Expand my Community achievements bar.

SOLVED

JCE cannot authenticate the provider BC issue in AEM 6.5 with Java 11

Avatar

Level 2

We are using BouncyCastle for encryption. It was working fine in AEM 6.4 with Java 8. When we are doing the migration to AEM 6.5 with java 11, we are facing issues while using this library. We are getting following error: "JCE cannot authenticate the provider BC".

 

Can someone suggest the solution for this issue?

 

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

6.5
1 Accepted Solution

Avatar

Correct answer by
Level 2

I have raised this case on Adobe support and they explained issue behind this issue. Solution provided them is also working.

 

Reason:

The BundleProtectionDomain has been updated since 6.4 and seems to be breaking in 6.5 because of the ProtectionDomain Code Source returning a different value. In 6.4 and below, it returns a jar input type in the CodeSource and location of:
jar:bundle://546.0:0/!/

Whereas in 6.5, although the Protection Domain is set the same (for the most part- [bcprov [583](R 583.0)]) as in 6.4 [bcprov [546](R 546.0)] - the CodeSource value returns the actual jar name and "bundle install method" which is not compliant with java URL: (inputstream:bcprov-jdk15to18-166.jar)

Solution:

1. Place the bouncycastle jar under crx-quickstart\launchpad\ext (you may have to create the directory)
2. Add the following to the sling.properties:
sling.bootdelegation.class.org.bouncycastle.jce.provider.BouncyCastleProvider=org.bouncycastle.*
sling.bootdelegation.class.com.rsa.jsafe.provider.JsafeJCE=com.rsa.*

 

This solution is working fine for me.

View solution in original post

1 Reply

Avatar

Correct answer by
Level 2

I have raised this case on Adobe support and they explained issue behind this issue. Solution provided them is also working.

 

Reason:

The BundleProtectionDomain has been updated since 6.4 and seems to be breaking in 6.5 because of the ProtectionDomain Code Source returning a different value. In 6.4 and below, it returns a jar input type in the CodeSource and location of:
jar:bundle://546.0:0/!/

Whereas in 6.5, although the Protection Domain is set the same (for the most part- [bcprov [583](R 583.0)]) as in 6.4 [bcprov [546](R 546.0)] - the CodeSource value returns the actual jar name and "bundle install method" which is not compliant with java URL: (inputstream:bcprov-jdk15to18-166.jar)

Solution:

1. Place the bouncycastle jar under crx-quickstart\launchpad\ext (you may have to create the directory)
2. Add the following to the sling.properties:
sling.bootdelegation.class.org.bouncycastle.jce.provider.BouncyCastleProvider=org.bouncycastle.*
sling.bootdelegation.class.com.rsa.jsafe.provider.JsafeJCE=com.rsa.*

 

This solution is working fine for me.