From d38892dfeb706f58e8daf89c7d60fc7d2f6c7339 Mon Sep 17 00:00:00 2001
From: Mathieu Baudier <mbaudier@argeo.org>
Date: Mon, 4 Jul 2022 07:50:35 +0200
Subject: [PATCH] Fix security providers

---
 .../argeo/cms/internal/runtime/PkiUtils.java  | 20 +++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/runtime/PkiUtils.java b/org.argeo.cms/src/org/argeo/cms/internal/runtime/PkiUtils.java
index 3acc95eed..5bf62e3aa 100644
--- a/org.argeo.cms/src/org/argeo/cms/internal/runtime/PkiUtils.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/runtime/PkiUtils.java
@@ -65,20 +65,20 @@ class PkiUtils {
 
 	static final String DEFAULT_KEYSTORE_PASSWORD = "changeit";
 
-	private final static String SECURITY_PROVIDER;
-	private final static String BC_PROVIDER;
+	private final static String SUN_SECURITY_PROVIDER;
+	private final static String BC_SECURITY_PROVIDER;
 	static {
 		Security.addProvider(new BouncyCastleProvider());
 		// BouncyCastle does not store trusted certificates properly
 		// TODO report it
-		BC_PROVIDER = "BC";
-		SECURITY_PROVIDER = "SUN";
+		BC_SECURITY_PROVIDER = "BC";
+		SUN_SECURITY_PROVIDER = "SUN";
 	}
 
 	public static X509Certificate generateSelfSignedCertificate(KeyStore keyStore, X500Principal x500Principal,
 			int keySize, char[] keyPassword) {
 		try {
-			KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", SECURITY_PROVIDER);
+			KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", BC_SECURITY_PROVIDER);
 			kpGen.initialize(keySize, new SecureRandom());
 			KeyPair pair = kpGen.generateKeyPair();
 			Date notBefore = new Date(System.currentTimeMillis() - 10000);
@@ -86,9 +86,9 @@ class PkiUtils {
 			BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());
 			X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(x500Principal, serial, notBefore,
 					notAfter, x500Principal, pair.getPublic());
-			ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(SECURITY_PROVIDER)
-					.build(pair.getPrivate());
-			X509Certificate cert = new JcaX509CertificateConverter().setProvider(SECURITY_PROVIDER)
+			ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption")
+					.setProvider(BC_SECURITY_PROVIDER).build(pair.getPrivate());
+			X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC_SECURITY_PROVIDER)
 					.getCertificate(certGen.build(sigGen));
 			cert.checkValidity(new Date());
 			cert.verify(cert.getPublicKey());
@@ -180,7 +180,7 @@ class PkiUtils {
 
 	public static PrivateKey loadPemPrivateKey(Reader reader, char[] keyPassword) {
 		try (PEMParser pemParser = new PEMParser(reader)) {
-			JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider(BC_PROVIDER);
+			JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider(BC_SECURITY_PROVIDER);
 			Object object = pemParser.readObject();
 			PrivateKeyInfo privateKeyInfo;
 			if (object instanceof PKCS8EncryptedPrivateKeyInfo) {
@@ -202,7 +202,7 @@ class PkiUtils {
 	public static X509Certificate loadPemCertificate(Reader reader) {
 		try (PEMParser pemParser = new PEMParser(reader)) {
 			X509CertificateHolder certHolder = (X509CertificateHolder) pemParser.readObject();
-			X509Certificate cert = new JcaX509CertificateConverter().setProvider(SECURITY_PROVIDER)
+			X509Certificate cert = new JcaX509CertificateConverter().setProvider(SUN_SECURITY_PROVIDER)
 					.getCertificate(certHolder);
 			return cert;
 		} catch (IOException | CertificateException e) {
-- 
2.39.2