Hi together, how going on with this topic. Actually bouncastle is the defacto standard security library for karaf and bundled by default. So taking the approach explained by Robert sounds reasonable to upstream to Karaf itself and moving libs to from system to boot and maybe even register org.apache.karaf.security.providers = org.bouncycastle.jce.provider.BouncyCastleProvider. Something to be solved before 4.3RC2?
Regards, Benjamin On 15.01.2020 17:00, Robert Varga wrote: > On 15/01/2020 16:25, Benjamin Graf wrote: >> Hi, >> >> I'm actually playing around with the latest 4.3.0-SNAPSHOT. I recognize >> that the ssh bundle is using bouncycastle for reading pem files right >> now (KARAF-6383). The "issue" I'm facing is that if I like to set >> bouncycastle as the security provider via >> "org.apache.karaf.security.providers = >> org.bouncycastle.jce.provider.BouncyCastleProvider" I have to distribute >> the same bundle twice or otherwise have to remove it from system and add >> needed packages to "org.osgi.framework.bootdelegation". >> >> Anybody seeing a better solution? > Not sure, but in OpenDaylight we have two fragment bundles which attach > to framework bundle and expose all of BouncyCastle to OSGi: > > https://github.com/opendaylight/odlparent/tree/master/karaf/bcpkix-framework-ext > https://github.com/opendaylight/odlparent/tree/master/karaf/bcprov-framework-ext > > perhaps these should be upstreamed (but then we upgrade BC much more > quickly than we upgrade Karaf). > > Regards, > Robert >
signature.asc
Description: OpenPGP digital signature