ICEpdf
  1. ICEpdf
  2. PDF-1138

Change security provider ordering for BouncyCastleProvider

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 6.2.2
    • Fix Version/s: 6.2.3, 6.3
    • Component/s: Core/Parsing, Viewer RI
    • Labels:
      None
    • Environment:
      any

      Description

      We had a client that was using a custom security provider in their application and because we install the BouncyCastleProvider in slot 2 we inadvertently stomped on an algorithm they needed. From my testing there is no reason to install the BouncyCastleProvider in slot2 we can simply add it o the list (end). The classes we need from the jars can be found regardless. The instructions below show how to add the BouncyCastleProvider statically if needed to the JVM encase order needs to be specified.

      Notes from http://www.bouncycastle.org/wiki/display/JA1/Provider+Installation

      Installing the Provider Dynamically
      import org.bouncycastle.jce.provider.BouncyCastleProvider;
      ...
      Security.addProvider(new BouncyCastleProvider());

      Installing the Provider Statically

      To install the provider statically you need to add it as an entry to the java.security file which can be found in $JAVA_HOME/jre/lib/security/java.security for the JRE/JDK you are using. Look for a list of lines with security.provider.X where X is some number. At the bottom of the list add the line:
      security.provider.N=org.bouncycastle.jce.provider.BouncyCastleProvider
      where N is one more than the last number in the list.
      It is possible to add the provider higher up in the list. If you do this we recommend you don't add it earlier than position 2 as there are occasionally internal dependencies on the provider at position 1 which may cause some operations by your JVM to result in errors.

        Activity

        Hide
        Patrick Corless added a comment -

        Marking as fixed.

        Show
        Patrick Corless added a comment - Marking as fixed.

          People

          • Assignee:
            Patrick Corless
            Reporter:
            Patrick Corless
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: