[jira] [Commented] (AMQ-7142) Inserting Bouncy Castle Provider Early in Java Security Provider Chain Breaks KeyStore Loading

Wed, 18 Dec 2019 01:26:38 -0800 


    [ 
https://issues.apache.org/jira/browse/AMQ-7142?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16998976#comment-16998976
 ] 

Victor Bucutea commented on AMQ-7142:
-------------------------------------

same issue here. Is there a work-around ?

> Inserting Bouncy Castle Provider Early in Java Security Provider Chain Breaks 
> KeyStore Loading
> ----------------------------------------------------------------------------------------------
>
>                 Key: AMQ-7142
>                 URL: https://issues.apache.org/jira/browse/AMQ-7142
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Camel
>    Affects Versions: 5.15.2
>         Environment: OpenJDK 11 (AdoptOpenJDK).
> Mac OS
>            Reporter: Nathan Hook
>            Priority: Blocker
>
> The insertion of the Bouncy Castle Provider in the 
> org.apache.activemq.broker.BrokerService class is causing issues with our app 
> that expecting one of the default SunJCE Ciphers to be called, but a Bouncy 
> Castle Cipher is returned instead.
> This causes our Spring Security SAML keystores to not be loaded correctly 
> because the Bouncy Castle Cipher thinks that the keystore was tampered with.
>  
> I believe that the source of the problem is this line in the BrokerService 
> class:
> Security.insertProviderAt(bouncycastle, 
> Integer.getInteger("org.apache.activemq.broker.BouncyCastlePosition", 2));
> Looking at the Java 11 source code there are 6 providers installed by the 
> java.security.Security class in the initializeStatic method:
> {code:java}
> private static void initializeStatic() {
>  props.put("security.provider.1", "sun.security.provider.Sun");
>  props.put("security.provider.2", "sun.security.rsa.SunRsaSign");
>  props.put("security.provider.3", "com.sun.net.ssl.internal.ssl.Provider");
>  props.put("security.provider.4", "com.sun.crypto.provider.SunJCE");
>  props.put("security.provider.5", "sun.security.jgss.SunProvider");
>  props.put("security.provider.6", "com.sun.security.sasl.Provider");
> }{code}
>  
> If possible it would be great if the org.apache.activemq.broker.BrokerService 
> class would call 
> addProvider instead of insertProviderAt.
>  
> Thank you for your time.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to