Using bouncy castle v1.58, Tomcat 8.5, java 1.8. I have the unlimited security policy files installed, the BC jars in my WEB-INF/lib directory and in order to register the BC provider, I do
static { Security.addProvider(new BouncyCastleProvider()); } in a utility class that handles the keyring setup/encryption/decryption methods for me. This works great until I update the jar that contains my utility class and reload the webapp. Then I get an exception thrown from it being unable to locate the BC provider. mypackage.crypto.CryptoException: org.bouncycastle.openpgp.PGPException: exception on setup: java.security.NoSuchAlgorithmException: class configured for MessageDigest (provider: BC) cannot be found. at mypackage.crypto.PGPUtils.decrypt(PGPUtils.java:304) ~[mypackage.jar:na] at mypackage.web.action.user.priv.settings.View.view(View.java:139) ~[classes/:na] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_141] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_141] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_141] at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_141] at net.sourceforge.stripes.controller.DispatcherHelper$6.intercept(DispatcherHelper.java:456) [stripes-1.6.0.jar:1.6.0] at net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:176) [stripes-1.6.0.jar:1.6.0] at mypackage.web.interceptors.AuthenticateInterceptor.intercept(AuthenticateInterceptor.java:41) [classes/:na] at net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:173) [stripes-1.6.0.jar:1.6.0] at net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113) [stripes-1.6.0.jar:1.6.0] at net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:173) [stripes-1.6.0.jar:1.6.0] at net.sourceforge.stripes.controller.ExecutionContext.wrap(ExecutionContext.java:86) [stripes-1.6.0.jar:1.6.0] at net.sourceforge.stripes.controller.DispatcherHelper.invokeEventHandler(DispatcherHelper.java:454) [stripes-1.6.0.jar:1.6.0] at net.sourceforge.stripes.controller.DispatcherServlet.invokeEventHandler(DispatcherServlet.java:278) [stripes-1.6.0.jar:1.6.0] at net.sourceforge.stripes.controller.DispatcherServlet.service(DispatcherServlet.java:160) [stripes-1.6.0.jar:1.6.0] at javax.servlet.http.HttpServlet.service(HttpServlet.java:742) [servlet-api.jar:na] at net.sourceforge.stripes.controller.DynamicMappingFilter$2.doFilter(DynamicMappingFilter.java:464) [stripes-1.6.0.jar:1.6.0] at net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:260) [stripes-1.6.0.jar:1.6.0] at net.sourceforge.stripes.controller.DynamicMappingFilter.doFilter(DynamicMappingFilter.java:451) [stripes-1.6.0.jar:1.6.0] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.23] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.23] at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176) [urlrewritefilter-4.0.3.jar:4.0.3] at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145) [urlrewritefilter-4.0.3.jar:4.0.3] at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92) [urlrewritefilter-4.0.3.jar:4.0.3] at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:394) [urlrewritefilter-4.0.3.jar:4.0.3] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.23] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.23] at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:108) [catalina.jar:8.5.23] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.23] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.23] at ch.qos.logback.classic.helpers.MDCInsertingServletFilter.doFilter(MDCInsertingServletFilter.java:51) [logback-classic-1.0.9.jar:na] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.23] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.23] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) [catalina.jar:8.5.23] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [catalina.jar:8.5.23] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:595) [catalina.jar:8.5.23] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) [catalina.jar:8.5.23] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) [catalina.jar:8.5.23] at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650) [catalina.jar:8.5.23] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) [catalina.jar:8.5.23] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) [catalina.jar:8.5.23] at org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:486) [tomcat-coyote.jar:8.5.23] at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-coyote.jar:8.5.23] at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) [tomcat-coyote.jar:8.5.23] at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459) [tomcat-coyote.jar:8.5.23] at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-coyote.jar:8.5.23] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_141] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_141] at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:8.5.23] at java.lang.Thread.run(Thread.java:748) [na:1.8.0_141] Caused by: org.bouncycastle.openpgp.PGPException: exception on setup: java.security.NoSuchAlgorithmException: class configured for MessageDigest (provider: BC) cannot be found. at org.bouncycastle.openpgp.operator.jcajce.JcaPGPDigestCalculatorProviderBuilder$1.get(Unknown Source) ~[bcpg-jdk15on-157.jar:1.57.0] at org.bouncycastle.openpgp.operator.PGPUtil.makeKeyFromPassPhrase(Unknown Source) ~[bcpg-jdk15on-157.jar:1.57.0] at org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor.makeKeyFromPassPhrase(Unknown Source) ~[bcpg-jdk15on-157.jar:1.57.0] at org.bouncycastle.openpgp.PGPSecretKey.extractKeyData(Unknown Source) ~[bcpg-jdk15on-157.jar:1.57.0] at org.bouncycastle.openpgp.PGPSecretKey.extractPrivateKey(Unknown Source) ~[bcpg-jdk15on-157.jar:1.57.0] at mypackage.crypto.PGPUtils.extractPrivateKey(PGPUtils.java:347) ~[mypackage.jar:na] at mypackage.crypto.PGPUtils.decrypt(PGPUtils.java:263) ~[mypackage.jar:na] ... 50 common frames omitted Caused by: java.security.NoSuchAlgorithmException: class configured for MessageDigest (provider: BC) cannot be found. at java.security.Provider$Service.getImplClass(Provider.java:1649) ~[na:1.8.0_141] at java.security.Provider$Service.newInstance(Provider.java:1592) ~[na:1.8.0_141] at sun.security.jca.GetInstance.getInstance(GetInstance.java:236) ~[na:1.8.0_141] at sun.security.jca.GetInstance.getInstance(GetInstance.java:206) ~[na:1.8.0_141] at java.security.Security.getImpl(Security.java:698) ~[na:1.8.0_141] at java.security.MessageDigest.getInstance(MessageDigest.java:227) ~[na:1.8.0_141] at org.bouncycastle.jcajce.util.NamedJcaJceHelper.createDigest(Unknown Source) ~[bcprov-jdk15on-157.jar:1.57.0] at org.bouncycastle.openpgp.operator.jcajce.OperatorHelper.createDigest(Unknown Source) ~[bcpg-jdk15on-157.jar:1.57.0] ... 57 common frames omitted Caused by: java.lang.ClassNotFoundException: Illegal access: this web application instance has been stopped already. Could not load [org.bouncycastle.jcajce.provider.digest.SHA256$Digest]. The following stack trace is thrown for debugging purposes as well as to attempt to terminate the thread which caused the illegal access. at org.apache.catalina.loader.WebappClassLoaderBase.checkStateForClassLoading(WebappClassLoaderBase.java:1301) ~[catalina.jar:8.5.23] at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1158) ~[catalina.jar:8.5.23] at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1119) ~[catalina.jar:8.5.23] at java.security.Provider$Service.getImplClass(Provider.java:1636) ~[na:1.8.0_141] ... 64 common frames omitted Caused by: java.lang.IllegalStateException: Illegal access: this web application instance has been stopped already. Could not load [org.bouncycastle.jcajce.provider.digest.SHA256$Digest]. The following stack trace is thrown for debugging purposes as well as to attempt to terminate the thread which caused the illegal access. at org.apache.catalina.loader.WebappClassLoaderBase.checkStateForResourceLoading(WebappClassLoaderBase.java:1311) ~[catalina.jar:8.5.23] at org.apache.catalina.loader.WebappClassLoaderBase.checkStateForClassLoading(WebappClassLoaderBase.java:1299) ~[catalina.jar:8.5.23] ... 67 common frames omitted As soon as I restart Tomcat it's ok. If I reload tomcat after changing anything else but the jar containing my crypto utility class, it is also OK. It is only when the jar containing the crypto stuff is updated (not the BC libraries though) that the classloader loses the BC provider. If I move the call Security.addProvider(new BouncyCastleProvider()) into the contextInitialized() method of a ServletContextListener, everything works on reloading a webapp, no matter what classes or jars I update. Can someone explain why the static initializer breaks down here please? --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org