Bug 977231

Summary:

java.lang.ClassNotFoundException: org.bouncycastle.jce.provider.BouncyCastleProvider during server startup

Product:

[JBoss] JBoss Fuse Service Works 6

Reporter:

Pavel Macik <pmacik>

Component:

EAP

Assignee:

Nobody <nobody>

Status:

CLOSED UPSTREAM

QA Contact:

Len DiMaggio <ldimaggi>

Severity:

high

Docs Contact:

Priority:

unspecified

Version:

6.0.0

CC:

ganandan, ldimaggi, soa-p-jira

Target Milestone:

---

Target Release:

6.1.0

Hardware:

Unspecified

OS:

Unspecified

Whiteboard:

Fixed In Version:

Doc Type:

Bug Fix

Doc Text:

Story Points:

---

Clone Of:

Environment:

Last Closed:

2025-02-10 03:28:00 UTC

Type:

Bug

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Attachments:

Description	Flags
Full server log	none
Server log - DEBUG level	none

Description Pavel Macik 2013-06-24 06:36:22 UTC

During server start following exception is thrown:

03:28:09,722 ERROR [org.picketlink.identity.federation] (ServerService Thread Pool -- 74) PLFED000259: The provider BC could not be added: java.lang.ClassNotFoundException: org.bouncycastle.jce.provider.BouncyCastleProvider from [Module "org.picketlink:main" from local module loader @23ef55fb (finder: local module finder @35f5e42b (roots: /opt/pmacik/600DR6/soa-p/modules,/opt/pmacik/600DR6/soa-p/modules/system/layers/soa,/opt/pmacik/600DR6/soa-p/modules/system/layers/base))]
	at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:196) [jboss-modules.jar:1.2.0.Final-redhat-1]
	at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:444) [jboss-modules.jar:1.2.0.Final-redhat-1]
	at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:432) [jboss-modules.jar:1.2.0.Final-redhat-1]
	at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:374) [jboss-modules.jar:1.2.0.Final-redhat-1]
	at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:119) [jboss-modules.jar:1.2.0.Final-redhat-1]
	at java.lang.Class.forName0(Native Method) [rt.jar:1.7.0_25]
	at java.lang.Class.forName(Class.java:190) [rt.jar:1.7.0_25]
	at org.picketlink.identity.federation.core.util.ProvidersUtil.addJceProvider(ProvidersUtil.java:119) [picketlink-core-2.1.6.Final-redhat-2.jar:2.1.6.Final-redhat-2]
	at org.picketlink.identity.federation.core.util.ProvidersUtil.access$100(ProvidersUtil.java:38) [picketlink-core-2.1.6.Final-redhat-2.jar:2.1.6.Final-redhat-2]
	at org.picketlink.identity.federation.core.util.ProvidersUtil$1.run(ProvidersUtil.java:51) [picketlink-core-2.1.6.Final-redhat-2.jar:2.1.6.Final-redhat-2]
	at org.picketlink.identity.federation.core.util.ProvidersUtil$1.run(ProvidersUtil.java:46) [picketlink-core-2.1.6.Final-redhat-2.jar:2.1.6.Final-redhat-2]
	at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_25]
	at org.picketlink.identity.federation.core.util.ProvidersUtil.ensure(ProvidersUtil.java:46) [picketlink-core-2.1.6.Final-redhat-2.jar:2.1.6.Final-redhat-2]
	at org.picketlink.identity.federation.core.util.XMLSignatureUtil.<clinit>(XMLSignatureUtil.java:95) [picketlink-core-2.1.6.Final-redhat-2.jar:2.1.6.Final-redhat-2]
	at org.picketlink.identity.federation.bindings.tomcat.sp.BaseFormAuthenticator.processConfiguration(BaseFormAuthenticator.java:488) [picketlink-jbas7-2.1.6.Final-redhat-2.jar:2.1.6.Final-redhat-2]
	at org.picketlink.identity.federation.bindings.tomcat.sp.BaseFormAuthenticator.startPicketLink(BaseFormAuthenticator.java:589) [picketlink-jbas7-2.1.6.Final-redhat-2.jar:2.1.6.Final-redhat-2]
	at org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator.startPicketLink(AbstractSPFormAuthenticator.java:102) [picketlink-jbas7-2.1.6.Final-redhat-2.jar:2.1.6.Final-redhat-2]
	at org.picketlink.identity.federation.bindings.tomcat.sp.ServiceProviderAuthenticator.start(ServiceProviderAuthenticator.java:20) [picketlink-jbas7-2.1.6.Final-redhat-2.jar:2.1.6.Final-redhat-2]
	at org.apache.catalina.core.StandardPipeline.start(StandardPipeline.java:223) [jbossweb-7.2.0.Final-redhat-1.jar:7.2.0.Final-redhat-1]
	at org.apache.catalina.core.StandardContext.start(StandardContext.java:3713) [jbossweb-7.2.0.Final-redhat-1.jar:7.2.0.Final-redhat-1]
	at org.jboss.as.web.deployment.WebDeploymentService.doStart(WebDeploymentService.java:156) [jboss-as-web-7.2.0.Final-redhat-8.jar:7.2.0.Final-redhat-8]
	at org.jboss.as.web.deployment.WebDeploymentService.access$000(WebDeploymentService.java:60) [jboss-as-web-7.2.0.Final-redhat-8.jar:7.2.0.Final-redhat-8]
	at org.jboss.as.web.deployment.WebDeploymentService$1.run(WebDeploymentService.java:93) [jboss-as-web-7.2.0.Final-redhat-8.jar:7.2.0.Final-redhat-8]
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) [rt.jar:1.7.0_25]
	at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) [rt.jar:1.7.0_25]
	at java.util.concurrent.FutureTask.run(FutureTask.java:166) [rt.jar:1.7.0_25]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_25]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_25]
	at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]
	at org.jboss.threads.JBossThread.run(JBossThread.java:122)

Start command used is:
$ ./standalone.sh -c standalone-full.xml -b localhost -bmanagement=localhost

Comment 1 Pavel Macik 2013-06-24 06:40:42 UTC

The SOA version is 6.0.0.DR6

Comment 2 Pavel Macik 2013-06-24 06:42:40 UTC

Created attachment 764457 [details]
Full server log

Attached the server log.

Comment 3 kconner 2013-06-24 14:53:20 UTC

I've asked Eric to take a quick look and see what steps are missing as it seems to be related to the SSO.

Comment 4 kconner 2013-06-24 15:23:44 UTC

It doesn't look like this is a direct consequence of the SSO integration, taking it back to investigate

Comment 5 Len DiMaggio 2013-06-26 14:21:36 UTC

Marking this as Alpha2 Blocker - not due to immediate functional impact - but we need to understand the impact before we ship alpha2

Comment 6 kconner 2013-06-26 14:22:22 UTC

I have been trying to reproduce this locally and have failed using JDK 6 and JDK 7.  What environment was this seen in?  From the log it would appear to be a linux system running jdk1.7.0_25-x86_64.

Comment 7 Len DiMaggio 2013-06-27 18:27:59 UTC

I was only able to reproduce this problem by setting the logging level to DEBUG - even though the log messages related to BoucnyCastle are at the ERROR level. See attached server.log

This was on RHEL6 with OpenJDK 1.7

Comment 8 Len DiMaggio 2013-06-27 18:28:38 UTC

Created attachment 766277 [details]
Server log - DEBUG level

Comment 9 kconner 2013-06-28 10:03:44 UTC

This comes from the picketlink codebase and can be ignored by SOA.  The error message is also misleading as it is logged at ERROR level even though it is guarded by a check for DEBUG.

In ProvidersUtil.ensure

                addJceProvider("BC", "org.bouncycastle.jce.provider.BouncyCastleProvider");

In ProvidersUtil.addJceProvider
            try {
                // Class<? extends Provider> clazz = Loader.loadClass(className, false, Provider.class);
                Class<? extends Provider> clazz = Class.forName(className).asSubclass(Provider.class);
                Provider provider = clazz.newInstance();
                return addJceProvider(name, provider);
            } catch (Throwable t) {
                if (logger.isDebugEnabled()) {
                    logger.jceProviderCouldNotBeLoaded(name, t);
                }
                return null;
            }

In PicketLinkLoggerMessages

    @LogMessage(level = Level.ERROR)
    @Message(id = 259, value = "The provider %s could not be added")
    void jceProviderCouldNotBeLoaded(String name, @Cause Throwable t);

Comment 10 kconner 2013-06-28 10:05:14 UTC

I forgot the comment from the ensure method

                // register BC provider if available (to have additional encryption algorithms, etc.)
                addJceProvider("BC", "org.bouncycastle.jce.provider.BouncyCastleProvider");

Comment 11 kconner 2013-06-28 13:56:35 UTC

Reported in PicketLink/EAP

Comment 12 kconner 2013-06-28 13:57:09 UTC

This should not be an Alpha2 blocker

Comment 14 Anne-Louise Tangring 2014-06-19 18:22:25 UTC

Kevin will verify if it's in the current release or not.

Comment 15 kconner 2015-02-03 00:46:52 UTC

Fixed in PicketLink 2.5.3.Final

Comment 19 Red Hat Bugzilla 2025-02-10 03:28:00 UTC

This product has been discontinued or is no longer tracked in Red Hat Bugzilla.