I'm running CQ5.6.1 on windows 7 sp1.
OK, I'm attempting to use JWT via NImbus which uses BouncyCastle in a filter. My problem is with the BouncyCastle bundle. It is signed. When I install the bcprov-jdk15on-1.49.jar it appears that felix is re-bundling it and missing up the signature. When running I get "java.lang.SecurityException: JCE cannot authenticate the provider BC" which means the signature is hosed. Looking at the bundle in the console I can see that all the digest info is missing from the manifest headers that is contained in the original bundle.
Next I tried to add BouncyCastle to \jre6\lib\ext and update \jre6\lib\security\java.security to add BouncyCastle as a security provider. I get "Unresolved constraint in bundle xxxxx: Unable to resolve 293.2: missing requirement [293.2] osgi.wiring.package; (osgi.wiring.package=org.bouncycastle.asn1)" which means it isn't finding the jar thru the java run time engine.
I tried adding the jar to the sling.properties "org.osgi.framework.system.packages.extra=org.bouncycastle.*" and/or "org.osgi.framework.bootdelegation=org.bouncycastle.*, ${org.apache.sling.launcher.bootdelegation}" in the \author\crx-quickstart directory. Again I get "Unresolved constraint in bundle xxxxx: Unable to resolve 293.2: missing requirement [293.2] osgi.wiring.package; (osgi.wiring.package=org.bouncycastle.asn1)".
Can anyone point out what I am doing wrong or have a totally different solution to get BouncyCastle working inside of CQ?
Thanks!
Solved! Go to Solution.
Views
Replies
Total Likes
Found my solution. It seems that the org.osgi.framework.system.packages.extra parm does not like wildcards. I had to explicitly add each package used from the bouncycastle jar. This was after I set up bouncycastle as a security provider and placed the jar in the jre*/lib/ext folder that cq was using. I found which packages I need by not importing anything on the pom during the build.
org.osgi.framework.system.packages.extra=org.bouncycastle.asn1,org.bouncycastle.asn1.sec,org.bouncycastle.asn1.x9, org.bouncycastle.crypto, org.bouncycastle.crypto.digests, org.bouncycastle.crypto.encodings, org.bouncycastle.crypto.engines, org.bouncycastle.crypto.modes, org.bouncycastle.crypto.params, org.bouncycastle.crypto.signers, org.bouncycastle.jce, org.bouncycastle.jce.provider, org.bouncycastle.jce.spec, org.bouncycastle.math.ec, org.bouncycastle.util
Views
Replies
Total Likes
Found my solution. It seems that the org.osgi.framework.system.packages.extra parm does not like wildcards. I had to explicitly add each package used from the bouncycastle jar. This was after I set up bouncycastle as a security provider and placed the jar in the jre*/lib/ext folder that cq was using. I found which packages I need by not importing anything on the pom during the build.
org.osgi.framework.system.packages.extra=org.bouncycastle.asn1,org.bouncycastle.asn1.sec,org.bouncycastle.asn1.x9, org.bouncycastle.crypto, org.bouncycastle.crypto.digests, org.bouncycastle.crypto.encodings, org.bouncycastle.crypto.engines, org.bouncycastle.crypto.modes, org.bouncycastle.crypto.params, org.bouncycastle.crypto.signers, org.bouncycastle.jce, org.bouncycastle.jce.provider, org.bouncycastle.jce.spec, org.bouncycastle.math.ec, org.bouncycastle.util
Views
Replies
Total Likes
Are you starting AEM from double clicking or through start up script? Because location of sling.properties deponds on method you are starting.
Views
Replies
Total Likes
Nice work -- thanks for posting the solution.
Views
Replies
Total Likes
Views
Likes
Replies