org.bouncycastle.crypto.CipherParameters not found building plugin with latest in-toto

[sublimino]

I'm trying to compile the in-toto Jenkins plugin with the latest in-toto-java to support the grafeas transport, and showing my inexperience with this ecosystem: ]

org.bouncycastle.crypto.CipherParameters isn't found by the compiled plugin at build runtime, and I wonder if it's got anything to do with https://wiki.jenkins.io/display/JENKINS/Bouncy+Castle+API+Plugin — should the in-toto plugin be using a different API?

Here are my WIP commits against a local Jenkins 2.235.4 (had to change the <tt> entities for Javadoc, couldn't fix some linting so worked around):

• sublimino/in-toto-java@cf4741c
• sublimino@531d867

Updating the Jenkins version in in-toto-plugin from 2.7.3 to 2.235 caused some dependency fun, I've updated/hacked around them but am not sure how to fix this when using the in-toto step in the declarative pipeline. Build output ends with:

java.lang.ClassNotFoundException: org.bouncycastle.crypto.CipherParameters
	at jenkins.util.AntClassLoader.findClassInComponents(AntClassLoader.java:1387)
	at jenkins.util.AntClassLoader.findClass(AntClassLoader.java:1342)
	at jenkins.util.AntClassLoader.loadClass(AntClassLoader.java:1089)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:352)
Caused: java.lang.NoClassDefFoundError: org/bouncycastle/crypto/CipherParameters
	at io.jenkins.plugins.intotorecorder.InTotoWrapper.loadKey(InTotoWrapper.java:198)
	at io.jenkins.plugins.intotorecorder.InTotoWrapper.<init>(InTotoWrapper.java:139)
...

rest of stack trace from jenkins build output

...
Caused: java.lang.reflect.InvocationTargetException
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
	at org.jenkinsci.plugins.structs.describable.DescribableModel.instantiate(DescribableModel.java:330)
Caused: java.lang.IllegalArgumentException: Could not instantiate {credentialId=f0852160-5cc2-4389-b658-f5ee2bd82922, stepName=Build, transport=grafeas://192.168.1.11:8090} for io.jenkins.plugins.intotorecorder.InTotoWrapper
	at org.jenkinsci.plugins.structs.describable.DescribableModel.instantiate(DescribableModel.java:334)
	at org.jenkinsci.plugins.structs.describable.UninstantiatedDescribable.instantiate(UninstantiatedDescribable.java:208)
	at org.jenkinsci.plugins.structs.describable.DescribableModel.coerce(DescribableModel.java:466)
	at org.jenkinsci.plugins.structs.describable.DescribableModel.buildArguments(DescribableModel.java:409)
	at org.jenkinsci.plugins.structs.describable.DescribableModel.instantiate(DescribableModel.java:329)
Caused: java.lang.IllegalArgumentException: Could not instantiate {delegate=@in_toto_wrap(credentialId=f0852160-5cc2-4389-b658-f5ee2bd82922,stepName=Build,transport=grafeas://192.168.1.11:8090)} for org.jenkinsci.plugins.workflow.steps.CoreWrapperStep
	at org.jenkinsci.plugins.structs.describable.DescribableModel.instantiate(DescribableModel.java:334)
	at org.jenkinsci.plugins.workflow.cps.DSL.invokeStep(DSL.java:269)
	at org.jenkinsci.plugins.workflow.cps.DSL.invokeDescribable(DSL.java:417)
	at org.jenkinsci.plugins.workflow.cps.DSL.invokeMethod(DSL.java:182)
	at org.jenkinsci.plugins.workflow.cps.CpsScript.invokeMethod(CpsScript.java:122)
	at groovy.lang.MetaClassImpl.invokeMethodOnGroovyObject(MetaClassImpl.java:1278)
	at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1138)
	at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1022)
	at org.codehaus.groovy.runtime.callsite.PogoMetaClassSite.call(PogoMetaClassSite.java:42)
	at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
	at com.cloudbees.groovy.cps.sandbox.DefaultInvoker.methodCall(DefaultInvoker.java:20)

I've tried adding org.bouncycastle.crypto.CipherParameters to the end of https://github.com/jenkinsci/in-toto-plugin/blob/master/src/main/resources/META-INF/hudson.remoting.ClassFilter but that doesn't seem to help.

Do you know what should be providing that class, and where? It's defined in the in-toto-java pom.xml, maybe it's how I'm making that available to the in-toto Jenkins plugin (which is loading into my local mvn repo during the build, which builds it into the JAR but perhaps not the HPI? A bit lost).

[adityasaky]

Hi @sublimino, sorry for the delay! Thanks for reporting this and I'm trying to reproduce it. I cherry-picked your commits in this post and I was able to build both in-toto-java and the plugin without any errors. Could you provide any more information or steps?

[sublimino]

Thanks for your reply!

The maven build works for me too. The above errors are shown in the Jenkins build log for a pipeline that consumes this built plugin artefact, when the plugin is loaded as a Jenkins plugin and run in that context.

[adityasaky]

Yeah, I've run into some separate issues using it in pipeline this morning that I need to look into as well. Let me see what I can figure out. :D

[adityasaky]

Hey @sublimino, I'm still having difficulty replicating this on Jenkins 2.235.4. I found a workaround for the other thing but I'm not seeing any bouncycastle issues pop up. Can you share a sanitized version of the information on /systemInfo of your Jenkins instance?

I'm also happy to jump on a call to try and figure out why you're running into this.

cc @SantiagoTorres

[sublimino]

Hi @adityasaky, thanks for investigating! I'm currently AFK and won't be back on this for another couple of weeks.

It may have been a local dep issue when building this end. Is it possible to build a release candidate for this plugin and I'll ask one of my team to test it in the meantime?

[adityasaky]

Hi @sublimino, can you try https://repo.jenkins-ci.org/releases/io/jenkins/plugins/in-toto/0.3.1/?