Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

AEM 6.5 Authentication Cipher issue with BouncyCastle that doesn't appear in 6.3

Avatar

Avatar
Validate 1
Level 3
sdouglasmc
Level 3

Likes

22 likes

Total Posts

83 posts

Correct Reply

4 solutions
Top badges earned
Validate 1
Give Back
Ignite 1
Boost 5
Boost 3
View profile

Avatar
Validate 1
Level 3
sdouglasmc
Level 3

Likes

22 likes

Total Posts

83 posts

Correct Reply

4 solutions
Top badges earned
Validate 1
Give Back
Ignite 1
Boost 5
Boost 3
View profile
sdouglasmc
Level 3

30-07-2020

We are migrating a site in AEM 6.3 to 6.5(6.5.5).  During authentication, there is the use of PKCS7PADDING which is not working in 6.5 but does work in 6.3 with both environments having bcprov-bcprov- 1.66 installed: 
final Cipher decrypterWithPad = Cipher.getInstance("AES/CBC/PKCS7PADDING",
BouncyCastleProvider.PROVIDER_NAME);
--Provider Name being "BC" as seen in the error below---


I've stripped out everything and created a small test package (with only slight changes needed for versions of 2 dependencies in the core pom) that I could quickly test in fresh 6.5 and 6.3 environments - no service packs in either.
-Start up fresh publish instances of 6.3 and 6.5
-Install bcprov-bcprov- 1.66 manually in OSGI
-Install my little package to both 6.3 and 6.5
-Hit my servlet by path which calls the above lines of code (obviously a bit more).
6.3 Works great!  6.5 returns the same below log.  So something has changed fundamentally in 6.5.  I'm wondering if it is something in the sling.properties issue.  Both are using the same Java 8 version.

 

30.07.2020 20:54:55.184 *ERROR* [0:0:0:0:0:0:0:1 [1596153295173] GET /bin/bouncy/cookieTest HTTP/1.1] com.bouncy.service.BouncyAuthCookie Could not decrypt val:t=NAE7xPWDo62oRc5Ly6i_jJo_dzptFgmp2EzIJmVkHmkyOBnYp5RTi1n1bJe9bnCQk9t0RLyDFSg5-ncOxwvw0IhbqVIGdzsVsEPpVIes2XOgGknK1B32wRK0UtychXvPeuR3EZFJa7rRydw2IQY3Mzylth-BH6dEqioD8C0QuTDdIyjSaN2t5J9-MSgWq9jRQfz2XWtrMgryh8rk8kcjonOZx25HtIQRPIU9QSyP69GY4CKiJIH8pmcaau69EP6h4GYs3w2LbZMDFfoLXvy5_ag0TZyLSeV8HqtkYmA8H6quAFpYubONObqNMiR3my7cQtV7RSGfTfTweqWBdsfT_NlRLBxI4rIlmE9QTlfz_KmQsBy1CHiQm8mAqNo1ZmIHVLH2eHf0fKL4cEHZUXxRbNpH4eJiwuTAtaK5N8IiVXsEFLwC84Et56s4fQJHaj22nKh4JLRCK_40lyebpp9k_G6rFloGanZ9htx_YATXusTO7fufpyZ4yFLOkEh5WgeyC6sOFRe_021I_cRZMuJUoj-4MCW5GBd2hFkyatW6IbsLV6QT3cP4F1CLbCIUKVlYwvXPXKUdQzw5aVnd-aWIrQNVLbZFEsWQUjYT6-T9OXgHzE_iiBmiyItsN0hjO5Si9jiLA8fsWhZV92dNLDRAhTOzRMWk_gsPOotordmM-V5htYXSnbJ5z3VvoPoOT8KKU1zYI5yvfsItbdHz965YopwvJGLD3CG7RPt5YEDlHzEQzbkS3pykab00wCLFJeRHDJQ4c-XoQ1PHaQvKHywtfhT8bLdBZ4OLn5xnshqDPB7V8W3sbdRQXVRa6PfiuOMstEQRhBHHGuZeiOUOEWncl3XhAilavZPih7Dcx7yJ6EPhMt9IFjuGDoL6mC0k4BaZpXl7WaPYkZDJXSWYgSl2EYWbX-V_L5Bru74zC5evnaVX3sUjpd_SEzJl3cD8bdG_zLzEeidydNZP2YgI66uBm710qd9ILP8oLl2Khe_Jvwy4bOp-X2t7BWvzb2r7SXkua3leuC4u3b5iueBiHslMMybNyCNK7PRKWigPGaiPkK7sN4_dIIryUXUb1gtJb1vTGkyRYYCvxg57JMylv_dFFehMC6FfdtSImrNJvCp9NR4~
java.lang.SecurityException: JCE cannot authenticate the provider BC

.......
Caused by: java.lang.IllegalStateException: Stream handler unavailable due to: invalid url: inputstream:bcprov-jdk15to18-166.jar!/ (java.net.MalformedURLException: Unknown protocol: inputstream)
at org.apache.felix.framework.URLHandlersStreamHandlerProxy.parseURL(URLHandlersStreamHandlerProxy.java:431)
at java.net.URL.<init>(URL.java:622)
... 139 common frames omitted
Caused by: java.net.MalformedURLException: invalid url: inputstream:bcprov-jdk15to18-166.jar!/ (java.net.MalformedURLException: Unknown protocol: inputstream)
at java.net.URL.<init>(URL.java:627)
at org.apache.felix.framework.util.SecureAction.createURL(SecureAction.java:256)
at org.apache.felix.framework.URLHandlersStreamHandlerProxy.parseURL(URLHandlersStreamHandlerProxy.java:423)
... 140 common frames omitted
Caused by: java.lang.NullPointerException: invalid url: inputstream:bcprov-jdk15to18-166.jar!/ (java.net.MalformedURLException: Unknown protocol: inputstream)
at sun.net.www.protocol.jar.Handler.parseAbsoluteSpec(Handler.java:178)
at sun.net.www.protocol.jar.Handler.parseURL(Handler.java:151)
at java.net.URL.<init>(URL.java:622)
... 142 common frames omitted




AEM 6.5
View Entire Topic

Avatar

Avatar
Validate 1
Level 1
vibhuranjan21
Level 1

Likes

2 likes

Total Posts

8 posts

Correct Reply

2 solutions
Top badges earned
Validate 1
Boost 1
Affirm 1
View profile

Avatar
Validate 1
Level 1
vibhuranjan21
Level 1

Likes

2 likes

Total Posts

8 posts

Correct Reply

2 solutions
Top badges earned
Validate 1
Boost 1
Affirm 1
View profile
vibhuranjan21
Level 1

05-02-2021

Following is the working solution for this issue:

 

1. Place the bouncycastle jar under crx-quickstart\launchpad\ext (you may have to create the directory)
2. Add the following to the sling.properties:
sling.bootdelegation.class.org.bouncycastle.jce.provider.BouncyCastleProvider=org.bouncycastle.*
sling.bootdelegation.class.com.rsa.jsafe.provider.JsafeJCE=com.rsa.*