weblogic - BouncyCastle jars giving SHA1 Digest Error for JDK 1.7 -


for project, have digitally sign string , using bouncycastle jars same. environment details follows.

weblogic 12c jsf, primefaces java version : 1.7.0_45 bc jars : bcmail-jdk15on-152.jar, bcpkix-jdk15on-152.jar, bcprov-ext-jdk15on-152.jar, bcprov-jdk15on-152.jar

alternatively have used bcprov-jdk16-1.45.jar , bcmail-jdk16-1.45.jar result same. error getting is,

java.security.nosuchalgorithmexception: error constructing implementation (algorithm: sha1withrsaencryption, provider: bc, class: org.bouncycastle.jce.provider.jdkdigestsignature$sha1withrsaencryption)     @ java.security.provider$service.newinstance(provider.java:1262) ~[?:1.7.0_45]     @ sun.security.jca.getinstance.getinstance(getinstance.java:236) ~[?:1.7.0_45]     @ sun.security.jca.getinstance.getinstance(getinstance.java:206) ~[?:1.7.0_45]     @ java.security.signature.getinstance(signature.java:355) ~[?:1.7.0_45]     @ digisigner.sign(digisigner.java:185) [digisigner.class:?]     ... 40 more caused by: java.lang.securityexception: sha1 digest error org/bouncycastle/jce/provider/jdkdigestsignature$sha1withrsaencryption.class     @ sun.security.util.manifestentryverifier.verify(manifestentryverifier.java:220) ~[?:1.7.0_45]     @ java.util.jar.jarverifier.processentry(jarverifier.java:229) ~[?:1.7.0_45]     @ java.util.jar.jarverifier.update(jarverifier.java:216) ~[?:1.7.0_45]     @ java.util.jar.jarverifier$verifierstream.read(jarverifier.java:471) ~[?:1.7.0_45]     @ sun.misc.resource.getbytes(resource.java:124) ~[?:1.7.0_45]     @ java.net.urlclassloader.defineclass(urlclassloader.java:444) ~[?:1.7.0_45]     @ java.net.urlclassloader.access$100(urlclassloader.java:71) ~[?:1.7.0_45]     @ java.net.urlclassloader$1.run(urlclassloader.java:361) ~[?:1.7.0_45]     @ java.net.urlclassloader$1.run(urlclassloader.java:355) ~[?:1.7.0_45]     @ java.security.accesscontroller.doprivileged(native method) ~[?:1.7.0_45]     @ java.net.urlclassloader.findclass(urlclassloader.java:354) ~[?:1.7.0_45]     @ java.lang.classloader.loadclass(classloader.java:425) ~[?:1.7.0_45]     @ sun.misc.launcher$appclassloader.loadclass(launcher.java:308) ~[?:1.7.0_45]     @ java.lang.classloader.loadclass(classloader.java:358) ~[?:1.7.0_45]     @ java.security.provider$service.getimplclass(provider.java:1279) ~[?:1.7.0_45]     @ java.security.provider$service.newinstance(provider.java:1237) ~[?:1.7.0_45]     ... 44 more 

the code digisigner.java is

import java.io.file; import java.io.fileinputstream; import java.io.filenotfoundexception; import java.io.fileoutputstream; import java.io.ioexception; import java.io.inputstream; import java.io.outputstream; import java.security.invalidkeyexception; import java.security.keystore; import java.security.keystoreexception; import java.security.nosuchalgorithmexception; import java.security.nosuchproviderexception; import java.security.privatekey; import java.security.security; import java.security.signature; import java.security.signatureexception; import java.security.unrecoverablekeyexception; import java.security.cert.certificate; import java.security.cert.certificateencodingexception; import java.security.cert.certificateexception; import java.security.cert.x509certificate; import java.util.arraylist; import java.util.enumeration; import java.util.list;  import org.bouncycastle.cert.jcajce.jcacertstore; import org.bouncycastle.cms.cmsexception; import org.bouncycastle.cms.cmsprocessablebytearray; import org.bouncycastle.cms.cmssigneddata; import org.bouncycastle.cms.cmssigneddatagenerator; import org.bouncycastle.cms.cmstypeddata; import org.bouncycastle.cms.jcajce.jcasignerinfogeneratorbuilder; import org.bouncycastle.jce.provider.bouncycastleprovider; import org.bouncycastle.operator.contentsigner; import org.bouncycastle.operator.operatorcreationexception; import org.bouncycastle.operator.jcajce.jcacontentsignerbuilder; import org.bouncycastle.operator.jcajce.jcadigestcalculatorproviderbuilder; import org.bouncycastle.util.store;  import sun.misc.base64encoder;   @suppresswarnings("rawtypes") public class digisigner {     private string certfilepath = null;     private string pfxfilename = null;     private string jksfilename = null;     private string certpassword = null;     private char[] certpasswordarr = null;     private keystore keystore = null;     cmssigneddatagenerator sgen = null;       @suppresswarnings("unchecked")     public digisigner(string certificateprefix) throws ibexception{         configmanager config = configmanager.getconfigmanager();         this.certfilepath = "d:/chintan/cert_files";         this.pfxfilename = "chintan.pfx";         this.jksfilename = "chintan.jks";         this.certpassword = "abc123";          certpasswordarr = certpassword.tochararray();          try{             this.keystore = keystore.getinstance("jks");             file jksfile = new file(certfilepath + "/" + jksfilename);             if(!jksfile.exists()){                 this.createjks();             }             inputstream input = new fileinputstream(certfilepath + "/" + jksfilename);             keystore.load(input, certpasswordarr);          }         catch(keystoreexception e){             e.printstacktrace();         }          catch (nosuchalgorithmexception e) {             e.printstacktrace();         }          catch (certificateexception e) {             e.printstacktrace();         }          catch (ioexception e) {             e.printstacktrace();         }     }      @suppresswarnings("unchecked")     public string sign(string datatosign) throws ibexception{         string signeddata = null;         try {             byte[] datatosignarr = datatosign.getbytes();             security.addprovider(new bouncycastleprovider());             enumeration e = keystore.aliases();             string alias = "";             if(e != null){                 while(e.hasmoreelements()){                     string  n = (string)e.nextelement();                     if (keystore.iskeyentry(n)){                         alias = n;                     }                 }             }             privatekey privatekey = (privatekey) keystore.getkey(alias, certpasswordarr);             signature signature = signature.getinstance("sha1withrsa", "bc");             signature.initsign(privatekey);             signature.update(datatosignarr);              //build cms             x509certificate cert = (x509certificate) this.keystore.getcertificate(alias);             list certlist = new arraylist();             cmstypeddata msg = new cmsprocessablebytearray(signature.sign());             certlist.add(cert);             store certs = new jcacertstore(certlist);             cmssigneddatagenerator gen = new cmssigneddatagenerator();             contentsigner sha1signer = new jcacontentsignerbuilder("sha1withrsa").setprovider("bc").build(privatekey);             gen.addsignerinfogenerator(new jcasignerinfogeneratorbuilder(new jcadigestcalculatorproviderbuilder().setprovider("bc").build()).build(sha1signer, cert));             gen.addcertificates(certs);             cmssigneddata sigdata = gen.generate(msg, false);             base64encoder encoder = new base64encoder();             signeddata = encoder.encode((byte[]) sigdata.getsignedcontent().getcontent());             system.out.println("signature : " + signeddata);              }         catch(keystoreexception e){             e.printstacktrace();         }          catch (nosuchalgorithmexception e) {             e.printstacktrace();         }         catch (nosuchproviderexception e) {             e.printstacktrace();         }         catch (cmsexception e) {             e.printstacktrace();         }         catch (unrecoverablekeyexception e) {             e.printstacktrace();         }          catch (signatureexception e) {             e.printstacktrace();         }         catch (invalidkeyexception e) {             e.printstacktrace();         }         catch (certificateencodingexception e) {             e.printstacktrace();         }         catch (operatorcreationexception e) {             e.printstacktrace();         }          return signeddata;     }      public void createjks() throws ibexception{         try{             file filein = new file(certfilepath + "/" + pfxfilename);             file fileout = new file(certfilepath + "/" + jksfilename);              if(!filein.canread()){                 throw new ibexception("unable access input keystore: " + filein.getpath());             }             if(fileout.exists() && !fileout.canwrite()){                 throw new ibexception("output file not writable: " + fileout.getpath());             }              keystore kspkcs12 = keystore.getinstance("pkcs12");             keystore ksjks = keystore.getinstance("jks");              char inphrase[] = certpassword.tochararray();             char outphrase[] = certpassword.tochararray();               kspkcs12.load(new fileinputstream(filein), inphrase);             ksjks.load(fileout.exists() ? ((java.io.inputstream) (new fileinputstream(fileout))) : null, outphrase);             enumeration ealiases = kspkcs12.aliases();             do{                 if(!ealiases.hasmoreelements())                     break;                 string stralias = (string)ealiases.nextelement();                 if(kspkcs12.iskeyentry(stralias))                 {                     java.security.key key = kspkcs12.getkey(stralias, inphrase);                     certificate chain[] = kspkcs12.getcertificatechain(stralias);                     ksjks.setkeyentry(stralias, key, outphrase, chain);                 }             }              while(true);             outputstream out = new fileoutputstream(fileout);             ksjks.store(out, outphrase);             out.close();         }         catch(keystoreexception e){             e.printstacktrace();         }         catch (nosuchalgorithmexception e) {             e.printstacktrace();         }          catch (certificateexception e) {             e.printstacktrace();         }         catch (filenotfoundexception e) {             e.printstacktrace();         }         catch (ioexception e) {             e.printstacktrace();         }         catch (unrecoverablekeyexception e) {             e.printstacktrace();         }          system.out.println("java key store created successfully");     } } 

i referred link : bouncycastle jdk 1.7 , pkcs libraries - well, it's not working me.

the error on line : signature signature = signature.getinstance("sha1withrsa", "bc");

as mentioned here, weblogic contains invalid bcprov-jdk16-1.45.jar

try verify mw_home/oracle_common/modules/bcprov-jdk16-1.45.jar jarsigner utility:

jarsigner -verify bcprov-jdk16-1.45.jar 

the securityexception thrown:

jarsigner: java.lang.securityexception: sha1 digest error org/bouncycastle/jce/eckeyutil$unexpectedexception.class 

the file differs 1 in maven repository, passes verification successfully.


Comments

Popular posts from this blog

Payment information shows nothing in one page checkout page magento -

tcpdump - How to check if server received packet (acknowledged) -