Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-21195

"bcprov-jdk15on-1.67.0.redhat-00001.jar is not signed by a trusted signer" exception on IBM JDK

    XMLWordPrintable

Details

    • False
    • False
    • Undefined

    Description

      "bcprov-jdk15on-1.67.0.redhat-00001.jar is not signed by a trusted signer" exception on IBM JDK

      Steps to reproduce:

      • Use IBM JDK 8
        java version "1.8.0_281"
        Java(TM) SE Runtime Environment (build 8.0.6.25 - pxa6480sr6fp25-20210115_01(SR6 FP25))
        IBM J9 VM (build 2.9, JRE 1.8.0 Linux amd64-64-Bit Compressed References 20201218_462060 (JIT enabled, AOT enabled)
        OpenJ9   - 4c03b71
        OMR      - 86a8e1a
        IBM      - 8c30c56)
        JCL - 20210108_01 based on Oracle jdk8u281-b09
        
      • Create a deployment
      • Use private org.bouncycastle jboss module by adding jboss-deployment-structure.xml
        <?xml version="1.0" encoding="UTF-8"?>
        <jboss-deployment-structure>
            <deployment>
                <dependencies>
                    <module name="org.bouncycastle" services="import"/>
                </dependencies>
            </deployment>
        </jboss-deployment-structure>
        
      • Create this rest endpoint:
            @GET
            @Path("test")
            public String test() throws Exception {
                OutputEncryptor encryptor = new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC)
                        .setProvider("BC")
                        .build();
                return encryptor.toString();
            }
        
      • Use this provided dependency
                <dependency>
                    <groupId>org.bouncycastle</groupId>
                    <artifactId>bcpkix-jdk15on</artifactId>
                    <version>1.66</version>
                    <scope>provided</scope>
                </dependency>
        
      • make HTTP call to previous end-point
        • OracleJDK: 200 OK
        • WF with IBM JDK 8: 200 OK
        • EAP 7.4.beta with IBM JDK8:
          15:27:35,436 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /custom-application/test/test: org.jboss.resteasy.spi.UnhandledException: org.bouncycastle.cms.CMSException: cannot create key generator: JCE cannot authenticate the provider BC
          	at org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:82)
          	at org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:346)
          	at org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:193)
          	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:457)
          	at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:229)
          	at org.jboss.resteasy.core.SynchronousDispatcher$$Lambda$1092/0x000000007e979c80.run(Unknown Source)
          	at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:135)
          	at org.jboss.resteasy.core.SynchronousDispatcher$$Lambda$1093/0x0000000083d27b20.get(Unknown Source)
          	at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358)
          	at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:138)
          	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:215)
          	at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:245)
          	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:61)
          	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
          	at javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
          	at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
          	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
          	at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
          	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
          	at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
          	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
          	at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
          	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117)
          	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
          	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
          	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
          	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
          	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
          	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
          	at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
          	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
          	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
          	at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
          	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
          	at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
          	at io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52)
          	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
          	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269)
          	at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78)
          	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133)
          	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130)
          	at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
          	at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
          	at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
          	at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction$$Lambda$1072/0x0000000083493480.call(Unknown Source)
          	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
          	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$1073/0x000000008392cce0.call(Unknown Source)
          	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
          	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$1073/0x000000008392cce0.call(Unknown Source)
          	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
          	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$1073/0x000000008392cce0.call(Unknown Source)
          	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
          	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$1073/0x000000008392cce0.call(Unknown Source)
          	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)
          	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78)
          	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99)
          	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:387)
          	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:841)
          	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
          	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
          	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
          	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1348)
          	at org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1280)
          	at java.lang.Thread.run(Thread.java:822)
          Caused by: org.bouncycastle.cms.CMSException: cannot create key generator: JCE cannot authenticate the provider BC
          	at org.bouncycastle.cms.jcajce.EnvelopedDataHelper.createKeyGenerator(EnvelopedDataHelper.java:516)
          	at org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder$CMSOutputEncryptor.<init>(JceCMSContentEncryptorBuilder.java:181)
          	at org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder.build(JceCMSContentEncryptorBuilder.java:168)
          	at org.jboss.test.TestResource.test(TestResource.java:18)
          	at org.jboss.test.TestResource$Proxy$_$$_WeldClientProxy.test(Unknown Source)
          	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:90)
          	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
          	at java.lang.reflect.Method.invoke(Method.java:508)
          	at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:138)
          	at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:546)
          	at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:435)
          	at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:396)
          	at org.jboss.resteasy.core.ResourceMethodInvoker$$Lambda$1094/0x0000000083f516a0.get(Unknown Source)
          	at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358)
          	at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:398)
          	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:365)
          	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:338)
          	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:440)
          	... 60 more
          Caused by: java.security.NoSuchProviderException: JCE cannot authenticate the provider BC
          	at javax.crypto.b.a(Unknown Source)
          	at javax.crypto.KeyGenerator.getInstance(Unknown Source)
          	at org.bouncycastle.jcajce.util.NamedJcaJceHelper.createKeyGenerator(NamedJcaJceHelper.java:77)
          	at org.bouncycastle.cms.jcajce.EnvelopedDataHelper.createKeyGenerator(EnvelopedDataHelper.java:505)
          	... 78 more
          Caused by: java.util.jar.JarException: jar:file:/home/mkopecky/playground/eap/new/7.4.0.beta/jboss-eap-7.4/modules/system/layers/base/org/bouncycastle/bcprov/main/bcprov-jdk15on-1.67.0.redhat-00001.jar!/ is not signed by a trusted signer.
          	at javax.crypto.a.a(Unknown Source)
          	at javax.crypto.a.a(Unknown Source)
          	at javax.crypto.a.a(Unknown Source)
          	at javax.crypto.b.b(Unknown Source)
          	at javax.crypto.b.a(Unknown Source)
          	... 82 more
          

      Attachments

        Issue Links

          Activity

            People

              dkreling Daniel Kreling
              mkopecky@redhat.com Marek Kopecky
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: