CODEWITHSUNDEEP
javasslbouncycastle
Terry
Terry

Reputation: 17

BouncycastleProvider throws java.lang.NoSuchFieldError: id_hmacWithSHA3_224

I am learning Bouncycastle and facing some problems. Is it possible to combine multiple security provider, such as I have modified my java.security like:

security.provider.11=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider
security.provider.12=org.bouncycastle.jce.provider.BouncyCastleProvider 
security.provider.13=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider

Then in my server side I have written:

...    
SSLContext sslContext = SSLContext.getInstance("TLS", "BCJSSE");
KeyManagerFactory keyMgrFact = KeyManagerFactory.getInstance(
                "PKIX", "BCJSSE");
keyMgrFact.init(Utils.createServerKeyStore(), Utils.SERVER_PASSWORD);
...

It will throw an error in:

public static KeyPair generateRootKeyPair()
            throws Exception {

        KeyFactory kFact = KeyFactory.getInstance("RSA", "BC");
        return new KeyPair(
                kFact.generatePublic(new X509EncodedKeySpec(rootPublicKey)),
                kFact.generatePrivate(new PKCS8EncodedKeySpec(rootPrivateKey)));
    }

Error msg:

Exception in thread "main" java.lang.NoSuchFieldError: id_hmacWithSHA3_224
    at org.bouncycastle.jcajce.provider.digest.SHA3$Mappings.configure(Unknown Source)
    at org.bouncycastle.jce.provider.BouncyCastleProvider.loadAlgorithms(Unknown Source)
    at org.bouncycastle.jce.provider.BouncyCastleProvider.setup(Unknown Source)
    at org.bouncycastle.jce.provider.BouncyCastleProvider.access$000(Unknown Source)
    at org.bouncycastle.jce.provider.BouncyCastleProvider$1.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.bouncycastle.jce.provider.BouncyCastleProvider.<init>(Unknown Source)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
    at java.lang.Class.newInstance(Class.java:442)
    at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:221)
    at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:206)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:206)
    at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:187)
    at sun.security.jca.ProviderList.getProvider(ProviderList.java:233)
    at sun.security.jca.ProviderList.getIndex(ProviderList.java:263)
    at sun.security.jca.ProviderList.getProviderConfig(ProviderList.java:247)
    at sun.security.jca.ProviderList.getProvider(ProviderList.java:253)
    at sun.security.jca.GetInstance.getService(GetInstance.java:81)
    at sun.security.jca.GetInstance.getInstance(GetInstance.java:206)
    at java.security.KeyFactory.getInstance(KeyFactory.java:211)
    at Utils.generateRootKeyPair(Utils.java:103)
    at Utils.createRootCredential(Utils.java:199)
    at Utils.createServerKeyStore(Utils.java:273)
    at TLSServerExample.main(TLSServerExample.java:19)

I have researched it for couples of days, I thought the reason for this problem is there is some collisions between packages:

bc-fips-1.0.0
bcprov-jdk15on-158.jar
bctls-fips-1.0.2.jar

How to fix that? Thx in advancee!

Upvotes: 2

Views: 11873

Answers (2)

Rahil
Rahil

Reputation: 139

It is mostly because when your application is starting up, the old version of bouncy castle classes are loaded based on the class loading sequence in java.

You can check from which jar bouncy castle classes are loading by adding -verbose:class to command line as mentioned in https://stackoverflow.com/a/6686792 when you start your app. It will print a lot of lines so you will have to search for terms like bcp, com.bouncycastle etc.

For me, it was because of bouncy castle related jars were present in java lib directory (/path/to/java/jdk/jre/lib/ext/). Go to /path/to/java/jdk/jre/ and run below command on terminal if you are using linux. 

find . -type f -name "*.jar*" | grep bcp

which will tell us if bouncy castle jars are present or not. If present you will see below output

./lib/ext/bcprov-jdk15on-1.50.jar

You can either upgrade it or remove it (if it does not affect your/other services on the same box)

Upvotes: 2

niraj.nijju
niraj.nijju

Reputation: 667

I was getting similar error with bouncycastle, my case was mismatch or its version

Upvotes: 0

Related Questions