Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Virgo » JCE cannot authenticate provider installed as OSGi bundle
JCE cannot authenticate provider installed as OSGi bundle [message #826112] Wed, 21 March 2012 17:21 Go to next message
Paul Duffin is currently offline Paul Duffin
Messages: 9
Registered: July 2009
Junior Member
My application makes use of the BouncyCastle JCE provider, it works standalone but I when I try and use it inside Virgo it breaks with the following error:

Caused by: java.lang.SecurityException: JCE cannot authenticate the provider BC
        at javax.crypto.SunJCE_b.a(DashoA13*..)
        at javax.crypto.SecretKeyFactory.getInstance(DashoA13*..)
        ... 17 common frames omitted
Caused by: java.util.jar.JarException: Cannot parse file:/home/pduffin/virgo-tomcat-server-3.0.2.RELEASE/work/org.eclipse.virgo.kernel.deployer_3.0.2.RELEASE/staging/global/bun
dle/bcprov/1.46.0/org.bouncycastle.bcprov.jdk15-1.46.jar/
        at javax.crypto.SunJCE_c.a(DashoA13*..)
        at javax.crypto.SunJCE_b.b(DashoA13*..)
        at javax.crypto.SunJCE_b.a(DashoA13*..)
        ... 20 common frames omitted


I think that the problem is happening because the JCE code is expecting the provider classes to be in a signed JAR and is attempting to verify that the JAR is correctly signed. Unfortunately, for some reason the JAR has been unpacked into its own directory and so when JCE tries to open that directory as a JAR it fails.

I am not sure whether it is Virgo or Equinox that is responsible for unpacking the JAR, or why it is being done. The only references I could find was in Virgo documentation about VTS unpacking WARs but this is not a WAR.

Is there any way that I can prevent Virgo from unpacking the BouncyCastle JAR, without needing the JAR to be modified as I cannot sign it myself, am using version 1.46 of bouncy castle which has OSGi headers.

Otherwise, any suggestions as to how to use BouncyCastle with my application. I would prefer not to have to install it separately to my application, e.g. in some common directory, as that makes it harder to install the application and reduces the dynamic nature of Virgo.
Re: JCE cannot authenticate provider installed as OSGi bundle [message #826924 is a reply to message #826112] Thu, 22 March 2012 16:57 Go to previous messageGo to next message
Glyn Normington is currently offline Glyn Normington
Messages: 1222
Registered: July 2009
Senior Member
It looks like Virgo is to blame for the unpacking of the JAR because you are deploying the JAR. If you can allow it to be automatically installed from repository/usr as a (package?) dependency, that will avoid it being unpacked. Alternative, you could either configure the bundle as part of the "base bundles" property of the user region configuration or as part of the kernel configuration (perhaps with user region configuration to expose any required packages/services in the user region).

Hope that helps. Please come back if this advice was too cryptic. Wink

[Updated on: Thu, 22 March 2012 16:57]

Report message to a moderator

Re: JCE cannot authenticate provider installed as OSGi bundle [message #870706 is a reply to message #826112] Wed, 09 May 2012 12:04 Go to previous messageGo to next message
Paul Duffin is currently offline Paul Duffin
Messages: 9
Registered: July 2009
Junior Member
Thanks for that feedback. I ended up adding it in the lib/ directory (not its kernel/ subdirectory) and adding org.bouncycastle.jce.provider to the list of packages in the org.osgi.framework.system.packages property of the lib/java6-server.profile file.

Not sure which of your suggestions that corresponds to but it worked fine.

The 0.46 version of bouncy castle does provide basic OSGi headers but does not version the package so there is no need to add a version to the org.bouncycastle.jce.provider package in the list of system packages.

Is there any documentation as to when Eclipse Virgo will unpack a JAR and why as it seems a bit random. While there is good reason to unpack a WAR I cannot see ANY reason for unpacking a JAR at all.
Re: JCE cannot authenticate provider installed as OSGi bundle [message #870713 is a reply to message #870706] Wed, 09 May 2012 12:28 Go to previous message
Glyn Normington is currently offline Glyn Normington
Messages: 1222
Registered: July 2009
Senior Member
Paul Duffin wrote on Wed, 09 May 2012 13:04
Thanks for that feedback. I ended up adding it in the lib/ directory (not its kernel/ subdirectory) and adding org.bouncycastle.jce.provider to the list of packages in the org.osgi.framework.system.packages property of the lib/java6-server.profile file.

Not sure which of your suggestions that corresponds to but it worked fine.

None. I didn't anticipate adding a system package export, but glad it worked.
Quote:
The 0.46 version of bouncy castle does provide basic OSGi headers but does not version the package so there is no need to add a version to the org.bouncycastle.jce.provider package in the list of system packages.

Fine. To be precise, the default export version is 0.
Quote:

Is there any documentation as to when Eclipse Virgo will unpack a JAR and why as it seems a bit random. While there is good reason to unpack a WAR I cannot see ANY reason for unpacking a JAR at all.

JARs which pass through the deployment pipeline are unpacked. These JARs are those which are deployed directly or which belong (transitively) to plans or PARs which are deployed directly. Dependencies which are auto-installed by Virgo are not unpacked.

The reason for this unpacking is that Virgo implements scoping (of PAR files and scoped plans) by rewriting the manifests of bundles. Although Virgo now uses in-memory manifests, the aim of having the on-disk version match the rewritten manifest is so that we could ultimately warm start Equinox, although admittedly this is something we've not been able to do so far. Dependency bundles don't need unpacking because they are never included in a scope.
Previous Topic:Conflicts configuring EclipseLink with Virgo
Next Topic:Snaps Parent Application Context Not Loading
Goto Forum:
  


Current Time: Tue Sep 23 16:37:01 GMT 2014

Powered by FUDForum. Page generated in 0.03834 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software