[jira] [Commented] (PDFBOX-2963) Remove Bouncy Castle Reference

Thu, 18 Aug 2016 08:01:33 -0700 

    [ 
https://issues.apache.org/jira/browse/PDFBOX-2963?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15426585#comment-15426585
 ] 

Tilman Hausherr commented on PDFBOX-2963:
-----------------------------------------

[~david.hook] we have this code segment in a method that decrypts PDFs:
{code}
if (rid.match(materialCert) && !foundRecipient)
{
    foundRecipient = true;
    PrivateKey privateKey = (PrivateKey) material.getPrivateKey();
    envelopedData = ri.getContent(new 
JceKeyTransEnvelopedRecipient(privateKey).setProvider("BC"));
    break;
}
{code}
The unit test succeeds also if {{setProvider("BC")}} is removed. Is the use of 
{{setProvider("BC")}} really needed if BouncyCastle was already added with 
{{Security.addProvider(new BouncyCastleProvider());}}? Or does removing "BC" 
result in any risk? The old {{RecipientInformation.getContent() method (before 
1.46)}} had the provider as mandatory parameter.

Full code is here:
https://svn.apache.org/viewvc/pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/PublicKeySecurityHandler.java?view=markup

> Remove Bouncy Castle Reference
> ------------------------------
>
>                 Key: PDFBOX-2963
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-2963
>             Project: PDFBox
>          Issue Type: Improvement
>          Components: Crypto, PDModel
>    Affects Versions: 1.8.9, 1.8.10, 2.0.0
>            Reporter: Johnny Minty
>
> PDFBox Versions 1.8.X and 2.0.X add Bouncy Castle as a security provider 
> explicitly (Hard coded)
> Referencing bouncy castle explicitly ties PDF box to a specific provider 
> implementation.
> Instead of referencing BouncyCastleProvider explicitly provide an option to 
> select another provider or alternatively allow a way to override the default. 
> Version 1.8.X:
> https://github.com/apache/pdfbox/blob/1.8.10/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandlersManager.java
> {code}
> public static SecurityHandlersManager getInstance()
>     {
>         if(instance == null)
>         {
>             instance = new SecurityHandlersManager();
>             Security.addProvider(new BouncyCastleProvider());
>         }
>         return instance;
>     }
> {code}
> Version 2.0.0:
> https://github.com/apache/pdfbox/blob/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandlerFactory.java
> {code}
>    static
>     {
>         Security.addProvider(new BouncyCastleProvider());
>     }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to