[ https://issues.apache.org/jira/browse/AMQ-7142?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17024322#comment-17024322 ]
ASF subversion and git services commented on AMQ-7142: ------------------------------------------------------ Commit dae85b3dcc7cff5c88e4c301cdf56d3db312058f in activemq's branch refs/heads/activemq-5.15.x from Colm O hEigeartaigh [ https://gitbox.apache.org/repos/asf?p=activemq.git;h=dae85b3 ] AMQ-7142 - Inserting Bouncy Castle Provider Early in Java Security Provider Chain Breaks KeyStore Loading (cherry picked from commit 127852d2e7098436e99c573bc7b30e3facdb634b) > Inserting Bouncy Castle Provider Early in Java Security Provider Chain Breaks > KeyStore Loading > ---------------------------------------------------------------------------------------------- > > Key: AMQ-7142 > URL: https://issues.apache.org/jira/browse/AMQ-7142 > Project: ActiveMQ > Issue Type: Bug > Components: Camel > Affects Versions: 5.15.2 > Environment: OpenJDK 11 (AdoptOpenJDK). > Mac OS > Reporter: Nathan Hook > Assignee: Colm O hEigeartaigh > Priority: Blocker > Fix For: 5.16.0, 5.15.12 > > Time Spent: 20m > Remaining Estimate: 0h > > The insertion of the Bouncy Castle Provider in the > org.apache.activemq.broker.BrokerService class is causing issues with our app > that expecting one of the default SunJCE Ciphers to be called, but a Bouncy > Castle Cipher is returned instead. > This causes our Spring Security SAML keystores to not be loaded correctly > because the Bouncy Castle Cipher thinks that the keystore was tampered with. > > I believe that the source of the problem is this line in the BrokerService > class: > Security.insertProviderAt(bouncycastle, > Integer.getInteger("org.apache.activemq.broker.BouncyCastlePosition", 2)); > Looking at the Java 11 source code there are 6 providers installed by the > java.security.Security class in the initializeStatic method: > {code:java} > private static void initializeStatic() { > props.put("security.provider.1", "sun.security.provider.Sun"); > props.put("security.provider.2", "sun.security.rsa.SunRsaSign"); > props.put("security.provider.3", "com.sun.net.ssl.internal.ssl.Provider"); > props.put("security.provider.4", "com.sun.crypto.provider.SunJCE"); > props.put("security.provider.5", "sun.security.jgss.SunProvider"); > props.put("security.provider.6", "com.sun.security.sasl.Provider"); > }{code} > > If possible it would be great if the org.apache.activemq.broker.BrokerService > class would call > addProvider instead of insertProviderAt. > > Thank you for your time. -- This message was sent by Atlassian Jira (v8.3.4#803005)