.java:698) ~[na:1.8.0_141]
> at java.security.MessageDigest.getInstance(MessageDigest.java:227)
> ~[na:1.8.0_141] at
> org.bouncycastle.jcajce.util.NamedJcaJceHelper.createDigest(Unknown
>
>
Source) ~[bcprov-jdk15on-157.jar:1.57.0]
> at
> org.bouncycastle.openpgp.operator.jcajce.OperatorHelper.createDigest(U
nknown
>
>
Source) ~[bcpg-jdk15on-157.jar:1.57.0]
> ... 57 common frames omitted Caused by:
> java.lang.ClassNotFoundException: Illegal access: this web
> application instance has been stopped already. Could not load
> [org.bouncycastle.jcajce.provider.digest.SHA256$Digest]. The
> following stack trace is thrown for debugging purposes as well as
> to attempt to terminate the thread which caused the illegal
> access. at
> org.apache.catalina.loader.WebappClassLoaderBase.checkStateForClassLoa
ding(WebappClassLoaderBase.java:1301)
>
>
~[catalina.jar:8.5.23]
> at
> org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClass
LoaderBase.java:1158)
>
>
~[catalina.jar:8.5.23]
> at
> org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClass
LoaderBase.java:1119)
>
>
~[catalina.jar:8.5.23]
> at java.security.Provider$Service.getImplClass(Provider.java:1636)
> ~[na:1.8.0_141] ... 64 common frames omitted Caused by:
> java.lang.IllegalStateException: Illegal access: this web
> application instance has been stopped already. Could not load
> [org.bouncycastle.jcajce.provider.digest.SHA256$Digest]. The
> following stack trace is thrown for debugging purposes as well as
> to attempt to terminate the thread which caused the illegal
> access. at
> org.apache.catalina.loader.WebappClassLoaderBase.checkStateForResource
Loading(WebappClassLoaderBase.java:1311)
>
>
~[catalina.jar:8.5.23]
> at
> org.apache.catalina.loader.WebappClassLoaderBase.checkStateForClassLoa
ding(WebappClassLoaderBase.java:1299)
>
>
~[catalina.jar:8.5.23]
> ... 67 common frames omitted
>
> As soon as I restart Tomcat it's ok. If I reload tomcat after
> changing anything else but the jar containing my crypto utility
> class, it is also OK. It is only when the jar containing the crypto
> stuff is updated (not the BC libraries though) that the classloader
> loses the BC provider.
>
> If I move the call
>
> Security.addProvider(new BouncyCastleProvider())
>
> into the contextInitialized() method of a ServletContextListener,
> everything works on reloading a webapp, no matter what classes or
> jars I update.
>
> Can someone explain why the static initializer breaks down here
> please?
>
> ---------------------------------------------------------------------
>
>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlnx5kAACgkQHPApP6U8
pFg+uA/+OhvD2E8g9dKz0Jw4N7n0ySkOmEaMYwklwZT79z4QfZUQ1cbLQnr+2vDX
kLa+oN8wvrbBYIj8HuXCvvJFgBmqrhI2T4OoyiaE95CxOJDDk8iD5W4EX28E/N66
IX9mf5XRIAK96bMTHF6rSZFOO2cqiA64tW1mTlrs13f3toUmZo8Oh6YGBmKAkHmI
rpD1T0MQ4k8MW6gCKqAEygu3u41YvCtzCqn8u4jYNR3vTjDUgv2YXdT1Y5EeBZZs
DFaM75Y/a7QPd6kb6jFuxXFZdIkvFXEoCXmnUzUYnMYg+Zt41B9I14VsuQCYM8Sf
PNI9rJxR83RvgGZWCI25Du6b0cLtuoQnzvlOfWoXZFcF+8grXP6OhKPgrkE2Gfzs
wqXblsfTmTA3juPmY2E2XCE8eHNdYsNgp9J+uHU4qPRj+ZLFoDmCnQq3BPb4EdXu
uxfopBX6l/ogy2H40p5V76Qqe2KHKY4osKDyrz4o9NrNE3FDn7XQenx8Zq+NcMpc
JounW1c81TbH5OQxGviO+Ue9i31HaAe7tAR6Fv2px/WC1jlQB7GSk4YxZwzkNAAq
oUPjldoBmknfPEot02gC3C8jNLk5rzmZI7S/Q0xS6jyYCMeijNzHtj7aDHWV6HwL
B1lpcONWKProstjX9Aao3LOql1OGA0IzYO1Y+VrE+YarOCi5tdQ=
=N1kC
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: [OT] classloader issue with bouncycastle
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Chris,
On 10/26/17 3:58 PM, Chris Cheshire wrote:
> On Thu, Oct 26, 2017 at 9:42 AM, Christopher Schultz
> <ch...@christopherschultz.net> wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
>>
>> Chris,
>>
>> Just curious... why are you using BC and not the JVM-provided
>> crypto provider? What JVM are you using?
>>
>
> When I first starting looking for examples on doing PGP encryption
> in Java, all I found were (albeit obsolete) guides to doing it with
> BC.
Say no more: AFAIK, PGP is not supported directly by any JVM, so use
of BC is pretty much required (unless you want to use one of those
wrapper-libraries that just spawns separate processes to call the
command-line tools).
> JVM is OpenJDK 1.8. I first started fiddling with this using 1.6.
Let us know if you find anything more convenient than using BC.
Everything we do with PGP is done through non-Java tools, and I'd like
to be able to use Java if possible.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAln3NwcACgkQHPApP6U8
pFgsnQ//dsWktkaQXxVlRqyK0U36MAXz2Kca2BnB3Lk85oMCZh/7zquFadd8adLV
iNXtuaKFWQBbK+9LDaG/crHbCzuHs9jliK51r09u6LVG3m13FRcN8WsU3aOunaSh
Xl3L9kxL9eUfWMgd11eClT7/LziQSuVafsFze4lfN/60ka1K9GQtKX3ClKfd5pgN
wTm0qL5OHvkojw4fLshI74hh7MrYWbEAVSIh8o+NKEBkshlDOI3v3x72thIfeIWS
2aZb9y/nnAYYqMXsldz/aUMEapQV7ZY/4v+bZzOj1pbLk+HR7/ajnGY20dCB8W7M
NqjA4pzHYMfYNTdEONEmPf6Nb84PTEK34YjzihBBj0AOYdA29hklrdTMftaPN97o
uSNDJTzfy2vLbG7f81SKSGUXBg8nad+PG6xTG2b1nvXhuwkDe7gT0rpDxxGM9v2R
AVBr2VIbSRbvraUrYJpYcsuYevNEXttwu79R/KKcUEC2xM+21ST07V+GToaCMKCS
2IcFOu04g+dQny/X+GYlh7F32g69eriKqROdIDpIDvNoXwfcecg7GbiQjqBvnqyg
DGe9sHWAjERdNcdiMeOT+xbhbjEnouljw+SoicWftXkIWGZE5ZgAWXJAtGKUywfV
et/dLvbg6u4vT4SxzhZ56nd9yf5WN3GH1fbBe/yaRWTbNOgEd5w=
=dJEu
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: [OT] classloader issue with bouncycastle
Posted by Chris Cheshire <ya...@gmail.com>.
On Thu, Oct 26, 2017 at 9:42 AM, Christopher Schultz
<ch...@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Chris,
>
> Just curious... why are you using BC and not the JVM-provided crypto
> provider? What JVM are you using?
>
When I first starting looking for examples on doing PGP encryption in
Java, all I found
were (albeit obsolete) guides to doing it with BC.
JVM is OpenJDK 1.8. I first started fiddling with this using 1.6.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org