I am trying to create a signature as shown below, but I am getting this error:
java.lang.NoSuchFieldError: xmss_SHA256ph
I am using bcprov-jdk15on and bcpkix-jdk15on version 1.64 and Java 8. I have tried various signature algorithms, the latest being SHA1WITHRSA. I have also tried SHA256WITHRSA and SHA256withECDSA.
Do you know why I am getting this error? Thanks.
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
ContentSigner sha1Signer = new JcaContentSignerBuilder(getSignatureAlgorithm()).build(key);
gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new
JcaDigestCalculatorProviderBuilder().build()).build(sha1Signer, cert));
gen.addCertificates(new JcaCertStore(chain));
CMSTypedDataInputStream msg = new CMSTypedDataInputStream(content);
CMSSignedData signedData = gen.generate(msg, false);
signatureBytes = signedData.getEncoded();
The stack trace
java.lang.NoSuchFieldError: xmss_SHA256ph
at org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder.<clinit>(Unknown Source) ~[bcpkix-jdk15on-1.64.jar:1.64.00.0]
at org.bouncycastle.operator.jcajce.JcaContentSignerBuilder.<init>(Unknown Source) ~[bcpkix-jdk15on-1.64.jar:1.64.00.0]
at com.trovare.document.pki.Signer.sign(Signer.java:162) ~[classes/:na]
at org.apache.pdfbox.pdfwriter.COSWriter.doWriteSignature(COSWriter.java:744) ~[pdfbox-2.0.19.jar:2.0.19]
at org.apache.pdfbox.pdfwriter.COSWriter.visitFromDocument(COSWriter.java:1150) ~[pdfbox-2.0.19.jar:2.0.19]
at org.apache.pdfbox.cos.COSDocument.accept(COSDocument.java:452) ~[pdfbox-2.0.19.jar:2.0.19]
at org.apache.pdfbox.pdfwriter.COSWriter.write(COSWriter.java:1386) ~[pdfbox-2.0.19.jar:2.0.19]
at org.apache.pdfbox.pdmodel.PDDocument.saveIncremental(PDDocument.java:1392) ~[pdfbox-2.0.19.jar:2.0.19]
at com.trovare.document.pdf.PdfDcoumentSigner.sign(PdfDcoumentSigner.java:167) ~[classes/:na]
at com.trovare.document.DocumentEncryptorApplication.run(DocumentEncryptorApplication.java:62) [classes/:na]
at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:784) [spring-boot-2.2.5.RELEASE.jar:2.2.5.RELEASE]
at org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:768) [spring-boot-2.2.5.RELEASE.jar:2.2.5.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:322) [spring-boot-2.2.5.RELEASE.jar:2.2.5.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1226) [spring-boot-2.2.5.RELEASE.jar:2.2.5.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1215) [spring-boot-2.2.5.RELEASE.jar:2.2.5.RELEASE]
at com.trovare.document.DocumentEncryptorApplication.main(DocumentEncryptorApplication.java:48) [classes/:na]
I created a new key store and key for each algorithm I tested, using the java keytool. Like this, for example:
keytool -genkey -alias docsigner -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -validity 3650 -keystore keystore.jks
I encountered this but wasn't satisfied by the existing answers which said "just use an old version"!
In my case, I had been managing the following dependencies:
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.68</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<version>1.68</version>
</dependency>
After a bit of code inspection and looking at the dependency hierarchy, I saw another bouncycastle dependency was being pulled in that was out of sync, namely:
[INFO] +- org.springframework.security.extensions:spring-security-saml2-core:jar:1.0.10.RELEASE:compile
[INFO] | +- com.narupley:not-going-to-be-commons-ssl:jar:0.3.20:compile
[INFO] | | +- org.bouncycastle:bcprov-ext-jdk15on:jar:1.60:compile
Managing the additional dependency to be consistent with the other bouncycastle ones resolved this for me, i.e. I added the following block to dependencyManagement in my POM:
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-ext-jdk15on</artifactId>
<version>1.68</version>
</dependency>