Re: Anyone know how to set up a bouncycastle?
Some files are encrypted with the empty user password (but not empty owner password), that is why you can open them. In Adobe Reader, you will see "(PROTECTED)" in the title bar. (or something similar in another language) My understanding is that this is the call that doesn't work: Security.addProvider(new BouncyCastleProvider()); 1) change your code so that this piece of code is at the start of your software 2) Does it work? I assume it won't. 3) prepare a minimal webstart application, i.e. just with bouncycastle 4) Assuming it still doesn't work, ask your question on stackoverflow. Don't forget to add webstart and bouncycastle as labels, and include all relevant files. You will probably be more successful there. Tilman Am 24.09.2015 um 14:13 schrieb Eric Douglas: I have all separate jars on my system. pdfbox-2.0.0.jar, fontbox-2.0.0.jar, bcprov-jdk15on-152.jar ... There is something in the system telling this not to work. This Java works on a different system and I can't tell what's different between the two. I am getting this error still on my system on PDDocument.load now even on non-secured PDF. On Thu, Sep 24, 2015 at 6:16 AM, Andreas Lehmkühler wrote: Hi, Eric Douglas hat am 18. September 2015 um 16:53 geschrieben: I'm trying to read a PDF using pdfbox, and on one system I get this error: cannot create instance of org.bouncycastle.jcajce.provider.digest.GOST3411$Mappings : java.security.AccessControlException: access denied ("java.security.SecurityPermission" "putProviderProperty.BC") java.lang.InternalError: cannot create instance of org.bouncycastle.jcajce. provider.digest.GOST3411$Mappings : java.security.AccessControlException: access denied ("java.security.SecurityPermission" "putProviderProperty.BC") org.bouncycastle.jce.provider.BouncyCastleProvider.loadAlgorithms(Unknown Source) org.bouncycastle.jce.provider.BouncyCastleProvider.setup(Unknown Source) org.bouncycastle.jce.provider.BouncyCastleProvider.access$000(Unknown Source) org.bouncycastle.jce.provider.BouncyCastleProvider$1.run(Unknown Source) java.security.AccessController.doPrivileged(Native Method) org.bouncycastle.jce.provider.BouncyCastleProvider.(Unknown Source) org.apache.pdfbox.pdmodel.encryption.SecurityHandlerFactory.( SecurityHandlerFactory.java:44) org.apache.pdfbox.pdmodel.encryption.PDEncryption. (PDEncryption.java:96) org.apache.pdfbox.pdfparser.PDFParser.prepareDecryption(PDFParser.java:436) org.apache.pdfbox.pdfparser.PDFParser.initialParse(PDFParser.java:321) org.apache.pdfbox.pdfparser.PDFParser.parse(PDFParser.java:373) org.apache.pdfbox.pdmodel.PDDocument.load(PDDocument.java:890) org.apache.pdfbox.pdmodel.PDDocument.load(PDDocument.java:821) I looked up where and how to put this grant stuff. This sounds complicated. https://docs.oracle.com/javase/8/docs/technotes/guides/security/PolicyFiles.html#FileSyntax I'm running webstart. This should work for my client and server? I just have to update the server? This goes in the jdk1.8.0_60\jre\lib\security\java.security file? I have to manually put this here for each server, and do it again any time we install a new Java version? I put this in my jnlp file. It apparently didn't help this issue. Is there a way to make this work without manually editing files we'll have to worry about later? This is just for an application, server and clients are all on local network. I'm not an expert, but there are several possible reasons. Did you sign the jars you are using? Starting with 1.7.0_45 (I hope to remember the correct version) signing the jars is mandantory. And there are some other restrictions for the JNLP file itself. Do you use the pdfbox-app jar? This could be problematic as the repacking of the jar destroys the signature of the bouncy castle jar, which is needed for a JNLP usage. Is there a way to call PDDocument.load without using BouncyCastle, or without installing it in java security? The bouncy castle stuff is needed as long as your pdfs are using encrypted data and according to the stack trace it looks like you do. BR Andreas - To unsubscribe, e-mail: users-unsubscr...@pdfbox.apache.org For additional commands, e-mail: users-h...@pdfbox.apache.org - To unsubscribe, e-mail: users-unsubscr...@pdfbox.apache.org For additional commands, e-mail: users-h...@pdfbox.apache.org
Re: Anyone know how to set up a bouncycastle?
I have all separate jars on my system. pdfbox-2.0.0.jar, fontbox-2.0.0.jar, bcprov-jdk15on-152.jar ... There is something in the system telling this not to work. This Java works on a different system and I can't tell what's different between the two. I am getting this error still on my system on PDDocument.load now even on non-secured PDF. On Thu, Sep 24, 2015 at 6:16 AM, Andreas Lehmkühler wrote: > Hi, > > > Eric Douglas hat am 18. September 2015 um > 16:53 > > geschrieben: > > > > > > I'm trying to read a PDF using pdfbox, and on one system I get this > error: > > > > cannot create instance of > > org.bouncycastle.jcajce.provider.digest.GOST3411$Mappings > > : java.security.AccessControlException: access denied > > ("java.security.SecurityPermission" > > "putProviderProperty.BC") > > java.lang.InternalError: cannot create instance of > org.bouncycastle.jcajce. > > provider.digest.GOST3411$Mappings : java.security.AccessControlException: > > access denied ("java.security.SecurityPermission" > "putProviderProperty.BC") > > org.bouncycastle.jce.provider.BouncyCastleProvider.loadAlgorithms(Unknown > > Source) > > org.bouncycastle.jce.provider.BouncyCastleProvider.setup(Unknown Source) > > org.bouncycastle.jce.provider.BouncyCastleProvider.access$000(Unknown > > Source) > > org.bouncycastle.jce.provider.BouncyCastleProvider$1.run(Unknown Source) > > java.security.AccessController.doPrivileged(Native Method) > > org.bouncycastle.jce.provider.BouncyCastleProvider.(Unknown Source) > > org.apache.pdfbox.pdmodel.encryption.SecurityHandlerFactory.( > > SecurityHandlerFactory.java:44) > > org.apache.pdfbox.pdmodel.encryption.PDEncryption. > > (PDEncryption.java:96) > > > org.apache.pdfbox.pdfparser.PDFParser.prepareDecryption(PDFParser.java:436) > > org.apache.pdfbox.pdfparser.PDFParser.initialParse(PDFParser.java:321) > > org.apache.pdfbox.pdfparser.PDFParser.parse(PDFParser.java:373) > > org.apache.pdfbox.pdmodel.PDDocument.load(PDDocument.java:890) > > org.apache.pdfbox.pdmodel.PDDocument.load(PDDocument.java:821) > > > > I looked up where and how to put this grant stuff. This sounds > > complicated. > > > https://docs.oracle.com/javase/8/docs/technotes/guides/security/PolicyFiles.html#FileSyntax > > > > > > I'm running webstart. This should work for my client and server? I just > > have to update the server? This goes in the > > jdk1.8.0_60\jre\lib\security\java.security > > file? I have to manually put this here for each server, and do it again > > any time we install a new Java version? > > I put this in my jnlp file. It apparently didn't help this issue. > > > > > > > > Is there a way to make this work without manually editing files we'll > have > > to worry about later? This is just for an application, server and > clients > > are all on local network. > I'm not an expert, but there are several possible reasons. > > Did you sign the jars you are using? Starting with 1.7.0_45 (I hope to > remember > the correct version) signing the jars is mandantory. And there are some > other > restrictions for the JNLP file itself. > > Do you use the pdfbox-app jar? This could be problematic as the repacking > of the > jar destroys the signature of the bouncy castle jar, which is needed for a > JNLP > usage. > > > > > Is there a way to call PDDocument.load without using BouncyCastle, or > > without installing it in java security? > The bouncy castle stuff is needed as long as your pdfs are using encrypted > data > and according to the stack trace it looks like you do. > > BR > Andreas > > - > To unsubscribe, e-mail: users-unsubscr...@pdfbox.apache.org > For additional commands, e-mail: users-h...@pdfbox.apache.org > >
Re: Anyone know how to set up a bouncycastle?
Hi, > Eric Douglas hat am 18. September 2015 um 16:53 > geschrieben: > > > I'm trying to read a PDF using pdfbox, and on one system I get this error: > > cannot create instance of > org.bouncycastle.jcajce.provider.digest.GOST3411$Mappings > : java.security.AccessControlException: access denied > ("java.security.SecurityPermission" > "putProviderProperty.BC") > java.lang.InternalError: cannot create instance of org.bouncycastle.jcajce. > provider.digest.GOST3411$Mappings : java.security.AccessControlException: > access denied ("java.security.SecurityPermission" "putProviderProperty.BC") > org.bouncycastle.jce.provider.BouncyCastleProvider.loadAlgorithms(Unknown > Source) > org.bouncycastle.jce.provider.BouncyCastleProvider.setup(Unknown Source) > org.bouncycastle.jce.provider.BouncyCastleProvider.access$000(Unknown > Source) > org.bouncycastle.jce.provider.BouncyCastleProvider$1.run(Unknown Source) > java.security.AccessController.doPrivileged(Native Method) > org.bouncycastle.jce.provider.BouncyCastleProvider.(Unknown Source) > org.apache.pdfbox.pdmodel.encryption.SecurityHandlerFactory.( > SecurityHandlerFactory.java:44) > org.apache.pdfbox.pdmodel.encryption.PDEncryption. > (PDEncryption.java:96) > org.apache.pdfbox.pdfparser.PDFParser.prepareDecryption(PDFParser.java:436) > org.apache.pdfbox.pdfparser.PDFParser.initialParse(PDFParser.java:321) > org.apache.pdfbox.pdfparser.PDFParser.parse(PDFParser.java:373) > org.apache.pdfbox.pdmodel.PDDocument.load(PDDocument.java:890) > org.apache.pdfbox.pdmodel.PDDocument.load(PDDocument.java:821) > > I looked up where and how to put this grant stuff. This sounds > complicated. > https://docs.oracle.com/javase/8/docs/technotes/guides/security/PolicyFiles.html#FileSyntax > > > I'm running webstart. This should work for my client and server? I just > have to update the server? This goes in the > jdk1.8.0_60\jre\lib\security\java.security > file? I have to manually put this here for each server, and do it again > any time we install a new Java version? > I put this in my jnlp file. It apparently didn't help this issue. > > > > Is there a way to make this work without manually editing files we'll have > to worry about later? This is just for an application, server and clients > are all on local network. I'm not an expert, but there are several possible reasons. Did you sign the jars you are using? Starting with 1.7.0_45 (I hope to remember the correct version) signing the jars is mandantory. And there are some other restrictions for the JNLP file itself. Do you use the pdfbox-app jar? This could be problematic as the repacking of the jar destroys the signature of the bouncy castle jar, which is needed for a JNLP usage. > > Is there a way to call PDDocument.load without using BouncyCastle, or > without installing it in java security? The bouncy castle stuff is needed as long as your pdfs are using encrypted data and according to the stack trace it looks like you do. BR Andreas - To unsubscribe, e-mail: users-unsubscr...@pdfbox.apache.org For additional commands, e-mail: users-h...@pdfbox.apache.org
Anyone know how to set up a bouncycastle?
I'm trying to read a PDF using pdfbox, and on one system I get this error: cannot create instance of org.bouncycastle.jcajce.provider.digest.GOST3411$Mappings : java.security.AccessControlException: access denied ("java.security.SecurityPermission" "putProviderProperty.BC") java.lang.InternalError: cannot create instance of org.bouncycastle.jcajce. provider.digest.GOST3411$Mappings : java.security.AccessControlException: access denied ("java.security.SecurityPermission" "putProviderProperty.BC") org.bouncycastle.jce.provider.BouncyCastleProvider.loadAlgorithms(Unknown Source) org.bouncycastle.jce.provider.BouncyCastleProvider.setup(Unknown Source) org.bouncycastle.jce.provider.BouncyCastleProvider.access$000(Unknown Source) org.bouncycastle.jce.provider.BouncyCastleProvider$1.run(Unknown Source) java.security.AccessController.doPrivileged(Native Method) org.bouncycastle.jce.provider.BouncyCastleProvider.(Unknown Source) org.apache.pdfbox.pdmodel.encryption.SecurityHandlerFactory.( SecurityHandlerFactory.java:44) org.apache.pdfbox.pdmodel.encryption.PDEncryption. (PDEncryption.java:96) org.apache.pdfbox.pdfparser.PDFParser.prepareDecryption(PDFParser.java:436) org.apache.pdfbox.pdfparser.PDFParser.initialParse(PDFParser.java:321) org.apache.pdfbox.pdfparser.PDFParser.parse(PDFParser.java:373) org.apache.pdfbox.pdmodel.PDDocument.load(PDDocument.java:890) org.apache.pdfbox.pdmodel.PDDocument.load(PDDocument.java:821) I looked up where and how to put this grant stuff. This sounds complicated. https://docs.oracle.com/javase/8/docs/technotes/guides/security/PolicyFiles.html#FileSyntax I'm running webstart. This should work for my client and server? I just have to update the server? This goes in the jdk1.8.0_60\jre\lib\security\java.security file? I have to manually put this here for each server, and do it again any time we install a new Java version? I put this in my jnlp file. It apparently didn't help this issue. Is there a way to make this work without manually editing files we'll have to worry about later? This is just for an application, server and clients are all on local network. Is there a way to call PDDocument.load without using BouncyCastle, or without installing it in java security?