我尝试在Spring Application中使用Jasypt和Bouncy Castle crypro提供的(128Bit AES)解密实体属性,同时使用Hibernate保存它们。但是当尝试保存实体时,我总是会收到此org.jasypt.exceptions.EncryptionOperationNotPossibleException。
org.jasypt.exceptions.EncryptionOperationNotPossibleException
Encryption raised an exception. A possible cause is you are using strong encryption
algorithms and you have not installed the Java Cryptography Extension (JCE) Unlimited
Strength Jurisdiction Policy Files in this Java Virtual Machine
at org.jasypt.encryption.pbe.StandardPBEByteEncryptor.handleInvalidKeyException(StandardPBEByteEncryptor.java:1073)
at org.jasypt.encryption.pbe.StandardPBEByteEncryptor.encrypt(StandardPBEByteEncryptor.java:924)
at org.jasypt.encryption.pbe.StandardPBEStringEncryptor.encrypt(StandardPBEStringEncryptor.java:642)
at org.jasypt.hibernate4.type.AbstractEncryptedAsStringType.nullSafeSet(AbstractEncryptedAsStringType.java:155)
at org.hibernate.type.CustomType.nullSafeSet(CustomType.java:158)
(下面的完整堆栈跟踪)
我不使用Java密码学扩展(JCE),这就是为什么我尝试使用Bouncy Castle的原因
我认为spring配置有问题,有人找到问题了吗?
我的 Spring 配置是:
<bean id="bouncyCastleProvider" class="org.bouncycastle.jce.provider.BouncyCastleProvider"/>
<bean class="org.jasypt.hibernate4.encryptor.HibernatePBEStringEncryptor" depends-on="bouncyCastleProvider">
<property name="provider" ref="bouncyCastleProvider"/>
<property name="providerName" value="BC"/>
<property name="saltGenerator">
<bean class="org.jasypt.salt.RandomSaltGenerator"/>
</property>
<property name="registeredName" value="STRING_ENCRYPTOR"/>
<property name="algorithm" value="PBEWITHSHA256AND128BITAES-CBC-BC"/>
<property name="password" value="sEcRET1234"/>
</bean>
用法:
@Entity
@TypeDef(name = "encryptedString", typeClass = EncryptedStringType.class, parameters = { @Parameter(name = "encryptorRegisteredName", value = "STRING_ENCRYPTOR") })
public class SubscriptionProcess {
...
@Type(type = "encryptedString")
private String debitAccountIban;
...
}
pom/依存关系
<dependency>
<groupId>org.jasypt</groupId>
<artifactId>jasypt</artifactId>
<version>1.9.2</version>
</dependency>
<dependency>
<groupId>org.jasypt</groupId>
<artifactId>jasypt-hibernate4</artifactId>
<version>1.9.2</version>
</dependency>
...
<dependency>
<groupId>org.bouncycastle</groupId>
<!-- I use an older version of bouncy castle that is also used by tika -->
<artifactId>bcprov-jdk15</artifactId>
<version>1.45</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcmail-jdk15</artifactId>
<version>1.45</version>
</dependency>
全栈跟踪
org.jasypt.exceptions.EncryptionOperationNotPossibleException: Encryption raised an exception. A possible cause is you are using strong encryption algorithms and you have not installed the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files in this Java Virtual Machine
at org.jasypt.encryption.pbe.StandardPBEByteEncryptor.handleInvalidKeyException(StandardPBEByteEncryptor.java:1073)
at org.jasypt.encryption.pbe.StandardPBEByteEncryptor.encrypt(StandardPBEByteEncryptor.java:924)
at org.jasypt.encryption.pbe.StandardPBEStringEncryptor.encrypt(StandardPBEStringEncryptor.java:642)
at org.jasypt.hibernate4.type.AbstractEncryptedAsStringType.nullSafeSet(AbstractEncryptedAsStringType.java:155)
at org.hibernate.type.CustomType.nullSafeSet(CustomType.java:158)
at org.hibernate.persister.entity.AbstractEntityPersister.dehydrate(AbstractEntityPersister.java:2843)
at org.hibernate.persister.entity.AbstractEntityPersister.dehydrate(AbstractEntityPersister.java:2818)
at org.hibernate.persister.entity.AbstractEntityPersister$4.bindValues(AbstractEntityPersister.java:3025)
at org.hibernate.id.insert.AbstractReturningDelegate.performInsert(AbstractReturningDelegate.java:57)
at org.hibernate.persister.entity.AbstractEntityPersister.insert(AbstractEntityPersister.java:3032)
at org.hibernate.persister.entity.AbstractEntityPersister.insert(AbstractEntityPersister.java:3556)
at org.hibernate.action.internal.EntityIdentityInsertAction.execute(EntityIdentityInsertAction.java:97)
at org.hibernate.engine.spi.ActionQueue.execute(ActionQueue.java:480)
at org.hibernate.engine.spi.ActionQueue.addResolvedEntityInsertAction(ActionQueue.java:191)
at org.hibernate.engine.spi.ActionQueue.addInsertAction(ActionQueue.java:175)
at org.hibernate.engine.spi.ActionQueue.addAction(ActionQueue.java:210)
at org.hibernate.event.internal.AbstractSaveEventListener.addInsertAction(AbstractSaveEventListener.java:324)
at org.hibernate.event.internal.AbstractSaveEventListener.performSaveOrReplicate(AbstractSaveEventListener.java:288)
at org.hibernate.event.internal.AbstractSaveEventListener.performSave(AbstractSaveEventListener.java:194)
at org.hibernate.event.internal.AbstractSaveEventListener.saveWithGeneratedId(AbstractSaveEventListener.java:125)
at org.hibernate.jpa.event.internal.core.JpaPersistEventListener.saveWithGeneratedId(JpaPersistEventListener.java:84)
at org.hibernate.event.internal.DefaultPersistEventListener.entityIsTransient(DefaultPersistEventListener.java:206)
at org.hibernate.event.internal.DefaultPersistEventListener.onPersist(DefaultPersistEventListener.java:149)
at org.hibernate.event.internal.DefaultPersistEventListener.onPersist(DefaultPersistEventListener.java:75)
at org.hibernate.internal.SessionImpl.firePersist(SessionImpl.java:807)
at org.hibernate.internal.SessionImpl.persist(SessionImpl.java:780)
at org.hibernate.internal.SessionImpl.persist(SessionImpl.java:785)
at org.hibernate.jpa.spi.AbstractEntityManagerImpl.persist(AbstractEntityManagerImpl.java:1181)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.springframework.orm.jpa.SharedEntityManagerCreator$SharedEntityManagerInvocationHandler.invoke(SharedEntityManagerCreator.java:291)
at com.sun.proxy.$Proxy78.persist(Unknown Source)
at com.demo.base.user.BaseUserDomainCreatorUtil$Persistent.postCreate(BaseUserDomainCreatorUtil.java:424)
at com.demo.base.user.BaseUserDomainCreatorUtil.createSafeCustodyAccount(BaseUserDomainCreatorUtil.java:321)
at com.demo.base.user.BaseUserDomainCreatorUtil.createSafeCustodyAccount(BaseUserDomainCreatorUtil.java:329)
at com.demo.base.user.BaseUserDomainCreatorUtil.createSafeCustodyAccount(BaseUserDomainCreatorUtil.java:333)
at com.demo.base.user.BaseUserDomainCreatorUtil.createUserWithSafeCustodyAccount(BaseUserDomainCreatorUtil.java:128)
at com.demo.app.asset.AssetTestScenario.<init>(AssetTestScenario.java:66)
at com.demo.app.asset.dao.SubscriptionProcessDaoSpringTest.testPersistence_aroundBody0(SubscriptionProcessDaoSpringTest.java:62)
at com.demo.app.asset.dao.SubscriptionProcessDaoSpringTest$AjcClosure1.run(SubscriptionProcessDaoSpringTest.java:1)
at org.springframework.transaction.aspectj.AbstractTransactionAspect.ajc$around$org_springframework_transaction_aspectj_AbstractTransactionAspect$1$2a73e96cproceed(AbstractTransactionAspect.aj:60)
at org.springframework.transaction.aspectj.AbstractTransactionAspect$AbstractTransactionAspect$1.proceedWithInvocation(AbstractTransactionAspect.aj:66)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:267)
at org.springframework.transaction.aspectj.AbstractTransactionAspect.ajc$around$org_springframework_transaction_aspectj_AbstractTransactionAspect$1$2a73e96c(AbstractTransactionAspect.aj:64)
at com.demo.app.asset.dao.SubscriptionProcessDaoSpringTest.testPersistence(SubscriptionProcessDaoSpringTest.java:61)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.springframework.test.context.junit4.statements.RunBeforeTestMethodCallbacks.evaluate(RunBeforeTestMethodCallbacks.java:73)
at org.springframework.test.context.junit4.statements.RunAfterTestMethodCallbacks.evaluate(RunAfterTestMethodCallbacks.java:82)
at org.springframework.test.context.junit4.statements.SpringRepeat.evaluate(SpringRepeat.java:73)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:271)
at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:217)
at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:83)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)
at org.springframework.test.context.junit4.statements.RunBeforeTestClassCallbacks.evaluate(RunBeforeTestClassCallbacks.java:61)
at org.springframework.test.context.junit4.statements.RunAfterTestClassCallbacks.evaluate(RunAfterTestClassCallbacks.java:68)
at org.junit.runners.ParentRunner.run(ParentRunner.java:309)
at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.run(SpringJUnit4ClassRunner.java:163)
at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50)
at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197)
最佳答案
Jasypt旨在与JCE providers一起使用,该项目在其网络上使用的术语可能会令您感到困惑,因为以下句子:
通过这句话,您可能了解到Jasypt可以与JCE或BouncyCaSTLe一起使用,就像两者的工作方式不同或类似。但是,这句话的意思是,有许多JCE providers,默认提供程序(默认提供程序随Java的安装而提供)和非默认提供程序,但是两者都可以完成 JCA/JCE specification,并且都可以与Jasypt一起使用。
正如我说的BouncyCaSTLe有一个JCE provider,从bouncycastle您可以看到:
因此,如果您尝试使用org.bouncycastle.jce.provider.BouncyCastleProvider作为提供程序进行加密/解密操作,那么就可用算法和 key 长度而言,您将具有与所有JCE提供程序相同的限制。
为了避免对 key 长度和算法的这种限制并传递错误,必须为jvm版本安装Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files。
例如对于Java 1.7,您可以从here下载文件。然后复制$ JAVA_HOME\jre\lib\security中的jar,覆盖现有的local_policy.jar和US_export_policy.jar。
希望这可以帮助。
关于java - Jasypt和Bouncy CaSTLe的EncryptionOperationNotPossibleException,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/30278104/