{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Anthone 的问题《bouncycastle + JBoss AS7: JCE cannot authenticate》','https://www.manongdao.com/q-112576.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I use BouncyCastle for encryption in my application. When I run it standalone, everything works fine. However, if I put it in the webapp and deploy on JBoss server, I get a following error:
javax.servlet.ServletException: error constructing MAC: java.security.NoSuchProviderException: JCE cannot authenticate the provider BC
(...)
root cause
java.lang.Exception: error constructing MAC: java.security.NoSuchProviderException: JCE cannot authenticate the provider BC
(...)
root cause
java.io.IOException: error constructing MAC: java.security.NoSuchProviderException: JCE cannot authenticate the provider BC
org.bouncycastle.jce.provider.JDKPKCS12KeyStore.engineLoad(Unknown Source)
java.security.KeyStore.load(Unknown Source)
Here is a part of the code that causes this error:
if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null)
{
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
}
// Read the Private Key
KeyStore ks = KeyStore.getInstance("PKCS12", BouncyCastleProvider.PROVIDER_NAME);
ks.load(new FileInputStream(certificatePath), privateKeyPassword.toCharArray());
And maven dependency:
<dependency>
<groupId>bouncycastle</groupId>
<artifactId>bcmail-jdk16</artifactId>
<version>140</version>
</dependency>
Do you know how could I deploy it?
As I put in some other thread it can be also added programmatically by putting the line:
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
Source: jce cannot authenticate the provider bc
For JBoss AS7 bouncy castle needs to be deployed as a server module. This replaces the
server/default/libmechanism of earlier versions (as mentioned in Gergely Bacso's answer).JBoss AS7 uses jdk1.6+. When using JBoss AS7 with jdk1.6 we need to make sure we are using bcprov-jdk16.
Create a Jboss module (a folder $JBOSS_HOME/modules/org/bouncycastle/main). Put the bouncy castle jars that you want to be globally available in it, along with a
module.xmlfile that looks like this:Once you have setup the module you need to make it available to your deployments. There are two ways:
1. Globally via standalone.xml
In $JBOSS_HOME/standalone/configuration/standalone.xml replace
with
The jar libraries will now be available across all applications (and this will "emulate" adding to the classpath as was possible in jboss 4,5,6 etc)
2. For a specific deployment (preferred)
Add a module dependency entry to the ear's
META-INF/jboss-deployment-structure.xmlfile, under the section, eg:Do not deploy the bouncy-castle jar as a part of your your webapp (WEB-INF/lib). You need this file in compiliation time of course, but on JBOSS it should be here:
instead of
For those who don't want to change server level config,
adding the bouncy castle jars with use-physical-code-source worked for me
But if You change server from JBoss to other (for example Glassfish) You have the same problem.
The better solition for me are changes in jdk.
You shoud add Bouncy Castle to security providers on Your java platform in two steps:
1. Copy BC librarys (currently bcpkix-jdk15on-149.jar, bcprov-jdk15on-149.jar) to directory $JAVA_HOME/jre/lib/ext/
2. Register BC provider: edit file $JAVA_HOME/jre/lib/security/java.security and under line
add Your BC provider
Change numbers of rest providers. The whole block of providers should be similar to:
And now You must just restart the java server.