WebSphere Application Server & Liberty

 View Only
Expand all | Collapse all

Issue with BouncyCastle on the latest IBM JDK

  • 1.  Issue with BouncyCastle on the latest IBM JDK

    Posted Wed April 14, 2021 07:57 AM
    After upgrading from IBM JDK 8.0-6.20 to 8.0-6.25 our application fails because of the BouncyCastle bcprov-jdk15on.jar (version 1.54) is not "signed by a trusted signer". I know this is an old version, but I wonder why is is not trusted anymore (on fix pack 20 it worked fine). We have tested the application on Oracle JDK 1.8.281 and it works fine (signature is trusted). According to IBM the fix pack 25 should be equivalent to the Oracle JDK... Caused by: java.lang.SecurityException: JCE cannot authenticate the provider BC at javax.crypto.Cipher.getInstance(Unknown Source) at javax.crypto.Cipher.getInstance(Unknown Source) ... 99 more Caused by: java.util.jar.JarException: file:/bcprov-jdk15on.jar is not signed by a trusted signer. at javax.crypto.a.a(Unknown Source) at javax.crypto.a.a(Unknown Source) at javax.crypto.a.a(Unknown Source) at javax.crypto.b.b(Unknown Source) at <unknown class>.<unknown method>(Unknown Source) at javax.crypto.b.b(Unknown Source) at javax.crypto.Cipher.getInstance(Unknown Source)



    #RuntimesforBusiness
    #Support
    #SupportMigration


  • 2.  RE: Issue with BouncyCastle on the latest IBM JDK

    Posted Wed April 14, 2021 07:58 AM

    Btw:

    jarsigner -verify bcprov-jdk15on-1.54.jar -verbose

    Gives:

    - Signed by "CN=The Legion of the Bouncy Castle, OU=Java Software Code Signing, O=Sun Microsystems Inc"

    Digest algorithm: SHA-256

    Signature algorithm: SHA1withDSA, 1024-bit key

    Timestamped by "CN=GeoTrust 2048-bit Timestamping Signer 3, O=GeoTrust Inc, C=US" on ti des 29 01:46:29 UTC 2015

    Timestamp digest algorithm: SHA-1

    Timestamp signature algorithm: SHA1withRSA, 2048-bit key

    jar verified.



    #RuntimesforBusiness
    #Support
    #SupportMigration