From: Mathieu Baudier Date: Mon, 4 Jul 2022 05:50:35 +0000 (+0200) Subject: Fix security providers X-Git-Tag: v2.3.10~138 X-Git-Url: https://git.argeo.org/?a=commitdiff_plain;h=d38892dfeb706f58e8daf89c7d60fc7d2f6c7339;p=lgpl%2Fargeo-commons.git Fix security providers --- diff --git a/org.argeo.cms/src/org/argeo/cms/internal/runtime/PkiUtils.java b/org.argeo.cms/src/org/argeo/cms/internal/runtime/PkiUtils.java index 3acc95eed..5bf62e3aa 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/runtime/PkiUtils.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/runtime/PkiUtils.java @@ -65,20 +65,20 @@ class PkiUtils { static final String DEFAULT_KEYSTORE_PASSWORD = "changeit"; - private final static String SECURITY_PROVIDER; - private final static String BC_PROVIDER; + private final static String SUN_SECURITY_PROVIDER; + private final static String BC_SECURITY_PROVIDER; static { Security.addProvider(new BouncyCastleProvider()); // BouncyCastle does not store trusted certificates properly // TODO report it - BC_PROVIDER = "BC"; - SECURITY_PROVIDER = "SUN"; + BC_SECURITY_PROVIDER = "BC"; + SUN_SECURITY_PROVIDER = "SUN"; } public static X509Certificate generateSelfSignedCertificate(KeyStore keyStore, X500Principal x500Principal, int keySize, char[] keyPassword) { try { - KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", SECURITY_PROVIDER); + KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", BC_SECURITY_PROVIDER); kpGen.initialize(keySize, new SecureRandom()); KeyPair pair = kpGen.generateKeyPair(); Date notBefore = new Date(System.currentTimeMillis() - 10000); @@ -86,9 +86,9 @@ class PkiUtils { BigInteger serial = BigInteger.valueOf(System.currentTimeMillis()); X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(x500Principal, serial, notBefore, notAfter, x500Principal, pair.getPublic()); - ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(SECURITY_PROVIDER) - .build(pair.getPrivate()); - X509Certificate cert = new JcaX509CertificateConverter().setProvider(SECURITY_PROVIDER) + ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption") + .setProvider(BC_SECURITY_PROVIDER).build(pair.getPrivate()); + X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC_SECURITY_PROVIDER) .getCertificate(certGen.build(sigGen)); cert.checkValidity(new Date()); cert.verify(cert.getPublicKey()); @@ -180,7 +180,7 @@ class PkiUtils { public static PrivateKey loadPemPrivateKey(Reader reader, char[] keyPassword) { try (PEMParser pemParser = new PEMParser(reader)) { - JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider(BC_PROVIDER); + JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider(BC_SECURITY_PROVIDER); Object object = pemParser.readObject(); PrivateKeyInfo privateKeyInfo; if (object instanceof PKCS8EncryptedPrivateKeyInfo) { @@ -202,7 +202,7 @@ class PkiUtils { public static X509Certificate loadPemCertificate(Reader reader) { try (PEMParser pemParser = new PEMParser(reader)) { X509CertificateHolder certHolder = (X509CertificateHolder) pemParser.readObject(); - X509Certificate cert = new JcaX509CertificateConverter().setProvider(SECURITY_PROVIDER) + X509Certificate cert = new JcaX509CertificateConverter().setProvider(SUN_SECURITY_PROVIDER) .getCertificate(certHolder); return cert; } catch (IOException | CertificateException e) {