977231 – java.lang.ClassNotFoundException: org.bouncycastle.jce.provider.BouncyCastleProvider during server startup

Bug 977231 - java.lang.ClassNotFoundException: org.bouncycastle.jce.provider.BouncyCastleProvider during server startup

Summary: java.lang.ClassNotFoundException: org.bouncycastle.jce.provider.BouncyCastleP...

Keywords:
Status:	MODIFIED
Alias:	None
Product:	JBoss Fuse Service Works 6
Classification:	JBoss
Component:	EAP
Sub Component:
Version:	6.0.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	6.1.0
Assignee:	Nobody
QA Contact:	Len DiMaggio
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-06-24 06:36 UTC by Pavel Macik
Modified:	2023-05-15 19:53 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:
Type:	Bug
Embargoed:

Attachments	(Terms of Use)
Full server log (106.39 KB, application/x-bzip) 2013-06-24 06:42 UTC, Pavel Macik	no flags	Details
Server log - DEBUG level (98.69 KB, application/x-bzip-compressed-tar) 2013-06-27 18:28 UTC, Len DiMaggio	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	979431	0	unspecified	CLOSED	Inconsistent error logging behaviour	2021-02-22 00:41:40 UTC

Description Pavel Macik 2013-06-24 06:36:22 UTC

During server start following exception is thrown:

03:28:09,722 ERROR [org.picketlink.identity.federation] (ServerService Thread Pool -- 74) PLFED000259: The provider BC could not be added: java.lang.ClassNotFoundException: org.bouncycastle.jce.provider.BouncyCastleProvider from [Module "org.picketlink:main" from local module loader @23ef55fb (finder: local module finder @35f5e42b (roots: /opt/pmacik/600DR6/soa-p/modules,/opt/pmacik/600DR6/soa-p/modules/system/layers/soa,/opt/pmacik/600DR6/soa-p/modules/system/layers/base))]
	at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:196) [jboss-modules.jar:1.2.0.Final-redhat-1]
	at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:444) [jboss-modules.jar:1.2.0.Final-redhat-1]
	at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:432) [jboss-modules.jar:1.2.0.Final-redhat-1]
	at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:374) [jboss-modules.jar:1.2.0.Final-redhat-1]
	at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:119) [jboss-modules.jar:1.2.0.Final-redhat-1]
	at java.lang.Class.forName0(Native Method) [rt.jar:1.7.0_25]
	at java.lang.Class.forName(Class.java:190) [rt.jar:1.7.0_25]
	at org.picketlink.identity.federation.core.util.ProvidersUtil.addJceProvider(ProvidersUtil.java:119) [picketlink-core-2.1.6.Final-redhat-2.jar:2.1.6.Final-redhat-2]
	at org.picketlink.identity.federation.core.util.ProvidersUtil.access$100(ProvidersUtil.java:38) [picketlink-core-2.1.6.Final-redhat-2.jar:2.1.6.Final-redhat-2]
	at org.picketlink.identity.federation.core.util.ProvidersUtil$1.run(ProvidersUtil.java:51) [picketlink-core-2.1.6.Final-redhat-2.jar:2.1.6.Final-redhat-2]
	at org.picketlink.identity.federation.core.util.ProvidersUtil$1.run(ProvidersUtil.java:46) [picketlink-core-2.1.6.Final-redhat-2.jar:2.1.6.Final-redhat-2]
	at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_25]
	at org.picketlink.identity.federation.core.util.ProvidersUtil.ensure(ProvidersUtil.java:46) [picketlink-core-2.1.6.Final-redhat-2.jar:2.1.6.Final-redhat-2]
	at org.picketlink.identity.federation.core.util.XMLSignatureUtil.<clinit>(XMLSignatureUtil.java:95) [picketlink-core-2.1.6.Final-redhat-2.jar:2.1.6.Final-redhat-2]
	at org.picketlink.identity.federation.bindings.tomcat.sp.BaseFormAuthenticator.processConfiguration(BaseFormAuthenticator.java:488) [picketlink-jbas7-2.1.6.Final-redhat-2.jar:2.1.6.Final-redhat-2]
	at org.picketlink.identity.federation.bindings.tomcat.sp.BaseFormAuthenticator.startPicketLink(BaseFormAuthenticator.java:589) [picketlink-jbas7-2.1.6.Final-redhat-2.jar:2.1.6.Final-redhat-2]
	at org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator.startPicketLink(AbstractSPFormAuthenticator.java:102) [picketlink-jbas7-2.1.6.Final-redhat-2.jar:2.1.6.Final-redhat-2]
	at org.picketlink.identity.federation.bindings.tomcat.sp.ServiceProviderAuthenticator.start(ServiceProviderAuthenticator.java:20) [picketlink-jbas7-2.1.6.Final-redhat-2.jar:2.1.6.Final-redhat-2]
	at org.apache.catalina.core.StandardPipeline.start(StandardPipeline.java:223) [jbossweb-7.2.0.Final-redhat-1.jar:7.2.0.Final-redhat-1]
	at org.apache.catalina.core.StandardContext.start(StandardContext.java:3713) [jbossweb-7.2.0.Final-redhat-1.jar:7.2.0.Final-redhat-1]
	at org.jboss.as.web.deployment.WebDeploymentService.doStart(WebDeploymentService.java:156) [jboss-as-web-7.2.0.Final-redhat-8.jar:7.2.0.Final-redhat-8]
	at org.jboss.as.web.deployment.WebDeploymentService.access$000(WebDeploymentService.java:60) [jboss-as-web-7.2.0.Final-redhat-8.jar:7.2.0.Final-redhat-8]
	at org.jboss.as.web.deployment.WebDeploymentService$1.run(WebDeploymentService.java:93) [jboss-as-web-7.2.0.Final-redhat-8.jar:7.2.0.Final-redhat-8]
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) [rt.jar:1.7.0_25]
	at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) [rt.jar:1.7.0_25]
	at java.util.concurrent.FutureTask.run(FutureTask.java:166) [rt.jar:1.7.0_25]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_25]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_25]
	at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]
	at org.jboss.threads.JBossThread.run(JBossThread.java:122)

Start command used is:
$ ./standalone.sh -c standalone-full.xml -b localhost -bmanagement=localhost

Comment 1 Pavel Macik 2013-06-24 06:40:42 UTC

The SOA version is 6.0.0.DR6

Comment 2 Pavel Macik 2013-06-24 06:42:40 UTC

Created attachment 764457 [details]
Full server log

Attached the server log.

Comment 3 kconner 2013-06-24 14:53:20 UTC

I've asked Eric to take a quick look and see what steps are missing as it seems to be related to the SSO.

Comment 4 kconner 2013-06-24 15:23:44 UTC

It doesn't look like this is a direct consequence of the SSO integration, taking it back to investigate

Comment 5 Len DiMaggio 2013-06-26 14:21:36 UTC

Marking this as Alpha2 Blocker - not due to immediate functional impact - but we need to understand the impact before we ship alpha2

Comment 6 kconner 2013-06-26 14:22:22 UTC

I have been trying to reproduce this locally and have failed using JDK 6 and JDK 7.  What environment was this seen in?  From the log it would appear to be a linux system running jdk1.7.0_25-x86_64.

Comment 7 Len DiMaggio 2013-06-27 18:27:59 UTC

I was only able to reproduce this problem by setting the logging level to DEBUG - even though the log messages related to BoucnyCastle are at the ERROR level. See attached server.log

This was on RHEL6 with OpenJDK 1.7

Comment 8 Len DiMaggio 2013-06-27 18:28:38 UTC

Created attachment 766277 [details]
Server log - DEBUG level

Comment 9 kconner 2013-06-28 10:03:44 UTC

This comes from the picketlink codebase and can be ignored by SOA.  The error message is also misleading as it is logged at ERROR level even though it is guarded by a check for DEBUG.

In ProvidersUtil.ensure

                addJceProvider("BC", "org.bouncycastle.jce.provider.BouncyCastleProvider");

In ProvidersUtil.addJceProvider
            try {
                // Class<? extends Provider> clazz = Loader.loadClass(className, false, Provider.class);
                Class<? extends Provider> clazz = Class.forName(className).asSubclass(Provider.class);
                Provider provider = clazz.newInstance();
                return addJceProvider(name, provider);
            } catch (Throwable t) {
                if (logger.isDebugEnabled()) {
                    logger.jceProviderCouldNotBeLoaded(name, t);
                }
                return null;
            }

In PicketLinkLoggerMessages

    @LogMessage(level = Level.ERROR)
    @Message(id = 259, value = "The provider %s could not be added")
    void jceProviderCouldNotBeLoaded(String name, @Cause Throwable t);

Comment 10 kconner 2013-06-28 10:05:14 UTC

I forgot the comment from the ensure method

                // register BC provider if available (to have additional encryption algorithms, etc.)
                addJceProvider("BC", "org.bouncycastle.jce.provider.BouncyCastleProvider");

Comment 11 kconner 2013-06-28 13:56:35 UTC

Reported in PicketLink/EAP

Comment 12 kconner 2013-06-28 13:57:09 UTC

This should not be an Alpha2 blocker

Comment 14 Anne-Louise Tangring 2014-06-19 18:22:25 UTC

Kevin will verify if it's in the current release or not.

Comment 15 kconner 2015-02-03 00:46:52 UTC

Fixed in PicketLink 2.5.3.Final

Note You need to log in before you can comment on or make changes to this bug.