SecurityException: JCE cannot authenticate the provider BC"/>
java.lang.SecurityException: JCE cannot authenticate the provider BC
问题
最近使用org.bouncycastle.bcprov-jdk15on
实现国密算法SM4时,发现在Eclipse里面可以正常调试并运行程序,但使用shade打包成all-in-one的可执行jar包后,运行该jar包时却出现了如下错误。
java.lang.SecurityException: JCE cannot authenticate the provider BCat javax.crypto.Cipher.getInstance(Cipher.java:656)at javax.crypto.Cipher.getInstance(Cipher.java:595)at site.zytech.RemoteControlClient.Util.SM4CBCUtil.generateCBCCipher(SM4CBCUtil.java:248)at site.zytech.RemoteControlClient.Util.SM4CBCUtil.encrypt_CBC_Padding(SM4CBCUtil.java:101)at site.zytech.RemoteControlClient.Bean.CheckUtil.writeInfoBean(CheckUtil.java:67)at site.zytech.RemoteControlClient.App$11.run(App.java:733)
Caused by: java.util.jar.JarException:
...XXX-0.0.1-SNAPSHOT-jar-with-dependencies.jar has unsigned entries - XXX/App$2.classat javax.crypto.JarVerifier.verifySingleJar(JarVerifier.java:502)at javax.crypto.JarVerifier.verifyJars(JarVerifier.java:363)at javax.crypto.JarVerifier.verify(JarVerifier.java:289)at javax.crypto.JceSecurity.verifyProviderJar(JceSecurity.java:164)at javax.crypto.JceSecurity.getVerificationResult(JceSecurity.java:190)at javax.crypto.Cipher.getInstance(Cipher.java:652)... 5 more
原因
当在Eclipse中调试、运行时,使用的bouncycastle包是maven下载好的引用。而当进行mvn打包时,会将引用的bouncycastle包,先进行解包,然后重新打包进一个新的jar包。由于bouncycastle原有签名仅对原有jar包有效,当重新打包为一个jar包(带第三方依赖)后,该签名会失效。即使用如下配置,排除了相关签名,也无法正常运行。
<filters><filter><artifact>*:*</artifact><excludes><exclude>META-INF/*.SF</exclude><exclude>META-INF/*.DSA</exclude><exclude>META-INF/*.RSA</exclude></excludes></filter>
</filters>
解决方案1-修改JRE环境
将使用到的bouncycastle包,拷贝到java环境下的jre/lib/ext文件夹,并修改 jre/lib/security/java.security文件,增加如下内容:
security.provider.X=org.bouncycastle.jce.provider.BouncyCastleProvider #X为按实际内容接下来的数字
再次运行jar包,即可正常运行。
解决方案2-executable packer plugin
从官方文档Bouncy Castle Providers | Apache Pulsar中,推荐使用一个github上的打包工具executable packer plugin,在pom.xml
中改用如下配置:
<plugin><groupId>de.ntcomputer</groupId><artifactId>executable-packer-maven-plugin</artifactId><version>1.0.1</version><configuration><mainClass>App(启动类)</mainClass></configuration><executions><execution><goals><goal>pack-executable-jar</goal></goals></execution></executions>
</plugin>
执行mvn打包命令后,生成出来的jar包就可以正常运行了。
这个插件会将所有依赖的第三方jar包打包进新的jar包,然后修改启动类为ExecutableLauncher,这个类在启动时会加载所有的第三方jar包,再通过反射方式,调用mainClass中指定的启动类进行启动。
参考文献
使用Maven打包bouncycastle出现JCE cannot authenticate the provider BC的原因及解决办法
Bouncy Castle Providers | Apache Pulsar
java.lang.SecurityException: JCE cannot authenticate the provider BC
更多推荐
java.lang.SecurityException: JCE cannot authenticate the provider BC
发布评论