Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!
SOLVED

BouncyCastle

Avatar

Former Community Member
10/15/15 7:28:47 PM

I'm running CQ5.6.1 on windows 7 sp1.

OK, I'm attempting to use JWT via NImbus which uses BouncyCastle in a filter.  My problem is with the BouncyCastle bundle.  It is signed.  When I install the bcprov-jdk15on-1.49.jar it appears that felix is re-bundling it and missing up the signature.  When running I get "java.lang.SecurityException: JCE cannot authenticate the provider BC" which means the signature is hosed.  Looking at the bundle in the console I can see that all the digest info is missing from the manifest headers that is contained in the original bundle.

Next I tried to add BouncyCastle to \jre6\lib\ext and update \jre6\lib\security\java.security to add BouncyCastle as a security provider.  I get "Unresolved constraint in bundle xxxxx: Unable to resolve 293.2: missing requirement [293.2] osgi.wiring.package; (osgi.wiring.package=org.bouncycastle.asn1)" which means it isn't finding the jar thru the java run time engine.

I tried adding the jar to the sling.properties "org.osgi.framework.system.packages.extra=org.bouncycastle.*" and/or "org.osgi.framework.bootdelegation=org.bouncycastle.*, ${org.apache.sling.launcher.bootdelegation}" in the \author\crx-quickstart directory.  Again I get "Unresolved constraint in bundle xxxxx: Unable to resolve 293.2: missing requirement [293.2] osgi.wiring.package; (osgi.wiring.package=org.bouncycastle.asn1)".

Can anyone point out what I am doing wrong or have a totally different solution to get BouncyCastle working inside of CQ?

Thanks!

Views

2.4K

Replies

3

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Former Community Member
10/15/15 7:28:47 PM

Found my solution.  It seems that the org.osgi.framework.system.packages.extra parm does not like wildcards.  I had to explicitly add each package used from the bouncycastle jar.  This was after I set up bouncycastle as a security provider and placed the jar in the jre*/lib/ext folder that cq was using.  I found which packages I need by not importing anything on the pom during the build.

org.osgi.framework.system.packages.extra=org.bouncycastle.asn1,org.bouncycastle.asn1.sec,org.bouncycastle.asn1.x9, org.bouncycastle.crypto, org.bouncycastle.crypto.digests, org.bouncycastle.crypto.encodings, org.bouncycastle.crypto.engines, org.bouncycastle.crypto.modes, org.bouncycastle.crypto.params, org.bouncycastle.crypto.signers, org.bouncycastle.jce, org.bouncycastle.jce.provider, org.bouncycastle.jce.spec, org.bouncycastle.math.ec, org.bouncycastle.util 
 

View solution in original post

Views

1.9K

Replies

0

Total Likes

Translate
Translate
Jump to reply
3 Replies

Avatar

Correct answer by
Former Community Member
10/15/15 7:28:47 PM

Found my solution.  It seems that the org.osgi.framework.system.packages.extra parm does not like wildcards.  I had to explicitly add each package used from the bouncycastle jar.  This was after I set up bouncycastle as a security provider and placed the jar in the jre*/lib/ext folder that cq was using.  I found which packages I need by not importing anything on the pom during the build.

org.osgi.framework.system.packages.extra=org.bouncycastle.asn1,org.bouncycastle.asn1.sec,org.bouncycastle.asn1.x9, org.bouncycastle.crypto, org.bouncycastle.crypto.digests, org.bouncycastle.crypto.encodings, org.bouncycastle.crypto.engines, org.bouncycastle.crypto.modes, org.bouncycastle.crypto.params, org.bouncycastle.crypto.signers, org.bouncycastle.jce, org.bouncycastle.jce.provider, org.bouncycastle.jce.spec, org.bouncycastle.math.ec, org.bouncycastle.util 
 

Views

1.9K

Replies

0

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 10
Level 10
10/15/15 7:28:47 PM

Are you starting AEM from double clicking or through start up script? Because location of sling.properties deponds on method you are starting.

Views

1.9K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 10
Level 10
10/15/15 7:28:47 PM

Nice work -- thanks for posting the solution. 

Views

1.9K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
how do I use BouncyCastle libraries in my maven project? Solved

Views

2.9K

Likes

0

Replies

3
AEM 6.5 Authentication Cipher issue with BouncyCastle that doesn't appear in 6.3 Solved

Views

3.2K

Likes

0

Replies

9
Bouncycastle | JCE SecurityException Solved

Views

2.3K

Likes

0

Replies

2
The following has evaluated to null or missing: ==> liqladmin("SELECT id, value FROM metrics WHERE id = 'net_accepted_solutions' and user.id = '${acceptedAnswer.author.id}'").data.items [in template "analytics-container" at line 83, column 41] ---- Tip: It's the step after the last dot that caused this error, not those before it. ---- Tip: If the failing expression is known to be legally refer to something that's sometimes null or missing, either specify a default value like myOptionalVar!myDefault, or use <#if myOptionalVar??>when-present<#else>when-missing. (These only cover the last step of the expression; to cover the whole expression, use parenthesis: (myOptionalVar.foo)!myDefault, (myOptionalVar.foo)?? ---- ---- FTL stack trace ("~" means nesting-related): - Failed at: #assign answerAuthorNetSolutions = li... [in template "analytics-container" at line 83, column 5] ----