Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

java.lang.SecurityException with runnable jar #74

Closed
mkristian opened this issue Oct 7, 2015 · 3 comments
Closed

java.lang.SecurityException with runnable jar #74

mkristian opened this issue Oct 7, 2015 · 3 comments

Comments

@mkristian
Copy link
Member

I have a runnable jar (created by jruby-gradle plugin) when it gets executed it produces

$ java -jar my.jar
The signal USR1 is in use by the JVM and will not work correctly on this platform
Puma starting in single mode...
* Version 2.7.1, codename: Earl of Sandwich Partition
* Min threads: 32, max threads: 64
* Environment: development
* Loaded config/environment/default
* Loaded config/environment/development.rb
! Unable to load application
LoadError: load error: fast-rsa-engine -- java.lang.SecurityException: class "org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi"'s signer information does not match signer information of other classes in the same package
          require at org/jruby/RubyKernel.java:1040
          require at uri:classloader:/META-INF/jruby.home/lib/ruby/shared/rubygems/core_ext/kernel_require.rb:54
           (root) at /Users/cmeier/projects/active/my.jar!/gems/keymaster-client-3.0.120/lib/keymaster-client.rb:1
          require at org/jruby/RubyKernel.java:1040
          require at uri:classloader:/META-INF/jruby.home/lib/ruby/shared/rubygems/core_ext/kernel_require.rb:128
          require at uri:classloader:/META-INF/jruby.home/lib/ruby/shared/rubygems/core_ext/kernel_require.rb:121
           (root) at uri:classloader:/lib/keymaster.rb:1
          require at org/jruby/RubyKernel.java:1040
          require at uri:classloader:/META-INF/jruby.home/lib/ruby/shared/rubygems/core_ext/kernel_require.rb:54
           (root) at uri:classloader:/lib/keymaster.rb:1
          require at org/jruby/RubyKernel.java:1040
          require at uri:classloader:/META-INF/jruby.home/lib/ruby/shared/rubygems/core_ext/kernel_require.rb:54
           (root) at uri:classloader:/lib/metron.rb:1
          require at org/jruby/RubyKernel.java:1040
          require at uri:classloader:/META-INF/jruby.home/lib/ruby/shared/rubygems/core_ext/kernel_require.rb:54
           (root) at uri:classloader:/lib/metron.rb:56
    instance_eval at org/jruby/RubyBasicObject.java:1574
           (root) at uri:classloader:/config/boot.rb:1
           (root) at uri:classloader:/config/boot.rb:16
             eval at org/jruby/RubyKernel.java:1079
           (root) at config.ru:1
  new_from_string at config.ru:10
       initialize at /Users/cmeier/projects/active/my.jar!/gems/rack-1.5.5/lib/rack/builder.rb:55
  new_from_string at config.ru:0
  new_from_string at /Users/cmeier/projects/active/my.jar!/gems/rack-1.5.5/lib/rack/builder.rb:49
       parse_file at /Users/cmeier/projects/active/my.jar!/gems/rack-1.5.5/lib/rack/builder.rb:40
           (root) at classpath:jar-bootstrap.rb:33

the jar-bootstrap.rb files (which gets executed by the java main):

require 'rack'
require 'puma/cli'
# require 'jar-dependencies'
# require 'yaml'
# require 'readline'
# require 'fast-rsa-engine'

runtime = (ENV["PUMA_ARGS"] || "-t 32:64").split(" ")
Puma::CLI.new(runtime).run

uncommenting any single of the require will fix the problem.

following jars get loaded by jruby-classloader

file:/Users/cmeier/projects/active/my.jar!/gems/jruby-openssl-0.9.11-java/lib/org/bouncycastle/bcpkix-jdk15on/1.50/bcpkix-jdk15on-1.50.jar
file:/Users/cmeier/projects/active/my.jar!/gems/jruby-openssl-0.9.11-java/lib/org/bouncycastle/bcprov-jdk15on/1.50/bcprov-jdk15on-1.50.jar
file:/Users/cmeier/projects/active/my.jar!/gems/jruby-openssl-0.9.11-java/lib/jopenssl.jar
file:/Users/cmeier/projects/active/my.jar!/gems/puma-2.7.1-java/lib/puma/puma_http11.jar
file:/Users/cmeier/projects/active/my.jar!/gems/json-1.8.3-java/lib/json/ext/parser.jar
file:/Users/cmeier/projects/active/my.jar!/gems/json-1.8.3-java/lib/json/ext/generator.jar
file:/Users/cmeier/projects/active/my.jar!/gems/eventmachine-0.12.10-java/lib/em_reactor.jar
uri:classloader://jars/org/apache/curator/curator-framework/2.4.2/curator-framework-2.4.2.jar
uri:classloader://jars/org/apache/curator/curator-client/2.4.2/curator-client-2.4.2.jar
uri:classloader://jars/org/apache/zookeeper/zookeeper/3.4.5/zookeeper-3.4.5.jar
uri:classloader://jars/com/google/guava/guava/14.0.1/guava-14.0.1.jar
uri:classloader://jars/org/apache/kafka/kafka_2.10/0.8.1.1/kafka_2.10-0.8.1.1.jar
uri:classloader://jars/log4j/log4j/1.2.17/log4j-1.2.17.jar
uri:classloader://jars/org/slf4j/slf4j-api/1.7.2/slf4j-api-1.7.2.jar
uri:classloader://jars/org/slf4j/slf4j-log4j12/1.6.1/slf4j-log4j12-1.6.1.jar
uri:classloader://jars/org/jboss/netty/netty/3.2.2.Final/netty-3.2.2.Final.jar
uri:classloader://jars/com/yammer/metrics/metrics-core/2.2.0/metrics-core-2.2.0.jar
uri:classloader://jars/org/xerial/snappy/snappy-java/1.0.5/snappy-java-1.0.5.jar
uri:classloader://jars/net/sf/jopt-simple/jopt-simple/3.2/jopt-simple-3.2.jar
uri:classloader://jars/org/scala-lang/scala-library/2.10.1/scala-library-2.10.1.jar
uri:classloader://jars/com/101tec/zkclient/0.3/zkclient-0.3.jar
uri:classloader://jars/com/squareup/jnagmp/bouncycastle-rsa/1.0.1/bouncycastle-rsa-1.0.1.jar
uri:classloader://jars/org/bouncycastle/bcpkix-jdk15on/1.50/bcpkix-jdk15on-1.50.jar
uri:classloader://jars/org/bouncycastle/bcprov-jdk15on/1.50/bcprov-jdk15on-1.50.jar
uri:classloader://jars/com/squareup/jnagmp/jnagmp/1.0.1/jnagmp-1.0.1.jar
uri:classloader://jars/net/java/dev/jna/jna/4.0.0/jna-4.0.0.jar
file:/Users/cmeier/projects/active/my.jar!/gems/fast-rsa-engine-0.3.2-java/lib/fast-rsa-engine.jar

which shows that the bouncy castle jars is loaded twice. any of these uncommented require from above will ensure that the bouncy castle jars are loaded only once, as they implicitly require jar-dependencies which ensures that those jars are loaded only once.

tried to reduce the application but did not succeed.
@kares
Copy link
Member

kares commented Nov 13, 2015

so this seems as the issue you were afraid of since we avoided a hard dependency on jar-dependencies ?
... BC seems on the class-path twice - so if you feel like this falls all under there I have nothing against forcing a "hard" jar-dependencies gem dependency once again.

@mkristian
Copy link
Member Author

in the long run I would appreciate this "hard" jar-dependencies dependency

@kares kares mentioned this issue Dec 4, 2015
Closed
@mkristian
Copy link
Member Author

add more such issues especially in combination with fast-rsa-engine gem which also has a dependency on ONE of the BC jars

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mkristian @kares