https://bz.apache.org/bugzilla/show_bug.cgi?id=57736
Bug ID: 57736
Summary: changes from Tomcat 7 to Tomcat 8 causing problems
Product: Tomcat 8
Version: 8.0.20
Hardware: PC
OS: Windows NT
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: frank.hol...@gmx.de
Our webapp is using bouncycastle security provider, which was packed within the
WEB-INF/lib folder.
Furthermore our webapp run within a tomcat environment, which uses
unpackWars="false".
This woked fine with Tomcat6 and Tomcat7. After switching to Tomcat8 we got an
exception:
Caused by: java.lang.SecurityException: JCE cannot authenticate the provider BC
at javax.crypto.Cipher.getInstance(Cipher.java:642)
at javax.crypto.Cipher.getInstance(Cipher.java:580)
at
de.balvi.xmljobs.job.domain.JobParameterType$PasswordJobParameterType.createCipher(JobParameterType.java:200)
at
de.balvi.xmljobs.job.domain.JobParameterType$PasswordJobParameterType.toPersistent(JobParameterType.java:169)
... 96 more
Caused by: java.util.jar.JarException:
jar:file:/D:/Java_Bin/BALVI_TOMCAT/webapps/ROOT.war!/WEB-INF/lib/bcprov-jdk15on-1.51.jar
has unsigned entries - WEB-INF/css/bootstrap-responsive.min.css
at javax.crypto.JarVerifier.verifySingleJar(JarVerifier.java:462)
at javax.crypto.JarVerifier.verifyJars(JarVerifier.java:322)
at javax.crypto.JarVerifier.verify(JarVerifier.java:250)
at javax.crypto.JceSecurity.verifyProviderJar(JceSecurity.java:161)
at javax.crypto.JceSecurity.getVerificationResult(JceSecurity.java:187)
at javax.crypto.Cipher.getInstance(Cipher.java:638)
at javax.crypto.Cipher.getInstance(Cipher.java:580)
at
de.balvi.xmljobs.job.domain.JobParameterType$PasswordJobParameterType.createCipher(JobParameterType.java:200)
The exception "java.util.jar.JarException:
jar:file:/D:/Java_Bin/BALVI_TOMCAT/webapps/ROOT.war!/WEB-INF/lib/bcprov-jdk15on-1.51.jar
has unsigned entries - WEB-INF/css/bootstrap-responsive.min.css"
states to an entry of the WAR itself instead of an entry of the
bcprov-jdk150-1.51.jar.
Extract from
JobParameterType$PasswordJobParameterType.createCipher(JobParameterType.java:200)
states to
private Cipher createCipher(int encryptMode) throws
NoSuchAlgorithmException, NoSuchProviderException,
NoSuchPaddingException, InvalidKeyException,
InvalidAlgorithmParameterException {
// Register BouncyCastleProvider
Security.addProvider(new BouncyCastleProvider());
// Create the IV Key
AlgorithmParameterSpec IVspec = new IvParameterSpec(getIV128Key());
// Create the Cipher für Decrypting
Cipher encryptCipher = Cipher.getInstance("AES/CBC/PKCS5Padding",
"BC"); // <== line 200
SecretKey keyValue = new SecretKeySpec(getAES128Key(), "AES");
encryptCipher.init(encryptMode, keyValue, IVspec);
return encryptCipher;
}
As workaround, i removed the bouncycastle provider from the WEB-INF/lib and put
it to CATALINA_BASE/lib.
A second problem occured, when a uri resource is loaded from a jar inside a
unpacked war:
com.mycila.xmltool.XMLDocumentException: Validation failed: Illegal character
in opaque part at index 55:
jar:war:file:/D:/Java_Bin/BALVI_TOMCAT/webapps/ROOT.war^/WEB-INF/lib/xmljobs-1.1.1.jar!/xmljobs/groovy-flow-1.0.xsd
The RFC 2396 "URI Generic Syntax" says, the char ^ is an "unwise" uri char,
which causes a java.net.URISyntaxException in our environment.
As workaround, we changed the resource loader to return a Stream instead of the
uri string.
Both problems are reproducable with any java platform. (Tried Java 7/8 on
Windows X86_64, Linux X86_64) with Tomcat 8. Tomcat 7 has no problem.
Please check the changes form 7 to 8.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
