search

DieTechniker / secon-tool

Verschlüsselung nach GKV Datenaustausch (SECON)
GNU Lesser General Public License v3.0
21 stars 7 forks source link

SECON uses BouncyCastleProvider with old version 1.68 #48

Closed kowabungaboy closed 1 year ago

kowabungaboy commented 1 year ago

Hi everyone,

I am experiencing some version issues with the secon tool. I am getting a no such field issue when I try to SECON.copy my payload:

java.lang.NoSuchFieldError: id_RSASSA_PSS_SHAKE128 at org.bouncycastle.operator.DefaultSignatureNameFinder.<clinit>(Unknown Source) at org.bouncycastle.operator.jcajce.OperatorHelper.<clinit>(Unknown Source) at org.bouncycastle.operator.jcajce.JceAsymmetricKeyWrapper.<init>(Unknown Source) at org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator.<init>(Unknown Source) at de.tk.opensource.secon.RecipientInfoGeneratorFactory.create(RecipientInfoGeneratorFactory.java:50) at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197) at java.base/java.util.Spliterators$ArraySpliterator.forEachRemaining(Spliterators.java:992) at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509) at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499) at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150) at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173) at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) at java.base/java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:596) at de.tk.opensource.secon.DefaultSubscriber.encrypt(DefaultSubscriber.java:206) at de.tk.opensource.secon.DefaultSubscriber.lambda$encrypt$3(DefaultSubscriber.java:215) at de.tk.opensource.secon.Streams.lambda$fixOutputstreamClose$1(Streams.java:48) at global.namespace.fun.io.api.function.XFunction.lambda$compose$0(XFunction.java:32) at global.namespace.fun.io.api.Socket.lambda$map$0(Socket.java:138) at de.tk.opensource.secon.SECON.lambda$callable$4(SECON.java:261) at global.namespace.fun.io.api.Socket.accept(Socket.java:109) at global.namespace.fun.io.spi.Copy.lambda$copy$3(Copy.java:91) at global.namespace.fun.io.api.Socket.accept(Socket.java:110) at global.namespace.fun.io.spi.Copy.copy(Copy.java:91) at global.namespace.fun.io.bios.BIOS.copy(BIOS.java:537) at de.tk.opensource.secon.SECON.lambda$copy$3(SECON.java:245) at de.tk.opensource.secon.SECON.lambda$callable$4(SECON.java:261) at de.tk.opensource.secon.SECON.call(SECON.java:255) at de.tk.opensource.secon.SECON.copy(SECON.java:244)

As per the current gradle file in version 1.1.1, Bouncycastle 1.70 is used. Nevertheless, the BouncycastleProvider that is instantiated is, 1.68 (SECON.java:115). Bouncycastle 1.68 does not seem to have that field.

Just wanted to know, if this is a general version issue or some strange dependency phenomenon on my side.

Thanks in advance and kind regards

loetifuss commented 1 year ago

Nevertheless, the BouncycastleProvider that is instantiated is, 1.68 (SECON.java:115). Bouncycastle 1.68 does not seem to have that field.

In SECON.java:115 an instance of BouncycastleProvider is created, but there is no reference to any specific BC version in SECON. The gradle build file specifies the BC version that is used to compile and build the SECON library but it could be different in your application. Please check your classpath, maybe there are conflicting versions of Bouncycastle jars on your classpath/modulepath. Bouncycastle publishes multiple artifacts for the same version (e.g. bcprov-jdk15on, bcprov-jdk18on etc.) so this could be a source for conflicts. Also check this post describing a similar issue.

kowabungaboy commented 1 year ago

So it was the dependency. Thank you very much for the hint!