Project

General

Profile

Actions

Bug #12606

closed

Restricted java security policy breaks Rudder (class configured for Cipher(provider: BC)cannot be found)

Added by Alexis Mousset almost 6 years ago. Updated over 5 years ago.

Status:
Released
Priority:
N/A
Category:
Documentation
Target version:
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
User visibility:
Getting started - demo | first install | level 1 Techniques
Effort required:
Priority:
92
Name check:
Fix check:
Regression:

Description

After upgrading a Rudder server from 4.1.7 to 4.3.1 on SLES11SP3, the server does not accept inventories anymore:

[2018-05-09 06:25:05] INFO  com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - New input inventory: 'server-root.ocs'
[2018-05-09 06:25:05] INFO  com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - Inventory 'server-root.ocs' parsed in 188 milliseconds ms, now checking signature
[2018-05-09 06:25:05] ERROR com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - Failure(class configured for Signature (provider: BC) cannot be found.,Empty,Empty)
[2018-05-09 06:25:05] ERROR com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - Error when trying to check inventory signature <- class configured for Signature (provider: BC) cannot be found.
[2018-05-09 06:30:04] INFO  com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - New input inventory: 'agent1-2dc769fa-a7c0-4733-ad2e-08b9046b20b6.ocs'
[2018-05-09 06:30:05] INFO  com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - Inventory 'agent1-2dc769fa-a7c0-4733-ad2e-08b9046b20b6.ocs' parsed in 165 milliseconds ms, now checking signature
[2018-05-09 06:30:05] ERROR com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - Failure(class configured for Signature (provider: BC) cannot be found.,Empty,Empty)
[2018-05-09 06:30:05] ERROR com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - Error when trying to check inventory signature <- class configured for Signature (provider: BC) cannot be found.
[2018-05-09 06:30:35] INFO  com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - New input inventory: 'agent1-2dc769fa-a7c0-4733-ad2e-08b9046b20b6.ocs'
[2018-05-09 06:30:35] INFO  com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - Inventory 'agent1-2dc769fa-a7c0-4733-ad2e-08b9046b20b6.ocs' parsed in 129 milliseconds ms, now checking signature
[2018-05-09 06:30:35] ERROR com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - Failure(class configured for Signature (provider: BC) cannot be found.,Empty,Empty)
[2018-05-09 06:30:35] ERROR com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - Error when trying to check inventory signature <- class configured for Signature (provider: BC) cannot be found.
[2018-05-09 06:30:35] INFO  com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - New input inventory: 'agent2-de6b815d-5d59-48bc-88bd-2fcbe79b53cd.ocs'
[2018-05-09 06:30:35] INFO  com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - Inventory 'agent2-de6b815d-5d59-48bc-88bd-2fcbe79b53cd.ocs' parsed in 250 milliseconds ms, now checking signature
[2018-05-09 06:30:35] ERROR com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - Failure(class configured for Signature (provider: BC) cannot be found.,Empty,Empty)
[2018-05-09 06:30:35] ERROR com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - Error when trying to check inventory signature <- class configured for Signature (provider: BC) cannot be found.
[2018-05-09 06:35:04] INFO  com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - New input inventory: 'agent1-2dc769fa-a7c0-4733-ad2e-08b9046b20b6.ocs'
[2018-05-09 06:35:04] INFO  com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - Inventory 'agent1-2dc769fa-a7c0-4733-ad2e-08b9046b20b6.ocs' parsed in 70 milliseconds ms, now checking signature
[2018-05-09 06:35:04] ERROR com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - Failure(class configured for Signature (provider: BC) cannot be found.,Empty,Empty)
[2018-05-09 06:35:04] ERROR com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - Error when trying to check inventory signature <- class configured for Signature (provider: BC) cannot be found.
# java -version
java version "1.8.0_101" 
Java(TM) SE Runtime Environment (build 1.8.0_101-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.101-b13, mixed mode)

Workaround (also in comment 1 below):

- Edit $JAVA_HOME/jre/lib/security/java.security
- Look for lines like: security.provider.n=....
- Add a new line with n=previous max number+1 (for ex, if the last line starts with security.provider.9=... , use n=10):

security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider

Related issues 1 (0 open1 closed)

Related to Rudder - Bug #12474: root node disapeared while upgrading from 4.1 to 4.3 on debian 9ReleasedVincent MEMBRÉActions
Actions

Also available in: Atom PDF