I think it's one of two possible problems.

1. His BC provider jar isn't signed by JCE-chained key (that was issued/certified by Oracle). Whatever other signatures he may have on that jar is irrelevant - only the JCE-based one counts. In this case the solution is to just use your jars (i.e. download them from www.bouncycastle.org<http://www.bouncycastle.org> site). Or apply to Oracle for a JCE-signing cert.

2. There's a problem is checking jar signature when it is specified with the applet jar. In that case I've no idea how to remedy it, as I haven't tried to use applets with other libraries/jars. The BC jar should somehow be in the class path/codebase - but I don't know where it should be, or how to specify it on the web page.

Sent from my iPad

On Oct 21, 2014, at 19:26, David Hook <dgh-lQXO3U89oAbxy1ys+oinMti2O/***@public.gmane.org<mailto:***@autochthonous.org>> wrote:


I'm not sure I understand this one, I think all you should need to do is sign the bc jars again, leaving the BC signature in place - that way both the JCE and the browser should be happy.

Have you tried that?

Regards,

David

On 21/10/14 23:09, AWS - Jean-marc Allier wrote:
Hi every one

We are migrating our application to BC 151, bur we have some problems to execute our applet with Java 8.

We have tried to import the BC jar file in the applets tag like this

<applet code="Applet.class" archive="ourJar.jar, bcpkix-jdk15on-151.jar, bcprov-jdk15on-151.jar" width="700" height="700">

With this solution Java doesn't execute the applet because the BC jar is considered as autosigned... we have also an error about OCSP and the CA.
If I change the security settings to add my web site in the exception site list, I can execute the applet and I can Use BC provider.


We have tried to include all the BC source files in our netbeans project like we did with the old version of bouncy castle. And then make a jar file signed with our certificate. We can execute the applet correctly but when we need to use de BC provider we get the error :

Exception : cannot create key generator: JCE cannot authenticate the provider BC
#org.bouncycastle.cms.jcajce.EnvelopedDataHelper.createKeyGenerator(EnvelopedDataHelper.java:501)
#org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder$CMSOutputEncryptor.<init>(JceCMSContentEncryptorBuilder.java:100)
#org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder.build(JceCMSContentEncryptorBuilder.java:87)


The jar is compiled with a JDK 1.6
Java 1.8.25 is used to execute the applet.

Does anything has changed in the new BC lib, we used a very old one (140) ?
Why Java did not accept the jar directly ?

How could we do to use the BC provider correctly without cgnging the security settings ?



--
Cordialement

..............................................................................................................
Jean-Marc ALLIER
Responsable technique
AWS - Avenue-Web Systèmes<http://www.aws-france.com/>
Tél. : 04 80 04 12 60 - Fax : 04 76 44 02 73
97 rue du Général Mangin - 38000 Grenoble

Dématérialisation des Achats, et du Contrôle de Légalité
AWS-Besoin - AWS-Rédac - AWS-AchatsAWS-Légalité
..............................................................................................................

Evitez d'imprimer ce message!.....
Ce message et toutes les pièces jointes sont confidentiels et établis à l'attention exclusive des destinataires. Si ce message ne vous est pas destiné, merci de le détruire. Toute utilisation ou diffusion non autorisée est interdite. Tout message électronique et ses pièces jointes sont susceptibles d'altération. AWS décline toute responsabilité au titre de ce message et de ses pièces jointes s'il sont déformés, altérés ou falsifiés.

It works !!
I have signed the BC Jar with our certificate and the applet could execute without any
sercurity restriction or exception.
thank you

..............................................................................................................
*Jean-Marc ALLIER*
Responsable technique
*AWS - Avenue-Web Systèmes <http://www.aws-france.com/>*
Tél. : 04 80 04 12 60 - Fax : 04 76 44 02 73
97 rue du Général Mangin - 38000 Grenoble

/Dématérialisation des Achats, et du Contrôle de Légalité
AWS-Besoin - AWS-Rédac - AWS-AchatsAWS-Légalité/
..............................................................................................................


Evitez d'imprimer ce message!.....
Ce message et toutes les pièces jointes sont confidentiels et établis à l'attention
exclusive des destinataires. Si ce message ne vous est pas destiné, merci de le détruire.
Toute utilisation ou diffusion non autorisée est interdite. Tout message électronique et
ses pièces jointes sont susceptibles d'altération. AWS décline toute responsabilité au
titre de ce message et de ses pièces jointes s'il sont déformés, altérés ou falsifiés.