BouncyCastle 1.51在Wildfly 8.0的战争中加载 [英] BouncyCastle 1.51 loading in war on Wildfly 8.0

问题描述

背景

我正在尝试使用有弹性的城堡库在我的战争中解密私钥.现在，我首先在一个独立的应用程序中测试了代码，并且效果很好.现在，当我在Wildfly8.0中将其作为Web应用程序进行测试时，遇到了Bouncy Castle的一些问题.

I am trying to use bouncy castle library to decrypt private keys in my war. Now I tested the code first in a standalone app and it worked fine. Now when I am testing it as a webapp in Wildfly8.0 am facing some issues with Bouncy castle.

使用的Wildfly 8.0已安装了有弹性的城堡提供程序模块. v1.46中使用的BC版本.

The Wildfly 8.0 am using has bouncy castle provider module installed. The BC version being used in v1.46.

我开发的代码使用v1.51. 我已按照此处提到的步骤进行操作:

The code that I have developed uses v1.51. I have followed the steps mentioned here:

• https://developer.jboss.org/thread/175395
• bouncycastle + JBoss AS7:JCE无法验证提供者BC -针对特定部署(首选)
中提供的特别遵循的说明

• https://developer.jboss.org/thread/175395
• bouncycastle + JBoss AS7: JCE cannot authenticate the provider BC - Specifically followed instructions provided in For a specific deployment (preferred)

已尝试

• 安装JCE策略文件.
• 添加到提供商列表中.

问题

我得到的错误是:

unable to read encrypted data: JCE cannot authenticate the provider BC 

触发上述错误的代码如下:

And the code which triggers the above error, in as follows :

PKCS8EncryptedPrivateKeyInfo kp = (PKCS8EncryptedPrivateKeyInfo) keyPair;  
InputDecryptorProvider pkcs8dec = new JceOpenSSLPKCS8DecryptorProviderBuilder()  
      .setProvider(new BouncyCastleProvider())  
      .build("somepass".toCharArray());  
PrivateKeyInfo pko = kp.decryptPrivateKeyInfo(pkcs8dec);<-- ##Error here  

还添加了详细信息，在我的pom.xml中，我添加了具有编译范围的jar，因此将这些库复制到war中并安装在WEB-INF/lib中.

Also to add the details,in my pom.xml I have added the jar with compile scope, so the libs are copied into the war and get installed in WEB-INF/lib.

有什么技巧可以解决上述问题?

Any tips to fix the above problem?

推荐答案

I.结合了Peter(@comment)和 https://developer.jboss.org/thread/175395，使用自定义名称创建您自己的密件抄送版本":

I. Combining the idea of Peter (@comment) and https://developer.jboss.org/thread/175395, create "your own bc version" with a custom name:

1. 以以下方式创建"我 .bouncycastle"模块:

1. Create an 'my.bouncycastle' module in the following manner:

• 在$ JBOSS_HOME/modules下，创建目录' my /bouncycastle/main'.目录"我的"可能不存在. ;)

• Under $JBOSS_HOME/modules, create directory 'my/bouncycastle/main'. Directory 'my' might not be there. ;)

将bcprov- [您的版本] .jar复制到我/bouncycastle/main

Copy bcprov-[your-version].jar into my/bouncycastle/main

在 my /bouncycastle/main中创建文件'bcprov- [您的版本] .jar.index'，该文件基本上是jar -tf命令，不带".class"行. (管道和编辑...)

Create file 'bcprov-[your-version].jar.index' in my/bouncycastle/main, which is basically the output of a jar -tf command without the ".class" lines. (pipe&edit...)

我在空白处放一行，因为这些.index文件似乎总是有一个.我已将此文件附加为"bcprov-jdk16-1.46.jar.index".

I put a blank line at the top because these .index files always seem to have one. I have attached this file as "bcprov-jdk16-1.46.jar.index".

也在 my /bouncycastle/main中创建一个名为"module.xml"的文件，该文件将指向jar文件并引用模块"javax.api"作为依赖项.

Create a file called "module.xml", also in my/bouncycastle/main, which will point to the jar file and reference module "javax.api" as a dependency.

我已将此文件附加为"module.xml". 该模块已完成.

I have attached this file as 'module.xml'. The module is complete.

1. 由于我正在EAR文件中进行部署，因此必须在该部分下的EAR的META-INF/jboss-deployment-structure.xml文件中添加一个模块依赖项，如下所示:

(该语句也适用于WAR文件，当在顶层部署时，请使用自定义名称作为模块参考)

(the statement also applies to WAR files, when deployed on top-level, use the custom name as module reference)

    <deployment><dependencies><module name="my.bouncycastle" slot="main" export="true"/>  

1. 确定，耳朵的/lib目录不包含bcprov- [您的版本] .jar. (实际上是II.)

1. Make certain that the ear's /lib directory does NOT contain bcprov-[your-version].jar. (actually II.)

注意: jboss-dependency-structure.xml文件中的'slot ="main"和'export ="true"参数非常重要.

Notes: The 'slot="main" and 'export="true" parameters are very important in the jboss-dependency-structure.xml file...

II.将您的Maven依赖项调整为:

II. Adjust your maven dependency(ies) to:

<scope>provided</scope>

注意:请勿将Maven依赖项(即组工件)更改为"my.bouncycastle"，而仅将范围更改为"my.bouncycastle"，这将确保大多数IDE都具有不错的编译时性能AND将阻止您的(maven-)war/jar/ear-plugin将其打包到lib中！ (而且对于这样的依赖项，反正还是正确的范围.)

Note: Don't change the maven dependecy(ies group artifacts) to "my.bouncycastle", only the scope, this will ensure you a nice compile-time-behavior by the most IDE's AND will prevent your (maven-)war/jar/ear-plugin from packaging it into libs! (And which would be anyway the correct scope for a dependency like this.)

这篇关于BouncyCastle 1.51在Wildfly 8.0的战争中加载的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！