You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Chris Cheshire <ya...@gmail.com> on 2017/10/18 14:56:03 UTC
classloader issue with bouncycastle
Using bouncy castle v1.58, Tomcat 8.5, java 1.8.
I have the unlimited security policy files installed, the BC jars in
my WEB-INF/lib directory and in order to register the BC provider, I
do
static {
Security.addProvider(new BouncyCastleProvider());
}
in a utility class that handles the keyring
setup/encryption/decryption methods for me. This works great until I
update the jar that contains my utility class and reload the webapp.
Then I get an exception thrown from it being unable to locate the BC
provider.
mypackage.crypto.CryptoException:
org.bouncycastle.openpgp.PGPException: exception on setup:
java.security.NoSuchAlgorithmException: class configured for
MessageDigest (provider: BC) cannot be found.
at mypackage.crypto.PGPUtils.decrypt(PGPUtils.java:304) ~[mypackage.jar:na]
at mypackage.web.action.user.priv.settings.View.view(View.java:139)
~[classes/:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[na:1.8.0_141]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
~[na:1.8.0_141]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[na:1.8.0_141]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_141]
at net.sourceforge.stripes.controller.DispatcherHelper$6.intercept(DispatcherHelper.java:456)
[stripes-1.6.0.jar:1.6.0]
at net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:176)
[stripes-1.6.0.jar:1.6.0]
at mypackage.web.interceptors.AuthenticateInterceptor.intercept(AuthenticateInterceptor.java:41)
[classes/:na]
at net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:173)
[stripes-1.6.0.jar:1.6.0]
at net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113)
[stripes-1.6.0.jar:1.6.0]
at net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:173)
[stripes-1.6.0.jar:1.6.0]
at net.sourceforge.stripes.controller.ExecutionContext.wrap(ExecutionContext.java:86)
[stripes-1.6.0.jar:1.6.0]
at net.sourceforge.stripes.controller.DispatcherHelper.invokeEventHandler(DispatcherHelper.java:454)
[stripes-1.6.0.jar:1.6.0]
at net.sourceforge.stripes.controller.DispatcherServlet.invokeEventHandler(DispatcherServlet.java:278)
[stripes-1.6.0.jar:1.6.0]
at net.sourceforge.stripes.controller.DispatcherServlet.service(DispatcherServlet.java:160)
[stripes-1.6.0.jar:1.6.0]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
[servlet-api.jar:na]
at net.sourceforge.stripes.controller.DynamicMappingFilter$2.doFilter(DynamicMappingFilter.java:464)
[stripes-1.6.0.jar:1.6.0]
at net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:260)
[stripes-1.6.0.jar:1.6.0]
at net.sourceforge.stripes.controller.DynamicMappingFilter.doFilter(DynamicMappingFilter.java:451)
[stripes-1.6.0.jar:1.6.0]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
[catalina.jar:8.5.23]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
[catalina.jar:8.5.23]
at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176)
[urlrewritefilter-4.0.3.jar:4.0.3]
at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145)
[urlrewritefilter-4.0.3.jar:4.0.3]
at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92)
[urlrewritefilter-4.0.3.jar:4.0.3]
at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:394)
[urlrewritefilter-4.0.3.jar:4.0.3]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
[catalina.jar:8.5.23]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
[catalina.jar:8.5.23]
at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:108)
[catalina.jar:8.5.23]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
[catalina.jar:8.5.23]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
[catalina.jar:8.5.23]
at ch.qos.logback.classic.helpers.MDCInsertingServletFilter.doFilter(MDCInsertingServletFilter.java:51)
[logback-classic-1.0.9.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
[catalina.jar:8.5.23]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
[catalina.jar:8.5.23]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
[catalina.jar:8.5.23]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
[catalina.jar:8.5.23]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:595)
[catalina.jar:8.5.23]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
[catalina.jar:8.5.23]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
[catalina.jar:8.5.23]
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650)
[catalina.jar:8.5.23]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
[catalina.jar:8.5.23]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
[catalina.jar:8.5.23]
at org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:486)
[tomcat-coyote.jar:8.5.23]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
[tomcat-coyote.jar:8.5.23]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
[tomcat-coyote.jar:8.5.23]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
[tomcat-coyote.jar:8.5.23]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
[tomcat-coyote.jar:8.5.23]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
[na:1.8.0_141]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
[na:1.8.0_141]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
[tomcat-util.jar:8.5.23]
at java.lang.Thread.run(Thread.java:748) [na:1.8.0_141]
Caused by: org.bouncycastle.openpgp.PGPException: exception on setup:
java.security.NoSuchAlgorithmException: class configured for
MessageDigest (provider: BC) cannot be found.
at org.bouncycastle.openpgp.operator.jcajce.JcaPGPDigestCalculatorProviderBuilder$1.get(Unknown
Source) ~[bcpg-jdk15on-157.jar:1.57.0]
at org.bouncycastle.openpgp.operator.PGPUtil.makeKeyFromPassPhrase(Unknown
Source) ~[bcpg-jdk15on-157.jar:1.57.0]
at org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor.makeKeyFromPassPhrase(Unknown
Source) ~[bcpg-jdk15on-157.jar:1.57.0]
at org.bouncycastle.openpgp.PGPSecretKey.extractKeyData(Unknown
Source) ~[bcpg-jdk15on-157.jar:1.57.0]
at org.bouncycastle.openpgp.PGPSecretKey.extractPrivateKey(Unknown
Source) ~[bcpg-jdk15on-157.jar:1.57.0]
at mypackage.crypto.PGPUtils.extractPrivateKey(PGPUtils.java:347)
~[mypackage.jar:na]
at mypackage.crypto.PGPUtils.decrypt(PGPUtils.java:263) ~[mypackage.jar:na]
... 50 common frames omitted
Caused by: java.security.NoSuchAlgorithmException: class configured
for MessageDigest (provider: BC) cannot be found.
at java.security.Provider$Service.getImplClass(Provider.java:1649)
~[na:1.8.0_141]
at java.security.Provider$Service.newInstance(Provider.java:1592)
~[na:1.8.0_141]
at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
~[na:1.8.0_141]
at sun.security.jca.GetInstance.getInstance(GetInstance.java:206)
~[na:1.8.0_141]
at java.security.Security.getImpl(Security.java:698) ~[na:1.8.0_141]
at java.security.MessageDigest.getInstance(MessageDigest.java:227)
~[na:1.8.0_141]
at org.bouncycastle.jcajce.util.NamedJcaJceHelper.createDigest(Unknown
Source) ~[bcprov-jdk15on-157.jar:1.57.0]
at org.bouncycastle.openpgp.operator.jcajce.OperatorHelper.createDigest(Unknown
Source) ~[bcpg-jdk15on-157.jar:1.57.0]
... 57 common frames omitted
Caused by: java.lang.ClassNotFoundException: Illegal access: this web
application instance has been stopped already. Could not load
[org.bouncycastle.jcajce.provider.digest.SHA256$Digest]. The following
stack trace is thrown for debugging purposes as well as to attempt to
terminate the thread which caused the illegal access.
at org.apache.catalina.loader.WebappClassLoaderBase.checkStateForClassLoading(WebappClassLoaderBase.java:1301)
~[catalina.jar:8.5.23]
at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1158)
~[catalina.jar:8.5.23]
at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1119)
~[catalina.jar:8.5.23]
at java.security.Provider$Service.getImplClass(Provider.java:1636)
~[na:1.8.0_141]
... 64 common frames omitted
Caused by: java.lang.IllegalStateException: Illegal access: this web
application instance has been stopped already. Could not load
[org.bouncycastle.jcajce.provider.digest.SHA256$Digest]. The following
stack trace is thrown for debugging purposes as well as to attempt to
terminate the thread which caused the illegal access.
at org.apache.catalina.loader.WebappClassLoaderBase.checkStateForResourceLoading(WebappClassLoaderBase.java:1311)
~[catalina.jar:8.5.23]
at org.apache.catalina.loader.WebappClassLoaderBase.checkStateForClassLoading(WebappClassLoaderBase.java:1299)
~[catalina.jar:8.5.23]
... 67 common frames omitted
As soon as I restart Tomcat it's ok. If I reload tomcat after changing
anything else but the jar containing my crypto utility class, it is
also OK. It is only when the jar containing
the crypto stuff is updated (not the BC libraries though) that the
classloader loses the BC provider.
If I move the call
Security.addProvider(new BouncyCastleProvider())
into the contextInitialized() method of a ServletContextListener,
everything works on reloading a webapp, no matter what classes or jars
I update.
Can someone explain why the static initializer breaks down here please?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: [OT] classloader issue with bouncycastle
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Chris,
On 10/26/17 3:58 PM, Chris Cheshire wrote:
> On Thu, Oct 26, 2017 at 9:42 AM, Christopher Schultz
> <ch...@christopherschultz.net> wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
>>
>> Chris,
>>
>> Just curious... why are you using BC and not the JVM-provided
>> crypto provider? What JVM are you using?
>>
>
> When I first starting looking for examples on doing PGP encryption
> in Java, all I found were (albeit obsolete) guides to doing it with
> BC.
Say no more: AFAIK, PGP is not supported directly by any JVM, so use
of BC is pretty much required (unless you want to use one of those
wrapper-libraries that just spawns separate processes to call the
command-line tools).
> JVM is OpenJDK 1.8. I first started fiddling with this using 1.6.
Let us know if you find anything more convenient than using BC.
Everything we do with PGP is done through non-Java tools, and I'd like
to be able to use Java if possible.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAln3NwcACgkQHPApP6U8
pFgsnQ//dsWktkaQXxVlRqyK0U36MAXz2Kca2BnB3Lk85oMCZh/7zquFadd8adLV
iNXtuaKFWQBbK+9LDaG/crHbCzuHs9jliK51r09u6LVG3m13FRcN8WsU3aOunaSh
Xl3L9kxL9eUfWMgd11eClT7/LziQSuVafsFze4lfN/60ka1K9GQtKX3ClKfd5pgN
wTm0qL5OHvkojw4fLshI74hh7MrYWbEAVSIh8o+NKEBkshlDOI3v3x72thIfeIWS
2aZb9y/nnAYYqMXsldz/aUMEapQV7ZY/4v+bZzOj1pbLk+HR7/ajnGY20dCB8W7M
NqjA4pzHYMfYNTdEONEmPf6Nb84PTEK34YjzihBBj0AOYdA29hklrdTMftaPN97o
uSNDJTzfy2vLbG7f81SKSGUXBg8nad+PG6xTG2b1nvXhuwkDe7gT0rpDxxGM9v2R
AVBr2VIbSRbvraUrYJpYcsuYevNEXttwu79R/KKcUEC2xM+21ST07V+GToaCMKCS
2IcFOu04g+dQny/X+GYlh7F32g69eriKqROdIDpIDvNoXwfcecg7GbiQjqBvnqyg
DGe9sHWAjERdNcdiMeOT+xbhbjEnouljw+SoicWftXkIWGZE5ZgAWXJAtGKUywfV
et/dLvbg6u4vT4SxzhZ56nd9yf5WN3GH1fbBe/yaRWTbNOgEd5w=
=dJEu
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: [OT] classloader issue with bouncycastle
Posted by Chris Cheshire <ya...@gmail.com>.
On Thu, Oct 26, 2017 at 9:42 AM, Christopher Schultz
<ch...@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Chris,
>
> Just curious... why are you using BC and not the JVM-provided crypto
> provider? What JVM are you using?
>
When I first starting looking for examples on doing PGP encryption in
Java, all I found
were (albeit obsolete) guides to doing it with BC.
JVM is OpenJDK 1.8. I first started fiddling with this using 1.6.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: [OT] classloader issue with bouncycastle
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Chris,
Just curious... why are you using BC and not the JVM-provided crypto
provider? What JVM are you using?
- -chris
On 10/18/17 10:56 AM, Chris Cheshire wrote:
> Using bouncy castle v1.58, Tomcat 8.5, java 1.8.
>
> I have the unlimited security policy files installed, the BC jars
> in my WEB-INF/lib directory and in order to register the BC
> provider, I do
>
> static { Security.addProvider(new BouncyCastleProvider()); }
>
> in a utility class that handles the keyring
> setup/encryption/decryption methods for me. This works great until
> I update the jar that contains my utility class and reload the
> webapp. Then I get an exception thrown from it being unable to
> locate the BC provider.
>
> mypackage.crypto.CryptoException:
> org.bouncycastle.openpgp.PGPException: exception on setup:
> java.security.NoSuchAlgorithmException: class configured for
> MessageDigest (provider: BC) cannot be found. at
> mypackage.crypto.PGPUtils.decrypt(PGPUtils.java:304)
> ~[mypackage.jar:na] at
> mypackage.web.action.user.priv.settings.View.view(View.java:139)
> ~[classes/:na] at
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[na:1.8.0_141] at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
ava:62)
>
>
~[na:1.8.0_141]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
orImpl.java:43)
>
>
~[na:1.8.0_141]
> at java.lang.reflect.Method.invoke(Method.java:498)
> ~[na:1.8.0_141] at
> net.sourceforge.stripes.controller.DispatcherHelper$6.intercept(Dispat
cherHelper.java:456)
>
>
[stripes-1.6.0.jar:1.6.0]
> at
> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionC
ontext.java:176)
>
>
[stripes-1.6.0.jar:1.6.0]
> at
> mypackage.web.interceptors.AuthenticateInterceptor.intercept(Authentic
ateInterceptor.java:41)
>
>
[classes/:na]
> at
> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionC
ontext.java:173)
>
>
[stripes-1.6.0.jar:1.6.0]
> at
> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.interc
ept(BeforeAfterMethodInterceptor.java:113)
>
>
[stripes-1.6.0.jar:1.6.0]
> at
> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionC
ontext.java:173)
>
>
[stripes-1.6.0.jar:1.6.0]
> at
> net.sourceforge.stripes.controller.ExecutionContext.wrap(ExecutionCont
ext.java:86)
>
>
[stripes-1.6.0.jar:1.6.0]
> at
> net.sourceforge.stripes.controller.DispatcherHelper.invokeEventHandler
(DispatcherHelper.java:454)
>
>
[stripes-1.6.0.jar:1.6.0]
> at
> net.sourceforge.stripes.controller.DispatcherServlet.invokeEventHandle
r(DispatcherServlet.java:278)
>
>
[stripes-1.6.0.jar:1.6.0]
> at
> net.sourceforge.stripes.controller.DispatcherServlet.service(Dispatche
rServlet.java:160)
>
>
[stripes-1.6.0.jar:1.6.0]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
> [servlet-api.jar:na] at
> net.sourceforge.stripes.controller.DynamicMappingFilter$2.doFilter(Dyn
amicMappingFilter.java:464)
>
>
[stripes-1.6.0.jar:1.6.0]
> at
> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilte
r.java:260)
>
>
[stripes-1.6.0.jar:1.6.0]
> at
> net.sourceforge.stripes.controller.DynamicMappingFilter.doFilter(Dynam
icMappingFilter.java:451)
>
>
[stripes-1.6.0.jar:1.6.0]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
cationFilterChain.java:193)
>
>
[catalina.jar:8.5.23]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
lterChain.java:166)
>
>
[catalina.jar:8.5.23]
> at
> org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.ja
va:176)
>
>
[urlrewritefilter-4.0.3.jar:4.0.3]
> at
> org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145
)
>
>
[urlrewritefilter-4.0.3.jar:4.0.3]
> at
> org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewrit
er.java:92)
>
>
[urlrewritefilter-4.0.3.jar:4.0.3]
> at
> org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewrite
Filter.java:394)
>
>
[urlrewritefilter-4.0.3.jar:4.0.3]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
cationFilterChain.java:193)
>
>
[catalina.jar:8.5.23]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
lterChain.java:166)
>
>
[catalina.jar:8.5.23]
> at
> org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCha
racterEncodingFilter.java:108)
>
>
[catalina.jar:8.5.23]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
cationFilterChain.java:193)
>
>
[catalina.jar:8.5.23]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
lterChain.java:166)
>
>
[catalina.jar:8.5.23]
> at
> ch.qos.logback.classic.helpers.MDCInsertingServletFilter.doFilter(MDCI
nsertingServletFilter.java:51)
>
>
[logback-classic-1.0.9.jar:na]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
cationFilterChain.java:193)
>
>
[catalina.jar:8.5.23]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
lterChain.java:166)
>
>
[catalina.jar:8.5.23]
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperVa
lve.java:199)
>
>
[catalina.jar:8.5.23]
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextVa
lve.java:96)
>
>
[catalina.jar:8.5.23]
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticat
orBase.java:595)
>
>
[catalina.jar:8.5.23]
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.ja
va:140)
>
>
[catalina.jar:8.5.23]
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.ja
va:81)
>
>
[catalina.jar:8.5.23]
> at
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAcces
sLogValve.java:650)
>
>
[catalina.jar:8.5.23]
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValv
e.java:87)
>
>
[catalina.jar:8.5.23]
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java
:342)
>
>
[catalina.jar:8.5.23]
> at
> org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:486)
> [tomcat-coyote.jar:8.5.23] at
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLigh
t.java:66)
>
>
[tomcat-coyote.jar:8.5.23]
> at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractP
rotocol.java:868)
>
>
[tomcat-coyote.jar:8.5.23]
> at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoi
nt.java:1459)
>
>
[tomcat-coyote.jar:8.5.23]
> at
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase
.java:49)
>
>
[tomcat-coyote.jar:8.5.23]
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.j
ava:1149)
>
>
[na:1.8.0_141]
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.
java:624)
>
>
[na:1.8.0_141]
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThr
ead.java:61)
>
>
[tomcat-util.jar:8.5.23]
> at java.lang.Thread.run(Thread.java:748) [na:1.8.0_141] Caused by:
> org.bouncycastle.openpgp.PGPException: exception on setup:
> java.security.NoSuchAlgorithmException: class configured for
> MessageDigest (provider: BC) cannot be found. at
> org.bouncycastle.openpgp.operator.jcajce.JcaPGPDigestCalculatorProvide
rBuilder$1.get(Unknown
>
>
Source) ~[bcpg-jdk15on-157.jar:1.57.0]
> at
> org.bouncycastle.openpgp.operator.PGPUtil.makeKeyFromPassPhrase(Unknow
n
>
>
Source) ~[bcpg-jdk15on-157.jar:1.57.0]
> at
> org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor.makeKeyFromPas
sPhrase(Unknown
>
>
Source) ~[bcpg-jdk15on-157.jar:1.57.0]
> at org.bouncycastle.openpgp.PGPSecretKey.extractKeyData(Unknown
> Source) ~[bcpg-jdk15on-157.jar:1.57.0] at
> org.bouncycastle.openpgp.PGPSecretKey.extractPrivateKey(Unknown
> Source) ~[bcpg-jdk15on-157.jar:1.57.0] at
> mypackage.crypto.PGPUtils.extractPrivateKey(PGPUtils.java:347)
> ~[mypackage.jar:na] at
> mypackage.crypto.PGPUtils.decrypt(PGPUtils.java:263)
> ~[mypackage.jar:na] ... 50 common frames omitted Caused by:
> java.security.NoSuchAlgorithmException: class configured for
> MessageDigest (provider: BC) cannot be found. at
> java.security.Provider$Service.getImplClass(Provider.java:1649)
> ~[na:1.8.0_141] at
> java.security.Provider$Service.newInstance(Provider.java:1592)
> ~[na:1.8.0_141] at
> sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
> ~[na:1.8.0_141] at
> sun.security.jca.GetInstance.getInstance(GetInstance.java:206)
> ~[na:1.8.0_141] at
> java.security.Security.getImpl(Security.java:698) ~[na:1.8.0_141]
> at java.security.MessageDigest.getInstance(MessageDigest.java:227)
> ~[na:1.8.0_141] at
> org.bouncycastle.jcajce.util.NamedJcaJceHelper.createDigest(Unknown
>
>
Source) ~[bcprov-jdk15on-157.jar:1.57.0]
> at
> org.bouncycastle.openpgp.operator.jcajce.OperatorHelper.createDigest(U
nknown
>
>
Source) ~[bcpg-jdk15on-157.jar:1.57.0]
> ... 57 common frames omitted Caused by:
> java.lang.ClassNotFoundException: Illegal access: this web
> application instance has been stopped already. Could not load
> [org.bouncycastle.jcajce.provider.digest.SHA256$Digest]. The
> following stack trace is thrown for debugging purposes as well as
> to attempt to terminate the thread which caused the illegal
> access. at
> org.apache.catalina.loader.WebappClassLoaderBase.checkStateForClassLoa
ding(WebappClassLoaderBase.java:1301)
>
>
~[catalina.jar:8.5.23]
> at
> org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClass
LoaderBase.java:1158)
>
>
~[catalina.jar:8.5.23]
> at
> org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClass
LoaderBase.java:1119)
>
>
~[catalina.jar:8.5.23]
> at java.security.Provider$Service.getImplClass(Provider.java:1636)
> ~[na:1.8.0_141] ... 64 common frames omitted Caused by:
> java.lang.IllegalStateException: Illegal access: this web
> application instance has been stopped already. Could not load
> [org.bouncycastle.jcajce.provider.digest.SHA256$Digest]. The
> following stack trace is thrown for debugging purposes as well as
> to attempt to terminate the thread which caused the illegal
> access. at
> org.apache.catalina.loader.WebappClassLoaderBase.checkStateForResource
Loading(WebappClassLoaderBase.java:1311)
>
>
~[catalina.jar:8.5.23]
> at
> org.apache.catalina.loader.WebappClassLoaderBase.checkStateForClassLoa
ding(WebappClassLoaderBase.java:1299)
>
>
~[catalina.jar:8.5.23]
> ... 67 common frames omitted
>
> As soon as I restart Tomcat it's ok. If I reload tomcat after
> changing anything else but the jar containing my crypto utility
> class, it is also OK. It is only when the jar containing the crypto
> stuff is updated (not the BC libraries though) that the classloader
> loses the BC provider.
>
> If I move the call
>
> Security.addProvider(new BouncyCastleProvider())
>
> into the contextInitialized() method of a ServletContextListener,
> everything works on reloading a webapp, no matter what classes or
> jars I update.
>
> Can someone explain why the static initializer breaks down here
> please?
>
> ---------------------------------------------------------------------
>
>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlnx5kAACgkQHPApP6U8
pFg+uA/+OhvD2E8g9dKz0Jw4N7n0ySkOmEaMYwklwZT79z4QfZUQ1cbLQnr+2vDX
kLa+oN8wvrbBYIj8HuXCvvJFgBmqrhI2T4OoyiaE95CxOJDDk8iD5W4EX28E/N66
IX9mf5XRIAK96bMTHF6rSZFOO2cqiA64tW1mTlrs13f3toUmZo8Oh6YGBmKAkHmI
rpD1T0MQ4k8MW6gCKqAEygu3u41YvCtzCqn8u4jYNR3vTjDUgv2YXdT1Y5EeBZZs
DFaM75Y/a7QPd6kb6jFuxXFZdIkvFXEoCXmnUzUYnMYg+Zt41B9I14VsuQCYM8Sf
PNI9rJxR83RvgGZWCI25Du6b0cLtuoQnzvlOfWoXZFcF+8grXP6OhKPgrkE2Gfzs
wqXblsfTmTA3juPmY2E2XCE8eHNdYsNgp9J+uHU4qPRj+ZLFoDmCnQq3BPb4EdXu
uxfopBX6l/ogy2H40p5V76Qqe2KHKY4osKDyrz4o9NrNE3FDn7XQenx8Zq+NcMpc
JounW1c81TbH5OQxGviO+Ue9i31HaAe7tAR6Fv2px/WC1jlQB7GSk4YxZwzkNAAq
oUPjldoBmknfPEot02gC3C8jNLk5rzmZI7S/Q0xS6jyYCMeijNzHtj7aDHWV6HwL
B1lpcONWKProstjX9Aao3LOql1OGA0IzYO1Y+VrE+YarOCi5tdQ=
=N1kC
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: classloader issue with bouncycastle
Posted by Chris Cheshire <ya...@gmail.com>.
On Wed, Oct 18, 2017 at 11:31 AM, Konstantin Kolinko
<kn...@gmail.com> wrote:
> 2017-10-18 17:56 GMT+03:00 Chris Cheshire <ya...@gmail.com>:
>> Using bouncy castle v1.58, Tomcat 8.5, java 1.8.
>>
>> I have the unlimited security policy files installed, the BC jars in
>> my WEB-INF/lib directory and in order to register the BC provider, I
>> do
>>
>> static {
>> Security.addProvider(new BouncyCastleProvider());
>> }
>>
>> in a utility class that handles the keyring
>> setup/encryption/decryption methods for me. This works great until I
>> update the jar that contains my utility class and reload the webapp.
>> Then I get an exception thrown from it being unable to locate the BC
>> provider.
>>
>> mypackage.crypto.CryptoException:
>> org.bouncycastle.openpgp.PGPException: exception on setup:
>> java.security.NoSuchAlgorithmException: class configured for
>> MessageDigest (provider: BC) cannot be found.
>> [...]
>> Caused by: java.lang.ClassNotFoundException: Illegal access: this web
>> application instance has been stopped already.
>
>
>> If I move the call
>>
>> Security.addProvider(new BouncyCastleProvider())
>>
>> into the contextInitialized() method of a ServletContextListener,
>> everything works on reloading a webapp, no matter what classes or jars
>> I update.
>>
>> Can someone explain why the static initializer breaks down here please?
>
>
> The "Illegal access: this web application instance has been stopped
> already." exception is the expected behaviour.
>
> Please see "Memory Leaks" presentation (2010) by markt here:
> http://tomcat.apache.org/presentations.html
>
> and
> http://tomcat.apache.org/tomcat-8.5-doc/class-loader-howto.html
>
Ahhh this explains it somewhat. I was wondering why I was seeing
"application already stopped" errors when the application was clearly
still running. This error is actually referring to the classloader
instance before the reload?
>
> (Maybe moving the BC.jar and its dependencies to ${catalina.home}/lib
> is sufficient to fix your issue. A more robust solution is to move the
> initialization code as well to some listener configured in
> server.xml).
>
Assuming you mean web.xml here using a ServletContextListener? This is
what I have changed to already. Should I also be doing a
Security.removeProvider() in the contextDestroyed() method of the
listener?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: classloader issue with bouncycastle
Posted by Konstantin Kolinko <kn...@gmail.com>.
2017-10-18 17:56 GMT+03:00 Chris Cheshire <ya...@gmail.com>:
> Using bouncy castle v1.58, Tomcat 8.5, java 1.8.
>
> I have the unlimited security policy files installed, the BC jars in
> my WEB-INF/lib directory and in order to register the BC provider, I
> do
>
> static {
> Security.addProvider(new BouncyCastleProvider());
> }
>
> in a utility class that handles the keyring
> setup/encryption/decryption methods for me. This works great until I
> update the jar that contains my utility class and reload the webapp.
> Then I get an exception thrown from it being unable to locate the BC
> provider.
>
> mypackage.crypto.CryptoException:
> org.bouncycastle.openpgp.PGPException: exception on setup:
> java.security.NoSuchAlgorithmException: class configured for
> MessageDigest (provider: BC) cannot be found.
> [...]
> Caused by: java.lang.ClassNotFoundException: Illegal access: this web
> application instance has been stopped already.
> If I move the call
>
> Security.addProvider(new BouncyCastleProvider())
>
> into the contextInitialized() method of a ServletContextListener,
> everything works on reloading a webapp, no matter what classes or jars
> I update.
>
> Can someone explain why the static initializer breaks down here please?
The "Illegal access: this web application instance has been stopped
already." exception is the expected behaviour.
Please see "Memory Leaks" presentation (2010) by markt here:
http://tomcat.apache.org/presentations.html
and
http://tomcat.apache.org/tomcat-8.5-doc/class-loader-howto.html
(Maybe moving the BC.jar and its dependencies to ${catalina.home}/lib
is sufficient to fix your issue. A more robust solution is to move the
initialization code as well to some listener configured in
server.xml).
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org