Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

BouncyCastle 1.51 loading in war on Wildfly 8.0

Background

I am trying to use bouncy castle library to decrypt private keys in my war. Now I tested the code first in a standalone app and it worked fine. Now when I am testing it as a webapp in Wildfly8.0 am facing some issues with Bouncy castle.

The Wildfly 8.0 am using has bouncy castle provider module installed. The BC version being used in v1.46.

The code that I have developed uses v1.51. I have followed the steps mentioned here:

  • https://developer.jboss.org/thread/175395
  • bouncycastle + JBoss AS7: JCE cannot authenticate the provider BC - Specifically followed instructions provided in For a specific deployment (preferred)

Already tried

  • Installing the JCE policy files.
  • Adding to the provider list.

Problem

The error I am getting is :

unable to read encrypted data: JCE cannot authenticate the provider BC 

And the code which triggers the above error, in as follows :

PKCS8EncryptedPrivateKeyInfo kp = (PKCS8EncryptedPrivateKeyInfo) keyPair;  
InputDecryptorProvider pkcs8dec = new JceOpenSSLPKCS8DecryptorProviderBuilder()  
      .setProvider(new BouncyCastleProvider())  
      .build("somepass".toCharArray());  
PrivateKeyInfo pko = kp.decryptPrivateKeyInfo(pkcs8dec);<-- ##Error here  

Also to add the details,in my pom.xml I have added the jar with compile scope, so the libs are copied into the war and get installed in WEB-INF/lib.

Any tips to fix the above problem?

like image 365
eminemence Avatar asked Apr 17 '15 13:04

eminemence


1 Answers

I. Combining the idea of Peter (@comment) and https://developer.jboss.org/thread/175395, create "your own bc version" with a custom name:

  1. Create an 'my.bouncycastle' module in the following manner:

    • Under $JBOSS_HOME/modules, create directory 'my/bouncycastle/main'. Directory 'my' might not be there. ;)

    • Copy bcprov-[your-version].jar into my/bouncycastle/main

    • Create file 'bcprov-[your-version].jar.index' in my/bouncycastle/main, which is basically the output of a jar -tf command without the ".class" lines. (pipe&edit...)

      I put a blank line at the top because these .index files always seem to have one. I have attached this file as "bcprov-jdk16-1.46.jar.index".

    • Create a file called "module.xml", also in my/bouncycastle/main, which will point to the jar file and reference module "javax.api" as a dependency.

      I have attached this file as 'module.xml'. The module is complete.

  1. Since I am deploying in an EAR file, I had to add a module dependency entry to my EAR's META-INF/jboss-deployment-structure.xml file, under the section, like so:

(the statement also applies to WAR files, when deployed on top-level, use the custom name as module reference)

    <deployment><dependencies><module name="my.bouncycastle" slot="main" export="true"/>  
  1. Make certain that the ear's /lib directory does NOT contain bcprov-[your-version].jar. (actually II.)

Notes: The 'slot="main" and 'export="true" parameters are very important in the jboss-dependency-structure.xml file...

II. Adjust your maven dependency(ies) to:

<scope>provided</scope>

Note: Don't change the maven dependecy(ies group artifacts) to "my.bouncycastle", only the scope, this will ensure you a nice compile-time-behavior by the most IDE's AND will prevent your (maven-)war/jar/ear-plugin from packaging it into libs! (And which would be anyway the correct scope for a dependency like this.)

like image 150
xerx593 Avatar answered Oct 17 '22 22:10

xerx593