pdfbox-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Evan Williams <evan.willi...@zapprx.com>
Subject Re: Bouncycastle Provider Suddenly Stopped Working wehn I went to PDFBox 2.0
Date Thu, 02 Jul 2015 11:49:48 GMT
But making a standalone jar is not what I am doing. Not at all.

I have a web application that is deployed by maven. No jars were harmed in
the making of this application.

And as I said in my email this always always worked perfectly and I never
ever got this error with 1.8.9. I am compliling exactly the same code and
building and deploying exactly the same way as I always did. The ONLY
difference (aside from completely irrelevant updates to code that is not in
this code path) is that I am using 2.0 rather than 1.8.9. And if I take my
code and edit my pom.xml to use 1.8.9 rather than 2.0 it all works again.

The only thing I am changing is that I use 2.0. If I go back to 1.8.9 it
works again.

What I am going to do is carefully compare the derived dependencies that
maven comes up with to see if there is some important difference there. Or
at least a clue.

Thanks.

On Thu, Jul 2, 2015 at 2:58 AM, Thomas Chojecki <info@rayman2200.de> wrote:

> Hi all,
> for crypto stuff the bc provider need to be signed (provider signature).
> Making a standalone jar (jar with dependencies) will break the signature of
> the jar. So registering the BC as provider will not work. You can see in
> the exception this message "JCE cannot authenticate the provider BC".
>
> Additionally, switching between 1.8.x and 2.0.x brings different BC
> versions which aren't compatible between each other for signing stuff. You
> can force a BC version but then you maybe would have problems with
> encrypted pdf documents.
>
> And as Andreas already said, don't use the pdfbox-app as the base for an
> application, it is for demo / example purpose only. So the users can just
> check some pdfbox features from the command line.
>
> Best regards
> Thomas
>
>
> Zitat von Andreas Lehmkühler <andreas@lehmi.de>:
>
>
>  Hi,
>>
>>  Torgeir Veimo <torgeir.veimo@gmail.com> hat am 2. Juli 2015 um 05:54
>>> geschrieben:
>>>
>>>
>>> I recently had some unexpected bouncy castle issues and didn't realise
>>> until I read this that the 2.0.0-SNAPSHOT actually includes the bouncy
>>> castle class files! Will the practice be abandoned for release jars?
>>> It will definitely cause deployment issues if this practice is kept
>>> with the final 2.0.0 release.
>>>
>> I guess there is a misunderstanding. Only the pdfbox-app jar contains all
>> those
>> third party dependencies. That jar is meant to be a standalone jar to be
>> used as
>> commandline app.
>>
>> If you are building your own application you should include the jars of
>> the
>> pdfbox subprojects itself, such as
>>
>> fontbox
>> pdfbox
>>
>> and maybe the following as well (if needed)
>>
>> xmpbox
>> preflight
>>
>>
>>> On 2 July 2015 at 05:31, Andreas Lehmkuehler <andreas@lehmi.de> wrote:
>>> > Hi,
>>> >
>>> >
>>> > Am 01.07.2015 um 20:27 schrieb Evan Williams:
>>> >>
>>> >> I am, as I have said before, taking a working application that used
>>> PDFBox
>>> >> 1.8.9 amd updating it for 2.0.
>>> >>
>>> >> I have fixed everything (with the help of the excellent people on this
>>> >> list) but one bug persists.
>>> >>
>>> >> I have visual signature code which is an adaptation of the Visible
>>> >> Signature example included in the PDFBox examples.
>>> >>
>>> >> Before it just worked (though there were some issues).
>>> >>
>>> >> But when I went to 2.0 I began to get the infamous 'JCE cannot
>>> >> authenticate
>>> >> the provider BC' exception.
>>> >>
>>> >> *java.io.IOException: error constructing MAC:
>>> java.lang.SecurityException:
>>> >> JCE cannot authenticate the provider BC at
>>> >>
>>> >>
>>> org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi.engineLoad(Unknown
>>> >> Source) at java.security.KeyStore.load(KeyStore.java:1433) at
>>> >> com.zapprx.rxforms.authorizations.KeyRing.<init>(KeyRing.java:62)
at
>>> >> com.zapprx.rxforms.KeyRingTest.testKeyRing(KeyRingTest.java:30) at
>>> >> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
>>> >>
>>> >>
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>> >> at
>>> >>
>>> >>
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>> >> at java.lang.reflect.Method.invoke(Method.java:483) at
>>> >>
>>> >>
>>> org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47)
>>> >> at
>>> >>
>>> >>
>>> org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
>>> >> at
>>> >>
>>> >>
>>> org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)
>>> >> at
>>> >>
>>> >>
>>> org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
>>> >> at
>>> >>
>>> >>
>>> org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
>>> >> at
>>> >>
>>> >>
>>> org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
>>> >> at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:271) at
>>> >>
>>> >>
>>> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70)
>>> >> at
>>> >>
>>> >>
>>> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50)
>>> >> at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238) at
>>> >> org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63) at
>>> >> org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236) at
>>> >> org.junit.runners.ParentRunner.access$000(ParentRunner.java:53) at
>>> >> org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229) at
>>> >> org.junit.runners.ParentRunner.run(ParentRunner.java:309) at
>>> >>
>>> >>
>>> org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:252)
>>> >> at
>>> >>
>>> >>
>>> org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:141)
>>> >> at
>>> >>
>>> >>
>>> org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:112)
>>> >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
>>> >>
>>> >>
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>> >> at
>>> >>
>>> >>
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>> >> at java.lang.reflect.Method.invoke(Method.java:483) at
>>> >>
>>> >>
>>> org.apache.maven.surefire.util.ReflectionUtils.invokeMethodWithArray(ReflectionUtils.java:189)
>>> >> at
>>> >>
>>> >>
>>> org.apache.maven.surefire.booter.ProviderFactory$ProviderProxy.invoke(ProviderFactory.java:165)
>>> >> at
>>> >>
>>> >>
>>> org.apache.maven.surefire.booter.ProviderFactory.invokeProvider(ProviderFactory.java:85)
>>> >> at
>>> >>
>>> >>
>>> org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:115)
>>> >> at
>>> >>
>>> org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:75) *
>>> >> The code that causes this is just
>>> >>
>>> >> *            Provider provider = new BouncyCastleProvider();*
>>> >> *            KeyStore keystore = KeyStore.getInstance("PKCS12",
>>> >> provider);*
>>> >> *            char[] pin = pinString.toCharArray();*
>>> >> *            keystore.load(ksInputStream, pin);*
>>> >>
>>> >> (presume with me that the pin and the input stream are OK.)
>>> >>
>>> >> There have been absolutely no code changes whatsoever in the code
>>> path in
>>> >> question and the only change to the build (I am building with maven)
>>> is to
>>> >> replace 1.8.9 with 2.0.
>>> >>
>>> >> It is a long shot but maybe this is a FAQ, or maybe someone will say
>>> 'of
>>> >> course, because we changed this in 2.0!'
>>> >>
>>> >> Or maybe not.
>>> >>
>>> >> But if anyone has an idea please clue me in. Stack overflow has a
>>> variety
>>> >> of answers but they all relate to things that have nothing to do with
>>> what
>>> >> I am soing, or do not explain why it used to work pre-2.0 and doesn't
>>> with
>>> >> 2.0.
>>> >
>>> > I'm not a BC expert but we upgraded BC from 1.44 to 1.51. Although the
>>> > numbers may lead to the assumption that this is minor change, it isn't.
>>> > Those versions aren't binary compatible and obviously there are some
>>> other
>>> > differences.
>>> >
>>> > Sorry, that I can't help you directly, but I guess you should
>>> investigate
>>> > the BC upgrade path.
>>> >
>>> >> Thank you.
>>> >>
>>> >
>>> > BR
>>> > Andreas
>>> >
>>> > ---------------------------------------------------------------------
>>> > To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
>>> > For additional commands, e-mail: users-help@pdfbox.apache.org
>>> >
>>>
>>>
>>>
>>> --
>>> -Tor
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
>>> For additional commands, e-mail: users-help@pdfbox.apache.org
>>>
>>>
>> BR
>> Andreas
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
>> For additional commands, e-mail: users-help@pdfbox.apache.org
>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
> For additional commands, e-mail: users-help@pdfbox.apache.org
>
>


-- 
*Evan Williams*
Sr. Software Engineer
evan.williams@zapprx.com

*www.ZappRx.com <http://www.zapprx.com/>*

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message