Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-30099

VerifyError when starting Tomcat with OpenJDK and Bouncy Castle

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Component/s: core
    • Labels:
    • Environment:
      CentOS 7.1.1503 VM in VirtualBox 5.0.0, Tomcat 8.0.24, OpenJDK 1.8.0_51-b16, Jenkins 1.625, Bouncy Castle 1.52
    • Similar Issues:

      Description

      Tomcat throws exceptions and fails to start with bcprov-jdk15on-1.51.jar or later whereas it works fine with bcprov-jdk15on-1.50.jar or earlier. Bouncy Castle developer commented that problem may be in Jenkins. Full log attached.

      22-Aug-2015 11:52:53.248 WARNING [NullIdDescriptorMonitor.verifyId] hudson.ExtensionFinder$GuiceFinder$FaultTolerantScope$1.error Failed to instantiate Key[type=org.jenkinsci.main.modules.instance_identity.PageDecoratorImpl, annotation=[none]]; skipping this component
         com.google.inject.ProvisionException: Guice provision errors:
      
      1) Error injecting constructor, java.lang.VerifyError: (class: org/bouncycastle/openssl/PEMReader$EncryptedPrivateKeyParser, method: parseObject signature: (Lorg/bouncycastle/util/io/pem/PemObject;)Ljava/lang/Object;) Incompatible argument to function
          at org.jenkinsci.main.modules.instance_identity.PageDecoratorImpl.<init>(PageDecoratorImpl.java:20)
      
      1 error
                at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:52)
      ...
      Caused by: java.lang.VerifyError: (class: org/bouncycastle/openssl/PEMReader$EncryptedPrivateKeyParser, method: parseObject signature: (Lorg/bouncycastle/util/io/pem/PemObject;)Ljava/lang/Object;) Incompatible argument to function
                at org.bouncycastle.openssl.PEMReader.<init>(Unknown Source)
                at org.bouncycastle.openssl.PEMReader.<init>(Unknown Source)
                at org.jenkinsci.main.modules.instance_identity.InstanceIdentity.read(InstanceIdentity.java:78) 
      

        Attachments

          Activity

          Hide
          owen_avn Owen Carter added a comment -

          From Jenkins 1.648 this issue also affects the jclouds plugin;

          It fails to launch slaves (into our openstack cloud) with an error like:

          SEVERE: createNodesInGroup(ci-h5-2-6sr-build-slave), completed: 0/1, errors: 1, rate: 86803ms/op
          java.util.concurrent.ExecutionException: java.lang.VerifyError: (class: org/bouncycastle/openssl/PEMReader$EncryptedPrivateKeyParser, method: parseObject signature: (Lorg/bouncycastle/util/io/pem/PemObject;)Ljava/lang/Object;) Incompatible argument to function
          	at shaded.com.google.common.util.concurrent.AbstractFuture$Sync.getValue(AbstractFuture.java:299)
          	at shaded.com.google.common.util.concurrent.AbstractFuture$Sync.get(AbstractFuture.java:286)
          	at shaded.com.google.common.util.concurrent.AbstractFuture.get(AbstractFuture.java:116)
          	at org.jclouds.concurrent.FutureIterables$1.run(FutureIterables.java:123)
          	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
          	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
          	at java.lang.Thread.run(Thread.java:745)
          Caused by: java.lang.VerifyError: (class: org/bouncycastle/openssl/PEMReader$EncryptedPrivateKeyParser, method: parseObject signature: (Lorg/bouncycastle/util/io/pem/PemObject;)Ljava/lang/Object;) Incompatible argument to function
          	at org.bouncycastle.openssl.PEMReader.<init>(Unknown Source)
          	at org.bouncycastle.openssl.PEMReader.<init>(Unknown Source)
          	at org.bouncycastle.openssl.PEMReader.<init>(Unknown Source)
          	at net.schmizz.sshj.userauth.keyprovider.PKCS8KeyFile.readKeyPair(PKCS8KeyFile.java:128)
          	at net.schmizz.sshj.userauth.keyprovider.PKCS8KeyFile.getPublic(PKCS8KeyFile.java:72)
          	at net.schmizz.sshj.userauth.keyprovider.OpenSSHKeyFile.getPublic(OpenSSHKeyFile.java:60)
          	at net.schmizz.sshj.userauth.method.KeyedAuthMethod.putPubKey(KeyedAuthMethod.java:44)
          	at net.schmizz.sshj.userauth.method.AuthPublickey.buildReq(AuthPublickey.java:62)
          	at net.schmizz.sshj.userauth.method.AuthPublickey.buildReq(AuthPublickey.java:81)
          	at net.schmizz.sshj.userauth.method.AbstractAuthMethod.request(AbstractAuthMethod.java:63)
          	at net.schmizz.sshj.userauth.UserAuthImpl.authenticate(UserAuthImpl.java:92)
          	at net.schmizz.sshj.SSHClient.auth(SSHClient.java:205)
          	at net.schmizz.sshj.SSHClient.authPublickey(SSHClient.java:305)
          	at net.schmizz.sshj.SSHClient.authPublickey(SSHClient.java:324)
          	at org.jclouds.sshj.SSHClientConnection.create(SSHClientConnection.java:165)
          	at org.jclouds.sshj.SSHClientConnection.create(SSHClientConnection.java:49)
          	at org.jclouds.sshj.SshjSshClient.acquire(SshjSshClient.java:194)
          	at org.jclouds.sshj.SshjSshClient.connect(SshjSshClient.java:224)
          	at org.jclouds.compute.callables.RunScriptOnNodeAsInitScriptUsingSsh.call(RunScriptOnNodeAsInitScriptUsingSsh.java:72)
          	at org.jclouds.compute.strategy.CustomizeNodeAndAddToGoodMapOrPutExceptionIntoBadMap.call(CustomizeNodeAndAddToGoodMapOrPutExceptionIntoBadMap.java:121)
          	at org.jclouds.compute.strategy.CustomizeNodeAndAddToGoodMapOrPutExceptionIntoBadMap.apply(CustomizeNodeAndAddToGoodMapOrPutExceptionIntoBadMap.java:142)
          	at org.jclouds.compute.strategy.CustomizeNodeAndAddToGoodMapOrPutExceptionIntoBadMap.apply(CustomizeNodeAndAddToGoodMapOrPutExceptionIntoBadMap.java:49)
          	at shaded.com.google.common.util.concurrent.Futures$2.apply(Futures.java:760)
          	at shaded.com.google.common.util.concurrent.Futures$ChainingListenableFuture.run(Futures.java:906)
          	at shaded.com.google.common.util.concurrent.Futures$1$1.run(Futures.java:635)
          	... 3 more 

          As per reporter above we were able to workaround this on our staging system by grabbing bcpkix-jdk15on-1.50.jar and bcprov-jdk15on-1.50.jar from repo1.maven.org, putting them in .../WEB-INF/lib in place of the 1.54 versions delivered with Jenkins 1.650, but are unsure if this is acceptable on our production systems.

          Show
          owen_avn Owen Carter added a comment - From Jenkins 1.648 this issue also affects the jclouds plugin; It fails to launch slaves (into our openstack cloud) with an error like: SEVERE: createNodesInGroup(ci-h5-2-6sr-build-slave), completed: 0/1, errors: 1, rate: 86803ms/op java.util.concurrent.ExecutionException: java.lang.VerifyError: (class: org/bouncycastle/openssl/PEMReader$EncryptedPrivateKeyParser, method: parseObject signature: (Lorg/bouncycastle/util/io/pem/PemObject;)Ljava/lang/Object;) Incompatible argument to function at shaded.com.google.common.util.concurrent.AbstractFuture$Sync.getValue(AbstractFuture.java:299) at shaded.com.google.common.util.concurrent.AbstractFuture$Sync.get(AbstractFuture.java:286) at shaded.com.google.common.util.concurrent.AbstractFuture.get(AbstractFuture.java:116) at org.jclouds.concurrent.FutureIterables$1.run(FutureIterables.java:123) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.VerifyError: (class: org/bouncycastle/openssl/PEMReader$EncryptedPrivateKeyParser, method: parseObject signature: (Lorg/bouncycastle/util/io/pem/PemObject;)Ljava/lang/Object;) Incompatible argument to function at org.bouncycastle.openssl.PEMReader.<init>(Unknown Source) at org.bouncycastle.openssl.PEMReader.<init>(Unknown Source) at org.bouncycastle.openssl.PEMReader.<init>(Unknown Source) at net.schmizz.sshj.userauth.keyprovider.PKCS8KeyFile.readKeyPair(PKCS8KeyFile.java:128) at net.schmizz.sshj.userauth.keyprovider.PKCS8KeyFile.getPublic(PKCS8KeyFile.java:72) at net.schmizz.sshj.userauth.keyprovider.OpenSSHKeyFile.getPublic(OpenSSHKeyFile.java:60) at net.schmizz.sshj.userauth.method.KeyedAuthMethod.putPubKey(KeyedAuthMethod.java:44) at net.schmizz.sshj.userauth.method.AuthPublickey.buildReq(AuthPublickey.java:62) at net.schmizz.sshj.userauth.method.AuthPublickey.buildReq(AuthPublickey.java:81) at net.schmizz.sshj.userauth.method.AbstractAuthMethod.request(AbstractAuthMethod.java:63) at net.schmizz.sshj.userauth.UserAuthImpl.authenticate(UserAuthImpl.java:92) at net.schmizz.sshj.SSHClient.auth(SSHClient.java:205) at net.schmizz.sshj.SSHClient.authPublickey(SSHClient.java:305) at net.schmizz.sshj.SSHClient.authPublickey(SSHClient.java:324) at org.jclouds.sshj.SSHClientConnection.create(SSHClientConnection.java:165) at org.jclouds.sshj.SSHClientConnection.create(SSHClientConnection.java:49) at org.jclouds.sshj.SshjSshClient.acquire(SshjSshClient.java:194) at org.jclouds.sshj.SshjSshClient.connect(SshjSshClient.java:224) at org.jclouds.compute.callables.RunScriptOnNodeAsInitScriptUsingSsh.call(RunScriptOnNodeAsInitScriptUsingSsh.java:72) at org.jclouds.compute.strategy.CustomizeNodeAndAddToGoodMapOrPutExceptionIntoBadMap.call(CustomizeNodeAndAddToGoodMapOrPutExceptionIntoBadMap.java:121) at org.jclouds.compute.strategy.CustomizeNodeAndAddToGoodMapOrPutExceptionIntoBadMap.apply(CustomizeNodeAndAddToGoodMapOrPutExceptionIntoBadMap.java:142) at org.jclouds.compute.strategy.CustomizeNodeAndAddToGoodMapOrPutExceptionIntoBadMap.apply(CustomizeNodeAndAddToGoodMapOrPutExceptionIntoBadMap.java:49) at shaded.com.google.common.util.concurrent.Futures$2.apply(Futures.java:760) at shaded.com.google.common.util.concurrent.Futures$ChainingListenableFuture.run(Futures.java:906) at shaded.com.google.common.util.concurrent.Futures$1$1.run(Futures.java:635) ... 3 more As per reporter above we were able to workaround this on our staging system by grabbing bcpkix-jdk15on-1.50.jar and bcprov-jdk15on-1.50.jar from repo1.maven.org, putting them in .../WEB-INF/lib in place of the 1.54 versions delivered with Jenkins 1.650, but are unsure if this is acceptable on our production systems.
          Hide
          jimmyvo Jimmy added a comment - - edited

          I have the same error. I copy the bcprov-jdk15on-1.47.jar and bcpkix-jdk15on-1.47.jar from /var/lib/jenkins/plugins/ssh-agent/WEB-INF/lib to the /opt/jdk1.7.0_79/jre/lib/ext, but it still have the same error:

          "Caused by: java.lang.VerifyError: (class: org/bouncycastle/openssl/PEMReader$EncryptedPrivateKeyParser, method: parseObject signature: (Lorg/bouncycastle/util/io/pem/PemObject;)Ljava/lang/Object Incompatible argument to function"

          Jenkins ver. 2.19.1 which is installed on a CentOS 6.6 server with bouncycastle API Plugin: 2.16.0. The slave node is a CentOS 7 server.

          I installed the Tomcat-Library-native on both Slave node and Jenkins. Jenkins can connect to the Slave node successfully, but it fails to use the Build job using "Execute shell script on remote host using ssh". Therefore, I cannot use Jenkins to automate the tasks in the Slave node. I appreciate if you have any advice.

          Show
          jimmyvo Jimmy added a comment - - edited I have the same error. I copy the bcprov-jdk15on-1.47.jar and bcpkix-jdk15on-1.47.jar from /var/lib/jenkins/plugins/ssh-agent/WEB-INF/lib to the /opt/jdk1.7.0_79/jre/lib/ext, but it still have the same error: "Caused by: java.lang.VerifyError: (class: org/bouncycastle/openssl/PEMReader$EncryptedPrivateKeyParser, method: parseObject signature: (Lorg/bouncycastle/util/io/pem/PemObject;)Ljava/lang/Object Incompatible argument to function" Jenkins ver. 2.19.1 which is installed on a CentOS 6.6 server with bouncycastle API Plugin: 2.16.0. The slave node is a CentOS 7 server. I installed the Tomcat-Library-native on both Slave node and Jenkins. Jenkins can connect to the Slave node successfully, but it fails to use the Build job using "Execute shell script on remote host using ssh". Therefore, I cannot use Jenkins to automate the tasks in the Slave node. I appreciate if you have any advice.

            People

            • Assignee:
              jimmyvo Jimmy
              Reporter:
              crynax Justin Palmer
            • Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated: