You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mina.apache.org by Josh Clum <jo...@gmail.com> on 2014/04/09 21:06:41 UTC

Bouncy Castle

Hi,

When trying to use the default SSHServer (sshd =
SshServer.setUpDefaultServer();) I ran into an issue where the default
Ciphers weren't loading correctly. I get this exception:


Exception in thread "main" java.lang.SecurityException: JCE cannot
authenticate the provider BC
at javax.crypto.Cipher.getInstance(DashoA13*..)
at javax.crypto.Cipher.getInstance(DashoA13*..)
at org.apache.hadoop.gateway.ssh.Test.main(Test.java:15)
Caused by: java.util.jar.JarException: Cannot parse
file:/Users/clumjo/.m2/repository/org/apache/directory/server/apacheds-all/2.0.0-M15/apacheds-all-2....<file:///Users/clumjo/.m2/repository/org/apache/directory/server/apacheds-all/2.0.0-M15/apacheds-all-2.0.0-M15.jar>
at javax.crypto.SunJCE_c.a(DashoA13*..)
at javax.crypto.SunJCE_b.b(DashoA13*..)
at javax.crypto.SunJCE_b.a(DashoA13*..)
... 3 more


It looks like it's having trouble with the signatures when trying to load
the bouncy castle jars from apacheds-all.

My temporary workaround was to disable bouncy castle right before setting
up the default server (SecurityUtils.setRegisterBouncyCastle(false);). Is
there any way I could make this work without disabling bouncy castle?

Thanks,
Josh

Re: Bouncy Castle

Posted by Guillaume Nodet <gn...@apache.org>.

Without modifying apacheds jar, if you make sure the BC jar comes first in
the class loader, it should work.


2014-04-10 15:39 GMT+02:00 Josh Clum <jo...@gmail.com>:

> So do you mean simply adding bouncy castle as a dependency and excluding it
> from apacheds and anything else that might be pulling it in?
>
>
> On Wed, Apr 9, 2014 at 3:32 PM, Guillaume Nodet <gn...@apache.org> wrote:
>
> > You can't use that jar.  A signed jar can't be repackaged, as the
> > signatures would be invalidated in the process.
> > You need to use a separate jar for bouncycastle.
> >
> >
> > 2014-04-09 21:06 GMT+02:00 Josh Clum <jo...@gmail.com>:
> >
> > > Hi,
> > >
> > > When trying to use the default SSHServer (sshd =
> > > SshServer.setUpDefaultServer();) I ran into an issue where the default
> > > Ciphers weren't loading correctly. I get this exception:
> > >
> > >
> > > Exception in thread "main" java.lang.SecurityException: JCE cannot
> > > authenticate the provider BC
> > > at javax.crypto.Cipher.getInstance(DashoA13*..)
> > > at javax.crypto.Cipher.getInstance(DashoA13*..)
> > > at org.apache.hadoop.gateway.ssh.Test.main(Test.java:15)
> > > Caused by: java.util.jar.JarException: Cannot parse
> > >
> > >
> >
> file:/Users/clumjo/.m2/repository/org/apache/directory/server/apacheds-all/2.0.0-M15/apacheds-all-2....<file:///Users/clumjo/.m2/repository/org/apache/directory/server/apacheds-all/2.0.0-M15/apacheds-all-2.0.0-M15.jar>
> > > at javax.crypto.SunJCE_c.a(DashoA13*..)
> > > at javax.crypto.SunJCE_b.b(DashoA13*..)
> > > at javax.crypto.SunJCE_b.a(DashoA13*..)
> > > ... 3 more
> > >
> > >
> > > It looks like it's having trouble with the signatures when trying to
> load
> > > the bouncy castle jars from apacheds-all.
> > >
> > > My temporary workaround was to disable bouncy castle right before
> setting
> > > up the default server (SecurityUtils.setRegisterBouncyCastle(false);).
> Is
> > > there any way I could make this work without disabling bouncy castle?
> > >
> > > Thanks,
> > > Josh
> > >
> >
>

Re: Bouncy Castle

Posted by Josh Clum <jo...@gmail.com>.

So do you mean simply adding bouncy castle as a dependency and excluding it
from apacheds and anything else that might be pulling it in?


On Wed, Apr 9, 2014 at 3:32 PM, Guillaume Nodet <gn...@apache.org> wrote:

> You can't use that jar.  A signed jar can't be repackaged, as the
> signatures would be invalidated in the process.
> You need to use a separate jar for bouncycastle.
>
>
> 2014-04-09 21:06 GMT+02:00 Josh Clum <jo...@gmail.com>:
>
> > Hi,
> >
> > When trying to use the default SSHServer (sshd =
> > SshServer.setUpDefaultServer();) I ran into an issue where the default
> > Ciphers weren't loading correctly. I get this exception:
> >
> >
> > Exception in thread "main" java.lang.SecurityException: JCE cannot
> > authenticate the provider BC
> > at javax.crypto.Cipher.getInstance(DashoA13*..)
> > at javax.crypto.Cipher.getInstance(DashoA13*..)
> > at org.apache.hadoop.gateway.ssh.Test.main(Test.java:15)
> > Caused by: java.util.jar.JarException: Cannot parse
> >
> >
> file:/Users/clumjo/.m2/repository/org/apache/directory/server/apacheds-all/2.0.0-M15/apacheds-all-2....<file:///Users/clumjo/.m2/repository/org/apache/directory/server/apacheds-all/2.0.0-M15/apacheds-all-2.0.0-M15.jar>
> > at javax.crypto.SunJCE_c.a(DashoA13*..)
> > at javax.crypto.SunJCE_b.b(DashoA13*..)
> > at javax.crypto.SunJCE_b.a(DashoA13*..)
> > ... 3 more
> >
> >
> > It looks like it's having trouble with the signatures when trying to load
> > the bouncy castle jars from apacheds-all.
> >
> > My temporary workaround was to disable bouncy castle right before setting
> > up the default server (SecurityUtils.setRegisterBouncyCastle(false);). Is
> > there any way I could make this work without disabling bouncy castle?
> >
> > Thanks,
> > Josh
> >
>

Re: Bouncy Castle

Posted by Guillaume Nodet <gn...@apache.org>.

You can't use that jar.  A signed jar can't be repackaged, as the
signatures would be invalidated in the process.
You need to use a separate jar for bouncycastle.


2014-04-09 21:06 GMT+02:00 Josh Clum <jo...@gmail.com>:

> Hi,
>
> When trying to use the default SSHServer (sshd =
> SshServer.setUpDefaultServer();) I ran into an issue where the default
> Ciphers weren't loading correctly. I get this exception:
>
>
> Exception in thread "main" java.lang.SecurityException: JCE cannot
> authenticate the provider BC
> at javax.crypto.Cipher.getInstance(DashoA13*..)
> at javax.crypto.Cipher.getInstance(DashoA13*..)
> at org.apache.hadoop.gateway.ssh.Test.main(Test.java:15)
> Caused by: java.util.jar.JarException: Cannot parse
>
> file:/Users/clumjo/.m2/repository/org/apache/directory/server/apacheds-all/2.0.0-M15/apacheds-all-2....<file:///Users/clumjo/.m2/repository/org/apache/directory/server/apacheds-all/2.0.0-M15/apacheds-all-2.0.0-M15.jar>
> at javax.crypto.SunJCE_c.a(DashoA13*..)
> at javax.crypto.SunJCE_b.b(DashoA13*..)
> at javax.crypto.SunJCE_b.a(DashoA13*..)
> ... 3 more
>
>
> It looks like it's having trouble with the signatures when trying to load
> the bouncy castle jars from apacheds-all.
>
> My temporary workaround was to disable bouncy castle right before setting
> up the default server (SecurityUtils.setRegisterBouncyCastle(false);). Is
> there any way I could make this work without disabling bouncy castle?
>
> Thanks,
> Josh
>