Uploaded image for project: 'SignServer'
  1. SignServer
  2. DSS-1076

Bouncy Castle is not removed as provider when application undeployes

    Details

      Description

      This can cause issues in JBoss during configuration of the sockets/web connectors as it tries to undeploy SignServer and then when it tries to load a keystore it seems to try to use the now undeployed BC code:

      15:16:24,640 INFO [org.jboss.as.server.deployment.scanner] (MSC service thread 1-3) JBAS015012: Started FileSystemDeploymentService for directory /opt/jboss-eap-6.4/standalone/deployments
      15:16:24,677 INFO [org.apache.coyote.http11.Http11Protocol] (MSC service thread 1-1) JBWEB003001: Coyote HTTP/1.1 initializing on : http-/127.0.0.1:8080
      15:16:24,680 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service jboss.web.connector.httpspriv: org.jboss.msc.service.StartException in service jboss.web.connector.httpspriv: Failed to start service
      at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1936) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1]
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_65]
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_65]
      at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_65]
      Caused by: java.lang.NoClassDefFoundError: Could not initialize class org.apache.tomcat.util.net.jsse.JSSESocketFactory
      at org.apache.tomcat.util.net.jsse.JSSEFactory.getSocketFactory(JSSEFactory.java:42)
      at org.apache.tomcat.util.net.jsse.JSSEImplementation.getServerSocketFactory(JSSEImplementation.java:56)
      at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:153)
      at org.apache.catalina.connector.Connector.init(Connector.java:986)
      at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:318)
      at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1980) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1]
      at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1913) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1]
      ... 3 more

      15:16:24,688 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC000001: Failed to start service jboss.web.connector.httpspub: org.jboss.msc.service.StartException in service jboss.web.connector.httpspub: Failed to start service
      at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1936) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1]
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_65]
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_65]
      at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_65]
      Caused by: java.lang.NoClassDefFoundError: org/bouncycastle/jce/spec/ECPublicKeySpec
      at org.bouncycastle.jcajce.provider.asymmetric.ec.KeyFactorySpi.engineGeneratePublic(Unknown Source)
      at java.security.KeyFactory.generatePublic(KeyFactory.java:334) [rt.jar:1.8.0_65]
      at sun.security.x509.X509Key.buildX509Key(X509Key.java:223) [rt.jar:1.8.0_65]
      at sun.security.x509.X509Key.parse(X509Key.java:170) [rt.jar:1.8.0_65]
      at sun.security.x509.CertificateX509Key.<init>(CertificateX509Key.java:75) [rt.jar:1.8.0_65]
      at sun.security.x509.X509CertInfo.parse(X509CertInfo.java:667) [rt.jar:1.8.0_65]
      at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:167) [rt.jar:1.8.0_65]
      at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1806) [rt.jar:1.8.0_65]
      at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:195) [rt.jar:1.8.0_65]
      at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:100) [rt.jar:1.8.0_65]
      at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339) [rt.jar:1.8.0_65]
      at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:755) [rt.jar:1.8.0_65]
      at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) [rt.jar:1.8.0_65]
      at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:225) [rt.jar:1.8.0_65]
      at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) [rt.jar:1.8.0_65]
      at java.security.KeyStore.load(KeyStore.java:1445) [rt.jar:1.8.0_65]
      at sun.security.ssl.TrustManagerFactoryImpl.getCacertsKeyStore(TrustManagerFactoryImpl.java:226) [jsse.jar:1.8.0_65]
      at sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:50) [jsse.jar:1.8.0_65]
      at javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:250) [rt.jar:1.8.0_65]
      at sun.security.ssl.SSLContextImpl.engineInit(SSLContextImpl.java:81) [jsse.jar:1.8.0_65]
      at javax.net.ssl.SSLContext.init(SSLContext.java:282) [rt.jar:1.8.0_65]
      at org.apache.tomcat.util.net.jsse.JSSESocketFactory.<clinit>(JSSESocketFactory.java:109)
      at org.apache.tomcat.util.net.jsse.JSSEFactory.getSocketFactory(JSSEFactory.java:42)
      at org.apache.tomcat.util.net.jsse.JSSEImplementation.getServerSocketFactory(JSSEImplementation.java:56)
      at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:153)
      at org.apache.catalina.connector.Connector.init(Connector.java:986)
      at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:318)
      at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1980) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1]
      at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1913) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1]
      ... 3 more
      Caused by: java.lang.ClassNotFoundException: org.bouncycastle.jce.spec.ECPublicKeySpec from [Module "deployment.signserver.ear:main" from Service Module Loader]
      at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:213) [jboss-modules.jar:1.3.6.Final-redhat-1]
      at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:459) [jboss-modules.jar:1.3.6.Final-redhat-1]
      at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:408) [jboss-modules.jar:1.3.6.Final-redhat-1]
      at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:389) [jboss-modules.jar:1.3.6.Final-redhat-1]
      at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:134) [jboss-modules.jar:1.3.6.Final-redhat-1]
      ... 32 more

      15:16:24,705 INFO [org.apache.coyote.http11.Http11Protocol] (MSC service thread 1-1) JBWEB003000: Coyote HTTP/1.1 starting on: http-/127.0.0.1:8080

      Way to reproduce:
      ===
      1. Make sure SignServer is already deployed to the application server but the appserver is not yet configured for HTTPS
      2. Follow the TLS keystore instructions in the manual up to the ":reload"
      3. After the ":reload" notice the output from JBoss
      Expected: The reload is successfull no unexpected stacktraces
      Actual: The above stacktrace with the NoClassDefFoundError: org/bouncycastle/jce/spec/ECPublicKeySpec
      ===

      Workaround:
      Simply restart the application server

      Fix:

      • Add a Security.removeProvider("BC") to the destroy method of the StartServicesServlet.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              markus Markus Kilås
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:

                  Time Tracking

                  Estimated:
                  Original Estimate - 2 hours
                  2h
                  Remaining:
                  Remaining Estimate - 2 hours
                  2h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified