Search code examples
javamavenbouncycastlenoclassdeffounderrorgoogle-signin

Google and FB auth services - java.lang.NoClassDefFoundError: org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPublicKey

I have added new Bouncy Castle dependency to pom.xml

<dependency>
    <groupId>org.bouncycastle</groupId>
    <artifactId>bcprov-jdk15on</artifactId>
    <version>1.54</version>
</dependency>

And I get exception mentioned below when I try to use Google Sign in service:

INFO: Illegal access: this web application instance has been stopped already. Could not load org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory. The eventual following stack trace is caused by an error thrown for debug
ging purposes as well as to attempt to terminate the thread which caused the illegal access, and has no functional impact.

java.lang.IllegalStateException
    at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1610)
    at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1569)
    at java.security.Provider$Service.getImplClass(Provider.java:1281)
    at java.security.Provider$Service.newInstance(Provider.java:1237)
    at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
    at sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
    at java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:183)
    at com.google.api.client.util.SecurityUtils.getX509CertificateFactory(SecurityUtils.java:217)
    at com.google.api.client.googleapis.auth.oauth2.GooglePublicKeysManager.refresh(GooglePublicKeysManager.java:171)
    at com.google.api.client.googleapis.auth.oauth2.GooglePublicKeysManager.getPublicKeys(GooglePublicKeysManager.java:141)
    at com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier.verify(GoogleIdTokenVerifier.java:173)
    at com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier.verify(GoogleIdTokenVerifier.java:191)

java.lang.NoClassDefFoundError: org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPublicKey
    at org.bouncycastle.jcajce.provider.asymmetric.rsa.KeyFactorySpi.generatePublic(Unknown Source)
    at org.bouncycastle.jcajce.provider.asymmetric.util.BaseKeyFactorySpi.engineGeneratePublic(Unknown Source)
    at org.bouncycastle.jcajce.provider.asymmetric.rsa.KeyFactorySpi.engineGeneratePublic(Unknown Source)
    at java.security.KeyFactory.generatePublic(KeyFactory.java:334)
    at sun.security.x509.X509Key.buildX509Key(X509Key.java:223)
    at sun.security.x509.X509Key.parse(X509Key.java:170)

Other code fragments which use Bouncy Castle library directly work well. I have faced this problem only for Google and FB login services which try to verify token. How to make them work together?

Solution

  • Looking for the class on grepcode, it appears that class is in a different Bouncycastle jar:

    <!-- http://mvnrepository.com/artifact/org.bouncycastle/bcprov-ext-jdk15on -->
<dependency>
    <groupId>org.bouncycastle</groupId>
    <artifactId>bcprov-ext-jdk15on</artifactId>
    <version>1.54</version>
</dependency>

    Try adding that dependency to your project.