1

I come across unintended behavior while using the BouncyCastle Provider with the JCE.

I thus want to see whats happening inside and have to debug the code of the BouncyCastle Library. Sadly the classes I have to take a look into (XMSSMTKeyFactorySpi) seem to be compiled without debugging information as both the local variable info and line numbers are missing.

I already thought of building it myself and including the debug information, however this does not work as the BouncyCastle provider is a Security provider for the JCE and has to be signed in order to be used with JCE. (Which I have to do as the error only occurs when using BC with JCE)

So how can I debug the code in question without debugging information being included to the .class?

Is there even a way of doing so?

One solution would be to rebuild the BC provider and send it to Oracle to get signed as described here, but I kinda don't want to do this. At least not if there is another way.

Edit: to debug the BC Provider code one can simply take one from Providers with debug, thank you @JamesKPolk

whme
  • 4,908
  • 5
  • 15
  • 28
  • 3
    Fortunately bouncycastle already builds a debug version of their providers *and* gets them signed so they can be used as a drop-in replacement. On the [Latest Releases](https://www.bouncycastle.org/latest_releases.html) look for "providers with debug". – President James K. Polk Dec 19 '18 at 14:10
  • @JamesKPolk you are a genius thank you so much! As this solved my problem but did not entirely answer the question should I keep the question still open or close it ? (hope you got what I mean xD) – whme Dec 20 '18 at 09:03
  • 1
    You can leave the question open because the general question is still valid. However, it's possible the question would get better answers (or maybe is already answered!) at the still-beta [Reverse Engineering](https://reverseengineering.stackexchange.com/) site. – President James K. Polk Dec 20 '18 at 12:54
  • it would be valuable if someone could share their gotchas about issues like that.. e.g. I am searching how to debug code within bctls library that is still not provided with debug information, unlike bcprov.. and the build process is not trivial at all... – hello_earth Apr 15 '22 at 18:17
  • build IS trivial after all, if you compile code with Java 8 - the end built JAR file seems to work with Java 6 and can be stepped through – hello_earth Apr 17 '22 at 10:05

1 Answers1

0

According https://stackoverflow.com/a/57994114/1759063 to used debug libraries:

<dependency>
    <groupId>org.bouncycastle</groupId>
    <artifactId>bcpkix-jdk15on</artifactId>
    <version>${bouncycastle.version}</version>
    <exclusions>
        <exclusion>
            <groupId>org.bouncycastle</groupId>
            <artifactId>bcprov-jdk15on</artifactId>
        </exclusion>
    </exclusions>
</dependency>
<dependency>
    <groupId>org.bouncycastle</groupId>
    <artifactId>bcprov-debug-jdk15on</artifactId>
    <version>${bouncycastle.version}</version>
</dependency>
Eljah
  • 4,188
  • 4
  • 41
  • 85