I have one final (hopefully!) breaking issue preventing me from upgrading a server from 4.5.5.006 to 5.2.x. We have some PGP operations which work fine on 4.5.x (thanks to Bilal Soylu’s BonCode PGP for ColdFusion http://pgp.riaforge.org/). Unfortunately, this does not work in 5.x.
The stack trace says: lucee.runtime.exp.NativeException: org/bouncycastle/jce/provider/BouncyCastleProvider at net.boncode.crypto.SimpleFileProcessor.fProcessFile(SimpleFileProcessor.java:364) at net.boncode.crypto.PGPController.fEncryptSimpleFile(PGPController.java:107)
Which I’ve tracked down in SimpleFileProcessor.java to be:
Security.addProvider(new BouncyCastleProvider());
Any ideas? I loaded BCP 1.46 instead of the 1.38 version that ships with Lucee. It doesn’t seem to be a JVM issue since I’m running both 4.5 and 5.2 on Java 1.8_x.
If not this then does anybody have any recommendations for working with PGP in Lucee? I would hate to have to do this executing from the command line.
Caused by: java.lang.NoClassDefFoundError: org/bouncycastle/jce/provider/BouncyCastleProvider ... 65 more
Caused by: java.lang.ClassNotFoundException: org.bouncycastle.jce.provider.BouncyCastleProvider not found by PGPController [89]
at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1558)
at org.apache.felix.framework.BundleWiringImpl.access$400(BundleWiringImpl.java:79)
at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:1998)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357) ... 65 more
So looking a little deeper, I see in that the 1.52 version of bcprov (org.lucee.bouncycastle.bcprov) is automatically installed (if I’m not mistaken as part of the S3 Extension).
If I’m reading the tea leaves correctly, this means that BonCode PGP for ColdFusion requires v1.46 of Bouncy Castle and is incompatible with v1.52 which Lucee installs.
I don’t think I can run without the S3 Extension. (Uninstalling causes errors, beyond the fact that my application also uses S3.)
The fact that I see Felix (our OSGI framework) involved in that message makes me think that the existing jars in an OSGI bundle are getting in the way, but can’t find your other jars perhaps? You’ll probably need @micstriit to look into this. You might want to create a ticket in JIRA since he doesn’t seem to pop into Discourse very often and this might be a bug of sorts?
There were braking changes to OpenPGP from version 1.47 onward of BouncyCastle libraries.
Mainly in the form of call signatures as far as I understand.
I have not looked into this in a while so I will see what has changed in particular and attempt to use 1.52 (1.58 is the lastest).