bc-java icon indicating copy to clipboard operation
bc-java copied to clipboard

Published 20 hours ago verified publisher icon bcgit

JasperSoft -> iText -> PDF encryption fails without DEREncodable

Open jamoros opened this issue 5 years ago • 5 comments

My application uses the following dependencies:

Jaspersoft Reports: 6.5.1 iText: 2.1.7 BouncyCastle: 1.63

Everything was working fine until we tried to export a PDF file with password protection. The error is

java.lang.NoClassDefFoundError: org/bouncycastle/asn1/DEREncodable

There are a few posts online explaining the issue but no necessary fix. I would presume the actual fix is putting the interface and any other required classes back into the BC library.

My current workaround is including

shared-bouncycastle-reduced: 0.9.12

However, my maven duplicate finder does not like this since there are many duplicate dependencies.

So here I am asking what is the solution for this issue, if any? If none, can we please revert and include these classes?

Thank you!

jamoros avatar Oct 09 '19 17:10 jamoros

Adding the 'shared-bouncycastle' library is now causing a cyclic issue during startup in Tomcat, so having it included is not a good workaround.

Caused by: java.lang.IllegalStateException: Unable to complete the scan for annotations for web application [] due to a StackOverflowError. Possible root causes include a too low setting for -Xss and illegal cyclic inheritance dependencies. The class hierarchy being processed was [org.bouncycastle.asn1.ASN1EncodableVector->org.bouncycastle.asn1.DEREncodableVector->org.bouncycastle.asn1.ASN1EncodableVector]

jamoros avatar Oct 10 '19 15:10 jamoros

See here for the JasperReports issue relating to this.

As you can see iText 2.17 (built in 2009) is dependent on BouncyCastle 1.38 (built in 2007). The fix is for JasperReports to upgrade the version of iText that it uses. For a workaround I would suggest using BouncyCastle 1.38.

According to the BC release notes it would appear that there was a major re-write of the ASN1 code for 1.47, so you MAY be able to get away with version 1.46. Unfortunately the BC gitHub codeBase only goes back to v1.49, so I cannot verify this.

tonywasher avatar Oct 11 '19 09:10 tonywasher

Thanks for your response @tonywasher ! I am aware of that post and the dependency hell (hehe) that I'm currently in. The reason I upgraded BC is to prepare to upgrade to Java 9.

In the meantime to fix the original issue, and the issue in my comment (illegal cyclic inheritance) I decided to create my own internal jar with the missing bouncycastle classes and included that in my project and remove the shared-bouncycastle library. Now I am able to encrypt my PDF and start up the application in Tomcat with no issues.

jamoros avatar Oct 11 '19 15:10 jamoros

As of bcprov-jdk15on-1.63 bouncycastle has signed their jars. You can no longer provide a custom DEREncodable class unless you remove the bouncycastle signatures.

derylspielman avatar Feb 08 '21 17:02 derylspielman

Can you please try with OpenPDF 1.3.27 instead of iText 2.1.7? https://github.com/LibrePDF/OpenPDF/releases/tag/1.3.27

andreasrosdal avatar Apr 07 '22 07:04 andreasrosdal