Details
-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
9.0.0.Beta2
-
None
-
Hide
1. Install WildFly (22-apr-2015 snapshot) out-of-the-box
2. use the CLI to deploy the attached war file (inside the maven project)
3. access: /bouncycastle-2015-01-30/bcNote that BC is not setup in the JDK, but is initialised in the deployment itself:
row = Security.addProvider(new BouncyCastleProvider());The code that fails:
Cipher cipher = Cipher.getInstance("AES", "BC");14:49:13,582 ERROR [stderr] (default task-1) java.lang.SecurityException: JCE cannot authenticate the provider BC 14:49:13,583 ERROR [stderr] (default task-1) at javax.crypto.Cipher.getInstance(Cipher.java:647) 14:49:13,583 ERROR [stderr] (default task-1) at javax.crypto.Cipher.getInstance(Cipher.java:585) 14:49:13,583 ERROR [stderr] (default task-1) at com.redhat.gss.tfonteyn.bouncycastle.bc.processRequest(bc.java:60) 14:49:13,583 ERROR [stderr] (default task-1) at com.redhat.gss.tfonteyn.bouncycastle.bc.doGet(bc.java:87) 14:49:13,584 ERROR [stderr] (default task-1) at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) 14:49:13,584 ERROR [stderr] (default task-1) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) 14:49:13,584 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:86) 14:49:13,584 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) 14:49:13,584 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) 14:49:13,585 ERROR [stderr] (default task-1) at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) 14:49:13,585 ERROR [stderr] (default task-1) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 14:49:13,585 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) 14:49:13,585 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) 14:49:13,585 ERROR [stderr] (default task-1) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 14:49:13,586 ERROR [stderr] (default task-1) at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) 14:49:13,586 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) 14:49:13,586 ERROR [stderr] (default task-1) at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) 14:49:13,586 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) 14:49:13,587 ERROR [stderr] (default task-1) at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) 14:49:13,587 ERROR [stderr] (default task-1) at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) 14:49:13,587 ERROR [stderr] (default task-1) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 14:49:13,587 ERROR [stderr] (default task-1) at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) 14:49:13,587 ERROR [stderr] (default task-1) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 14:49:13,588 ERROR [stderr] (default task-1) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 14:49:13,588 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:278) 14:49:13,588 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:255) 14:49:13,588 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:80) 14:49:13,588 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174) 14:49:13,589 ERROR [stderr] (default task-1) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:199) 14:49:13,589 ERROR [stderr] (default task-1) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:774) 14:49:13,589 ERROR [stderr] (default task-1) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) 14:49:13,589 ERROR [stderr] (default task-1) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) 14:49:13,590 ERROR [stderr] (default task-1) at java.lang.Thread.run(Thread.java:745) 14:49:13,590 ERROR [stderr] (default task-1) Caused by: java.lang.SecurityException: Cannot verify jar:vfs:/content/bouncycastle-2015-01-30.war/WEB-INF/lib/bcprov-jdk15on-1.51.jar!/ 14:49:13,590 ERROR [stderr] (default task-1) at javax.crypto.JarVerifier.verifySingleJar(JarVerifier.java:406) 14:49:13,590 ERROR [stderr] (default task-1) at javax.crypto.JarVerifier.verifyJars(JarVerifier.java:322) 14:49:13,590 ERROR [stderr] (default task-1) at javax.crypto.JarVerifier.verify(JarVerifier.java:250) 14:49:13,591 ERROR [stderr] (default task-1) at javax.crypto.JceSecurity.verifyProviderJar(JceSecurity.java:161) 14:49:13,591 ERROR [stderr] (default task-1) at javax.crypto.JceSecurity.getVerificationResult(JceSecurity.java:187) 14:49:13,591 ERROR [stderr] (default task-1) at javax.crypto.Cipher.getInstance(Cipher.java:643) 14:49:13,591 ERROR [stderr] (default task-1) ... 32 more 14:49:13,591 ERROR [stderr] (default task-1) Caused by: java.security.PrivilegedActionException: java.util.zip.ZipException: zip file is empty 14:49:13,592 ERROR [stderr] (default task-1) at java.security.AccessController.doPrivileged(Native Method) 14:49:13,592 ERROR [stderr] (default task-1) at javax.crypto.JarVerifier.verifySingleJar(JarVerifier.java:384) 14:49:13,592 ERROR [stderr] (default task-1) ... 37 more 14:49:13,592 ERROR [stderr] (default task-1) Caused by: java.util.zip.ZipException: zip file is empty 14:49:13,592 ERROR [stderr] (default task-1) at java.util.zip.ZipFile.open(Native Method) 14:49:13,593 ERROR [stderr] (default task-1) at java.util.zip.ZipFile.<init>(ZipFile.java:215) 14:49:13,593 ERROR [stderr] (default task-1) at java.util.zip.ZipFile.<init>(ZipFile.java:145) 14:49:13,593 ERROR [stderr] (default task-1) at java.util.jar.JarFile.<init>(JarFile.java:154) 14:49:13,593 ERROR [stderr] (default task-1) at sun.net.www.protocol.jar.URLJarFile.<init>(URLJarFile.java:88) 14:49:13,593 ERROR [stderr] (default task-1) at sun.net.www.protocol.jar.URLJarFile$1.run(URLJarFile.java:221) 14:49:13,593 ERROR [stderr] (default task-1) at sun.net.www.protocol.jar.URLJarFile$1.run(URLJarFile.java:216) 14:49:13,594 ERROR [stderr] (default task-1) at java.security.AccessController.doPrivileged(Native Method) 14:49:13,594 ERROR [stderr] (default task-1) at sun.net.www.protocol.jar.URLJarFile.retrieve(URLJarFile.java:215) 14:49:13,594 ERROR [stderr] (default task-1) at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:71) 14:49:13,594 ERROR [stderr] (default task-1) at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:99) 14:49:13,594 ERROR [stderr] (default task-1) at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122) 14:49:13,594 ERROR [stderr] (default task-1) at sun.net.www.protocol.jar.JarURLConnection.getJarFile(JarURLConnection.java:89) 14:49:13,595 ERROR [stderr] (default task-1) at javax.crypto.JarVerifier$2.run(JarVerifier.java:399) 14:49:13,595 ERROR [stderr] (default task-1) ... 39 more 14:49:13,595 ERROR [stderr] (default task-1) Suppressed: java.nio.file.NoSuchFileException: /tmp/jar_cache5134542653689112775.tmp 14:49:13,595 ERROR [stderr] (default task-1) at sun.nio.fs.UnixException.translateToIOException(UnixException.java:86) 14:49:13,595 ERROR [stderr] (default task-1) at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102) 14:49:13,596 ERROR [stderr] (default task-1) at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107) 14:49:13,596 ERROR [stderr] (default task-1) at sun.nio.fs.UnixFileSystemProvider.implDelete(UnixFileSystemProvider.java:244) 14:49:13,596 ERROR [stderr] (default task-1) at sun.nio.fs.AbstractFileSystemProvider.delete(AbstractFileSystemProvider.java:103) 14:49:13,596 ERROR [stderr] (default task-1) at java.nio.file.Files.delete(Files.java:1079) 14:49:13,596 ERROR [stderr] (default task-1) at sun.net.www.protocol.jar.URLJarFile$1.run(URLJarFile.java:226) 14:49:13,596 ERROR [stderr] (default task-1) ... 47 more
Show1. Install WildFly (22-apr-2015 snapshot) out-of-the-box 2. use the CLI to deploy the attached war file (inside the maven project) 3. access: /bouncycastle-2015-01-30/bc Note that BC is not setup in the JDK, but is initialised in the deployment itself: row = Security.addProvider(new BouncyCastleProvider()); The code that fails: Cipher cipher = Cipher.getInstance("AES", "BC"); 14:49:13,582 ERROR [stderr] (default task-1) java.lang.SecurityException: JCE cannot authenticate the provider BC 14:49:13,583 ERROR [stderr] (default task-1) at javax.crypto.Cipher.getInstance(Cipher.java:647) 14:49:13,583 ERROR [stderr] (default task-1) at javax.crypto.Cipher.getInstance(Cipher.java:585) 14:49:13,583 ERROR [stderr] (default task-1) at com.redhat.gss.tfonteyn.bouncycastle.bc.processRequest(bc.java:60) 14:49:13,583 ERROR [stderr] (default task-1) at com.redhat.gss.tfonteyn.bouncycastle.bc.doGet(bc.java:87) 14:49:13,584 ERROR [stderr] (default task-1) at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) 14:49:13,584 ERROR [stderr] (default task-1) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) 14:49:13,584 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:86) 14:49:13,584 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) 14:49:13,584 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) 14:49:13,585 ERROR [stderr] (default task-1) at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) 14:49:13,585 ERROR [stderr] (default task-1) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 14:49:13,585 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) 14:49:13,585 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) 14:49:13,585 ERROR [stderr] (default task-1) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 14:49:13,586 ERROR [stderr] (default task-1) at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) 14:49:13,586 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) 14:49:13,586 ERROR [stderr] (default task-1) at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) 14:49:13,586 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) 14:49:13,587 ERROR [stderr] (default task-1) at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) 14:49:13,587 ERROR [stderr] (default task-1) at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) 14:49:13,587 ERROR [stderr] (default task-1) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 14:49:13,587 ERROR [stderr] (default task-1) at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) 14:49:13,587 ERROR [stderr] (default task-1) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 14:49:13,588 ERROR [stderr] (default task-1) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 14:49:13,588 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:278) 14:49:13,588 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:255) 14:49:13,588 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:80) 14:49:13,588 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174) 14:49:13,589 ERROR [stderr] (default task-1) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:199) 14:49:13,589 ERROR [stderr] (default task-1) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:774) 14:49:13,589 ERROR [stderr] (default task-1) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) 14:49:13,589 ERROR [stderr] (default task-1) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) 14:49:13,590 ERROR [stderr] (default task-1) at java.lang.Thread.run(Thread.java:745) 14:49:13,590 ERROR [stderr] (default task-1) Caused by: java.lang.SecurityException: Cannot verify jar:vfs:/content/bouncycastle-2015-01-30.war/WEB-INF/lib/bcprov-jdk15on-1.51.jar!/ 14:49:13,590 ERROR [stderr] (default task-1) at javax.crypto.JarVerifier.verifySingleJar(JarVerifier.java:406) 14:49:13,590 ERROR [stderr] (default task-1) at javax.crypto.JarVerifier.verifyJars(JarVerifier.java:322) 14:49:13,590 ERROR [stderr] (default task-1) at javax.crypto.JarVerifier.verify(JarVerifier.java:250) 14:49:13,591 ERROR [stderr] (default task-1) at javax.crypto.JceSecurity.verifyProviderJar(JceSecurity.java:161) 14:49:13,591 ERROR [stderr] (default task-1) at javax.crypto.JceSecurity.getVerificationResult(JceSecurity.java:187) 14:49:13,591 ERROR [stderr] (default task-1) at javax.crypto.Cipher.getInstance(Cipher.java:643) 14:49:13,591 ERROR [stderr] (default task-1) ... 32 more 14:49:13,591 ERROR [stderr] (default task-1) Caused by: java.security.PrivilegedActionException: java.util.zip.ZipException: zip file is empty 14:49:13,592 ERROR [stderr] (default task-1) at java.security.AccessController.doPrivileged(Native Method) 14:49:13,592 ERROR [stderr] (default task-1) at javax.crypto.JarVerifier.verifySingleJar(JarVerifier.java:384) 14:49:13,592 ERROR [stderr] (default task-1) ... 37 more 14:49:13,592 ERROR [stderr] (default task-1) Caused by: java.util.zip.ZipException: zip file is empty 14:49:13,592 ERROR [stderr] (default task-1) at java.util.zip.ZipFile.open(Native Method) 14:49:13,593 ERROR [stderr] (default task-1) at java.util.zip.ZipFile.<init>(ZipFile.java:215) 14:49:13,593 ERROR [stderr] (default task-1) at java.util.zip.ZipFile.<init>(ZipFile.java:145) 14:49:13,593 ERROR [stderr] (default task-1) at java.util.jar.JarFile.<init>(JarFile.java:154) 14:49:13,593 ERROR [stderr] (default task-1) at sun.net.www.protocol.jar.URLJarFile.<init>(URLJarFile.java:88) 14:49:13,593 ERROR [stderr] (default task-1) at sun.net.www.protocol.jar.URLJarFile$1.run(URLJarFile.java:221) 14:49:13,593 ERROR [stderr] (default task-1) at sun.net.www.protocol.jar.URLJarFile$1.run(URLJarFile.java:216) 14:49:13,594 ERROR [stderr] (default task-1) at java.security.AccessController.doPrivileged(Native Method) 14:49:13,594 ERROR [stderr] (default task-1) at sun.net.www.protocol.jar.URLJarFile.retrieve(URLJarFile.java:215) 14:49:13,594 ERROR [stderr] (default task-1) at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:71) 14:49:13,594 ERROR [stderr] (default task-1) at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:99) 14:49:13,594 ERROR [stderr] (default task-1) at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122) 14:49:13,594 ERROR [stderr] (default task-1) at sun.net.www.protocol.jar.JarURLConnection.getJarFile(JarURLConnection.java:89) 14:49:13,595 ERROR [stderr] (default task-1) at javax.crypto.JarVerifier$2.run(JarVerifier.java:399) 14:49:13,595 ERROR [stderr] (default task-1) ... 39 more 14:49:13,595 ERROR [stderr] (default task-1) Suppressed: java.nio.file.NoSuchFileException: /tmp/jar_cache5134542653689112775.tmp 14:49:13,595 ERROR [stderr] (default task-1) at sun.nio.fs.UnixException.translateToIOException(UnixException.java:86) 14:49:13,595 ERROR [stderr] (default task-1) at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102) 14:49:13,596 ERROR [stderr] (default task-1) at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107) 14:49:13,596 ERROR [stderr] (default task-1) at sun.nio.fs.UnixFileSystemProvider.implDelete(UnixFileSystemProvider.java:244) 14:49:13,596 ERROR [stderr] (default task-1) at sun.nio.fs.AbstractFileSystemProvider.delete(AbstractFileSystemProvider.java:103) 14:49:13,596 ERROR [stderr] (default task-1) at java.nio.file.Files.delete(Files.java:1079) 14:49:13,596 ERROR [stderr] (default task-1) at sun.net.www.protocol.jar.URLJarFile$1.run(URLJarFile.java:226) 14:49:13,596 ERROR [stderr] (default task-1) ... 47 more -
Hide
- deploy as a module and use a dependency
- register in the JDK as any other JCE library
or add jboss-deployment-structure.xml
<?xml version="1.0" encoding="UTF-8"?> <jboss-deployment-structure> <deployment> <resources> <resource-root path="WEB-INF/lib/bcprov-jdk15on-1.51.jar" use-physical-code-source="true"/> </resources> </deployment> </jboss-deployment-structure>
Showdeploy as a module and use a dependency register in the JDK as any other JCE library or add jboss-deployment-structure.xml <?xml version= "1.0" encoding= "UTF-8" ?> <jboss-deployment-structure> <deployment> <resources> <resource-root path= "WEB-INF/lib/bcprov-jdk15on-1.51.jar" use-physical-code-source= "true" /> </resources> </deployment> </jboss-deployment-structure>
Description
deploy a war file which contains the bouncycastle (or any other JCE) signed jar file. Initialise and try to use a cipher results in a failure due to VFS not being able to read and verify the file
Attachments
- bouncycastle.zip
- 4.80 MB
Issue Links
- relates to
-
JBEAP-20525 Signed Bouncy Castle JARs in EAP distribution
- Closed