BouncyCastleProvider fails to load at Tomcat 7's startup on a Mac OSX

问题

I am trying to set-up a Tomcat Application development environment on my brand new MacBook Pro. I need to set-up an SSL connector implementing org.bouncycastle.jce.provider.BouncyCastleProvider.

Tomcat 7 starts but the SSL connector fails to be mounted and i read this stack in Tomcat Out :

Grave: Failed to initialize connector [Connector[HTTP/1.1-9443]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-9443]]
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
    at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
    at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
    at org.apache.catalina.startup.Catalina.load(Catalina.java:640)
    at org.apache.catalina.startup.Catalina.load(Catalina.java:665)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:455)
Caused by: org.apache.catalina.LifecycleException: L''initialisation du gestionnaire de protocole a échoué
    at org.apache.catalina.connector.Connector.initInternal(Connector.java:983)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
    ... 12 more
Caused by: java.lang.ClassNotFoundException: Error loading SSL Implementation org.bouncycastle.jce.provider.BouncyCastleProvider :java.lang.ClassCastException: org.bouncycastle.jce.provider.BouncyCastleProvider cannot be cast to org.apache.tomcat.util.net.SSLImplementation
    at org.apache.tomcat.util.net.SSLImplementation.getInstance(SSLImplementation.java:75)
    at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:118)
    at org.apache.catalina.connector.Connector.initInternal(Connector.java:981)
    ... 13 more

Something tells me that it has to do with "java.lang.ClassNotFoundException:". However I located the jar containing org.bouncycastle.jce.provider.BouncyCastleProvider class in JAVA_HOME/lib/ext. I even tried to place it in CATALINA_BASE/lib in order to see if this could come from a ClassPath error. Nope !

Tomcat server.xml excerpt:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
           keystoreFile="/Users/xavier/ssl/pchain.keystore"
           keystorePass="pwd" />

<Connector port="9443" keystorePass="pwd" alias="pca"
               keystoreFile="/Users/xavier/ssl/pca.keystore" keystoreType="BKS"
               SSLEnabled="true" clientAuth="false" protocol="HTTP/1.1" scheme="https" 
                secure="true" sslProtocol="TLS" sslImplementationName="org.bouncycastle.jce.provider.BouncyCastleProvider"/>

Here are my configuration info :

OS X version 10.8.3, JDK 1.7.0_45, Tomcat version 7.0.42. BouncyCastle tested packages : bcprov-jdk15on-146.jar to bcprov-jdk15on-149.jar

Did someone already solve this ?

回答1:

org.bouncycastle.jce.provider.BouncyCastleProvider is JCE provider, but not JSSE provider, which is expected by sslImplementationName.

However, default Tomcat's JSSE provider uses internally JCE, so if you configured BouncyCastleProvider properly in JRE, then its capabilities will be available to JSSE provider.

Also it would help to know what is your final goal to answer this question thoroughly.

来源：https://stackoverflow.com/questions/19505042/bouncycastleprovider-fails-to-load-at-tomcat-7s-startup-on-a-mac-osx