search

jruby / jruby-openssl

JRuby's OpenSSL gem
http://www.jruby.org
Other
47 stars 80 forks source link

java.lang.SecurityException with runnable jar #74

Closed mkristian closed 8 years ago

mkristian commented 9 years ago

I have a runnable jar (created by jruby-gradle plugin) when it gets executed it produces

$ java -jar my.jar
The signal USR1 is in use by the JVM and will not work correctly on this platform
Puma starting in single mode...
* Version 2.7.1, codename: Earl of Sandwich Partition
* Min threads: 32, max threads: 64
* Environment: development
* Loaded config/environment/default
* Loaded config/environment/development.rb
! Unable to load application
LoadError: load error: fast-rsa-engine -- java.lang.SecurityException: class "org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi"'s signer information does not match signer information of other classes in the same package
          require at org/jruby/RubyKernel.java:1040
          require at uri:classloader:/META-INF/jruby.home/lib/ruby/shared/rubygems/core_ext/kernel_require.rb:54
           (root) at /Users/cmeier/projects/active/my.jar!/gems/keymaster-client-3.0.120/lib/keymaster-client.rb:1
          require at org/jruby/RubyKernel.java:1040
          require at uri:classloader:/META-INF/jruby.home/lib/ruby/shared/rubygems/core_ext/kernel_require.rb:128
          require at uri:classloader:/META-INF/jruby.home/lib/ruby/shared/rubygems/core_ext/kernel_require.rb:121
           (root) at uri:classloader:/lib/keymaster.rb:1
          require at org/jruby/RubyKernel.java:1040
          require at uri:classloader:/META-INF/jruby.home/lib/ruby/shared/rubygems/core_ext/kernel_require.rb:54
           (root) at uri:classloader:/lib/keymaster.rb:1
          require at org/jruby/RubyKernel.java:1040
          require at uri:classloader:/META-INF/jruby.home/lib/ruby/shared/rubygems/core_ext/kernel_require.rb:54
           (root) at uri:classloader:/lib/metron.rb:1
          require at org/jruby/RubyKernel.java:1040
          require at uri:classloader:/META-INF/jruby.home/lib/ruby/shared/rubygems/core_ext/kernel_require.rb:54
           (root) at uri:classloader:/lib/metron.rb:56
    instance_eval at org/jruby/RubyBasicObject.java:1574
           (root) at uri:classloader:/config/boot.rb:1
           (root) at uri:classloader:/config/boot.rb:16
             eval at org/jruby/RubyKernel.java:1079
           (root) at config.ru:1
  new_from_string at config.ru:10
       initialize at /Users/cmeier/projects/active/my.jar!/gems/rack-1.5.5/lib/rack/builder.rb:55
  new_from_string at config.ru:0
  new_from_string at /Users/cmeier/projects/active/my.jar!/gems/rack-1.5.5/lib/rack/builder.rb:49
       parse_file at /Users/cmeier/projects/active/my.jar!/gems/rack-1.5.5/lib/rack/builder.rb:40
           (root) at classpath:jar-bootstrap.rb:33

the jar-bootstrap.rb files (which gets executed by the java main):

require 'rack'
require 'puma/cli'
# require 'jar-dependencies'
# require 'yaml'
# require 'readline'
# require 'fast-rsa-engine'

runtime = (ENV["PUMA_ARGS"] || "-t 32:64").split(" ")
Puma::CLI.new(runtime).run

uncommenting any single of the require will fix the problem.

following jars get loaded by jruby-classloader

file:/Users/cmeier/projects/active/my.jar!/gems/jruby-openssl-0.9.11-java/lib/org/bouncycastle/bcpkix-jdk15on/1.50/bcpkix-jdk15on-1.50.jar
file:/Users/cmeier/projects/active/my.jar!/gems/jruby-openssl-0.9.11-java/lib/org/bouncycastle/bcprov-jdk15on/1.50/bcprov-jdk15on-1.50.jar
file:/Users/cmeier/projects/active/my.jar!/gems/jruby-openssl-0.9.11-java/lib/jopenssl.jar
file:/Users/cmeier/projects/active/my.jar!/gems/puma-2.7.1-java/lib/puma/puma_http11.jar
file:/Users/cmeier/projects/active/my.jar!/gems/json-1.8.3-java/lib/json/ext/parser.jar
file:/Users/cmeier/projects/active/my.jar!/gems/json-1.8.3-java/lib/json/ext/generator.jar
file:/Users/cmeier/projects/active/my.jar!/gems/eventmachine-0.12.10-java/lib/em_reactor.jar
uri:classloader://jars/org/apache/curator/curator-framework/2.4.2/curator-framework-2.4.2.jar
uri:classloader://jars/org/apache/curator/curator-client/2.4.2/curator-client-2.4.2.jar
uri:classloader://jars/org/apache/zookeeper/zookeeper/3.4.5/zookeeper-3.4.5.jar
uri:classloader://jars/com/google/guava/guava/14.0.1/guava-14.0.1.jar
uri:classloader://jars/org/apache/kafka/kafka_2.10/0.8.1.1/kafka_2.10-0.8.1.1.jar
uri:classloader://jars/log4j/log4j/1.2.17/log4j-1.2.17.jar
uri:classloader://jars/org/slf4j/slf4j-api/1.7.2/slf4j-api-1.7.2.jar
uri:classloader://jars/org/slf4j/slf4j-log4j12/1.6.1/slf4j-log4j12-1.6.1.jar
uri:classloader://jars/org/jboss/netty/netty/3.2.2.Final/netty-3.2.2.Final.jar
uri:classloader://jars/com/yammer/metrics/metrics-core/2.2.0/metrics-core-2.2.0.jar
uri:classloader://jars/org/xerial/snappy/snappy-java/1.0.5/snappy-java-1.0.5.jar
uri:classloader://jars/net/sf/jopt-simple/jopt-simple/3.2/jopt-simple-3.2.jar
uri:classloader://jars/org/scala-lang/scala-library/2.10.1/scala-library-2.10.1.jar
uri:classloader://jars/com/101tec/zkclient/0.3/zkclient-0.3.jar
uri:classloader://jars/com/squareup/jnagmp/bouncycastle-rsa/1.0.1/bouncycastle-rsa-1.0.1.jar
uri:classloader://jars/org/bouncycastle/bcpkix-jdk15on/1.50/bcpkix-jdk15on-1.50.jar
uri:classloader://jars/org/bouncycastle/bcprov-jdk15on/1.50/bcprov-jdk15on-1.50.jar
uri:classloader://jars/com/squareup/jnagmp/jnagmp/1.0.1/jnagmp-1.0.1.jar
uri:classloader://jars/net/java/dev/jna/jna/4.0.0/jna-4.0.0.jar
file:/Users/cmeier/projects/active/my.jar!/gems/fast-rsa-engine-0.3.2-java/lib/fast-rsa-engine.jar

which shows that the bouncy castle jars is loaded twice. any of these uncommented require from above will ensure that the bouncy castle jars are loaded only once, as they implicitly require jar-dependencies which ensures that those jars are loaded only once.

tried to reduce the application but did not succeed.

kares commented 9 years ago

so this seems as the issue you were afraid of since we avoided a hard dependency on jar-dependencies ? ... BC seems on the class-path twice - so if you feel like this falls all under there I have nothing against forcing a "hard" jar-dependencies gem dependency once again.

mkristian commented 9 years ago

in the long run I would appreciate this "hard" jar-dependencies dependency

mkristian commented 8 years ago

add more such issues especially in combination with fast-rsa-engine gem which also has a dependency on ONE of the BC jars