BouncyCastle

Aundrea_Lea

15-10-2015

I'm running CQ5.6.1 on windows 7 sp1.

OK, I'm attempting to use JWT via NImbus which uses BouncyCastle in a filter.  My problem is with the BouncyCastle bundle.  It is signed.  When I install the bcprov-jdk15on-1.49.jar it appears that felix is re-bundling it and missing up the signature.  When running I get "java.lang.SecurityException: JCE cannot authenticate the provider BC" which means the signature is hosed.  Looking at the bundle in the console I can see that all the digest info is missing from the manifest headers that is contained in the original bundle.

Next I tried to add BouncyCastle to \jre6\lib\ext and update \jre6\lib\security\java.security to add BouncyCastle as a security provider.  I get "Unresolved constraint in bundle xxxxx: Unable to resolve 293.2: missing requirement [293.2] osgi.wiring.package; (osgi.wiring.package=org.bouncycastle.asn1)" which means it isn't finding the jar thru the java run time engine.

I tried adding the jar to the sling.properties "org.osgi.framework.system.packages.extra=org.bouncycastle.*" and/or "org.osgi.framework.bootdelegation=org.bouncycastle.*, ${org.apache.sling.launcher.bootdelegation}" in the \author\crx-quickstart directory.  Again I get "Unresolved constraint in bundle xxxxx: Unable to resolve 293.2: missing requirement [293.2] osgi.wiring.package; (osgi.wiring.package=org.bouncycastle.asn1)".

Can anyone point out what I am doing wrong or have a totally different solution to get BouncyCastle working inside of CQ?

Thanks!

Accepted Solutions (1)

Accepted Solutions (1)

Aundrea_Lea

15-10-2015

Found my solution.  It seems that the org.osgi.framework.system.packages.extra parm does not like wildcards.  I had to explicitly add each package used from the bouncycastle jar.  This was after I set up bouncycastle as a security provider and placed the jar in the jre*/lib/ext folder that cq was using.  I found which packages I need by not importing anything on the pom during the build.

org.osgi.framework.system.packages.extra=org.bouncycastle.asn1,org.bouncycastle.asn1.sec,org.bouncycastle.asn1.x9, org.bouncycastle.crypto, org.bouncycastle.crypto.digests, org.bouncycastle.crypto.encodings, org.bouncycastle.crypto.engines, org.bouncycastle.crypto.modes, org.bouncycastle.crypto.params, org.bouncycastle.crypto.signers, org.bouncycastle.jce, org.bouncycastle.jce.provider, org.bouncycastle.jce.spec, org.bouncycastle.math.ec, org.bouncycastle.util