BouncyCastle 1.51 在 Wildfly 8.0 上的战争中加载 [英] BouncyCastle 1.51 loading in war on Wildfly 8.0

问题描述

背景

我正在尝试使用充气城堡库来解密我的战争中的私钥.现在我首先在一个独立的应用程序中测试了代码，它运行良好.现在，当我在 Wildfly8.0 中将其作为 Web 应用程序进行测试时，我遇到了充气城堡的一些问题.

使用的 Wildfly 8.0 am 安装了充气城堡提供程序模块.v1.46中使用的BC版本.

我开发的代码使用的是 v1.51.我已按照此处提到的步骤操作:

• https://developer.jboss.org/thread/175395
• bouncycastle + JBoss AS7:JCE 无法验证提供者 BC - 特别遵循对于特定部署(首选)
中提供的说明

已经试过了

• 安装 JCE 策略文件.
• 添加到提供商列表.

问题

我得到的错误是:

无法读取加密数据:JCE 无法验证提供者 BC

以及触发上述错误的代码，如下:

PKCS8EncryptedPrivateKeyInfo kp = (PKCS8EncryptedPrivateKeyInfo) keyPair;InputDecryptorProvider pkcs8dec = 新 JceOpenSSLPKCS8DecryptorProviderBuilder().setProvider(new BouncyCastleProvider()).build("somepass".toCharArray());PrivateKeyInfo pko = kp.decryptPrivateKeyInfo(pkcs8dec);<-- ##Error here

还要添加详细信息，在我的 pom.xml 中，我添加了具有编译范围的 jar，因此将库复制到 war 中并安装在 WEB-INF/lib 中.

解决上述问题的任何提示?

解决方案

I.结合 Peter (@comment) 和 https://developer.jboss.org/thread/175395，用自定义名称创建您自己的 bc 版本":

1. 按以下方式创建my.bouncycastle"模块:

   • 在 $JBOSS_HOME/modules 下，创建目录my/bouncycastle/main".目录我的"可能不存在.;)

   • 将 bcprov-[your-version].jar 复制到 my/bouncycastle/main

   • 在 my/bouncycastle/main 中创建文件 'bcprov-[your-version].jar.index'，它基本上是 jar -tf 命令没有.class"行.(管道和编辑...)

     <块引用>

     我在顶部放置了一个空行，因为这些 .index 文件似乎总是有一个.我已将此文件附加为bcprov-jdk16-1.46.jar.index".

   • 在 my/bouncycastle/main 中创建一个名为module.xml"的文件，该文件将指向 jar 文件并引用模块javax.api"作为依赖项.

     <块引用>

     我已将此文件附加为module.xml".模块完成.

<块引用>

2. 由于我在 EAR 文件中进行部署，因此我必须在 EAR 的 META-INF/jboss-deployment-structure.xml 文件的部分下添加一个模块依赖项，如下所示:

(该声明也适用于 WAR 文件，部署在顶层时，使用自定义名称作为模块引用)

3. 确保耳朵的/lib 目录不包含 bcprov-[your-version].jar.(实际上是二)

<块引用>

注意事项:'slot="main" 和 'export="true" 参数在 jboss-dependency-structure.xml 文件中非常重要...

二.将您的 Maven 依赖项调整为:

提供

注意:不要将 maven 依赖(即组工件)更改为my.bouncycastle"，仅更改范围，这将确保大多数 IDE 的编译时行为良好并且会阻止您的(maven-)war/jar/ear-plugin 将其打包到库中！(无论如何，这将是像这样的依赖项的正确范围.)

Background

I am trying to use bouncy castle library to decrypt private keys in my war. Now I tested the code first in a standalone app and it worked fine. Now when I am testing it as a webapp in Wildfly8.0 am facing some issues with Bouncy castle.

The Wildfly 8.0 am using has bouncy castle provider module installed. The BC version being used in v1.46.

The code that I have developed uses v1.51. I have followed the steps mentioned here:

• https://developer.jboss.org/thread/175395
• bouncycastle + JBoss AS7: JCE cannot authenticate the provider BC - Specifically followed instructions provided in For a specific deployment (preferred)

Already tried

• Installing the JCE policy files.
• Adding to the provider list.

Problem

The error I am getting is :

unable to read encrypted data: JCE cannot authenticate the provider BC 

And the code which triggers the above error, in as follows :

PKCS8EncryptedPrivateKeyInfo kp = (PKCS8EncryptedPrivateKeyInfo) keyPair;  
InputDecryptorProvider pkcs8dec = new JceOpenSSLPKCS8DecryptorProviderBuilder()  
      .setProvider(new BouncyCastleProvider())  
      .build("somepass".toCharArray());  
PrivateKeyInfo pko = kp.decryptPrivateKeyInfo(pkcs8dec);<-- ##Error here  

Also to add the details,in my pom.xml I have added the jar with compile scope, so the libs are copied into the war and get installed in WEB-INF/lib.

Any tips to fix the above problem?

解决方案

I. Combining the idea of Peter (@comment) and https://developer.jboss.org/thread/175395, create "your own bc version" with a custom name:

1. Create an 'my.bouncycastle' module in the following manner:

   • Under $JBOSS_HOME/modules, create directory 'my/bouncycastle/main'. Directory 'my' might not be there. ;)

   • Copy bcprov-[your-version].jar into my/bouncycastle/main

   • Create file 'bcprov-[your-version].jar.index' in my/bouncycastle/main, which is basically the output of a jar -tf command without the ".class" lines. (pipe&edit...)

     I put a blank line at the top because these .index files always seem to have one. I have attached this file as "bcprov-jdk16-1.46.jar.index".

   • Create a file called "module.xml", also in my/bouncycastle/main, which will point to the jar file and reference module "javax.api" as a dependency.

     I have attached this file as 'module.xml'. The module is complete.

2. Since I am deploying in an EAR file, I had to add a module dependency entry to my EAR's META-INF/jboss-deployment-structure.xml file, under the section, like so:

(the statement also applies to WAR files, when deployed on top-level, use the custom name as module reference)

    <deployment><dependencies><module name="my.bouncycastle" slot="main" export="true"/>  

3. Make certain that the ear's /lib directory does NOT contain bcprov-[your-version].jar. (actually II.)

Notes: The 'slot="main" and 'export="true" parameters are very important in the jboss-dependency-structure.xml file...

II. Adjust your maven dependency(ies) to:

<scope>provided</scope>

Note: Don't change the maven dependecy(ies group artifacts) to "my.bouncycastle", only the scope, this will ensure you a nice compile-time-behavior by the most IDE's AND will prevent your (maven-)war/jar/ear-plugin from packaging it into libs! (And which would be anyway the correct scope for a dependency like this.)

这篇关于BouncyCastle 1.51 在 Wildfly 8.0 上的战争中加载的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！