Any chance of moving bouncy castle version to match pdfbox?
Brought to you by:
jahlborn
Menu
▾
▴
#2 Any chance of moving bouncy castle version to match pdfbox?
I'd like to add jackcess-encrypt to Tika.
We're getting a version clash with bouncycastle:
[WARNING] bcprov-jdk15on-1.52.jar, bcprov-jdk15-1.45.jar define 927 overlappping classes:
[WARNING] - org.bouncycastle.crypto.modes.gcm.Tables8kGCMMultiplier
[WARNING] - org.bouncycastle.asn1.cmp.CRLAnnContent
[WARNING] - org.bouncycastle.i18n.MissingEntryException
[WARNING] - org.bouncycastle.asn1.tsp.TimeStampResp
[WARNING] - org.bouncycastle.asn1.pkcs.PBKDF2Params
[WARNING] - org.bouncycastle.asn1.x509.CRLNumber
[WARNING] - org.bouncycastle.asn1.x509.TBSCertList$1
[WARNING] - org.bouncycastle.asn1.ASN1SequenceParser
[WARNING] - org.bouncycastle.crypto.agreement.DHBasicAgreement
[WARNING] - org.bouncycastle.asn1.cmp.CertResponse
[WARNING] - 917 more...
[WARNING] bcpkix-jdk15on-1.52.jar, bcprov-jdk15-1.45.jar define 9 overlappping classes:
[WARNING] - org.bouncycastle.openssl.PasswordException
[WARNING] - org.bouncycastle.openssl.PEMUtilities
[WARNING] - org.bouncycastle.openssl.EncryptionException
[WARNING] - org.bouncycastle.voms.VOMSAttribute
[WARNING] - org.bouncycastle.openssl.PasswordFinder
[WARNING] - org.bouncycastle.voms.VOMSAttribute$FQAN
[WARNING] - org.bouncycastle.openssl.PEMException
[WARNING] - org.bouncycastle.mozilla.SignedPublicKeyAndChallenge
[WARNING] - org.bouncycastle.openssl.PEMWriter
Is there any chance you'd be willing to move to bcprov-jdk15on-1.52?
did you try just using the newer lib? i did a quick compile w/ tests on my box against the newer lib and the unit tests passed.
The following works on the one test file we have for an encrypted db:
Is this safe? Do you see any problems?
yep, that's exactly what i would do.
in general, i tend to be conservative when upgrading dependencies. i try to stick with the oldest version which will work correctly (within reason). i feel that this allows users of jackcess-encrypt more flexibility. generally, using a newer version of a dependency which is api compatible is fine. whereas if i aggressively updated the dependencies and someone was stuck on an older version, they'd be left trying to determine whether jackcess-encrypt really needed the new version or whether the older version is sufficient.
If you don't have any objections, i'm going to close this feature request.
Y. Thank you. Just needed confirmation from you that there shouldn't be any issues.
This is really low priority and more of a question than a request...the particular issue is rare, but bizarre. We found a file in commoncrawl data that triggers the following. Note, we can't open the file in a modern version of Access ("old version"), and we expect that the correct behavior is the stacktrace all the way at the bottom.
However, we're getting this runtime version conflict error with the above pom configuration (https://sourceforge.net/p/jackcessencrypt/feature-requests/2/#1879) in Tika and also in a standalone test project that uses no Tika.
java.lang.NoSuchMethodError: org.bouncycastle.crypto.StreamCipher.processBytes([BII[BI)V
at com.healthmarketscience.jackcess.impl.BaseCryptCodecHandler.streamDecrypt(BaseCryptCodecHandler.java:91)
at com.healthmarketscience.jackcess.impl.BaseJetCryptCodecHandler.decodePage(BaseJetCryptCodecHandler.java:62)
at com.healthmarketscience.jackcess.impl.PageChannel.readPage(PageChannel.java:224)
at com.healthmarketscience.jackcess.impl.UsageMap.read(UsageMap.java:130)
at com.healthmarketscience.jackcess.impl.PageChannel.initialize(PageChannel.java:117)
at com.healthmarketscience.jackcess.impl.DatabaseImpl.<init>(DatabaseImpl.java:516)
at com.healthmarketscience.jackcess.impl.DatabaseImpl.open(DatabaseImpl.java:389)
at com.healthmarketscience.jackcess.DatabaseBuilder.open(DatabaseBuilder.java:248)
at TestIt.testIt(TestIt.java:19)</init>
At some point processBytes was modified to return an int rather than a void...but I can't figure out how we're getting a version clash.
. If I build jackcess-encrypt with
<dependency>
<groupid>org.bouncycastle</groupid>
<artifactid>bcprov-jdk15on</artifactid>
<version>1.52</version>
</dependency>
there is no clash and I get the "Unrecognized map type" exception below.
If I downgrade bcprov-jdk15on to 1.50 in the standalone test project's pom, there is no clash and I get the "Unrecognized map type" exception below.
When I open the file in straight jackcess-encrypt, I get the following, which is probably what we should be getting over in Tika:
java.io.IOException: Unrecognized map type: 75
at com.healthmarketscience.jackcess.impl.UsageMap.initHandler(UsageMap.java:148)
at com.healthmarketscience.jackcess.impl.UsageMap.read(UsageMap.java:136)
at com.healthmarketscience.jackcess.impl.PageChannel.initialize(PageChannel.java:117)
at com.healthmarketscience.jackcess.impl.DatabaseImpl.<init>(DatabaseImpl.java:516)
at com.healthmarketscience.jackcess.impl.DatabaseImpl.open(DatabaseImpl.java:389)
at com.healthmarketscience.jackcess.DatabaseBuilder.open(DatabaseBuilder.java:248)
at com.healthmarketscience.jackcess.CryptCodecProviderTest.testBadCrypt(CryptCodecProviderTest)</init>
The engine that is being called is: org.bouncycastle.crypto.engines.RC4Engine, and I can't find any residue of that engine in jackcess-encrypt. I can't figure out why we're getting a version clash on this. Any guidance would be appreciated. Thank you, again.
If i follow what you are saying, it basically sounds like bouncycastle 1.52 is not binary compatible with jackcess-encrypt (looking at the various releases, it looks like the change happened int 1.51, so presumably it is not binary compatible either).
so, at some point, jackcess-encrypt will need to be compiled against bouncycastle the 1.51+ API.
Sounds good. Thank you.
FYI, i'm playing around with ideas for making jackcess-encrypt compatible with the latest bouncycastle (others have hit the same problem http://stackoverflow.com/questions/32664910/reading-from-an-encrypted-access-mdb-using-java-jackcess). i'd like to maintain compatibility with older versions of bc as well, so i'm toying with ideas around a shim layer for the problematic API.
Last edit: James Ahlborn 2015-09-22
I decided to update the bouncy castle dep but maintain compatibility with older releases as well. this will be in the 2.1.1 release.
Thank you!
Hi James,
We're getting a new version conflict even with 2.1.1: https://issues.apache.org/jira/browse/TIKA-1806
In your source code's pom and in maven central's public website, the dependency is clearly:
<dependency>
<groupid>org.bouncycastle</groupid>
<artifactid>bcprov-jdk15on</artifactid>
<version>1.52</version>
</dependency>
However, in the pom that I'm downloading via maven ("jackcess-encrypt-2.1.1.pom"), I'm seeing this:
<dependency>
<groupid>org.bouncycastle</groupid>
<artifactid>bcprov-jdk15</artifactid>
<version>1.46</version>
</dependency>
<-- <dependency>
<groupid>org.bouncycastle</groupid>
<artifactid>bcprov-jdk15on</artifactid>
<version>1.52</version>
</dependency> -->
Note: i've manually removed the ! from the comment because I don't know the equivalent of {noformat} on sf. :)
Intellij is also showing a dependency on bcprov-jdk15:1.46
Is this user error?
Last edit: Tim Allison 2015-12-03
I'm confused. This pom appears to refer to 1.52: http://repo1.maven.org/maven2/com/healthmarketscience/jackcess/jackcess-encrypt/2.1.1/jackcess-encrypt-2.1.1.pom
oh, sorry, i see you mentioned that in the first paragraph. sounds like you have a problem in some local repository (either on your box, or maybe you are using some sort of intermediary?).
Last edit: James Ahlborn 2015-12-03
Y, don't have any idea what happened there. Sorry. I wiped it from my local repo, and it repulled correctly. Bizarre. Thank you.