Details
Blocker Description
The insertion of the Bouncy Castle Provider in the org.apache.activemq.broker.BrokerService class is causing issues with our app that expecting one of the default SunJCE Ciphers to be called, but a Bouncy Castle Cipher is returned instead.
This causes our Spring Security SAML keystores to not be loaded correctly because the Bouncy Castle Cipher thinks that the keystore was tampered with.
I believe that the source of the problem is this line in the BrokerService class:
Security.insertProviderAt(bouncycastle, Integer.getInteger("org.apache.activemq.broker.BouncyCastlePosition", 2));
Looking at the Java 11 source code there are 6 providers installed by the java.security.Security class in the initializeStatic method:
private static void initializeStatic() { props.put("security.provider.1", "sun.security.provider.Sun"); props.put("security.provider.2", "sun.security.rsa.SunRsaSign"); props.put("security.provider.3", "com.sun.net.ssl.internal.ssl.Provider"); props.put("security.provider.4", "com.sun.crypto.provider.SunJCE"); props.put("security.provider.5", "sun.security.jgss.SunProvider"); props.put("security.provider.6", "com.sun.security.sasl.Provider"); }
If possible it would be great if the org.apache.activemq.broker.BrokerService class would call
addProvider instead of insertProviderAt.
Thank you for your time.
Attachments
Issue Links
- links to
