Adobe Experience Manager Sites & More

Report · 10/15/15

I'm running CQ5.6.1 on windows 7 sp1.

OK, I'm attempting to use JWT via NImbus which uses BouncyCastle in a filter. My problem is with the BouncyCastle bundle. It is signed. When I install the bcprov-jdk15on-1.49.jar it appears that felix is re-bundling it and missing up the signature. When running I get "java.lang.SecurityException: JCE cannot authenticate the provider BC" which means the signature is hosed. Looking at the bundle in the console I can see that all the digest info is missing from the manifest headers that is contained in the original bundle.

Next I tried to add BouncyCastle to \jre6\lib\ext and update \jre6\lib\security\java.security to add BouncyCastle as a security provider. I get "Unresolved constraint in bundle xxxxx: Unable to resolve 293.2: missing requirement [293.2] osgi.wiring.package; (osgi.wiring.package=org.bouncycastle.asn1)" which means it isn't finding the jar thru the java run time engine.

I tried adding the jar to the sling.properties "org.osgi.framework.system.packages.extra=org.bouncycastle.*" and/or "org.osgi.framework.bootdelegation=org.bouncycastle.*, ${org.apache.sling.launcher.bootdelegation}" in the \author\crx-quickstart directory. Again I get "Unresolved constraint in bundle xxxxx: Unable to resolve 293.2: missing requirement [293.2] osgi.wiring.package; (osgi.wiring.package=org.bouncycastle.asn1)".

Can anyone point out what I am doing wrong or have a totally different solution to get BouncyCastle working inside of CQ?

Thanks!

Report · 10/15/15

Found my solution. It seems that the org.osgi.framework.system.packages.extra parm does not like wildcards. I had to explicitly add each package used from the bouncycastle jar. This was after I set up bouncycastle as a security provider and placed the jar in the jre*/lib/ext folder that cq was using. I found which packages I need by not importing anything on the pom during the build.

org.osgi.framework.system.packages.extra=org.bouncycastle.asn1,org.bouncycastle.asn1.sec,org.bouncycastle.asn1.x9, org.bouncycastle.crypto, org.bouncycastle.crypto.digests, org.bouncycastle.crypto.encodings, org.bouncycastle.crypto.engines, org.bouncycastle.crypto.modes, org.bouncycastle.crypto.params, org.bouncycastle.crypto.signers, org.bouncycastle.jce, org.bouncycastle.jce.provider, org.bouncycastle.jce.spec, org.bouncycastle.math.ec, org.bouncycastle.util

View solution in original post

Report · 10/15/15

Found my solution. It seems that the org.osgi.framework.system.packages.extra parm does not like wildcards. I had to explicitly add each package used from the bouncycastle jar. This was after I set up bouncycastle as a security provider and placed the jar in the jre*/lib/ext folder that cq was using. I found which packages I need by not importing anything on the pom during the build.

org.osgi.framework.system.packages.extra=org.bouncycastle.asn1,org.bouncycastle.asn1.sec,org.bouncycastle.asn1.x9, org.bouncycastle.crypto, org.bouncycastle.crypto.digests, org.bouncycastle.crypto.encodings, org.bouncycastle.crypto.engines, org.bouncycastle.crypto.modes, org.bouncycastle.crypto.params, org.bouncycastle.crypto.signers, org.bouncycastle.jce, org.bouncycastle.jce.provider, org.bouncycastle.jce.spec, org.bouncycastle.math.ec, org.bouncycastle.util