[
https://issues.apache.org/jira/browse/PDFBOX-2963?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15684156#comment-15684156
]
Tilman Hausherr commented on PDFBOX-2963:
-----------------------------------------
I've read the texts again and maybe I understand better now. Intended changes:
0) remove {{Security.addProvider(new BouncyCastleProvider());}} from
SecurityHandlerFactory;
1) Add this class (may need to be improved, not sure if this is the perfect
singleton):
{code}
public class SecurityProvider
{
private static Provider provider = null;
private SecurityProvider()
{
}
public static Provider getProvider() throws IOException
{
if (provider == null)
{
try
{
Class<Provider> providerClass =
(Class<Provider>)
Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider");
provider = providerClass.newInstance();
}
catch (ClassNotFoundException ex)
{
throw new IOException(ex);
}
catch (InstantiationException ex)
{
throw new IOException(ex);
}
catch (IllegalAccessException ex)
{
throw new IOException(ex);
}
Security.addProvider(provider);
}
return provider;
}
public static void setProvider(Provider provider)
{
SecurityProvider.provider = provider;
Security.addProvider(provider);
}
}
{code}
2) at every place in the org.apache.pdfbox.pdmodel.encryption, search for
{{getInstance()}}, and add {{SecurityProvider.getProvider()}} as second
parameter, except for MD5.
Sadly BCFIPS is not or not yet on maven central, so I'm waiting for somebody to
come forward to test this the hard way.
> Remove Bouncy Castle Reference
> ------------------------------
>
> Key: PDFBOX-2963
> URL: https://issues.apache.org/jira/browse/PDFBOX-2963
> Project: PDFBox
> Issue Type: Improvement
> Components: Crypto, PDModel
> Affects Versions: 1.8.9, 1.8.10, 2.0.0
> Reporter: Johnny Minty
> Fix For: 2.0.4, 2.1.0
>
>
> PDFBox Versions 1.8.X and 2.0.X add Bouncy Castle as a security provider
> explicitly (Hard coded)
> Referencing bouncy castle explicitly ties PDF box to a specific provider
> implementation.
> Instead of referencing BouncyCastleProvider explicitly provide an option to
> select another provider or alternatively allow a way to override the default.
> Version 1.8.X:
> https://github.com/apache/pdfbox/blob/1.8.10/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandlersManager.java
> {code}
> public static SecurityHandlersManager getInstance()
> {
> if(instance == null)
> {
> instance = new SecurityHandlersManager();
> Security.addProvider(new BouncyCastleProvider());
> }
> return instance;
> }
> {code}
> Version 2.0.0:
> https://github.com/apache/pdfbox/blob/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandlerFactory.java
> {code}
> static
> {
> Security.addProvider(new BouncyCastleProvider());
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
