Issue2469
Created on 2016-02-18.02:20:21 by dclayton, last changed 2016-03-14.16:41:15 by zyasoft.
msg10753 (view) |
Author: Doug Clayton (dclayton) |
Date: 2016-02-18.02:20:19 |
|
If you BouncyCastle for cryptography, for instance, to do AES-128 in CBC mode:
from javax.crypto import KeyGenerator
KeyGenerator.getInstance("2.16.840.1.101.3.4.1.2", "BC")
it fails, if you have previously imported any SSL code (eg httplib), with the following exception:
java.security.NoSuchProviderException: JCE cannot authenticate the provider BC
This is because Jython bundles BouncyCastle in org.python.bouncycastle, then initializes it in _sslcerts.py (summarized):
try:
# jarjar-ed version
from org.python.bouncycastle.jce.provider import BouncyCastleProvider
except ImportError:
# dev version from extlibs
from org.bouncycastle.jce.provider import BouncyCastleProvider
Security.addProvider(BouncyCastleProvider())
This registers org.python.bouncycastle.jce.provider.BouncyCastleProvider, which comes from an unsigned jar (namely python), and thus fails with that exception.
|
msg10754 (view) |
Author: Doug Clayton (dclayton) |
Date: 2016-02-18.02:24:46 |
|
Note that there are workarounds for the end user:
1. You can add the proper BC jar to your JRE (http://stackoverflow.com/questions/13721579/jce-cannot-authenticate-the-provider-bc-in-java-swing-application).
2. You can put a relative path to the BC jar in the manifest for the jython jar:
Class-Path: Path/to/your/BC.jar
and run this before any other code:
from org.bouncycastle.jce.provider import BouncyCastleProvider
Security.addProvider(BouncyCastleProvider())
|
msg10755 (view) |
Author: Doug Clayton (dclayton) |
Date: 2016-02-18.02:35:32 |
|
One fix for Jython is to change the preferred order in _sslcerts.py to use the proper bouncycastle package name, if it can be imported, and fall back to the embedded version if not (which evidently works for all Jython's SSL use cases). That way users who want the real signed bouncycastle jar can use it if they need it.
|
msg10756 (view) |
Author: Jim Baker (zyasoft) |
Date: 2016-02-18.04:47:51 |
|
@Doug, sounds good about the change in import ordering. Makes sense, and something we can easily do.
|
msg10769 (view) |
Author: Jim Baker (zyasoft) |
Date: 2016-02-24.05:56:55 |
|
Fixed as of https://hg.python.org/jython/rev/b41685e8b69c
|
msg10779 (view) |
Author: Doug Clayton (dclayton) |
Date: 2016-02-24.13:06:28 |
|
That was quick, thanks!
|
|
Date |
User |
Action |
Args |
2016-03-14 16:41:15 | zyasoft | set | status: pending -> closed |
2016-02-24 13:06:28 | dclayton | set | messages:
+ msg10779 |
2016-02-24 06:30:45 | zyasoft | set | resolution: accepted -> fixed |
2016-02-24 05:56:56 | zyasoft | set | status: open -> pending messages:
+ msg10769 |
2016-02-18 21:34:53 | zyasoft | set | priority: high |
2016-02-18 04:47:51 | zyasoft | set | assignee: zyasoft resolution: accepted messages:
+ msg10756 nosy:
+ zyasoft milestone: Jython 2.7.1 |
2016-02-18 02:35:32 | dclayton | set | messages:
+ msg10755 |
2016-02-18 02:24:47 | dclayton | set | messages:
+ msg10754 |
2016-02-18 02:20:21 | dclayton | create | |
|