Geek Answers Handbook

Wildfly 10 BouncyCastleCrypto ECDSA key specification not recognized

I am adding FIDO U2F support to my J2EE application (which basically provides registration with a hardware token). I am using a library from yubico, u2flib-server-core, which handles cryptographic operations in a protocol using BouncyCastleCrypto. Hovewer, when decoding a public key from persistent storage, I always get an exception with a message

"key not recognized"

I narrowed down the problem to this function from the library

public PublicKey decodePublicKey(byte[] encodedPublicKey) throws U2fBadInputException {
        try {
            X9ECParameters curve = SECNamedCurves.getByName("secp256r1");
            ECPoint point;
            try {
                point = curve.getCurve().decodePoint(encodedPublicKey);
            } catch (RuntimeException e) {
                throw new U2fBadInputException("Could not parse user public key", e);
            }

            return KeyFactory.getInstance("ECDSA").generatePublic(
                    new ECPublicKeySpec(point,
                            new ECParameterSpec(
                                    curve.getCurve(),
                                    curve.getG(),
                                    curve.getN(),
                                    curve.getH()
                            )
                    )
            );
        } catch (GeneralSecurityException e) { //This should not happen
            throw new RuntimeException(e);
        }
    }

The generatePublic method throws an exception that is caught and updated as a RuntimeException.

, KeyFactory.getInstance KeyFactory BC. Wildfly . ( bcprov-ext-jdk15on-154.jar /lib/ext java).

wildfly bouncycastle, 6 , http://www.bouncycastle.org/latest_releases.html

java.security.spec.InvalidKeySpecException: key spec not recognised
    at org.bouncycastle.jcajce.provider.asymmetric.util.BaseKeyFactorySpi.engineGeneratePublic(Unknown Source)
    at org.bouncycastle.jcajce.provider.asymmetric.ec.KeyFactorySpi.engineGeneratePublic(Unknown Source)
    at java.security.KeyFactory.generatePublic(KeyFactory.java:334)
    at com.yubico.u2f.crypto.BouncyCastleCrypto.decodePublicKey(BouncyCastleCrypto.java:60)
    at com.yubico.u2f.data.messages.key.RawAuthenticateResponse.checkSignature(RawAuthenticateResponse.java:64)
    at com.yubico.u2f.U2fPrimitives.finishAuthentication(U2fPrimitives.java:153)
    at com.yubico.u2f.U2F.finishAuthentication(U2F.java:116)
    at com.yubico.u2f.U2F.finishAuthentication(U2F.java:90)

, - :-)

: , . EC. , , , , , BC , , .

, - ,

[Loaded org.bouncycastle.jcajce.provider.asymmetric.ec.KeyFactorySpi$ECDSA from file:/home/martin/java/jdk1.8.0_45/jre/lib/ext/bcprov-jdk15on-154.jar]
[Loaded org.bouncycastle.jce.spec.ECKeySpec from jar:file:/opt/wildfly-10.0.0.Final/modules/system/layers/base/org/bouncycastle/main/bcprov-jdk15on-1.52.jar!/]

KeyFactorySpi ECKeySpec jars (classloaders?), if, KeyFactory,

+4
1

- : -)

, , KeySpec KeyFactorySpi, KeySpec. , . wildfly 10 BouncyCastle, RestEasy, . Hovever, , BouncyCastle.

, , jboss-deployment-structure.xml

<jboss-deployment-structure xmlns="urn:jboss:deployment-structure:1.1">
    <deployment>
        <dependencies>
            <module name="org.bouncycastle" />
        </dependencies>
    </deployment>
</jboss-deployment-structure>

wildfly BouncyCastle. Hovewer, , BouncyCastle lib/ext/JRE, . : -)

, , BouncyCastle wildfly 10 :

  • jboss-deployment-structure.xml Wildfly} , , MANIFEST.mf .
  • , BouncyCastle lib/ext/JRE,
  • BouncyCastle JCE , JCE Unlimited ( , , )

, - :-)

+5

More articles: