[
https://issues.apache.org/jira/browse/AMQ-7142?focusedWorklogId=377561&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-377561
]
ASF GitHub Bot logged work on AMQ-7142:
---------------------------------------
Author: ASF GitHub Bot
Created on: 27/Jan/20 10:44
Start Date: 27/Jan/20 10:44
Worklog Time Spent: 10m
Work Description: coheigea commented on pull request #431: AMQ-7142 -
Inserting Bouncy Castle Provider Early in Java Security Pr…
URL: https://github.com/apache/activemq/pull/431
…ovider Chain Breaks KeyStore Loading
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 377561)
Remaining Estimate: 0h
Time Spent: 10m
> Inserting Bouncy Castle Provider Early in Java Security Provider Chain Breaks
> KeyStore Loading
> ----------------------------------------------------------------------------------------------
>
> Key: AMQ-7142
> URL: https://issues.apache.org/jira/browse/AMQ-7142
> Project: ActiveMQ
> Issue Type: Bug
> Components: Camel
> Affects Versions: 5.15.2
> Environment: OpenJDK 11 (AdoptOpenJDK).
> Mac OS
> Reporter: Nathan Hook
> Assignee: Colm O hEigeartaigh
> Priority: Blocker
> Fix For: 5.16.0, 5.15.12
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> The insertion of the Bouncy Castle Provider in the
> org.apache.activemq.broker.BrokerService class is causing issues with our app
> that expecting one of the default SunJCE Ciphers to be called, but a Bouncy
> Castle Cipher is returned instead.
> This causes our Spring Security SAML keystores to not be loaded correctly
> because the Bouncy Castle Cipher thinks that the keystore was tampered with.
>
> I believe that the source of the problem is this line in the BrokerService
> class:
> Security.insertProviderAt(bouncycastle,
> Integer.getInteger("org.apache.activemq.broker.BouncyCastlePosition", 2));
> Looking at the Java 11 source code there are 6 providers installed by the
> java.security.Security class in the initializeStatic method:
> {code:java}
> private static void initializeStatic() {
> props.put("security.provider.1", "sun.security.provider.Sun");
> props.put("security.provider.2", "sun.security.rsa.SunRsaSign");
> props.put("security.provider.3", "com.sun.net.ssl.internal.ssl.Provider");
> props.put("security.provider.4", "com.sun.crypto.provider.SunJCE");
> props.put("security.provider.5", "sun.security.jgss.SunProvider");
> props.put("security.provider.6", "com.sun.security.sasl.Provider");
> }{code}
>
> If possible it would be great if the org.apache.activemq.broker.BrokerService
> class would call
> addProvider instead of insertProviderAt.
>
> Thank you for your time.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
