Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

BouncyCastle

Avatar

Former Community Member

I'm running CQ5.6.1 on windows 7 sp1.

OK, I'm attempting to use JWT via NImbus which uses BouncyCastle in a filter.  My problem is with the BouncyCastle bundle.  It is signed.  When I install the bcprov-jdk15on-1.49.jar it appears that felix is re-bundling it and missing up the signature.  When running I get "java.lang.SecurityException: JCE cannot authenticate the provider BC" which means the signature is hosed.  Looking at the bundle in the console I can see that all the digest info is missing from the manifest headers that is contained in the original bundle.

Next I tried to add BouncyCastle to \jre6\lib\ext and update \jre6\lib\security\java.security to add BouncyCastle as a security provider.  I get "Unresolved constraint in bundle xxxxx: Unable to resolve 293.2: missing requirement [293.2] osgi.wiring.package; (osgi.wiring.package=org.bouncycastle.asn1)" which means it isn't finding the jar thru the java run time engine.

I tried adding the jar to the sling.properties "org.osgi.framework.system.packages.extra=org.bouncycastle.*" and/or "org.osgi.framework.bootdelegation=org.bouncycastle.*, ${org.apache.sling.launcher.bootdelegation}" in the \author\crx-quickstart directory.  Again I get "Unresolved constraint in bundle xxxxx: Unable to resolve 293.2: missing requirement [293.2] osgi.wiring.package; (osgi.wiring.package=org.bouncycastle.asn1)".

Can anyone point out what I am doing wrong or have a totally different solution to get BouncyCastle working inside of CQ?

Thanks!

1 Accepted Solution

Avatar

Correct answer by
Former Community Member

Found my solution.  It seems that the org.osgi.framework.system.packages.extra parm does not like wildcards.  I had to explicitly add each package used from the bouncycastle jar.  This was after I set up bouncycastle as a security provider and placed the jar in the jre*/lib/ext folder that cq was using.  I found which packages I need by not importing anything on the pom during the build.

org.osgi.framework.system.packages.extra=org.bouncycastle.asn1,org.bouncycastle.asn1.sec,org.bouncycastle.asn1.x9, org.bouncycastle.crypto, org.bouncycastle.crypto.digests, org.bouncycastle.crypto.encodings, org.bouncycastle.crypto.engines, org.bouncycastle.crypto.modes, org.bouncycastle.crypto.params, org.bouncycastle.crypto.signers, org.bouncycastle.jce, org.bouncycastle.jce.provider, org.bouncycastle.jce.spec, org.bouncycastle.math.ec, org.bouncycastle.util 
 

View solution in original post

3 Replies

Avatar

Correct answer by
Former Community Member

Found my solution.  It seems that the org.osgi.framework.system.packages.extra parm does not like wildcards.  I had to explicitly add each package used from the bouncycastle jar.  This was after I set up bouncycastle as a security provider and placed the jar in the jre*/lib/ext folder that cq was using.  I found which packages I need by not importing anything on the pom during the build.

org.osgi.framework.system.packages.extra=org.bouncycastle.asn1,org.bouncycastle.asn1.sec,org.bouncycastle.asn1.x9, org.bouncycastle.crypto, org.bouncycastle.crypto.digests, org.bouncycastle.crypto.encodings, org.bouncycastle.crypto.engines, org.bouncycastle.crypto.modes, org.bouncycastle.crypto.params, org.bouncycastle.crypto.signers, org.bouncycastle.jce, org.bouncycastle.jce.provider, org.bouncycastle.jce.spec, org.bouncycastle.math.ec, org.bouncycastle.util 
 

Avatar

Level 10

Are you starting AEM from double clicking or through start up script? Because location of sling.properties deponds on method you are starting.

Avatar

Level 10

Nice work -- thanks for posting the solution. 

The following has evaluated to null or missing: ==> liqladmin("SELECT id, value FROM metrics WHERE id = 'net_accepted_solutions' and user.id = '${acceptedAnswer.author.id}'").data.items [in template "analytics-container" at line 83, column 41] ---- Tip: It's the step after the last dot that caused this error, not those before it. ---- Tip: If the failing expression is known to be legally refer to something that's sometimes null or missing, either specify a default value like myOptionalVar!myDefault, or use <#if myOptionalVar??>when-present<#else>when-missing. (These only cover the last step of the expression; to cover the whole expression, use parenthesis: (myOptionalVar.foo)!myDefault, (myOptionalVar.foo)?? ---- ---- FTL stack trace ("~" means nesting-related): - Failed at: #assign answerAuthorNetSolutions = li... [in template "analytics-container" at line 83, column 5] ----