Nathan Hook created AMQ-7142:
--------------------------------
Summary: Inserting Bouncy Castle Provider Early in Java Security
Provider Chain Breaks KeyStore Loading
Key: AMQ-7142
URL: https://issues.apache.org/jira/browse/AMQ-7142
Project: ActiveMQ
Issue Type: Bug
Components: activemq-camel
Affects Versions: 5.15.2
Environment: OpenJDK 11 (AdoptOpenJDK).
Mac OS
Reporter: Nathan Hook
The insertion of the Bouncy Castle Provider in the
org.apache.activemq.broker.BrokerService class is causing issues with our app
that expecting one of the default SunJCE Ciphers to be called, but a Bouncy
Castle Cipher is returned instead.
This causes our Spring Security SAML keystores to not be loaded correctly
because the Bouncy Castle Cipher thinks that the keystore was tampered with.
I believe that the source of the problem is this line in the BrokerService
class:
Security.insertProviderAt(bouncycastle,
Integer.getInteger("org.apache.activemq.broker.BouncyCastlePosition", 2));
Looking at the Java 11 source code there are 6 providers installed by the
java.security.Security class in the initializeStatic method:
{code:java}
private static void initializeStatic() {
props.put("security.provider.1", "sun.security.provider.Sun");
props.put("security.provider.2", "sun.security.rsa.SunRsaSign");
props.put("security.provider.3", "com.sun.net.ssl.internal.ssl.Provider");
props.put("security.provider.4", "com.sun.crypto.provider.SunJCE");
props.put("security.provider.5", "sun.security.jgss.SunProvider");
props.put("security.provider.6", "com.sun.security.sasl.Provider");
}{code}
If possible it would be great if the org.apache.activemq.broker.BrokerService
class would call
addProvider instead of insertProviderAt.
Thank you for your time.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
