• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Security provider error after minor java upgrade

 
Ranch Hand
Posts: 118
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

w4 have a small java utility which sends xml document (encrypted, signed) to some government portal.
Problem started wehen our customer upgraded java from JDK 1.8.0.151 to JDK 1.8.0.351. Only this minor upgrade caused this error

error constructing MAC: java.security.NoSuchProviderException: JCE cannot authenticate the provider BC



Our utility uses BouncyCastle libraries version jdk16-1.38. and also jdk15on-1.68.
I googled a lot, but adding  

to java.security didn't help.
I have no time enough to rewrite all this utility to use some latest BC library. I am not the author and the API changed considerably.

Any other ideas ? Thanks
 
Sheriff
Posts: 22783
131
Eclipse IDE Spring VI Editor Chrome Java Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
My guess is that they've used the JDK's extension mechanism to load BouncyCastle. You can verify by checking the ext folder of the previous Java installation.

Instead of installing BC this way again, add it to your class path instead. That's more portable.
 
Jiri Nejedly
Ranch Hand
Posts: 118
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
In Java 1.8.0.151 ext directory  there are several jars. All of them have sun folder in them. I think it is releated to 10 providers listed in  java.security. I scanned ext folder and then all the java including content of jars for word 'bouncy' but found nothing. So I think bouncy castle is loaded by the utility - yes, i found



So the question must be put like this: What changed in java, that disabled loading BouncyCastleProvider in our utility.
 
Jiri Nejedly
Ranch Hand
Posts: 118
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Finally I decided to rewrite the utility using BouncyCastle jdk18on 1.72  
I didn't edit java.security or added any libraries into  ext dir.
Just started the whole code with
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());

I needed to write three needed nethods - encrypt, sign and verify some xml content.
It meant sometimes to use



No matter, how I tried to write my code using examples found on the internet,
the were places where the .setProvider("BC") invoked
"JCE cannot authenticate the provider BC" again.

After many googling and  trials and errors I found out that this behavior is only
present in development (I use JDeveloper).
The production library is Ok, but must follow these rules:

- The final jar (containg all classes from all dependencies) mustn't include the BouncyCastle libraries  
It is done by maven-surefire-plugin and AssemblyDescriptor.xml



- when running the utility, the BC libraries bust be used BEFORE the main jar libray

java -classpath bcprov-jdk18on-1.72.jar;bcpkix-jdk18on-1.72.jar;bcutil-jdk18on-1.72.jar;myUtility-0.1-dependencies.jar <classWithMainMethod>

Now the utility works OK. However I never found out what changed in java 1.8.0_351 and caused all the problems.
 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hey Jiri,

Could you please send me that code to avoid that error. I stuck in my project. It would help a lot.
 
Marshal
Posts: 79180
377
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Welcome to the Ranch

Please keep all discussions on the forum rather than going outside. Please don't ask for code to complete an assignment. Please tell us what problems you are facing and explain what you have done.
 
reply
    Bookmark Topic Watch Topic
  • New Topic