Oracle won't let you load security providers in their JDK/JRE unless the
jar is signed (with a trust chain configured for the JVM session).  OpenJDK
doesn't restrict this.

It looks like apacheds-all-1.5.5.jar is repackaging the bouncy castle
security provider in there, and this is breaking existing signatures.

The kind of looks like an upstream apacheds issue - but caveated, that's
just based on a quick glance at the stacktrace.

On Fri, Mar 20, 2015 at 7:47 PM, Andrea Aime <[email protected]>
wrote:

> Hi,
> the Travis build keeps on failing in the security UI LDAP module with this
> error:
>
>
> Tests run: 5, Failures: 0, Errors: 1, Skipped: 4, Time elapsed: 43.477 sec 
> <<< FAILURE!
> testTestConnectionWitUserGroupService(org.geoserver.web.security.ldap.LDAPAuthProviderPanelTest)
>   Time elapsed: 39229 sec  <<< ERROR!
> org.jasypt.exceptions.EncryptionInitializationException: 
> java.lang.SecurityException: JCE cannot authenticate the provider BC
>       at 
> org.jasypt.encryption.pbe.StandardPBEByteEncryptor.initialize(StandardPBEByteEncryptor.java:708)
>       at 
> org.jasypt.encryption.pbe.StandardPBEByteEncryptor.encrypt(StandardPBEByteEncryptor.java:830)
>       at 
> org.geoserver.web.GeoserverWicketEncrypterFactory$CryptImpl.crypt(GeoserverWicketEncrypterFactory.java:74)
>       at 
> org.apache.wicket.util.crypt.AbstractCrypt.encryptStringToByteArray(AbstractCrypt.java:163)
>       at 
> org.apache.wicket.util.crypt.AbstractCrypt.encryptUrlSafe(AbstractCrypt.java:86)
>       at 
> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.encodeURL(CryptedUrlWebRequestCodingStrategy.java:229)
>       at 
> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.encode(CryptedUrlWebRequestCodingStrategy.java:140)
>       at 
> org.geoserver.web.GeoServerRequestEncodingStrategy.encode(GeoServerRequestEncodingStrategy.java:103)
>       at org.apache.wicket.RequestCycle.encodeUrlFor(RequestCycle.java:811)
>       at org.apache.wicket.RequestCycle.urlFor(RequestCycle.java:1011)
>       at 
> org.apache.wicket.protocol.http.MockWebApplication.processRequestCycle(MockWebApplication.java:491)
>       at 
> org.apache.wicket.protocol.http.MockWebApplication.processRequestCycle(MockWebApplication.java:413)
>       at 
> org.apache.wicket.util.tester.BaseWicketTester.startPage(BaseWicketTester.java:302)
>       at 
> org.apache.wicket.util.tester.BaseWicketTester.startPage(BaseWicketTester.java:243)
>       at 
> org.apache.wicket.util.tester.BaseWicketTester.startPage(BaseWicketTester.java:288)
>       at 
> org.geoserver.web.security.ldap.LDAPAuthProviderPanelTest.setupPanel(LDAPAuthProviderPanelTest.java:87)
>       at 
> org.geoserver.web.security.ldap.LDAPAuthProviderPanelTest.setupPanel(LDAPAuthProviderPanelTest.java:73)
>       at 
> org.geoserver.web.security.ldap.LDAPAuthProviderPanelTest.testTestConnectionWitUserGroupService(LDAPAuthProviderPanelTest.java:117)
>       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>       at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>       at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>       at java.lang.reflect.Method.invoke(Method.java:483)
>       at 
> org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47)
>       at 
> org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
>       at 
> org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)
>       at 
> org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
>       at 
> org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
>       at 
> org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
>       at org.junit.rules.RunRules.evaluate(RunRules.java:20)
>       at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:271)
>       at 
> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70)
>       at 
> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50)
>       at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)
>       at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)
>       at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)
>       at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)
>       at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)
>       at 
> org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
>       at 
> org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
>       at org.junit.runners.ParentRunner.run(ParentRunner.java:309)
>       at 
> org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:252)
>       at 
> org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:141)
>       at 
> org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:112)
>       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>       at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>       at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>       at java.lang.reflect.Method.invoke(Method.java:483)
>       at 
> org.apache.maven.surefire.util.ReflectionUtils.invokeMethodWithArray(ReflectionUtils.java:189)
>       at 
> org.apache.maven.surefire.booter.ProviderFactory$ProviderProxy.invoke(ProviderFactory.java:165)
>       at 
> org.apache.maven.surefire.booter.ProviderFactory.invokeProvider(ProviderFactory.java:85)
>       at 
> org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBoo-ter.java:115)
>       at 
> org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:75)
> Caused by: java.lang.SecurityException: JCE cannot authenticate the provider 
> BC
>       at javax.crypto.JceSecurity.getInstance(JceSecurity.java:114)
>       at javax.crypto.SecretKeyFactory.getInstance(SecretKeyFactory.java:244)
>       at 
> org.jasypt.encryption.pbe.StandardPBEByteEncryptor.initialize(StandardPBEByteEncryptor.java:667)
>       ... 51 more
> Caused by: java.util.jar.JarException: 
> file:/home/travis/.m2/repository/org/apache/directory/server/apacheds-all/1.5.5/apacheds-all-1.5.5.jar
>  has unsigned entries - 
> org/apache/directory/server/configuration/ApacheDS$1.class
>       at javax.crypto.JarVerifier.verifySingleJar(JarVerifier.java:464)
>       at javax.crypto.JarVerifier.verifyJars(JarVerifier.java:322)
>       at javax.crypto.JarVerifier.verify(JarVerifier.java:250)
>       at javax.crypto.JceSecurity.verifyProviderJar(JceSecurity.java:160)
>       at javax.crypto.JceSecurity.getVerificationResult(JceSecurity.java:186)
>       at javax.crypto.JceSecurity.getInstance(JceSecurity.java:110)
>       ... 53 more
>
> It's affecting both the Oracle JDK7 and JDK8 builds, but not the openjdk
> one:
>  https://travis-ci.org/geoserver/geoserver/jobs/55093376
>
> I cannot reproduce using Oracle JDK 7 or JDK 8 on Windows, any clue as to
> why that might be happening?
>
> Cheers
> Andrea
>
> --
> ==
> GeoServer Professional Services from the experts! Visit
> http://goo.gl/NWWaa2 for more information.
> ==
>
> Ing. Andrea Aime
> @geowolf
> Technical Lead
>
> GeoSolutions S.A.S.
> Via Poggio alle Viti 1187
> 55054  Massarosa (LU)
> Italy
> phone: +39 0584 962313
> fax: +39 0584 1660272
> mob: +39  339 8844549
>
> http://www.geo-solutions.it
> http://twitter.com/geosolutions_it
>
> *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*
>
> Le informazioni contenute in questo messaggio di posta elettronica e/o
> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
> loro utilizzo è consentito esclusivamente al destinatario del messaggio,
> per le finalità indicate nel messaggio stesso. Qualora riceviate questo
> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
> darcene notizia via e-mail e di procedere alla distruzione del messaggio
> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
> utilizzarlo per finalità diverse, costituisce comportamento contrario ai
> principi dettati dal D.Lgs. 196/2003.
>
>
>
> The information in this message and/or attachments, is intended solely for
> the attention and use of the named addressee(s) and may be confidential or
> proprietary in nature or covered by the provisions of privacy act
> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
> Code).Any use not in accord with its purpose, any disclosure, reproduction,
> copying, distribution, or either dissemination, either whole or partial, is
> strictly forbidden except previous formal approval of the named
> addressee(s). If you are not the intended recipient, please contact
> immediately the sender by telephone, fax or e-mail and delete the
> information in this message that has been received in error. The sender
> does not give any warranty or accept liability as the content, accuracy or
> completeness of sent messages and accepts no responsibility  for changes
> made after they were sent or for other risks which arise as a result of
> e-mail transmission, viruses, etc.
>
> -------------------------------------------------------
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website,
> sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for
> all
> things parallel software development, from weekly thought leadership blogs
> to
> news, videos, case studies, tutorials and more. Take a look and join the
> conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> Geoserver-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/geoserver-devel
>
>
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

Reply via email to