"bcprov-jdk15on-1.67.0.redhat-00001.jar is not signed by a trusted signer" exception on IBM JDK

"bcprov-jdk15on-1.67.0.redhat-00001.jar is not signed by a trusted signer" exception on IBM JDK

Steps to reproduce:

• Use IBM JDK 8

  java version "1.8.0_281"
  Java(TM) SE Runtime Environment (build 8.0.6.25 - pxa6480sr6fp25-20210115_01(SR6 FP25))
  IBM J9 VM (build 2.9, JRE 1.8.0 Linux amd64-64-Bit Compressed References 20201218_462060 (JIT enabled, AOT enabled)
  OpenJ9   - 4c03b71
  OMR      - 86a8e1a
  IBM      - 8c30c56)
  JCL - 20210108_01 based on Oracle jdk8u281-b09
  

• Create a deployment
• Use private org.bouncycastle jboss module by adding jboss-deployment-structure.xml

  <?xml version="1.0" encoding="UTF-8"?>
  <jboss-deployment-structure>
      <deployment>
          <dependencies>
              <module name="org.bouncycastle" services="import"/>
          </dependencies>
      </deployment>
  </jboss-deployment-structure>
  

• Create this rest endpoint:

      @GET
      @Path("test")
      public String test() throws Exception {
          OutputEncryptor encryptor = new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC)
                  .setProvider("BC")
                  .build();
          return encryptor.toString();
      }
  

• Use this provided dependency

          <dependency>
              <groupId>org.bouncycastle</groupId>
              <artifactId>bcpkix-jdk15on</artifactId>
              <version>1.66</version>
              <scope>provided</scope>
          </dependency>
  

• make HTTP call to previous end-point
  • OracleJDK: 200 OK
  • WF with IBM JDK 8: 200 OK
  • EAP 7.4.beta with IBM JDK8:

    15:27:35,436 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /custom-application/test/test: org.jboss.resteasy.spi.UnhandledException: org.bouncycastle.cms.CMSException: cannot create key generator: JCE cannot authenticate the provider BC
    	at org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:82)
    	at org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:346)
    	at org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:193)
    	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:457)
    	at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:229)
    	at org.jboss.resteasy.core.SynchronousDispatcher$$Lambda$1092/0x000000007e979c80.run(Unknown Source)
    	at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:135)
    	at org.jboss.resteasy.core.SynchronousDispatcher$$Lambda$1093/0x0000000083d27b20.get(Unknown Source)
    	at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358)
    	at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:138)
    	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:215)
    	at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:245)
    	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:61)
    	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
    	at javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
    	at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
    	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
    	at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
    	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
    	at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
    	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    	at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
    	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117)
    	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
    	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
    	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
    	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
    	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
    	at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
    	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
    	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    	at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
    	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    	at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
    	at io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52)
    	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269)
    	at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78)
    	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133)
    	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130)
    	at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
    	at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
    	at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
    	at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction$$Lambda$1072/0x0000000083493480.call(Unknown Source)
    	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
    	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$1073/0x000000008392cce0.call(Unknown Source)
    	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
    	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$1073/0x000000008392cce0.call(Unknown Source)
    	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
    	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$1073/0x000000008392cce0.call(Unknown Source)
    	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
    	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$1073/0x000000008392cce0.call(Unknown Source)
    	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)
    	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78)
    	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99)
    	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:387)
    	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:841)
    	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
    	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
    	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
    	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1348)
    	at org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1280)
    	at java.lang.Thread.run(Thread.java:822)
    Caused by: org.bouncycastle.cms.CMSException: cannot create key generator: JCE cannot authenticate the provider BC
    	at org.bouncycastle.cms.jcajce.EnvelopedDataHelper.createKeyGenerator(EnvelopedDataHelper.java:516)
    	at org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder$CMSOutputEncryptor.<init>(JceCMSContentEncryptorBuilder.java:181)
    	at org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder.build(JceCMSContentEncryptorBuilder.java:168)
    	at org.jboss.test.TestResource.test(TestResource.java:18)
    	at org.jboss.test.TestResource$Proxy$_$$_WeldClientProxy.test(Unknown Source)
    	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:90)
    	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
    	at java.lang.reflect.Method.invoke(Method.java:508)
    	at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:138)
    	at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:546)
    	at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:435)
    	at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:396)
    	at org.jboss.resteasy.core.ResourceMethodInvoker$$Lambda$1094/0x0000000083f516a0.get(Unknown Source)
    	at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358)
    	at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:398)
    	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:365)
    	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:338)
    	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:440)
    	... 60 more
    Caused by: java.security.NoSuchProviderException: JCE cannot authenticate the provider BC
    	at javax.crypto.b.a(Unknown Source)
    	at javax.crypto.KeyGenerator.getInstance(Unknown Source)
    	at org.bouncycastle.jcajce.util.NamedJcaJceHelper.createKeyGenerator(NamedJcaJceHelper.java:77)
    	at org.bouncycastle.cms.jcajce.EnvelopedDataHelper.createKeyGenerator(EnvelopedDataHelper.java:505)
    	... 78 more
    Caused by: java.util.jar.JarException: jar:file:/home/mkopecky/playground/eap/new/7.4.0.beta/jboss-eap-7.4/modules/system/layers/base/org/bouncycastle/bcprov/main/bcprov-jdk15on-1.67.0.redhat-00001.jar!/ is not signed by a trusted signer.
    	at javax.crypto.a.a(Unknown Source)
    	at javax.crypto.a.a(Unknown Source)
    	at javax.crypto.a.a(Unknown Source)
    	at javax.crypto.b.b(Unknown Source)
    	at javax.crypto.b.a(Unknown Source)
    	... 82 more