Hi,
We are trying to use BouncyCastle security provider in our platform on OSGi.
We have a bundle that contains the BC signed jars: bcprov-jdk15-143.jar and
bcpg-jdk15-143.jar for PGP support.
That bundle has a component that, once is activated, registers the security
provider:
protected void activate(ComponentContext context) throws Exception
{
log.debug("activate()");
Security.addProvider(new BouncyCastleProvider());
}
After that we try to create a Cipher using BC provider:
cipher = Cipher.getInstance("AES/ECB/PKCS5Padding", "BC");
And at this point we get an exception:
Caused by: java.lang.SecurityException: JCE cannot authenticate the provider
BC
at javax.crypto.Cipher.getInstance(DashoA12275)
at javax.crypto.Cipher.getInstance(DashoA12275)
at lib.security.SecurityUtil.createCipher(SecurityUtil.java:113)
... 22 more
Caused by: java.util.jar.JarException: Class is on the bootclasspath
at javax.crypto.SunJCE_d.a(DashoA12275)
at javax.crypto.SunJCE_b.b(DashoA12275)
at javax.crypto.SunJCE_b.a(DashoA12275)
... 25 more
JCE is not authenticating the provider BC. The Jars are signed. In fact, if
we run a unit test, the Cipher is created correctly.
We've seen that many people add the jars to lib/ext in the JRE home, and
then they edit the file lib/security/java.security adding the provider.
If we do that we don't get that exception, but we don't want to do that
installation on each environment, we would like to add it programatically.
Do you have any idea?
Thanks a lot for your time.
_______________________________________________
OSGi Developer Mail List
[email protected]
https://mail.osgi.org/mailman/listinfo/osgi-dev
