pdfbox-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tilman Hausherr <THaush...@t-online.de>
Subject Re: Anyone know how to set up a bouncycastle?
Date Thu, 24 Sep 2015 15:43:17 GMT
Some files are encrypted with the empty user password (but not empty 
owner password), that is why you can open them. In Adobe Reader, you 
will see "(PROTECTED)" in the title bar. (or something similar in 
another language)

My understanding is that this is the call that doesn't work:

     Security.addProvider(new BouncyCastleProvider());

1) change your code so that this piece of code is at the start of your 
software
2) Does it work? I assume it won't.
3) prepare a minimal webstart application, i.e. just with bouncycastle
4) Assuming it still doesn't work, ask your question on stackoverflow. 
Don't forget to add webstart and bouncycastle as labels, and include all 
relevant files. You will probably be more successful there.

Tilman

Am 24.09.2015 um 14:13 schrieb Eric Douglas:
> I have all separate jars on my system.  pdfbox-2.0.0.jar,
> fontbox-2.0.0.jar, bcprov-jdk15on-152.jar ...
> There is something in the system telling this not to work.  This Java works
> on a different system and I can't tell what's different between the two.
> I am getting this error still on my system on PDDocument.load now even on
> non-secured PDF.
>
> On Thu, Sep 24, 2015 at 6:16 AM, Andreas Lehmkühler <andreas@lehmi.de>
> wrote:
>
>> Hi,
>>
>>> Eric Douglas <edouglas@blockhouse.com> hat am 18. September 2015 um
>> 16:53
>>> geschrieben:
>>>
>>>
>>> I'm trying to read a PDF using pdfbox, and on one system I get this
>> error:
>>> cannot create instance of
>>> org.bouncycastle.jcajce.provider.digest.GOST3411$Mappings
>>> : java.security.AccessControlException: access denied
>>> ("java.security.SecurityPermission"
>>> "putProviderProperty.BC")
>>> java.lang.InternalError: cannot create instance of
>> org.bouncycastle.jcajce.
>>> provider.digest.GOST3411$Mappings : java.security.AccessControlException:
>>> access denied ("java.security.SecurityPermission"
>> "putProviderProperty.BC")
>>> org.bouncycastle.jce.provider.BouncyCastleProvider.loadAlgorithms(Unknown
>>> Source)
>>> org.bouncycastle.jce.provider.BouncyCastleProvider.setup(Unknown Source)
>>> org.bouncycastle.jce.provider.BouncyCastleProvider.access$000(Unknown
>>> Source)
>>> org.bouncycastle.jce.provider.BouncyCastleProvider$1.run(Unknown Source)
>>> java.security.AccessController.doPrivileged(Native Method)
>>> org.bouncycastle.jce.provider.BouncyCastleProvider.<init>(Unknown Source)
>>> org.apache.pdfbox.pdmodel.encryption.SecurityHandlerFactory.<clinit>(
>>> SecurityHandlerFactory.java:44)
>>> org.apache.pdfbox.pdmodel.encryption.PDEncryption.<init>
>>> (PDEncryption.java:96)
>>>
>> org.apache.pdfbox.pdfparser.PDFParser.prepareDecryption(PDFParser.java:436)
>>> org.apache.pdfbox.pdfparser.PDFParser.initialParse(PDFParser.java:321)
>>> org.apache.pdfbox.pdfparser.PDFParser.parse(PDFParser.java:373)
>>> org.apache.pdfbox.pdmodel.PDDocument.load(PDDocument.java:890)
>>> org.apache.pdfbox.pdmodel.PDDocument.load(PDDocument.java:821)
>>>
>>> I looked up where and how to put this grant stuff.  This sounds
>>> complicated.
>>>
>> https://docs.oracle.com/javase/8/docs/technotes/guides/security/PolicyFiles.html#FileSyntax
>>>
>>> I'm running webstart.  This should work for my client and server?  I just
>>> have to update the server?  This goes in the
>>> jdk1.8.0_60\jre\lib\security\java.security
>>> file?  I have to manually put this here for each server, and do it again
>>> any time we install a new Java version?
>>> I put this in my jnlp file.  It apparently didn't help this issue.
>>> <security>
>>>       <all-permissions/>
>>> </security>
>>> Is there a way to make this work without manually editing files we'll
>> have
>>> to worry about later?  This is just for an application, server and
>> clients
>>> are all on local network.
>> I'm not an expert, but there are several possible reasons.
>>
>> Did you sign the jars you are using? Starting with 1.7.0_45 (I hope to
>> remember
>> the correct version) signing the jars is mandantory. And there are some
>> other
>> restrictions for the JNLP file itself.
>>
>> Do you use the pdfbox-app jar? This could be problematic as the repacking
>> of the
>> jar destroys the signature of the bouncy castle jar, which is needed for a
>> JNLP
>> usage.
>>
>>> Is there a way to call PDDocument.load without using BouncyCastle, or
>>> without installing it in java security?
>> The bouncy castle stuff is needed as long as your pdfs are using encrypted
>> data
>> and according to the stack trace it looks like you do.
>>
>> BR
>> Andreas
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
>> For additional commands, e-mail: users-help@pdfbox.apache.org
>>
>>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: users-help@pdfbox.apache.org


Mime
View raw message