Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

OpenSSL::Cipher::CipherError with Rails4 on JRuby

Tags:

openssl

heroku

ruby-on-rails-4

jruby

Rails4 uses an encrypted cookie session store by default. When the app tries to encrypt a cookie the following error is raised: OpenSSL::Cipher::CipherError: Illegal key size: possibly you need to install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for your JRE (stacktrace: https://gist.github.com/8ba56b18060ae30e4d44).

As mentioned here this can be worked around by downgrading cryptography or installing JCE - the first being something I don't really want to do and the latter being impossible (afaik) on heroku.

like image 579
Alex Lang Avatar asked Jan 27 '13 21:01

Alex Lang

2 Answers

Not sure if it will work on Heroku, but this resolves the issue on my local Jruby.

Create config/initializers/unlimited_strength_cryptography.rb:

if RUBY_PLATFORM == 'java' # Allows the application to work with other Rubies if not JRuby
  require 'java'
  java_import 'java.lang.ClassNotFoundException'

  begin
    security_class = java.lang.Class.for_name('javax.crypto.JceSecurity')
    restricted_field = security_class.get_declared_field('isRestricted')
    restricted_field.accessible = true
    restricted_field.set nil, false
  rescue ClassNotFoundException => e
    # Handle Mac Java, etc not having this configuration setting
    $stderr.print "Java told me: #{e}n"
  end
end
like image 143
Leo Avatar answered Nov 15 '22 10:11

Leo

The Heroku Dev Center now has this article: "Customizing the JDK".

There are some cases where files need to be bundled with the JDK in order to expose functionality in the runtime JVM. For example, the inclusion of unlimited strength Java Cryptography Extensions (JCE) is often added to a JDK in order to utilize stronger cryptographic libraries. To handle such cases, Heroku will copy files designated by the app in a .jdk-overlay folder into the JDK’s directory structure.

Here's how to add JCE files to your app:

  1. In your application’s root directory, create a .jdk-overlay folder

  2. Copy the JCE local_policy.jar and US_export_policy.jar into .jdk-overlay/jre/lib/security/

  3. Commit the files

    $ git add .jdk-overlay
    $ git commit -m "Custom JCE files"

  4. Deploy to Heroku

    $ git push heroku master

like image 3
culix Avatar answered Nov 15 '22 11:11

culix
Sign in to Comment

Related questions

Is it possible to implement MonadFix for `Free`?
Font Awesome Icons are not working in some browsers
How to use Pillow with Django
How do I use the node.js request module to make an SSL call with my own certificate?
MediaPlayer setDataSource failed with status=0x80000000 for Ringtone set by filepath on 2.3.4
Login failed for user 'IIS APPPOOL\myAppPool
Dart: handle incoming HTTP requests in parallel
How to install CLang using precompiled binaries?
What is the difference between =label (equals sign) and [label] (brackets) in ARMv6 assembly?
Should I use the Underscore-compatible build of Lo-Dash when using it with BackboneJS?
Precedence of multiple classes defining color property being set by declaration order rather than specification order
Image took from gallery is displayed in different orientation while using phonegap in android

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!