You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Colm O hEigeartaigh (Jira)" <ji...@apache.org> on 2020/01/23 09:24:00 UTC
[jira] [Assigned] (AMQ-7142) Inserting Bouncy Castle Provider Early
in Java Security Provider Chain Breaks KeyStore Loading
[ https://issues.apache.org/jira/browse/AMQ-7142?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh reassigned AMQ-7142:
----------------------------------------
Assignee: Colm O hEigeartaigh
> Inserting Bouncy Castle Provider Early in Java Security Provider Chain Breaks KeyStore Loading
> ----------------------------------------------------------------------------------------------
>
> Key: AMQ-7142
> URL: https://issues.apache.org/jira/browse/AMQ-7142
> Project: ActiveMQ
> Issue Type: Bug
> Components: Camel
> Affects Versions: 5.15.2
> Environment: OpenJDK 11 (AdoptOpenJDK).
> Mac OS
> Reporter: Nathan Hook
> Assignee: Colm O hEigeartaigh
> Priority: Blocker
>
> The insertion of the Bouncy Castle Provider in the org.apache.activemq.broker.BrokerService class is causing issues with our app that expecting one of the default SunJCE Ciphers to be called, but a Bouncy Castle Cipher is returned instead.
> This causes our Spring Security SAML keystores to not be loaded correctly because the Bouncy Castle Cipher thinks that the keystore was tampered with.
>
> I believe that the source of the problem is this line in the BrokerService class:
> Security.insertProviderAt(bouncycastle, Integer.getInteger("org.apache.activemq.broker.BouncyCastlePosition", 2));
> Looking at the Java 11 source code there are 6 providers installed by the java.security.Security class in the initializeStatic method:
> {code:java}
> private static void initializeStatic() {
> props.put("security.provider.1", "sun.security.provider.Sun");
> props.put("security.provider.2", "sun.security.rsa.SunRsaSign");
> props.put("security.provider.3", "com.sun.net.ssl.internal.ssl.Provider");
> props.put("security.provider.4", "com.sun.crypto.provider.SunJCE");
> props.put("security.provider.5", "sun.security.jgss.SunProvider");
> props.put("security.provider.6", "com.sun.security.sasl.Provider");
> }{code}
>
> If possible it would be great if the org.apache.activemq.broker.BrokerService class would call
> addProvider instead of insertProviderAt.
>
> Thank you for your time.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)