ICEpdf
  1. ICEpdf
  2. PDF-1138

Change security provider ordering for BouncyCastleProvider

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 6.2.2
    • Fix Version/s: 6.2.3, 6.3
    • Component/s: Core/Parsing, Viewer RI
    • Labels:
      None
    • Environment:
      any

      Description

      We had a client that was using a custom security provider in their application and because we install the BouncyCastleProvider in slot 2 we inadvertently stomped on an algorithm they needed. From my testing there is no reason to install the BouncyCastleProvider in slot2 we can simply add it o the list (end). The classes we need from the jars can be found regardless. The instructions below show how to add the BouncyCastleProvider statically if needed to the JVM encase order needs to be specified.

      Notes from http://www.bouncycastle.org/wiki/display/JA1/Provider+Installation

      Installing the Provider Dynamically
      import org.bouncycastle.jce.provider.BouncyCastleProvider;
      ...
      Security.addProvider(new BouncyCastleProvider());

      Installing the Provider Statically

      To install the provider statically you need to add it as an entry to the java.security file which can be found in $JAVA_HOME/jre/lib/security/java.security for the JRE/JDK you are using. Look for a list of lines with security.provider.X where X is some number. At the bottom of the list add the line:
      security.provider.N=org.bouncycastle.jce.provider.BouncyCastleProvider
      where N is one more than the last number in the list.
      It is possible to add the provider higher up in the list. If you do this we recommend you don't add it earlier than position 2 as there are occasionally internal dependencies on the provider at position 1 which may cause some operations by your JVM to result in errors.

        Activity

        Patrick Corless created issue -
        Patrick Corless made changes -
        Field Original Value New Value
        Description
        Notes from http://www.bouncycastle.org/wiki/display/JA1/Provider+Installation

        Installing the Provider Dynamically
        import org.bouncycastle.jce.provider.BouncyCastleProvider;
        ...
        Security.addProvider(new BouncyCastleProvider());

        Installing the Provider Statically

        To install the provider statically you need to add it as an entry to the java.security file which can be found in $JAVA_HOME/jre/lib/security/java.security for the JRE/JDK you are using. Look for a list of lines with security.provider.X where X is some number. At the bottom of the list add the line:
        security.provider.N=org.bouncycastle.jce.provider.BouncyCastleProvider
        where N is one more than the last number in the list.
        It is possible to add the provider higher up in the list. If you do this we recommend you don't add it earlier than position 2 as there are occasionally internal dependencies on the provider at position 1 which may cause some operations by your JVM to result in errors.
        We had a client that was using a custom security provider in their application and because we install the BouncyCastleProvider in slot 2 we inadvertently stomped on an algorithm they needed. From my testing there is no reason to install the BouncyCastleProvider in slot2 we can simply add it o the list (end). The classes we need from the jars can be found regardless. The instructions below show how to add the BouncyCastleProvider statically if needed to the JVM encase order needs to be specified.

        Notes from http://www.bouncycastle.org/wiki/display/JA1/Provider+Installation

        Installing the Provider Dynamically
        import org.bouncycastle.jce.provider.BouncyCastleProvider;
        ...
        Security.addProvider(new BouncyCastleProvider());

        Installing the Provider Statically

        To install the provider statically you need to add it as an entry to the java.security file which can be found in $JAVA_HOME/jre/lib/security/java.security for the JRE/JDK you are using. Look for a list of lines with security.provider.X where X is some number. At the bottom of the list add the line:
        security.provider.N=org.bouncycastle.jce.provider.BouncyCastleProvider
        where N is one more than the last number in the list.
        It is possible to add the provider higher up in the list. If you do this we recommend you don't add it earlier than position 2 as there are occasionally internal dependencies on the provider at position 1 which may cause some operations by your JVM to result in errors.
        Repository Revision Date User Message
        ICEsoft Public SVN Repository #51321 Tue Mar 14 10:10:11 MDT 2017 patrick.corless PDF-1138 changed BouncyCastleProvider slot from 2 to the end of the
        providers list.
        Files Changed
        Commit graph MODIFY /icepdf/trunk/icepdf/core/core-awt/src/main/java/org/icepdf/core/pobjects/security/SecurityManager.java
        Repository Revision Date User Message
        ICEsoft Public SVN Repository #51322 Tue Mar 14 10:10:20 MDT 2017 patrick.corless PDF-1138 changed BouncyCastleProvider slot from 2 to the end of the
        providers list.
        Files Changed
        Commit graph MODIFY /icepdf/branches/icepdf-6.2.0/icepdf/core/src/org/icepdf/core/pobjects/security/SecurityManager.java
        Patrick Corless made changes -
        Fix Version/s 6.2.3 [ 13098 ]
        Fix Version/s 6.3 [ 13093 ]
        Hide
        Patrick Corless added a comment -

        Marking as fixed.

        Show
        Patrick Corless added a comment - Marking as fixed.
        Patrick Corless made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Patrick Corless made changes -
        Status Resolved [ 5 ] Closed [ 6 ]

          People

          • Assignee:
            Patrick Corless
            Reporter:
            Patrick Corless
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: