JCE cannot authenticate the provider BC issue in AEM 6.5 with Java 11

Avatar

Avatar

vibhuranjan21

Avatar

vibhuranjan21

vibhuranjan21

04-02-2021

We are using BouncyCastle for encryption. It was working fine in AEM 6.4 with Java 8. When we are doing the migration to AEM 6.5 with java 11, we are facing issues while using this library. We are getting following error: "JCE cannot authenticate the provider BC".

 

Can someone suggest the solution for this issue?

 

AEM 6.5

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar

vibhuranjan21

Avatar

vibhuranjan21

vibhuranjan21

05-02-2021

I have raised this case on Adobe support and they explained issue behind this issue. Solution provided them is also working.

 

Reason:

The BundleProtectionDomain has been updated since 6.4 and seems to be breaking in 6.5 because of the ProtectionDomain Code Source returning a different value. In 6.4 and below, it returns a jar input type in the CodeSource and location of:
jar:bundle://546.0:0/!/

Whereas in 6.5, although the Protection Domain is set the same (for the most part- [bcprov [583](R 583.0)]) as in 6.4 [bcprov [546](R 546.0)] - the CodeSource value returns the actual jar name and "bundle install method" which is not compliant with java URL: (inputstream:bcprov-jdk15to18-166.jar)

Solution:

1. Place the bouncycastle jar under crx-quickstart\launchpad\ext (you may have to create the directory)
2. Add the following to the sling.properties:
sling.bootdelegation.class.org.bouncycastle.jce.provider.BouncyCastleProvider=org.bouncycastle.*
sling.bootdelegation.class.com.rsa.jsafe.provider.JsafeJCE=com.rsa.*

 

This solution is working fine for me.

Answers (0)