Registering a SecurityProvider programatically in OSGi

[Denian00 <Le...@spambox.us>]

Hi,

We are trying to use BouncyCastle security provider in our platform on OSGi.
We have a bundle that contains the BC signed jars: bcprov-jdk15-143.jar and
bcpg-jdk15-143.jar for PGP support.
That bundle has a component that, once is activated, registers the security
provider:

  protected void activate(ComponentContext context) throws Exception
  {
    log.debug("activate()");
    Security.addProvider(new BouncyCastleProvider());
  }
  
After that we try to create a Cipher using BC provider:

  cipher = Cipher.getInstance("AES/ECB/PKCS5Padding", "BC");
  
And at this point we get an exception:

Caused by: java.lang.SecurityException: JCE cannot authenticate the provider
BC
	at javax.crypto.Cipher.getInstance(DashoA12275)
	at javax.crypto.Cipher.getInstance(DashoA12275)
	at lib.security.SecurityUtil.createCipher(SecurityUtil.java:113)
	... 22 more
Caused by: java.util.jar.JarException: Class is on the bootclasspath
	at javax.crypto.SunJCE_d.a(DashoA12275)
	at javax.crypto.SunJCE_b.b(DashoA12275)
	at javax.crypto.SunJCE_b.a(DashoA12275)
	... 25 more
	
JCE is not authenticating the provider BC but the Jars are signed. In fact,
if we run a unit test, the Cipher is created correctly.
We've seen that many people add the jars to lib/ext in the JRE home, and
then they edit the file lib/security/java.security adding the provider.
If we do that we don't get that exception, but we don't want to do that
configuration on each environment, we would like to add it programatically.

Do you have any idea?

Thanks a lot for your time.
-- 
View this message in context: http://www.nabble.com/Registering-a-SecurityProvider-programatically-in-OSGi-tp23541588p23541588.html
Sent from the Apache Felix - Users mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org