Github user aledsage commented on a diff in the pull request:
https://github.com/apache/incubator-brooklyn/pull/465#discussion_r23520116
--- Diff: core/src/main/java/brooklyn/util/crypto/FluentKeySigner.java ---
@@ -42,7 +44,9 @@
* X509v3CertificateBuilder drags in an add'l dependency (bcmail) and is
harder to use. */
@SuppressWarnings("deprecation")
public class FluentKeySigner {
-
+
+ static { Security.addProvider(new BouncyCastleProvider()); }
--- End diff --
I'm uncomfortable with doing this here. Feels like we should set up these
JVM-wide provides at the start, as part of setup. My main concern with doing it
here is that it could impact other stuff running in the JVM a while after
Brooklyn has started, causing weird behaviour.
It feels like the same argument for why it's a bad idea to call
`System.setProperty("security....")` in the middle of some class - thus
impacting what other seemingly unrelated code in the JVM will subsequently do.
My other concern is that it doesn't give a way to see easily see all the
dependencies we're using (i.e. what we're injecting into the JVM).
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
