Problem with initializing Cipher in JBoss EAP 6.4.0.GA (AS 7.5.0.Final-redhat-21)

Posted on

Hi,

This is related to a problem(s) that we are facing while migrating from Jboss 4.x to Jboss EAP 6.4. I'll split this post into four parts.
1. Happy path (working seamlessly)
2. What we are supposed to accomplish at my organization
3. What we had done so far
4. 2 different types of errors that we are facing now.

  1. Happy Path:
    Here is what was working for us in live environment:
    An application that was deployed on the Jboss 4.0.3-SP1 with JDK 1.5.
    The application was compiled with JDK 1.4 and as part of the supported libraries, we had this bouncy castle jar in the lib folder (bcprov-jdk14-134.jar)
    Here is this part of code that worked seamlessly for all these years.
    try{
    this.rc4Cipher = Cipher.getInstance("RC4", "BC");
    this.generateKey();
    isInitialized = true ;
    }catch (NoSuchAlgorithmException e){
    e.printStackTrace();
    }catch(NoSuchPaddingException e){
    e.printStackTrace();
    }catch(NoSuchProviderException e){
    e.printStackTrace();
    }

  2. What we are supposed to accomplish at my organization:
    We need to upgrade the Jboss from 4.0.3 to JBoss EAP 6.4.0.GA (AS 7.5.0.Final-redhat-21)
    Compile the same application with Java 1.7 (Same version as the one that the Jboss is using)
    Deploy the same application with minimum code changes onto this new AS

  3. What we had done so far:
    As suggested in some forums, we have updated our bouncy castle jars to
    https://www.bouncycastle.org/download/bcprov-jdk15on-153.jar
    https://www.bouncycastle.org/download/bcprov-ext-jdk15on-153.jar
    Per the security recommendations of the EAP 6.4 documentation, we have stopped using "RC4" as the algorithm.

  4. Two different types of errors that we are facing now:
    First type of problem when using other algorithms instead of RC4 in the above code:
    11:23:28,468 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/depositnow].[ProcessController]] (http-/127.0.0.1:8080-1) JBWEB000235: Allocate exception for servlet ProcessController:
    java.util.zip.ZipException: zip file is empty
    at java.util.zip.ZipFile.open(Native Method) [rt.jar:1.7.0_76]
    at java.util.zip.ZipFile.(ZipFile.java:215) [rt.jar:1.7.0_76]
    at java.util.zip.ZipFile.(ZipFile.java:145) [rt.jar:1.7.0_76]
    at java.util.jar.JarFile.(JarFile.java:154) [rt.jar:1.7.0_76]
    at sun.net.www.protocol.jar.URLJarFile.(URLJarFile.java:88) [rt.jar:1.7.0_76]
    at sun.net.www.protocol.jar.URLJarFile$1.run(URLJarFile.java:221) [rt.jar:1.7.0_76]
    at sun.net.www.protocol.jar.URLJarFile$1.run(URLJarFile.java:216) [rt.jar:1.7.0_76]
    at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_76]
    at sun.net.www.protocol.jar.URLJarFile.retrieve(URLJarFile.java:215) [rt.jar:1.7.0_76]
    at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:71) [rt.jar:1.7.0_76]
    at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:109) [rt.jar:1.7.0_76]
    at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122) [rt.jar:1.7.0_76]
    at sun.net.www.protocol.jar.JarURLConnection.getJarFile(JarURLConnection.java:89) [rt.jar:1.7.0_76]
    at javax.crypto.JarVerifier$2.run(JarVerifier.java:399) [jce.jar:1.7.0_71]
    at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_76]
    at javax.crypto.JarVerifier.verifySingleJar(JarVerifier.java:384) [jce.jar:1.7.0_71]
    at javax.crypto.JarVerifier.verifyJars(JarVerifier.java:322) [jce.jar:1.7.0_71]
    at javax.crypto.JarVerifier.verify(JarVerifier.java:250) [jce.jar:1.7.0_71]
    at javax.crypto.JceSecurity.verifyProviderJar(JceSecurity.java:161) [jce.jar:1.7.0_71]
    at javax.crypto.JceSecurity.getVerificationResult(JceSecurity.java:187) [jce.jar:1.7.0_71]
    at javax.crypto.Cipher.getInstance(Cipher.java:638) [jce.jar:1.7.0_71]
    at javax.crypto.Cipher.getInstance(Cipher.java:580) [jce.jar:1.7.0_71]
    at com.bs.depositnow.ocr.OcrServerAccessManager.initilize(OcrServerAccessManager.java:132) [classes:]

    Second type of problem was when we tried not to use the Bouncy Castle provider in the Cipher.getInstance("","") method but use this kind of code snippet below:
            this.rc4Cipher = Cipher.getInstance("OTHER ALGORITHMS");
    
            This is the error stack:
                    08:29:27,347 ERROR [stderr] (ServerService Thread Pool -- 54) java.security.NoSuchAlgorithmException: No such algorithm: Signature.MD5WITHRSA
                            at javax.crypto.Cipher.getInstance(Cipher.java:673)
                            at javax.crypto.Cipher.getInstance(Cipher.java:580)
                            at com.bs.depositnow.ocr.OcrServerAccessManager.initilize(OcrServerAccessManager.java:129)
                            at com.bs.depositnow.controller.Startup.start(Startup.java:53)
                            at com.bs.depositnow.controller.ProcessController.init(ProcessController.java:471)
                            at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1194)
                            at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1100)
                            at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3593)
                            at org.apache.catalina.core.StandardContext.start(StandardContext.java:3802)
                            at org.jboss.as.web.deployment.WebDeploymentService.doStart(WebDeploymentService.java:163)
                            at org.jboss.as.web.deployment.WebDeploymentService.access$000(WebDeploymentService.java:61)
                            at org.jboss.as.web.deployment.WebDeploymentService$1.run(WebDeploymentService.java:96)
                            at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
                            at java.util.concurrent.FutureTask.run(FutureTask.java:262)
                            at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
                            at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
                            at java.lang.Thread.run(Thread.java:745)
                            at org.jboss.threads.JBossThread.run(JBossThread.java:122)
    

Can I know which algorithm is to be used while using Bouncy Castle for provider and JDK 1.7 for compilation and running.

Thanks,
Bhaskar