Bug #12606: Restricted java security policy breaks Rudder (class configured for Cipher(provider: BC)cannot be found) - Rudder - Issue Tracker

Actions

Copy link

Bug #12606

closed

Restricted java security policy breaks Rudder (class configured for Cipher(provider: BC)cannot be found)

Added by Alexis Mousset over 6 years ago. Updated over 6 years ago.

Status:

Released

Priority:

N/A

Assignee:

Alexis Mousset

Category:

Documentation

Target version:

4.1.12

Pull Request:

https://github.com/Normation/rudder-d...

Severity:

Critical - prevents main use of Rudder | no workaround | data loss | security

UX impact:

User visibility:

Getting started - demo | first install | level 1 Techniques

Effort required:

Priority:

Name check:

Fix check:

Regression:

Description

After upgrading a Rudder server from 4.1.7 to 4.3.1 on SLES11SP3, the server does not accept inventories anymore:

[2018-05-09 06:25:05] INFO  com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - New input inventory: 'server-root.ocs'
[2018-05-09 06:25:05] INFO  com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - Inventory 'server-root.ocs' parsed in 188 milliseconds ms, now checking signature
[2018-05-09 06:25:05] ERROR com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - Failure(class configured for Signature (provider: BC) cannot be found.,Empty,Empty)
[2018-05-09 06:25:05] ERROR com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - Error when trying to check inventory signature <- class configured for Signature (provider: BC) cannot be found.
[2018-05-09 06:30:04] INFO  com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - New input inventory: 'agent1-2dc769fa-a7c0-4733-ad2e-08b9046b20b6.ocs'
[2018-05-09 06:30:05] INFO  com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - Inventory 'agent1-2dc769fa-a7c0-4733-ad2e-08b9046b20b6.ocs' parsed in 165 milliseconds ms, now checking signature
[2018-05-09 06:30:05] ERROR com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - Failure(class configured for Signature (provider: BC) cannot be found.,Empty,Empty)
[2018-05-09 06:30:05] ERROR com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - Error when trying to check inventory signature <- class configured for Signature (provider: BC) cannot be found.
[2018-05-09 06:30:35] INFO  com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - New input inventory: 'agent1-2dc769fa-a7c0-4733-ad2e-08b9046b20b6.ocs'
[2018-05-09 06:30:35] INFO  com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - Inventory 'agent1-2dc769fa-a7c0-4733-ad2e-08b9046b20b6.ocs' parsed in 129 milliseconds ms, now checking signature
[2018-05-09 06:30:35] ERROR com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - Failure(class configured for Signature (provider: BC) cannot be found.,Empty,Empty)
[2018-05-09 06:30:35] ERROR com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - Error when trying to check inventory signature <- class configured for Signature (provider: BC) cannot be found.
[2018-05-09 06:30:35] INFO  com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - New input inventory: 'agent2-de6b815d-5d59-48bc-88bd-2fcbe79b53cd.ocs'
[2018-05-09 06:30:35] INFO  com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - Inventory 'agent2-de6b815d-5d59-48bc-88bd-2fcbe79b53cd.ocs' parsed in 250 milliseconds ms, now checking signature
[2018-05-09 06:30:35] ERROR com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - Failure(class configured for Signature (provider: BC) cannot be found.,Empty,Empty)
[2018-05-09 06:30:35] ERROR com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - Error when trying to check inventory signature <- class configured for Signature (provider: BC) cannot be found.
[2018-05-09 06:35:04] INFO  com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - New input inventory: 'agent1-2dc769fa-a7c0-4733-ad2e-08b9046b20b6.ocs'
[2018-05-09 06:35:04] INFO  com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - Inventory 'agent1-2dc769fa-a7c0-4733-ad2e-08b9046b20b6.ocs' parsed in 70 milliseconds ms, now checking signature
[2018-05-09 06:35:04] ERROR com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - Failure(class configured for Signature (provider: BC) cannot be found.,Empty,Empty)
[2018-05-09 06:35:04] ERROR com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - Error when trying to check inventory signature <- class configured for Signature (provider: BC) cannot be found.

# java -version
java version "1.8.0_101" 
Java(TM) SE Runtime Environment (build 1.8.0_101-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.101-b13, mixed mode)

Workaround (also in comment 1 below):

- Edit $JAVA_HOME/jre/lib/security/java.security
- Look for lines like: security.provider.n=....
- Add a new line with n=previous max number+1 (for ex, if the last line starts with security.provider.9=... , use n=10):

security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider

Related issues 1 (0 open — 1 closed)

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Rudder

Custom queries

Bug #12606

Restricted java security policy breaks Rudder (class configured for Cipher(provider: BC)cannot be found)

Updated by François ARMAND over 6 years ago

Updated by François ARMAND over 6 years ago

Updated by François ARMAND over 6 years ago

Updated by François ARMAND over 6 years ago

Updated by François ARMAND over 6 years ago

Updated by François ARMAND over 6 years ago

Updated by François ARMAND over 6 years ago

Updated by Benoît PECCATTE over 6 years ago

Updated by François ARMAND over 6 years ago

Updated by François ARMAND over 6 years ago