当前位置: 动力学知识库 > 问答 > 编程问答 >

java - EncryptionOperationNotPossibleException by Jasypt with Bouncy Castle

问题描述:

I try to use Jasypt with Bouncy Castle crypro provides (128Bit AES) in a Spring Application to decrypt entity properties while saving them with Hibernate. But I always get this org.jasypt.exceptions.EncryptionOperationNotPossibleException when try to save the entrity.

org.jasypt.exceptions.EncryptionOperationNotPossibleException

Encryption raised an exception. A possible cause is you are using strong encryption

algorithms and you have not installed the Java Cryptography Extension (JCE) Unlimited

Strength Jurisdiction Policy Files in this Java Virtual Machine

at org.jasypt.encryption.pbe.StandardPBEByteEncryptor.handleInvalidKeyException(StandardPBEByteEncryptor.java:1073)

at org.jasypt.encryption.pbe.StandardPBEByteEncryptor.encrypt(StandardPBEByteEncryptor.java:924)

at org.jasypt.encryption.pbe.StandardPBEStringEncryptor.encrypt(StandardPBEStringEncryptor.java:642)

at org.jasypt.hibernate4.type.AbstractEncryptedAsStringType.nullSafeSet(AbstractEncryptedAsStringType.java:155)

at org.hibernate.type.CustomType.nullSafeSet(CustomType.java:158)

(full stacktrace below)

I do not use Java Cryptography Extension (JCE), thats why I try to use Bouncy Castle

I think there is something wrong with the spring configuration, does anybody find the problem?

My spring Configuration is:

<bean id="bouncyCastleProvider" class="org.bouncycastle.jce.provider.BouncyCastleProvider"/>

<bean class="org.jasypt.hibernate4.encryptor.HibernatePBEStringEncryptor" depends-on="bouncyCastleProvider">

<property name="provider" ref="bouncyCastleProvider"/>

<property name="providerName" value="BC"/>

<property name="saltGenerator">

<bean class="org.jasypt.salt.RandomSaltGenerator"/>

</property>

<property name="registeredName" value="STRING_ENCRYPTOR"/>

<property name="algorithm" value="PBEWITHSHA256AND128BITAES-CBC-BC"/>

<property name="password" value="sEcRET1234"/>

</bean>

Usage:

@Entity

@TypeDef(name = "encryptedString", typeClass = EncryptedStringType.class, parameters = { @Parameter(name = "encryptorRegisteredName", value = "STRING_ENCRYPTOR") })

public class SubscriptionProcess {

...

@Type(type = "encryptedString")

private String debitAccountIban;

...

}

pom/dependenies

 <dependency>

<groupId>org.jasypt</groupId>

<artifactId>jasypt</artifactId>

<version>1.9.2</version>

</dependency>

<dependency>

<groupId>org.jasypt</groupId>

<artifactId>jasypt-hibernate4</artifactId>

<version>1.9.2</version>

</dependency>

...

<dependency>

<groupId>org.bouncycastle</groupId>

<!-- I use an older version of bouncy castle that is also used by tika -->

<artifactId>bcprov-jdk15</artifactId>

<version>1.45</version>

</dependency>

<dependency>

<groupId>org.bouncycastle</groupId>

<artifactId>bcmail-jdk15</artifactId>

<version>1.45</version>

</dependency>

Full Stack Trace

org.jasypt.exceptions.EncryptionOperationNotPossibleException: Encryption raised an exception. A possible cause is you are using strong encryption algorithms and you have not installed the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files in this Java Virtual Machine

at org.jasypt.encryption.pbe.StandardPBEByteEncryptor.handleInvalidKeyException(StandardPBEByteEncryptor.java:1073)

at org.jasypt.encryption.pbe.StandardPBEByteEncryptor.encrypt(StandardPBEByteEncryptor.java:924)

at org.jasypt.encryption.pbe.StandardPBEStringEncryptor.encrypt(StandardPBEStringEncryptor.java:642)

at org.jasypt.hibernate4.type.AbstractEncryptedAsStringType.nullSafeSet(AbstractEncryptedAsStringType.java:155)

at org.hibernate.type.CustomType.nullSafeSet(CustomType.java:158)

at org.hibernate.persister.entity.AbstractEntityPersister.dehydrate(AbstractEntityPersister.java:2843)

at org.hibernate.persister.entity.AbstractEntityPersister.dehydrate(AbstractEntityPersister.java:2818)

at org.hibernate.persister.entity.AbstractEntityPersister$4.bindValues(AbstractEntityPersister.java:3025)

at org.hibernate.id.insert.AbstractReturningDelegate.performInsert(AbstractReturningDelegate.java:57)

at org.hibernate.persister.entity.AbstractEntityPersister.insert(AbstractEntityPersister.java:3032)

at org.hibernate.persister.entity.AbstractEntityPersister.insert(AbstractEntityPersister.java:3556)

at org.hibernate.action.internal.EntityIdentityInsertAction.execute(EntityIdentityInsertAction.java:97)

at org.hibernate.engine.spi.ActionQueue.execute(ActionQueue.java:480)

at org.hibernate.engine.spi.ActionQueue.addResolvedEntityInsertAction(ActionQueue.java:191)

at org.hibernate.engine.spi.ActionQueue.addInsertAction(ActionQueue.java:175)

at org.hibernate.engine.spi.ActionQueue.addAction(ActionQueue.java:210)

at org.hibernate.event.internal.AbstractSaveEventListener.addInsertAction(AbstractSaveEventListener.java:324)

at org.hibernate.event.internal.AbstractSaveEventListener.performSaveOrReplicate(AbstractSaveEventListener.java:288)

at org.hibernate.event.internal.AbstractSaveEventListener.performSave(AbstractSaveEventListener.java:194)

at org.hibernate.event.internal.AbstractSaveEventListener.saveWithGeneratedId(AbstractSaveEventListener.java:125)

at org.hibernate.jpa.event.internal.core.JpaPersistEventListener.saveWithGeneratedId(JpaPersistEventListener.java:84)

at org.hibernate.event.internal.DefaultPersistEventListener.entityIsTransient(DefaultPersistEventListener.java:206)

at org.hibernate.event.internal.DefaultPersistEventListener.onPersist(DefaultPersistEventListener.java:149)

at org.hibernate.event.internal.DefaultPersistEventListener.onPersist(DefaultPersistEventListener.java:75)

at org.hibernate.internal.SessionImpl.firePersist(SessionImpl.java:807)

at org.hibernate.internal.SessionImpl.persist(SessionImpl.java:780)

at org.hibernate.internal.SessionImpl.persist(SessionImpl.java:785)

at org.hibernate.jpa.spi.AbstractEntityManagerImpl.persist(AbstractEntityManagerImpl.java:1181)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:606)

at org.springframework.orm.jpa.SharedEntityManagerCreator$SharedEntityManagerInvocationHandler.invoke(SharedEntityManagerCreator.java:291)

at com.sun.proxy.$Proxy78.persist(Unknown Source)

at com.demo.base.user.BaseUserDomainCreatorUtil$Persistent.postCreate(BaseUserDomainCreatorUtil.java:424)

at com.demo.base.user.BaseUserDomainCreatorUtil.createSafeCustodyAccount(BaseUserDomainCreatorUtil.java:321)

at com.demo.base.user.BaseUserDomainCreatorUtil.createSafeCustodyAccount(BaseUserDomainCreatorUtil.java:329)

at com.demo.base.user.BaseUserDomainCreatorUtil.createSafeCustodyAccount(BaseUserDomainCreatorUtil.java:333)

at com.demo.base.user.BaseUserDomainCreatorUtil.createUserWithSafeCustodyAccount(BaseUserDomainCreatorUtil.java:128)

at com.demo.app.asset.AssetTestScenario.<init>(AssetTestScenario.java:66)

at com.demo.app.asset.dao.SubscriptionProcessDaoSpringTest.testPersistence_aroundBody0(SubscriptionProcessDaoSpringTest.java:62)

at com.demo.app.asset.dao.SubscriptionProcessDaoSpringTest$AjcClosure1.run(SubscriptionProcessDaoSpringTest.java:1)

at org.springframework.transaction.aspectj.AbstractTransactionAspect.ajc$around$org_springframework_transaction_aspectj_AbstractTransactionAspect$1$2a73e96cproceed(AbstractTransactionAspect.aj:60)

at org.springframework.transaction.aspectj.AbstractTransactionAspect$AbstractTransactionAspect$1.proceedWithInvocation(AbstractTransactionAspect.aj:66)

at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:267)

at org.springframework.transaction.aspectj.AbstractTransactionAspect.ajc$around$org_springframework_transaction_aspectj_AbstractTransactionAspect$1$2a73e96c(AbstractTransactionAspect.aj:64)

at com.demo.app.asset.dao.SubscriptionProcessDaoSpringTest.testPersistence(SubscriptionProcessDaoSpringTest.java:61)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:606)

at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47)

at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)

at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)

at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)

at org.springframework.test.context.junit4.statements.RunBeforeTestMethodCallbacks.evaluate(RunBeforeTestMethodCallbacks.java:73)

at org.springframework.test.context.junit4.statements.RunAfterTestMethodCallbacks.evaluate(RunAfterTestMethodCallbacks.java:82)

at org.springframework.test.context.junit4.statements.SpringRepeat.evaluate(SpringRepeat.java:73)

at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:271)

at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:217)

at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:83)

at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)

at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)

at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)

at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)

at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)

at org.springframework.test.context.junit4.statements.RunBeforeTestClassCallbacks.evaluate(RunBeforeTestClassCallbacks.java:61)

at org.springframework.test.context.junit4.statements.RunAfterTestClassCallbacks.evaluate(RunAfterTestClassCallbacks.java:68)

at org.junit.runners.ParentRunner.run(ParentRunner.java:309)

at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.run(SpringJUnit4ClassRunner.java:163)

at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50)

at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)

at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467)

at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683)

at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390)

at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197)

网友答案:

Jasypt is designed to be used with JCE providers, the terminology that this project uses on its web may be confusing you since there is the follow sentence:

Open API for use with any JCE provider, and not only the default Java VM one. Jasypt can be easily used with well-known providers like Bouncy Castle

From this sentence maybe you're understanding that Jasypt can be used with JCE or with BouncyCastle like both are working differently or something like that; however, what this sentence means is that there are many JCE providers, default providers which come with default java installation and non-default ones, however both accomplish the JCA/JCE specification and both can work with Jasypt.

As I said BouncyCastle has a JCE provider, from the bouncycastle you can see:

A provider for the Java Cryptography Extension and the Java Cryptography Architecture.

So if you're trying to make encrypt/decrypt operations using org.bouncycastle.jce.provider.BouncyCastleProvider as provider you've got the same restrictions that all JCE providers have, respect to available algorithms and key length.

To avoid this restrictions about key length and algorithms and to pass the errors you have, you must install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for your jvm version.

For example for java 1.7 you can download the files from here. And then copy the jars in $JAVA_HOME\jre\lib\security overwriting the existing local_policy.jar and US_export_policy.jar.

Hope this helps.

分享给朋友:
您可能感兴趣的文章:
随机阅读: