我尝试在Spring应用程序中使用Jasypt Bouncy Castle crypro提供(128位AES)来解密实体属性,同时使用Hibernate保存它们。但是在尝试保存委托时,我总是得到org.jasypt.exceptions.EncryptionOperationNotPossibleException
。
org.jasypt.exceptions.EncryptionOperationNotPossibleException
Encryption raised an exception. A possible cause is you are using strong encryption
algorithms and you have not installed the Java Cryptography Extension (JCE) Unlimited
Strength Jurisdiction Policy Files in this Java Virtual Machine
at org.jasypt.encryption.pbe.StandardPBEByteEncryptor.handleInvalidKeyException(StandardPBEByteEncryptor.java:1073)
at org.jasypt.encryption.pbe.StandardPBEByteEncryptor.encrypt(StandardPBEByteEncryptor.java:924)
at org.jasypt.encryption.pbe.StandardPBEStringEncryptor.encrypt(StandardPBEStringEncryptor.java:642)
at org.jasypt.hibernate4.type.AbstractEncryptedAsStringType.nullSafeSet(AbstractEncryptedAsStringType.java:155)
at org.hibernate.type.CustomType.nullSafeSet(CustomType.java:158)
(下面的完整堆栈跟踪)
我不使用Java Cryptography Extension(JCE),这就是为什么我尝试使用Bouncy Castle
我认为弹簧配置有问题,是否有人发现问题?
我的春季配置是:
<bean id="bouncyCastleProvider" class="org.bouncycastle.jce.provider.BouncyCastleProvider"/>
<bean class="org.jasypt.hibernate4.encryptor.HibernatePBEStringEncryptor" depends-on="bouncyCastleProvider">
<property name="provider" ref="bouncyCastleProvider"/>
<property name="providerName" value="BC"/>
<property name="saltGenerator">
<bean class="org.jasypt.salt.RandomSaltGenerator"/>
</property>
<property name="registeredName" value="STRING_ENCRYPTOR"/>
<property name="algorithm" value="PBEWITHSHA256AND128BITAES-CBC-BC"/>
<property name="password" value="sEcRET1234"/>
</bean>
用法:
@Entity
@TypeDef(name = "encryptedString", typeClass = EncryptedStringType.class, parameters = { @Parameter(name = "encryptorRegisteredName", value = "STRING_ENCRYPTOR") })
public class SubscriptionProcess {
...
@Type(type = "encryptedString")
private String debitAccountIban;
...
}
POM / dependenies
<dependency>
<groupId>org.jasypt</groupId>
<artifactId>jasypt</artifactId>
<version>1.9.2</version>
</dependency>
<dependency>
<groupId>org.jasypt</groupId>
<artifactId>jasypt-hibernate4</artifactId>
<version>1.9.2</version>
</dependency>
...
<dependency>
<groupId>org.bouncycastle</groupId>
<!-- I use an older version of bouncy castle that is also used by tika -->
<artifactId>bcprov-jdk15</artifactId>
<version>1.45</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcmail-jdk15</artifactId>
<version>1.45</version>
</dependency>
完整堆栈跟踪
org.jasypt.exceptions.EncryptionOperationNotPossibleException: Encryption raised an exception. A possible cause is you are using strong encryption algorithms and you have not installed the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files in this Java Virtual Machine
at org.jasypt.encryption.pbe.StandardPBEByteEncryptor.handleInvalidKeyException(StandardPBEByteEncryptor.java:1073)
at org.jasypt.encryption.pbe.StandardPBEByteEncryptor.encrypt(StandardPBEByteEncryptor.java:924)
at org.jasypt.encryption.pbe.StandardPBEStringEncryptor.encrypt(StandardPBEStringEncryptor.java:642)
at org.jasypt.hibernate4.type.AbstractEncryptedAsStringType.nullSafeSet(AbstractEncryptedAsStringType.java:155)
at org.hibernate.type.CustomType.nullSafeSet(CustomType.java:158)
at org.hibernate.persister.entity.AbstractEntityPersister.dehydrate(AbstractEntityPersister.java:2843)
at org.hibernate.persister.entity.AbstractEntityPersister.dehydrate(AbstractEntityPersister.java:2818)
at org.hibernate.persister.entity.AbstractEntityPersister$4.bindValues(AbstractEntityPersister.java:3025)
at org.hibernate.id.insert.AbstractReturningDelegate.performInsert(AbstractReturningDelegate.java:57)
at org.hibernate.persister.entity.AbstractEntityPersister.insert(AbstractEntityPersister.java:3032)
at org.hibernate.persister.entity.AbstractEntityPersister.insert(AbstractEntityPersister.java:3556)
at org.hibernate.action.internal.EntityIdentityInsertAction.execute(EntityIdentityInsertAction.java:97)
at org.hibernate.engine.spi.ActionQueue.execute(ActionQueue.java:480)
at org.hibernate.engine.spi.ActionQueue.addResolvedEntityInsertAction(ActionQueue.java:191)
at org.hibernate.engine.spi.ActionQueue.addInsertAction(ActionQueue.java:175)
at org.hibernate.engine.spi.ActionQueue.addAction(ActionQueue.java:210)
at org.hibernate.event.internal.AbstractSaveEventListener.addInsertAction(AbstractSaveEventListener.java:324)
at org.hibernate.event.internal.AbstractSaveEventListener.performSaveOrReplicate(AbstractSaveEventListener.java:288)
at org.hibernate.event.internal.AbstractSaveEventListener.performSave(AbstractSaveEventListener.java:194)
at org.hibernate.event.internal.AbstractSaveEventListener.saveWithGeneratedId(AbstractSaveEventListener.java:125)
at org.hibernate.jpa.event.internal.core.JpaPersistEventListener.saveWithGeneratedId(JpaPersistEventListener.java:84)
at org.hibernate.event.internal.DefaultPersistEventListener.entityIsTransient(DefaultPersistEventListener.java:206)
at org.hibernate.event.internal.DefaultPersistEventListener.onPersist(DefaultPersistEventListener.java:149)
at org.hibernate.event.internal.DefaultPersistEventListener.onPersist(DefaultPersistEventListener.java:75)
at org.hibernate.internal.SessionImpl.firePersist(SessionImpl.java:807)
at org.hibernate.internal.SessionImpl.persist(SessionImpl.java:780)
at org.hibernate.internal.SessionImpl.persist(SessionImpl.java:785)
at org.hibernate.jpa.spi.AbstractEntityManagerImpl.persist(AbstractEntityManagerImpl.java:1181)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.springframework.orm.jpa.SharedEntityManagerCreator$SharedEntityManagerInvocationHandler.invoke(SharedEntityManagerCreator.java:291)
at com.sun.proxy.$Proxy78.persist(Unknown Source)
at com.demo.base.user.BaseUserDomainCreatorUtil$Persistent.postCreate(BaseUserDomainCreatorUtil.java:424)
at com.demo.base.user.BaseUserDomainCreatorUtil.createSafeCustodyAccount(BaseUserDomainCreatorUtil.java:321)
at com.demo.base.user.BaseUserDomainCreatorUtil.createSafeCustodyAccount(BaseUserDomainCreatorUtil.java:329)
at com.demo.base.user.BaseUserDomainCreatorUtil.createSafeCustodyAccount(BaseUserDomainCreatorUtil.java:333)
at com.demo.base.user.BaseUserDomainCreatorUtil.createUserWithSafeCustodyAccount(BaseUserDomainCreatorUtil.java:128)
at com.demo.app.asset.AssetTestScenario.<init>(AssetTestScenario.java:66)
at com.demo.app.asset.dao.SubscriptionProcessDaoSpringTest.testPersistence_aroundBody0(SubscriptionProcessDaoSpringTest.java:62)
at com.demo.app.asset.dao.SubscriptionProcessDaoSpringTest$AjcClosure1.run(SubscriptionProcessDaoSpringTest.java:1)
at org.springframework.transaction.aspectj.AbstractTransactionAspect.ajc$around$org_springframework_transaction_aspectj_AbstractTransactionAspect$1$2a73e96cproceed(AbstractTransactionAspect.aj:60)
at org.springframework.transaction.aspectj.AbstractTransactionAspect$AbstractTransactionAspect$1.proceedWithInvocation(AbstractTransactionAspect.aj:66)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:267)
at org.springframework.transaction.aspectj.AbstractTransactionAspect.ajc$around$org_springframework_transaction_aspectj_AbstractTransactionAspect$1$2a73e96c(AbstractTransactionAspect.aj:64)
at com.demo.app.asset.dao.SubscriptionProcessDaoSpringTest.testPersistence(SubscriptionProcessDaoSpringTest.java:61)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.springframework.test.context.junit4.statements.RunBeforeTestMethodCallbacks.evaluate(RunBeforeTestMethodCallbacks.java:73)
at org.springframework.test.context.junit4.statements.RunAfterTestMethodCallbacks.evaluate(RunAfterTestMethodCallbacks.java:82)
at org.springframework.test.context.junit4.statements.SpringRepeat.evaluate(SpringRepeat.java:73)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:271)
at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:217)
at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:83)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)
at org.springframework.test.context.junit4.statements.RunBeforeTestClassCallbacks.evaluate(RunBeforeTestClassCallbacks.java:61)
at org.springframework.test.context.junit4.statements.RunAfterTestClassCallbacks.evaluate(RunAfterTestClassCallbacks.java:68)
at org.junit.runners.ParentRunner.run(ParentRunner.java:309)
at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.run(SpringJUnit4ClassRunner.java:163)
at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50)
at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197)
答案 0 :(得分:24)
Jasypt旨在与JCE providers
一起使用,此项目在其网站上使用的术语可能会让您感到困惑,因为有以下句子:
Open API用于任何JCE提供程序,而不仅仅是默认Java VM一个。 Jasypt可以很容易地与知名的提供商一起使用 充气城堡
从这句话中你可能会理解Jasypt可以与JCE
一起使用,或者与BouncyCastle一起使用,就像两者的工作方式不同或类似的东西;但是,这句话的意思是有许多JCE providers
默认提供程序带有默认的java安装和非默认提供程序,但是它们都可以完成JCA/JCE
specification并且两者都可以与Jasypt一起使用。
正如我所说的BouncyCastle有一个JCE provider
,你可以看到bouncycastle:
Java Cryptography Extension和Java的提供程序 密码学架构。
因此,如果您尝试使用org.bouncycastle.jce.provider.BouncyCastleProvider
作为提供商进行加密/解密操作,则您可以获得与所有JCE
提供商相同的限制,可用算法和密钥长度。
要避免对密钥长度和算法的这种限制并传递您所拥有的错误,您必须为您的jvm版本安装Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files
。
例如,对于java 1.7,您可以从here下载文件。然后复制$ JAVA_HOME \ jre \ lib \ security中的jar,覆盖现有的local_policy.jar
和US_export_policy.jar
。
希望这有帮助。
答案 1 :(得分:0)
请检查 JRE主页路径(右键单击Windows-> preferences->单击位置->检查 JRE主页路径是否指向 jdk ),如果它指向jre,请将其更改为 jdk 。