[kepler-dev] Bouncy Castle issue within Kepler

Matt Jones jones at nceas.ucsb.edu
Wed Sep 3 09:13:19 PDT 2008 

Hi Michal,

We certainly would be willing to upgrade the jar file if it doesn't cause
problems for other components in Kepler.  I wonder if the only issue is that
the new version of the jar file is signed, and the old one is not?  If this
is the case, we also could look into getting a signed version of the 117 jar
file.

Aaron -- can you look at the other classes that depend on this jar file and
determine if an upgrade will break anything?  If it looks safe, could you
replace it?

Matt

On Wed, Sep 3, 2008 at 3:01 AM, Michal Owsiak <michalo at man.poznan.pl> wrote:

> Hi,
>
> I am trying to develop an actor which will be able to use grid proxy. To
> manipulate the proxy I am using bouncy castle library - and here come the
> troubles.
>
> When I try to use jce-jdk13-117.jar library (which is distributed along
> with Kepler)  I get an error while accessing the private key:
>
> Following code (org.globus.gsi.bc.BouncyCastleOpenSSLKey is located inside
> cog-jglobus.jar)
>
> --- CUT ---
> OpenSSLKey key = new
> org.globus.gsi.bc.BouncyCastleOpenSSLKey(userPrivateKeyPath);
>
> if (key.isEncrypted()) {
>        key.decrypt(userPrivateKeyPassword);
> }
> --- CUT ---
>
> throws an exception:
>
> Exception in thread "main" java.lang.SecurityException: JCE cannot
> authenticate the provider BC
>        at javax.crypto.Cipher.getInstance(DashoA12275)
>        at javax.crypto.Cipher.getInstance(DashoA12275)
>        at org.globus.gsi.OpenSSLKey.getCipher(OpenSSLKey.java:341)
>        at org.globus.gsi.OpenSSLKey.decrypt(OpenSSLKey.java:208)
>        at org.globus.gsi.OpenSSLKey.decrypt(OpenSSLKey.java:187)
>        at
> example.tutorial.ProxyHelper.createUserPrivateKey(ProxyHelper.java:134)
>        at example.tutorial.ProxyHelper.createProxy(ProxyHelper.java:60)
>        at example.tutorial.ProxyHelper.main(ProxyHelper.java:167)
> Caused by: java.util.jar.JarException:
> file:/home/michalo/Kepler-1.0.0/lib/jar/jce-jdk13-117.jar is not signed.
>
>
> When I replace jce-jdk13-117.jar with jce-jdk13-120.jar everything works
> just fine (jce-jdk13-120.jar is signed).
>
> shell>jarsigner -verify -certs -verbose jce-jdk13-120.jar~ | more
>
>       98759 Thu Dec 29 16:23:56 CET 2005 META-INF/MANIFEST.MF
>       98552 Thu Dec 29 16:23:56 CET 2005 META-INF/BCKEY.SF
>        2213 Thu Dec 29 16:23:56 CET 2005 META-INF/BCKEY.DSA
>           0 Thu Dec 29 16:16:38 CET 2005 META-INF/
>           0 Thu Dec 29 16:16:36 CET 2005 javax/
>           0 Thu Dec 29 16:16:36 CET 2005 javax/crypto/
> sm       235 Thu Dec 29 16:16:36 CET 2005
> javax/crypto/BadPaddingException.class
>
>      X.509, CN=The Legion of the Bouncy Castle, OU=Java Software Code
> Signing,
> O=Sun Microsystems Inc
>      [certificate will expire on 9/28/08 2:16 AM]
>      X.509, CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Sun
> Micros
> ystems Inc, L=Palo Alto, ST=CA, C=US
>      [certificate is valid from 4/25/01 9:00 AM to 4/25/20 9:00 AM]
>      [NetscapeCertType extension does not support code signing]
>
> shell>jarsigner -verify jce-jdk13-117.jar
> no manifest.
> jar is unsigned. (signatures missing or not parsable)
>
>
> Does anyone know how can I overcome this issue? What I do now is replacing
> jce-jdk13-117.jar with jce-jdk13-120.jar (but this is not a solution because
> jce-jdk13-117.jar comes with default Kepler installation). Is it possible to
> upgrade jce-jdk13-117.jar to jce-jdk13-120.jar within Kepler installation?
>
> Cheers
>
> --
> Michal Owsiak <michalo at man.poznan.pl>
> Poznan Supercomputing and Networking Center
> ul. Noskowskiego 10, 61-704 Poznan, POLAND
> http://www.man.poznan.pl
> _______________________________________________
> Kepler-dev mailing list
> Kepler-dev at ecoinformatics.org
> http://mercury.nceas.ucsb.edu/ecoinformatics/mailman/listinfo/kepler-dev
>



-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Matthew B. Jones
Director of Informatics Research and Development
National Center for Ecological Analysis and Synthesis (NCEAS)
UC Santa Barbara
jones at nceas.ucsb.edu                       Ph: 1-907-523-1960
http://www.nceas.ucsb.edu/ecoinfo
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mercury.nceas.ucsb.edu/ecoinformatics/pipermail/kepler-dev/attachments/20080903/497be2c4/attachment.html>

More information about the Kepler-dev mailing list