Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

JCE cannot authenticate the provider BC issue in AEM 6.5 with Java 11

vibhuranjan21
Level 2
Level 2

We are using BouncyCastle for encryption. It was working fine in AEM 6.4 with Java 8. When we are doing the migration to AEM 6.5 with java 11, we are facing issues while using this library. We are getting following error: "JCE cannot authenticate the provider BC".

 

Can someone suggest the solution for this issue?

 

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

6.5
1 Accepted Solution
vibhuranjan21
Correct answer by
Level 2
Level 2

I have raised this case on Adobe support and they explained issue behind this issue. Solution provided them is also working.

 

Reason:

The BundleProtectionDomain has been updated since 6.4 and seems to be breaking in 6.5 because of the ProtectionDomain Code Source returning a different value. In 6.4 and below, it returns a jar input type in the CodeSource and location of:
jar:bundle://546.0:0/!/

Whereas in 6.5, although the Protection Domain is set the same (for the most part- [bcprov [583](R 583.0)]) as in 6.4 [bcprov [546](R 546.0)] - the CodeSource value returns the actual jar name and "bundle install method" which is not compliant with java URL: (inputstream:bcprov-jdk15to18-166.jar)

Solution:

1. Place the bouncycastle jar under crx-quickstart\launchpad\ext (you may have to create the directory)
2. Add the following to the sling.properties:
sling.bootdelegation.class.org.bouncycastle.jce.provider.BouncyCastleProvider=org.bouncycastle.*
sling.bootdelegation.class.com.rsa.jsafe.provider.JsafeJCE=com.rsa.*

 

This solution is working fine for me.

View solution in original post

1 Reply
vibhuranjan21
Correct answer by
Level 2
Level 2

I have raised this case on Adobe support and they explained issue behind this issue. Solution provided them is also working.

 

Reason:

The BundleProtectionDomain has been updated since 6.4 and seems to be breaking in 6.5 because of the ProtectionDomain Code Source returning a different value. In 6.4 and below, it returns a jar input type in the CodeSource and location of:
jar:bundle://546.0:0/!/

Whereas in 6.5, although the Protection Domain is set the same (for the most part- [bcprov [583](R 583.0)]) as in 6.4 [bcprov [546](R 546.0)] - the CodeSource value returns the actual jar name and "bundle install method" which is not compliant with java URL: (inputstream:bcprov-jdk15to18-166.jar)

Solution:

1. Place the bouncycastle jar under crx-quickstart\launchpad\ext (you may have to create the directory)
2. Add the following to the sling.properties:
sling.bootdelegation.class.org.bouncycastle.jce.provider.BouncyCastleProvider=org.bouncycastle.*
sling.bootdelegation.class.com.rsa.jsafe.provider.JsafeJCE=com.rsa.*

 

This solution is working fine for me.

View solution in original post