[JIRA] [core] (JENKINS-30099) VerifyError when starting Tomcat with OpenJDK and Bouncy Castle

15 views
Skip to first unread message

crynax@yahoo.com (JIRA)

unread,
Aug 22, 2015, 7:39:02 PM8/22/15
to jenkinsc...@googlegroups.com
Justin Palmer created an issue
 
Jenkins / Bug JENKINS-30099
VerifyError when starting Tomcat with OpenJDK and Bouncy Castle
Issue Type: Bug Bug
Assignee: Unassigned
Attachments: catalina.2015-08-22.log
Components: core
Created: 22/Aug/15 11:38 PM
Environment: CentOS 7.1.1503 VM in VirtualBox 5.0.0, Tomcat 8.0.24, OpenJDK 1.8.0_51-b16, Jenkins 1.625, Bouncy Castle 1.52
Labels: jenkins security
Priority: Major Major
Reporter: Justin Palmer

Tomcat throws exceptions and fails to start with bcprov-jdk15on-1.51.jar or later whereas it works fine with bcprov-jdk15on-1.50.jar or earlier. Bouncy Castle developer commented that problem may be in Jenkins. Full log attached.

22-Aug-2015 11:52:53.248 WARNING [NullIdDescriptorMonitor.verifyId] hudson.ExtensionFinder$GuiceFinder$FaultTolerantScope$1.error Failed to instantiate Key[type=org.jenkinsci.main.modules.instance_identity.PageDecoratorImpl, annotation=[none]]; skipping this component  com.google.inject.ProvisionException: Guice provision errors: 1) Error injecting constructor, java.lang.VerifyError: (class: org/bouncycastle/openssl/PEMReader$EncryptedPrivateKeyParser, method: parseObject signature: (Lorg/bouncycastle/util/io/pem/PemObject;)Ljava/lang/Object Incompatible argument to function   at org.jenkinsci.main.modules.instance_identity.PageDecoratorImpl.<init>(PageDecoratorImpl.java:20) 1 error         at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:52) ... Caused by: java.lang.VerifyError: (class: org/bouncycastle/openssl/PEMReader$EncryptedPrivateKeyParser, method: parseObject signature: (Lorg/bouncycastle/util/io/pem/PemObject;)Ljava/lang/Object Incompatible argument to function         at org.bouncycastle.openssl.PEMReader.<init>(Unknown Source)         at org.bouncycastle.openssl.PEMReader.<init>(Unknown Source)         at org.jenkinsci.main.modules.instance_identity.InstanceIdentity.read(InstanceIdentity.java:78)

Add Comment Add Comment
 
This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265)
Atlassian logo

crynax@yahoo.com (JIRA)

unread,
Aug 22, 2015, 7:41:02 PM8/22/15
to jenkinsc...@googlegroups.com
Justin Palmer updated an issue
Change By: Justin Palmer
Tomcat throws exceptions and fails to start with bcprov-jdk15on-1.51.jar or later whereas it works fine with bcprov-jdk15on-1.50.jar or earlier. Bouncy Castle developer [commented|http://www.bouncycastle.org/jira/browse/BJA-556] that problem may be in Jenkins. Full log attached.


22-Aug-2015 11:52:53.248 WARNING [NullIdDescriptorMonitor.verifyId] hudson.ExtensionFinder$GuiceFinder$FaultTolerantScope$1.error Failed to instantiate Key[type=org.jenkinsci.main.modules.instance_identity.PageDecoratorImpl, annotation=[none]]; skipping this component

   com.google.inject.ProvisionException: Guice provision errors:

  1) Error injecting constructor, java.lang.VerifyError: (class: org/bouncycastle/openssl/PEMReader$EncryptedPrivateKeyParser, method: parseObject signature: (Lorg/bouncycastle/util/io/pem/PemObject;)Ljava/lang/Object;) Incompatible argument to function
    at org.jenkinsci.main.modules.instance_identity.PageDecoratorImpl.<init>(PageDecoratorImpl.java:20)

  1 error
          at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:52)
  ...
  Caused by: java.lang.VerifyError: (class: org/bouncycastle/openssl/PEMReader$EncryptedPrivateKeyParser, method: parseObject signature: (Lorg/bouncycastle/util/io/pem/PemObject;)Ljava/lang/Object;) Incompatible argument to function          at org.bouncycastle.openssl.PEMReader.<init>(Unknown Source)          at org.bouncycastle.openssl.PEMReader.<init>(Unknown Source)          at org.jenkinsci.main.modules.instance_identity.InstanceIdentity.read(InstanceIdentity.java:78) 

crynax@yahoo.com (JIRA)

unread,
Aug 22, 2015, 7:49:01 PM8/22/15
to jenkinsc...@googlegroups.com
Justin Palmer updated an issue
Tomcat throws exceptions and fails to start with bcprov-jdk15on-1.51.jar or later whereas it works fine with bcprov-jdk15on-1.50.jar or earlier. Bouncy Castle developer [commented|http://www.bouncycastle.org/jira/browse/BJA-556] that problem may be in Jenkins. Full log attached.

{noformat}
22-Aug-2015 11:52:53.248 WARNING [NullIdDescriptorMonitor.verifyId] hudson.ExtensionFinder$GuiceFinder$FaultTolerantScope$1.error Failed to instantiate Key[type=org.jenkinsci.main.modules.instance_identity.PageDecoratorImpl, annotation=[none]]; skipping this component
   com.google.inject.ProvisionException: Guice provision errors:

1) Error injecting constructor, java.lang.VerifyError: (class: org/bouncycastle/openssl/PEMReader$EncryptedPrivateKeyParser, method: parseObject signature: (Lorg/bouncycastle/util/io/pem/PemObject;)Ljava/lang/Object;) Incompatible argument to function
    at org.jenkinsci.main.modules.instance_identity.PageDecoratorImpl.<init>(PageDecoratorImpl.java:20)

1 error
          at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:52)
...
Caused by: java.lang.VerifyError: (class: org/bouncycastle/openssl/PEMReader$EncryptedPrivateKeyParser, method: parseObject signature: (Lorg/bouncycastle/util/io/pem/PemObject;)Ljava/lang/Object;) Incompatible argument to function

          at org.bouncycastle.openssl.PEMReader.<init>(Unknown Source)
          at org.bouncycastle.openssl.PEMReader.<init>(Unknown Source)
          at org.jenkinsci.main.modules.instance_identity.InstanceIdentity.read(InstanceIdentity.java:78)  
 
{noformat}

o.carter@activevideo.com (JIRA)

unread,
Feb 25, 2016, 1:14:02 PM2/25/16
to jenkinsc...@googlegroups.com
Owen Carter commented on Bug JENKINS-30099
 
Re: VerifyError when starting Tomcat with OpenJDK and Bouncy Castle

From Jenkins 1.648 this issue also affects the jclouds plugin;

It fails to launch slaves (into our openstack cloud) with an error like:

SEVERE: createNodesInGroup(ci-h5-2-6sr-build-slave), completed: 0/1, errors: 1, rate: 86803ms/op
java.util.concurrent.ExecutionException: java.lang.VerifyError: (class: org/bouncycastle/openssl/PEMReader$EncryptedPrivateKeyParser, method: parseObject signature: (Lorg/bouncycastle/util/io/pem/PemObject;)Ljava/lang/Object;) Incompatible argument to function
	at shaded.com.google.common.util.concurrent.AbstractFuture$Sync.getValue(AbstractFuture.java:299)
	at shaded.com.google.common.util.concurrent.AbstractFuture$Sync.get(AbstractFuture.java:286)
	at shaded.com.google.common.util.concurrent.AbstractFuture.get(AbstractFuture.java:116)
	at org.jclouds.concurrent.FutureIterables$1.run(FutureIterables.java:123)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.VerifyError: (class: org/bouncycastle/openssl/PEMReader$EncryptedPrivateKeyParser, method: parseObject signature: (Lorg/bouncycastle/util/io/pem/PemObject;)Ljava/lang/Object;) Incompatible argument to function
	at org.bouncycastle.openssl.PEMReader.<init>(Unknown Source)
	at org.bouncycastle.openssl.PEMReader.<init>(Unknown Source)
	at org.bouncycastle.openssl.PEMReader.<init>(Unknown Source)
	at net.schmizz.sshj.userauth.keyprovider.PKCS8KeyFile.readKeyPair(PKCS8KeyFile.java:128)
	at net.schmizz.sshj.userauth.keyprovider.PKCS8KeyFile.getPublic(PKCS8KeyFile.java:72)
	at net.schmizz.sshj.userauth.keyprovider.OpenSSHKeyFile.getPublic(OpenSSHKeyFile.java:60)
	at net.schmizz.sshj.userauth.method.KeyedAuthMethod.putPubKey(KeyedAuthMethod.java:44)
	at net.schmizz.sshj.userauth.method.AuthPublickey.buildReq(AuthPublickey.java:62)
	at net.schmizz.sshj.userauth.method.AuthPublickey.buildReq(AuthPublickey.java:81)
	at net.schmizz.sshj.userauth.method.AbstractAuthMethod.request(AbstractAuthMethod.java:63)
	at net.schmizz.sshj.userauth.UserAuthImpl.authenticate(UserAuthImpl.java:92)
	at net.schmizz.sshj.SSHClient.auth(SSHClient.java:205)
	at net.schmizz.sshj.SSHClient.authPublickey(SSHClient.java:305)
	at net.schmizz.sshj.SSHClient.authPublickey(SSHClient.java:324)
	at org.jclouds.sshj.SSHClientConnection.create(SSHClientConnection.java:165)
	at org.jclouds.sshj.SSHClientConnection.create(SSHClientConnection.java:49)
	at org.jclouds.sshj.SshjSshClient.acquire(SshjSshClient.java:194)
	at org.jclouds.sshj.SshjSshClient.connect(SshjSshClient.java:224)
	at org.jclouds.compute.callables.RunScriptOnNodeAsInitScriptUsingSsh.call(RunScriptOnNodeAsInitScriptUsingSsh.java:72)
	at org.jclouds.compute.strategy.CustomizeNodeAndAddToGoodMapOrPutExceptionIntoBadMap.call(CustomizeNodeAndAddToGoodMapOrPutExceptionIntoBadMap.java:121)
	at org.jclouds.compute.strategy.CustomizeNodeAndAddToGoodMapOrPutExceptionIntoBadMap.apply(CustomizeNodeAndAddToGoodMapOrPutExceptionIntoBadMap.java:142)
	at org.jclouds.compute.strategy.CustomizeNodeAndAddToGoodMapOrPutExceptionIntoBadMap.apply(CustomizeNodeAndAddToGoodMapOrPutExceptionIntoBadMap.java:49)
	at shaded.com.google.common.util.concurrent.Futures$2.apply(Futures.java:760)
	at shaded.com.google.common.util.concurrent.Futures$ChainingListenableFuture.run(Futures.java:906)
	at shaded.com.google.common.util.concurrent.Futures$1$1.run(Futures.java:635)
	... 3 more 

As per reporter above we were able to workaround this on our staging system by grabbing bcpkix-jdk15on-1.50.jar and bcprov-jdk15on-1.50.jar from repo1.maven.org, putting them in .../WEB-INF/lib in place of the 1.54 versions delivered with Jenkins 1.650, but are unsure if this is acceptable on our production systems.

Jimmy.Vo@itcinfotech.com (JIRA)

unread,
Dec 22, 2016, 1:03:33 PM12/22/16
to jenkinsc...@googlegroups.com
Jimmy commented on Bug JENKINS-30099

I have the same error. I copy the bcprov-jdk15on-1.47.jar and bcpkix-jdk15on-1.47.jar from /var/lib/jenkins/plugins/ssh-agent/WEB-INF/lib to the /opt/jdk1.7.0_79/jre/lib/ext, but it still have the same error:

"Caused by: java.lang.VerifyError: (class: org/bouncycastle/openssl/PEMReader$EncryptedPrivateKeyParser, method: parseObject signature: (Lorg/bouncycastle/util/io/pem/PemObject;)Ljava/lang/Object Incompatible argument to function"

Jenkins ver. 2.19.1 which is installed on a CentOS 6.6 server with bouncycastle API Plugin: 2.16.0. The slave node is a CentOS 7 server.

I installed the Tomcat-Library-native on both Slave node and Jenkins. Jenkins can connect to the Slave node successfully, but it fails to use the Build job using "Execute shell script on remote host using ssh". Therefore, I cannot use Jenkins to automate the tasks in the Slave node. I appreciate your advice.

This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c)
Atlassian logo

Jimmy.Vo@itcinfotech.com (JIRA)

unread,
Dec 22, 2016, 4:28:02 PM12/22/16
to jenkinsc...@googlegroups.com

Jimmy.Vo@itcinfotech.com (JIRA)

unread,
Dec 22, 2016, 4:28:02 PM12/22/16
to jenkinsc...@googlegroups.com
Jimmy edited a comment on Bug JENKINS-30099
I have the same error. I copy the bcprov-jdk15on-1.47.jar and bcpkix-jdk15on-1.47.jar from /var/lib/jenkins/plugins/ssh-agent/WEB-INF/lib to the /opt/jdk1.7.0_79/jre/lib/ext, but it still have the same error:

"Caused by: java.lang.VerifyError: (class: org/bouncycastle/openssl/PEMReader$EncryptedPrivateKeyParser, method: parseObject signature: (Lorg/bouncycastle/util/io/pem/PemObject;)Ljava/lang/Object;) Incompatible argument to function"


Jenkins ver. 2.19.1 which is installed on a CentOS 6.6 server with bouncycastle API Plugin: 2.16.0. The slave node is a CentOS 7 server.

I installed the Tomcat-Library-native on both Slave node and Jenkins. Jenkins can connect to the Slave node successfully, but it fails to use the Build job using "Execute shell script on remote host using ssh". Therefore, I cannot use Jenkins to automate the tasks in the Slave node. I appreciate your if you have any advice.



Jimmy.Vo@itcinfotech.com (JIRA)

unread,
Jan 3, 2017, 3:27:02 PM1/3/17
to jenkinsc...@googlegroups.com
Jimmy edited a comment on Bug JENKINS-30099
I have the same error. I copy the bcprov-jdk15on-1.47.jar and bcpkix-jdk15on-1.47.jar from /var/lib/jenkins/plugins/ssh-agent/WEB-INF/lib to the /opt/jdk1.7.0_79/jre/lib/ext, but it still have the same error:

"Caused by: java.lang.VerifyError: (class: org/bouncycastle/openssl/PEMReader$EncryptedPrivateKeyParser, method: parseObject signature: (Lorg/bouncycastle/util/io/pem/PemObject;)Ljava/lang/Object
;)
Incompatible argument to function"


Jenkins ver. 2.19.1 which is installed on a CentOS 6.6 server with bouncycastle API Plugin: 2.16.0. The slave node is a CentOS 7 server.

I installed the Tomcat-Library-native on both Slave node and Jenkins. Jenkins can connect to the Slave node successfully, but it fails to use the Build job using "Execute shell script on remote host using ssh". Therefore, I cannot use Jenkins to automate the tasks in the Slave node. I appreciate if you have any advice.



Reply all
Reply to author
Forward
0 new messages