pdfbox-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andreas Lehmkühler <andr...@lehmi.de>
Subject Re: Anyone know how to set up a bouncycastle?
Date Thu, 24 Sep 2015 10:16:53 GMT
Hi,

> Eric Douglas <edouglas@blockhouse.com> hat am 18. September 2015 um 16:53
> geschrieben:
> 
> 
> I'm trying to read a PDF using pdfbox, and on one system I get this error:
> 
> cannot create instance of
> org.bouncycastle.jcajce.provider.digest.GOST3411$Mappings
> : java.security.AccessControlException: access denied
> ("java.security.SecurityPermission"
> "putProviderProperty.BC")
> java.lang.InternalError: cannot create instance of org.bouncycastle.jcajce.
> provider.digest.GOST3411$Mappings : java.security.AccessControlException:
> access denied ("java.security.SecurityPermission" "putProviderProperty.BC")
> org.bouncycastle.jce.provider.BouncyCastleProvider.loadAlgorithms(Unknown
> Source)
> org.bouncycastle.jce.provider.BouncyCastleProvider.setup(Unknown Source)
> org.bouncycastle.jce.provider.BouncyCastleProvider.access$000(Unknown
> Source)
> org.bouncycastle.jce.provider.BouncyCastleProvider$1.run(Unknown Source)
> java.security.AccessController.doPrivileged(Native Method)
> org.bouncycastle.jce.provider.BouncyCastleProvider.<init>(Unknown Source)
> org.apache.pdfbox.pdmodel.encryption.SecurityHandlerFactory.<clinit>(
> SecurityHandlerFactory.java:44)
> org.apache.pdfbox.pdmodel.encryption.PDEncryption.<init>
> (PDEncryption.java:96)
> org.apache.pdfbox.pdfparser.PDFParser.prepareDecryption(PDFParser.java:436)
> org.apache.pdfbox.pdfparser.PDFParser.initialParse(PDFParser.java:321)
> org.apache.pdfbox.pdfparser.PDFParser.parse(PDFParser.java:373)
> org.apache.pdfbox.pdmodel.PDDocument.load(PDDocument.java:890)
> org.apache.pdfbox.pdmodel.PDDocument.load(PDDocument.java:821)
> 
> I looked up where and how to put this grant stuff.  This sounds
> complicated.
> https://docs.oracle.com/javase/8/docs/technotes/guides/security/PolicyFiles.html#FileSyntax
> 
> 
> I'm running webstart.  This should work for my client and server?  I just
> have to update the server?  This goes in the
> jdk1.8.0_60\jre\lib\security\java.security
> file?  I have to manually put this here for each server, and do it again
> any time we install a new Java version?
> I put this in my jnlp file.  It apparently didn't help this issue.
> <security>
>      <all-permissions/>
> </security>
> Is there a way to make this work without manually editing files we'll have
> to worry about later?  This is just for an application, server and clients
> are all on local network.
I'm not an expert, but there are several possible reasons.

Did you sign the jars you are using? Starting with 1.7.0_45 (I hope to remember
the correct version) signing the jars is mandantory. And there are some other
restrictions for the JNLP file itself.

Do you use the pdfbox-app jar? This could be problematic as the repacking of the
jar destroys the signature of the bouncy castle jar, which is needed for a JNLP
usage.

> 
> Is there a way to call PDDocument.load without using BouncyCastle, or
> without installing it in java security?
The bouncy castle stuff is needed as long as your pdfs are using encrypted data
and according to the stack trace it looks like you do.

BR
Andreas

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: users-help@pdfbox.apache.org


Mime
View raw message