Re: [Dev] com.nimbusds.jose.JOSEException: class "org.bouncycastle.crypto.params.AEADParameters"'s signer information does not match signer information of other classes in the same package

Mon, 12 Feb 2018 19:31:43 -0800 

[Update]

Maven dependency tree is as follows when executed within the playground app
directory.

[INFO] Scanning for projects...
[INFO]

[INFO]
------------------------------------------------------------------------
[INFO] Building OAuth 2.0 Playground App with WSO2 Identity Server 5.2.0
5.4.1
[INFO]
------------------------------------------------------------------------
[INFO]
[INFO] --- maven-dependency-plugin:2.9:tree (default-cli) @ playground2 ---
[INFO] org.wso2.is:playground2:war:5.4.1
[INFO] +- commons-codec:commons-codec:jar:1.8:compile
[INFO] +- junit:junit:jar:3.8.1:test
[INFO] +- javax.servlet:servlet-api:jar:2.5:provided
[INFO] +- org.apache.axis2.wso2:axis2:jar:1.6.1.wso2v12:compile
[INFO] +- com.google.gdata.wso2:gdata-core:jar:1.47.0.wso2v1:compile
[INFO] +- com.google.common.wso2:google-collect:jar:1.0.0.wso2v2:compile
[INFO] |  \- com.google.collections:google-collections:jar:1.0:compile
[INFO] +- org.apache.ws.commons.axiom.wso2:axiom:jar:1.2.11.wso2v10:compile
[INFO] |  +-
org.apache.geronimo.specs.wso2:geronimo-stax-api_1.0_spec:jar:1.0.1.wso2v2:compile
[INFO] |  |  \-
org.apache.geronimo.specs:geronimo-stax-api_1.0_spec:jar:1.0.1:compile
[INFO] |  +- org.codehaus.woodstox:woodstox-core-asl:jar:4.2.0:compile
[INFO] |  \- org.codehaus.woodstox:stax2-api:jar:3.1.1:compile
[INFO] |     \- javax.xml.stream:stax-api:jar:1.0-2:compile
[INFO] +-
org.apache.oltu.oauth2:org.apache.oltu.oauth2.client:jar:1.0.0:compile
[INFO] |  +-
org.apache.oltu.oauth2:org.apache.oltu.oauth2.common:jar:1.0.0:compile
[INFO] |  |  \- org.json:json:jar:20131018:compile
[INFO] |  \- org.slf4j:slf4j-api:jar:1.6.1:compile
[INFO] +-
org.wso2.carbon.identity.inbound.auth.oauth2:org.wso2.carbon.identity.oauth.stub:jar:5.5.180:compile
[INFO] +- org.wso2.carbon:org.wso2.carbon.utils:jar:4.4.22:compile
[INFO] |  +-
org.wso2.orbit.org.bouncycastle:bcprov-jdk15on:jar:1.52.0.wso2v1:compile
[INFO] |  +- org.wso2.carbon:org.wso2.carbon.user.api:jar:4.4.22:compile
[INFO] |  +- org.wso2.carbon:org.wso2.carbon.logging:jar:4.4.22:compile
[INFO] |  |  +- org.apache.log4j.wso2:log4j:jar:1.2.17.wso2v1:compile
[INFO] |  |  |  \- log4j:log4j:jar:1.2.17:compile
[INFO] |  |  +- commons-logging:commons-logging:jar:1.1.1:compile
[INFO] |  |  \- org.wso2.carbon:org.wso2.carbon.bootstrap:jar:4.4.22:compile
[INFO] |  |     \- wrapper:wrapper:jar:3.2.3:compile
[INFO] |  +- org.wso2.carbon:org.wso2.carbon.queuing:jar:4.4.22:compile
[INFO] |  +- org.wso2.carbon:org.wso2.carbon.base:jar:4.4.22:compile
[INFO] |  |  +- org.wso2.securevault:org.wso2.securevault:jar:1.0.0:compile
[INFO] |  |  |  +-
org.apache.ws.commons.axiom:axiom-api:jar:1.2.11-wso2v6:compile
[INFO] |  |  |  |  +-
org.apache.geronimo.specs:geronimo-activation_1.1_spec:jar:1.0.2:compile
[INFO] |  |  |  |  \-
org.apache.geronimo.specs:geronimo-javamail_1.4_spec:jar:1.6:compile
[INFO] |  |  |  +- org.apache.ws.commons.axiom:axiom-impl:jar:1.2.12:compile
[INFO] |  |  |  |  \- org.codehaus.woodstox:wstx-asl:jar:3.2.9:compile
[INFO] |  |  |  +- jline:jline:jar:0.9.94:compile
[INFO] |  |  |  +- commons-cli:commons-cli:jar:1.0:compile
[INFO] |  |  |  |  \- commons-lang:commons-lang:jar:2.6:compile
[INFO] |  |  |  \- commons-io:commons-io:jar:2.0:compile
[INFO] |  |  +-
org.wso2.carbon:org.wso2.carbon.securevault:jar:4.4.22:compile
[INFO] |  |  |  \-
org.eclipse.osgi:org.eclipse.osgi.services:jar:3.3.100.v20130513-1956:compile
[INFO] |  |  +- org.testng:testng:jar:6.1.1:test
[INFO] |  |  |  +- org.beanshell:bsh:jar:2.0b4:test
[INFO] |  |  |  +- com.beust:jcommander:jar:1.12:test
[INFO] |  |  |  \- org.yaml:snakeyaml:jar:1.6:test
[INFO] |  |  \- org.mockito:mockito-core:jar:2.8.9:compile
[INFO] |  |     +- net.bytebuddy:byte-buddy:jar:1.6.14:runtime
[INFO] |  |     +- net.bytebuddy:byte-buddy-agent:jar:1.6.14:runtime
[INFO] |  |     \- org.objenesis:objenesis:jar:2.5:runtime
[INFO] |  +-
org.eclipse.osgi:org.eclipse.osgi:jar:3.9.1.v20130814-1242:compile
[INFO] |  +- org.igniterealtime.smack.wso2:smack:jar:3.0.4.wso2v1:compile
[INFO] |  +- org.igniterealtime.smack.wso2:smackx:jar:3.0.4.wso2v1:compile
[INFO] |  +- jaxen:jaxen:jar:1.1.1:compile
[INFO] |  |  +- dom4j:dom4j:jar:1.6.1:compile
[INFO] |  |  +- jdom:jdom:jar:1.0:compile
[INFO] |  |  +- xml-apis:xml-apis:jar:1.3.02:compile
[INFO] |  |  +- xerces:xercesImpl:jar:2.8.1:compile
[INFO] |  |  \- xom:xom:jar:1.0:compile
[INFO] |  |     +- xerces:xmlParserAPIs:jar:2.6.2:compile
[INFO] |  |     \- xalan:xalan:jar:2.7.1:compile
[INFO] |  |        \- xalan:serializer:jar:2.7.1:compile
[INFO] |  +-
org.wso2.orbit.commons-fileupload:commons-fileupload:jar:1.3.2.wso2v1:compile
[INFO] |  +- org.apache.ant.wso2:ant:jar:1.7.0.wso2v1:compile
[INFO] |  |  \- org.apache.ant:ant:jar:1.7.0:compile
[INFO] |  |     \- org.apache.ant:ant-launcher:jar:1.7.0:compile
[INFO] |  +-
org.eclipse.equinox:javax.servlet:jar:3.0.0.v201112011016:compile
[INFO] |  +-
org.wso2.orbit.commons-httpclient:commons-httpclient:jar:3.1.0.wso2v6:compile
[INFO] |  +- org.wso2.carbon:org.wso2.carbon.registry.api:jar:4.4.22:compile
[INFO] |  \- commons-lang.wso2:commons-lang:jar:2.6.0.wso2v1:compile
[INFO] +- com.googlecode.json-simple:json-simple:jar:1.1:compile
[INFO] +- com.nimbusds:nimbus-jose-jwt:jar:2.26.1:compile
[INFO] |  +- net.jcip:jcip-annotations:jar:1.0:compile
[INFO] |  +- net.minidev:json-smart:jar:1.1.1:compile
[INFO] |  \- org.bouncycastle:bcprov-jdk15on:jar:1.50:compile
[INFO] +-
org.apache.ws.commons.schema.wso2:XmlSchema:jar:1.4.7.wso2v3:compile
[INFO] +- wsdl4j.wso2:wsdl4j:jar:1.6.2.wso2v2:compile
[INFO] |  \- wsdl4j:wsdl4j:jar:1.6.2:compile
[INFO] +- org.wso2.orbit.org.apache.neethi:neethi:jar:2.0.4.wso2v5:compile
[INFO] +- org.apache.httpcomponents.wso2:httpcore:jar:4.3.3.wso2v1:compile
[INFO] \- bouncycastle:bcprov-jdk15:jar:132:compile

The last *bouncycastle:bcprov-jdk15:jar:132:compile* Seems to be the
problem, which came from the parent pom in product IS. Then we commented
out following part in pom file located in
~/.m2/repository/org/wso2/is/identity-server-parent/5.4.1 and rebuild the
project and the error was gone.

<profile>
            <id>jdk15</id>
            <activation>
                <activeByDefault>true</activeByDefault>
                <jdk>1.5</jdk>
            </activation>
            <dependencies>
                <dependency>
                    <groupId>bouncycastle</groupId>
                    <artifactId>bcprov-jdk15</artifactId>
                    <version>${bcprov.jdk15.version}</version>
                </dependency>
            </dependencies>
        </profile>

This is not a permanent solution though. Still couldn't figure out how to
exclude this dependency from the playground app.

Thanks,
Vihanga.

On Mon, Feb 12, 2018 at 7:42 PM, Vihanga Liyanage <[email protected]> wrote:

> Hi all,
>
> I'm doing OIDC id token encryption and now trying to decrypt the same in
> playground app. I've written a servlet that accepts id token and client
> private key and decrypt the id token. Code to decrypt is as follows.
>
> protected void doPost(HttpServletRequest request, HttpServletResponse 
> response) throws ServletException, IOException {
>     String idToken = request.getParameter("idToken");
>     String privateKeyString = request.getParameter("privateKeyString");
>
>     EncryptedJWT jwt = decryptJWE(idToken, privateKeyString);
>
>     response.setContentType("application/json");
>
>     ServletOutputStream out = response.getOutputStream();
>     try {
>         System.out.println(jwt.getJWTClaimsSet().getIssueTime());
>         out.print(String.valueOf(jwt.getJWTClaimsSet().getIssueTime()));
>     } catch (ParseException e) {
>         e.printStackTrace();
>     }
> }
>
> private EncryptedJWT decryptJWE(String JWE, String privateKeyString) {
>     KeyFactory kf = null;
>     EncryptedJWT jwt = null;
>     PrivateKey privateKey = null;
>
>     try {
>         kf = KeyFactory.getInstance("RSA");
>         // Remove EOF characters from key string and generate key object
>         privateKeyString = privateKeyString.replace("\n", "").replace("\r", 
> "");
>         PKCS8EncodedKeySpec keySpecPKCS8 = new 
> PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKeyString));
>         privateKey = kf.generatePrivate(keySpecPKCS8);
>
>         jwt = EncryptedJWT.parse(JWE);
>
>         // Create a decrypter with the specified private RSA key
>         RSADecrypter decrypter = new RSADecrypter((RSAPrivateKey) privateKey);
>
>         // Decrypt
>         jwt.decrypt(decrypter);
>
>     } catch (JOSEException | ParseException | InvalidKeySpecException | 
> NoSuchAlgorithmException e) {
>         e.printStackTrace();
>     }
>
>     return jwt;
> }
>
> Following exception logs each time I try to decrypt from above code.
>
> INFO: Deployment of web application directory 
> /opt/apache-tomcat-7.0.84/webapps/manager
> has finished in 301 ms
> com.nimbusds.jose.JOSEException: class 
> "org.bouncycastle.crypto.params.AEADParameters"'s
> signer information does not match signer information of other classes in
> the same package
>     at com.nimbusds.jose.JWEObject.decrypt(JWEObject.java:442)
>     at org.wso2.sample.identity.oauth2.IDTokenDecrypterServlet.decryptJWE(
> IDTokenDecrypterServlet.java:91)
>     at org.wso2.sample.identity.oauth2.IDTokenDecrypterServlet.doPost(
> IDTokenDecrypterServlet.java:51)
>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> ApplicationFilterChain.java:303)
>     at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:208)
>     at org.apache.tomcat.websocket.server.WsFilter.doFilter(
> WsFilter.java:52)
>     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> ApplicationFilterChain.java:241)
>     at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:208)
>     at org.apache.catalina.core.StandardWrapperValve.invoke(
> StandardWrapperValve.java:219)
>     at org.apache.catalina.core.StandardContextValve.invoke(
> StandardContextValve.java:110)
>     at org.apache.catalina.authenticator.AuthenticatorBase.invoke(
> AuthenticatorBase.java:506)
>     at org.apache.catalina.core.StandardHostValve.invoke(
> StandardHostValve.java:169)
>     at org.apache.catalina.valves.ErrorReportValve.invoke(
> ErrorReportValve.java:103)
>     at org.apache.catalina.valves.AccessLogValve.invoke(
> AccessLogValve.java:962)
>     at org.apache.catalina.core.StandardEngineValve.invoke(
> StandardEngineValve.java:116)
>     at org.apache.catalina.connector.CoyoteAdapter.service(
> CoyoteAdapter.java:445)
>     at org.apache.coyote.http11.AbstractHttp11Processor.process(
> AbstractHttp11Processor.java:1115)
>     at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.
> process(AbstractProtocol.java:637)
>     at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.
> run(JIoEndpoint.java:318)
>     at java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1149)
>     at java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:624)
>     at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(
> TaskThread.java:61)
>     at java.lang.Thread.run(Thread.java:748)
> Caused by: java.lang.SecurityException: class 
> "org.bouncycastle.crypto.params.AEADParameters"'s
> signer information does not match signer information of other classes in
> the same package
>     at java.lang.ClassLoader.checkCerts(ClassLoader.java:898)
>     at java.lang.ClassLoader.preDefineClass(ClassLoader.java:668)
>     at java.lang.ClassLoader.defineClass(ClassLoader.java:761)
>     at java.security.SecureClassLoader.defineClass(
> SecureClassLoader.java:142)
>     at org.apache.catalina.loader.WebappClassLoaderBase.findClassInternal(
> WebappClassLoaderBase.java:3125)
>     at org.apache.catalina.loader.WebappClassLoaderBase.findClass(
> WebappClassLoaderBase.java:1388)
>     at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(
> WebappClassLoaderBase.java:1876)
>     at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(
> WebappClassLoaderBase.java:1750)
>     at com.nimbusds.jose.crypto.AESGCM.createAESGCMCipher(AESGCM.java:86)
>     at com.nimbusds.jose.crypto.AESGCM.decrypt(AESGCM.java:176)
>     at com.nimbusds.jose.crypto.RSADecrypter.decrypt(
> RSADecrypter.java:265)
>     at com.nimbusds.jose.JWEObject.decrypt(JWEObject.java:428)
>     ... 24 more
>
> ​I tried deleting the said jar and reimporting several times but nothing
> changed. Please let me know​ if you have any clue regards to this.
>
> Thanks,
> Vihanga
>
> --
>
> Vihanga Liyanage
>
> Software Engineer | WS*O₂* Inc.
>
> M : +*94710124103* | http://wso2.com
>
> [image: http://wso2.com/signature] <http://wso2.com/signature>
>



-- 

Vihanga Liyanage

Software Engineer | WS*O₂* Inc.

M : +*94710124103* | http://wso2.com

[image: http://wso2.com/signature] <http://wso2.com/signature>

_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to