Skip to main content

class "org.bouncycastle.asn1.pkcs.rsapublickey"'s signer information does not match signer information of other classes in the same packag

  • July 24, 2023
  • 1 reply
  • 332 views

We are developing a system using Java on Microsoft Azure AppService.

I’m developing a feature that uses the Box API in a system I’m developing.

Box API authentication is done via JWT using the SDK.

An error occurs at “BoxDeveloperEditionAPIConnection api = BoxDeveloperEditionAPIConnection.getAppEnterpriseConnection(boxConfig);” at runtime.

The error message is “class “org.bouncycastle.asn1.pkcs.rsapublickey”'s signer information does not match signer information of other classes in the same packag”.

I am using Box SDK version 3.4.0.


I would like to know the solution for this error.

1 reply

kberdychowski Box

Hello,


I was investigating a similar problem with Open JDK release. Maybe this would help:


In new Open JDK versions they are deprecating SHA1 algorithm. In file:



  • $JAVA_HOME/conf/security/java.security - Java 11 and 17

  • $JAVA_HOME/jre/lib/security/java.security - Java 8


You can look for a line starting with jdk.jar.disabledAlgorithms, for example it might look like this:


jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \

      DSA keySize < 1024, SHA1 denyAfter 2019-01-01, \

      include jdk.disabled.namedCurves


You can see entry SHA1 denyAfter 2019-01-01.


The bc-fips.jar was signed with SHA1 after 2019-01-01 which is the cutoff date for the change as the JDK documentation says, JAR signatures created after that date are not verified anymore. This somehow leads to the change in class loading order in the bc-fips.


Solution


So if you remove this SHA1 entry from the above you will get:


jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \

      DSA keySize < 1024, \

      include jdk.disabled.namedCurves


Once you re-enable this deprecated method it should work fine. If it doesn’t provide more details (with JDK version). You can also reach out to SDK team directly.


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings