8 Replies Latest reply: Dec 20, 2013 4:15 AM by Tullio Bettinazzi RSS

How to add bouncycastle to JBoss AS 7.1

John Genoese Newbie

What is the appropriate way to add bouncycastle (  bcprov-jdk16-1.46.jar ) to JBoss AS7 in such a way so as to use it as a security provider? I've tried doing the conventional JDK-level install and that doesn't work. Putting the jar in ear/lib doesn't work, either (some sort of VFS error). When I leave it out of ear/lib I get

 

java.lang.ClassNotFoundException: org.bouncycastle.jce.provider.BouncyCastleProvider from [Module "deployment.waimap.ear:main" from Service Module Loader]

 

What am I missing?

 

Thanks for any help.

  • 1. Re: How to add bouncycastle to JBoss AS 7.1
    John Genoese Newbie

    I'm not sure what I was doing wrong before, but the following works beautifully, without having to alter the JVM in any way.

     

    1. Create an 'org.bouncycastle' module in the following manner:
      1. Under $JBOSS_HOME/modules, create directory 'org/bouncycastle/main'. Directory 'org' will already be there.
      2. Copy bcprov-jdk16-1.46.jar into org/bouncycastle/main
      3. Create file 'bcprov-jdk16-1.46.jar.index' in org/bouncycastle/main, which is basically the output of a "jar -tf" command without the ".class" lines. I put a blank line at the top because these .index files always seem to have one. I have attached this file as "bcprov-jdk16-1.46.jar.index".
      4. Create a file called "module.xml", also in org/bouncycastle/main, which will point to the jar file and reference module "javax.api" as a dependency. I have attached this file as 'module.xml'.
      5. The module is complete.
    2. Since I am deploying in an EAR file, I had to add a module dependency entry to my EAR's META-INF/jboss-deployment-structure.xml file, under the <deployment><dependencies> section, like so:

       

      <deployment><dependencies><module name="org.bouncycastle" slot="main" export="true"/>

       

       

       

    3. Make certain that the ear's /lib directory does NOT contain bcprov-jdk16-1.46.jar.

     

    Notes:

    • The 'slot="main" and 'export="true" parameters are very important in the jboss-dependency-structure.xml file. I spent a few iterations getting that corrected. For example, my app couldn't see the bouncycastle classes when I omitted 'slot="main" from the org.bouncycastle dependency. Ugh!
    • Using the JVM option "-verbose:class" helped a lot in debugging this. In one permutation, I actually was able to see the same Bouncy Castle classes loaded under two different class loaders! That was when I had the JVM itself configured AND has the classes in EAR/lib -- twice wrong!

     

    I think that's it.

     

    My deepest thanks to the JBoss and Bouncy Castle communities for creating these world-class platforms. I had grumblings about JBoss Modules at first, but now that I understand it a bit better, I realize that it's a good approach. One could easily envision the creation of canonical modules in various problem domains. I just hope that somehow it coordinates with maven (unless it already does and It just got by me).

  • 2. Re: How to add bouncycastle to JBoss AS 7.1
    Vin Prabhu Newbie

    Perfect solution.. Thanks alot

  • 3. Re: How to add bouncycastle to JBoss AS 7.1
    Nick Scavelli Novice

    Another option, if you want to bundle bouncycastle in the WAR instead of having to add a module to as7, is have jboss-deployment-structure.xml file as such

     

    <jboss-deployment-structure>
       <deployment>
          <resources>
             <resource-root path="WEB-INF/lib/bcprov-jdk16-1.46.jar" use-physical-code-source="true"/>
          </resources>
       </deployment>
    </jboss-deployment-structure>
    

     

    This gets around the VFS error that you mention. I believe it's a non-issue if you use openjdk.

  • 4. Re: How to add bouncycastle to JBoss AS 7.1
    Alex Corvino Newbie

    Dude, I was this close to asking if anyone knew how to do this for a WAR deployment. (Seriously, I was typing in a post when I started getting "Internal Server Error" popups and reloaded the page.) That totally fixed my problem. You rock.

  • 5. Re: How to add bouncycastle to JBoss AS 7.1
    Nick Scavelli Novice

    Haha that's funny. Glad I could help

  • 6. Re: How to add bouncycastle to JBoss AS 7.1
    Le Duc Tung Newbie

    Hello Nick Scavelli,

     

    Thanks for your help and I followed exactly what you mentioned but I got this case:

    - Build Application.ear

    - Start JBOSS AS 7 standalone server

    - upload Application.ear to jboss AS 7 server

    -> then the bouncyCastle not get loaded

    - Restart JBOSS AS 7 server

    - This time, bouncyCastle get loaded and everything went fine.

     

    Do you have any idea about this?

  • 7. Re: How to add bouncycastle to JBoss AS 7.1
    Le Duc Tung Newbie

    I forgot to mention my ear structure

    Application.EAR

                        -----lib         

                        -----META-INF    

                        -----Application.war         

     

    And my jboss-deployment-structure.xml

    <jboss-deployment-structure>

      <ear-subdeployments-isolated>false</ear-subdeployments-isolated>

      <resources>

            <resource-root path="WEB-INF/lib/bcprov-jdk15on-1.47.jar" use-physical-code-source="true"/>

            <resource-root path="WEB-INF/lib/bcpkix-jdk15on-1.47.jar" use-physical-code-source="true"/>

            <resource-root path="WEB-INF/lib/bcmail-jdk15on-1.47.jar" use-physical-code-source="true"/>

          </resources>

      </deployment>

    </jboss-deployment-structure>

  • 8. Re: How to add bouncycastle to JBoss AS 7.1
    Tullio Bettinazzi Newbie

    Bad idea in such way I'm forced to use different wars for different  Application Servers also when is not needed or usefull.

    Why such problem with Bouncy Castel ?

    Is there an alternative solution ?

    Tks

    Tullio