You are viewing a plain text version of this content. The canonical link for it is here.

Posted to wss4j-dev@ws.apache.org by "Fred Dushin (JIRA)" <ji...@apache.org> on 2008/04/14 22:13:09 UTC

[jira] Commented: (WSS-82) Add the ability to use a custom-loaded JCE provider instance instead of using the system-provided one

    [ https://issues.apache.org/jira/browse/WSS-82?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12588766#action_12588766 ] 

Fred Dushin commented on WSS-82:
--------------------------------

Hi George,

In r644869, we added the ability to disable BouncyCastle and Juice registration with the JCE, though this currently requires a call to a static operation, introducing the standard problems you're likely to encounter with multi-threaded apps.

Would this suffice, in the near term, for this bug?  I'd like to be able to handle the issue in the future, perhaps with a well-defined initialization semantics, but I think that may need to wait for 2.0.

Thanks!

> Add the ability to use a custom-loaded JCE provider instance instead of using the system-provided one
> -----------------------------------------------------------------------------------------------------
>
>                 Key: WSS-82
>                 URL: https://issues.apache.org/jira/browse/WSS-82
>             Project: WSS4J
>          Issue Type: Bug
>            Reporter: George Stanchev
>
> Currently WSS4J loads the BouncyCastle JCE (see WSSConfig.java). However, it uses the JCE Security class to then register the JCE in the java.security.Security registry. The problem is, that it uses the context classloader which might or might not be available for other parties. The JCE providers loaded via java.security.Secruity must be installed in the system classloader since it loads the JCE.
> JCE 1.4 and onwards provides a way to use an instance of a JCE provider supplied by the caller instead of the classes requesting one from the Security registry.
> For example to get a cypher, one can write
> Class clazz = myClassloader.loadClass("my.custom.JCEProvider");
> java.security.Provider myprov = (java.security.Provider) clazz.getInstance();
> javax.crypto.Cypher =  javax.crypto.Cypher.getInstance(myTransofrmation, myprov);
> instead of
> javax.crypto.Cypher =  javax.crypto.Cypher.getInstance(myTransofrmation);
> or
> javax.crypto.Cypher =  javax.crypto.Cypher.getInstance(myTransofrmation, "myprov");
> This way WSS4J will stay trully independent of any system-provider JCE providers.
> Same needs to be done for XML-Security library

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org