Skip to content

Commit

Permalink
Fix an issue with loading the BC JSSE provider
Browse files Browse the repository at this point in the history 
Fixed an issue that interfered with the ability to load the
FIPS-compliant Bouncy Castle JSSE provider.
  • Loading branch information
@dirmgr
dirmgr committed Oct 11, 2024
1 parent 8da9461 commit e861c63
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 82 deletions.
110 changes: 34 additions & 76 deletions src/com/unboundid/util/BouncyCastleFIPSHelper.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -364,21 +364,17 @@ private BouncyCastleFIPSHelper()
public static Provider getBouncyCastleFIPSProvider()
throws NoSuchProviderException
{
return getBouncyCastleFIPSProvider(true, null);
return getBouncyCastleFIPSProvider(null);
}



/**
* Retrieves a reference to the Bouncy Castle FIPS provider.
*
* @param allowCachedProvider Indicates whether it is acceptable to use a
* cached version of the provider if one is
* already available.
* @param versionString A string that indicates which version of the
* provider should be used. It may be
* {@code null} if the default version should be
* used.
* @param versionString A string that indicates which version of the
* provider should be used. It may be {@code null} if
* the default version should be used.
*
* @return The Bouncy Castle FIPS provider instance. It will not be
* {@code null}.
Expand All @@ -388,21 +384,16 @@ public static Provider getBouncyCastleFIPSProvider()
*/
@NotNull()
public static Provider getBouncyCastleFIPSProvider(
final boolean allowCachedProvider,
@Nullable final String versionString)
throws NoSuchProviderException
{
if (allowCachedProvider)
final Provider cachedProvider = BOUNCY_CASTLE_FIPS_PROVIDER_REF.get();
if (cachedProvider != null)
{
final Provider cachedProvider = BOUNCY_CASTLE_FIPS_PROVIDER_REF.get();
if (cachedProvider != null)
{
return cachedProvider;
}
return cachedProvider;
}

return loadBouncyCastleFIPSProvider(false, versionString,
allowCachedProvider);
return loadBouncyCastleFIPSProvider(false, versionString);
}


Expand Down Expand Up @@ -445,7 +436,7 @@ static synchronized Provider loadBouncyCastleFIPSProvider(
final boolean makeDefault)
throws NoSuchProviderException
{
return loadBouncyCastleFIPSProvider(makeDefault, null, makeDefault);
return loadBouncyCastleFIPSProvider(makeDefault, null);
}


Expand All @@ -459,9 +450,6 @@ static synchronized Provider loadBouncyCastleFIPSProvider(
* @param versionString A string that indicates which version of the
* provider should be used. It may be {@code null} if
* the default version should be used.
* @param cacheProvider Indicates whether to cache the loaded provider so
* that it can be more efficiently retrieved if it is
* needed again.
*
* @return The provider that was loaded. It will not be {@code null}.
*
Expand All @@ -471,8 +459,7 @@ static synchronized Provider loadBouncyCastleFIPSProvider(
@NotNull()
static synchronized Provider loadBouncyCastleFIPSProvider(
final boolean makeDefault,
@Nullable final String versionString,
final boolean cacheProvider)
@Nullable final String versionString)
throws NoSuchProviderException
{
// Validate and parse the provider version string.
Expand All @@ -484,15 +471,12 @@ static synchronized Provider loadBouncyCastleFIPSProvider(
// just return it.
try
{
if (cacheProvider)
final Provider existingProvider =
Security.getProvider(FIPS_PROVIDER_NAME);
if (existingProvider != null)
{
final Provider existingProvider =
Security.getProvider(FIPS_PROVIDER_NAME);
if (existingProvider != null)
{
BOUNCY_CASTLE_FIPS_PROVIDER_REF.compareAndSet(null, existingProvider);
return existingProvider;
}
BOUNCY_CASTLE_FIPS_PROVIDER_REF.compareAndSet(null, existingProvider);
return existingProvider;
}
}
catch (final Exception e)
Expand Down Expand Up @@ -556,7 +540,7 @@ else if (name.startsWith("bctls-fips-") &&
{
fipsJSSEProviderJarFile = f;
}
if (name.endsWith(".jar"))
else if (name.endsWith(".jar"))
{
additionalFIPSProviderJarFiles.add(f);
}
Expand All @@ -581,14 +565,12 @@ else if (name.startsWith("bctls-fips-") &&
BouncyCastleFIPSHelper.class.getClassLoader());
fipsProviderClass = classLoader.loadClass(
BOUNCY_CASTLE_FIPS_PROVIDER_CLASS_NAME);
BOUNCY_CASTLE_FIPS_PROVIDER_CLASS_REF.set(fipsProviderClass);

final Class<?> jsseProviderClass = classLoader.loadClass(
BOUNCY_CASTLE_JSSE_PROVIDER_CLASS_NAME);
BOUNCY_CASTLE_JSSE_PROVIDER_CLASS_REF.set(jsseProviderClass);

if (cacheProvider)
{
BOUNCY_CASTLE_FIPS_PROVIDER_CLASS_REF.set(fipsProviderClass);
BOUNCY_CASTLE_JSSE_PROVIDER_CLASS_REF.set(jsseProviderClass);
}
shouldThrow = false;
}
}
Expand Down Expand Up @@ -626,10 +608,7 @@ else if (name.startsWith("bctls-fips-") &&
Security.addProvider(provider);
}

if (cacheProvider)
{
BOUNCY_CASTLE_FIPS_PROVIDER_REF.set(provider);
}
BOUNCY_CASTLE_FIPS_PROVIDER_REF.set(provider);

return provider;
}
Expand Down Expand Up @@ -716,17 +695,14 @@ private static int parseVersionString(
public static Provider getBouncyCastleJSSEProvider()
throws NoSuchProviderException
{
return getBouncyCastleJSSEProvider(true, null);
return getBouncyCastleJSSEProvider(null);
}



/**
* Retrieves a reference to the Bouncy Castle JSSE provider.
*
* @param allowCachedProvider Indicates whether it is acceptable to use a
* cached version of the provider if one is
* already available.
* @param versionString A string that indicates which version of the
* provider should be used. It may be
* {@code null} if the default version should be
Expand All @@ -739,21 +715,16 @@ public static Provider getBouncyCastleJSSEProvider()
*/
@NotNull()
public static Provider getBouncyCastleJSSEProvider(
final boolean allowCachedProvider,
@Nullable final String versionString)
throws NoSuchProviderException
{
if (allowCachedProvider)
final Provider cachedProvider = BOUNCY_CASTLE_JSSE_PROVIDER_REF.get();
if (cachedProvider != null)
{
final Provider cachedProvider = BOUNCY_CASTLE_JSSE_PROVIDER_REF.get();
if (cachedProvider != null)
{
return cachedProvider;
}
return cachedProvider;
}

return loadBouncyCastleJSSEProvider(false, versionString,
allowCachedProvider);
return loadBouncyCastleJSSEProvider(false, versionString);
}


Expand All @@ -778,7 +749,7 @@ static synchronized Provider loadBouncyCastleJSSEProvider(
final boolean makeSecond)
throws NoSuchProviderException
{
return loadBouncyCastleJSSEProvider(makeSecond, null, makeSecond);
return loadBouncyCastleJSSEProvider(makeSecond, null);
}


Expand All @@ -796,9 +767,6 @@ static synchronized Provider loadBouncyCastleJSSEProvider(
* @param versionString A string that indicates which version of the
* provider should be used. It may be {@code null} if
* the default version should be used.
* @param cacheProvider Indicates whether to cache the loaded provider so
* that it can be more efficiently retrieved if it is
* needed again.
*
* @return The provider that was loaded. It will not be {@code null}.
*
Expand All @@ -808,8 +776,7 @@ static synchronized Provider loadBouncyCastleJSSEProvider(
@NotNull()
static synchronized Provider loadBouncyCastleJSSEProvider(
final boolean makeSecond,
@Nullable final String versionString,
final boolean cacheProvider)
@Nullable final String versionString)
throws NoSuchProviderException
{
// Validate and parse the provided version string. At present, we shouldn't
Expand All @@ -824,15 +791,12 @@ static synchronized Provider loadBouncyCastleJSSEProvider(
// just return it.
try
{
if (cacheProvider)
final Provider existingProvider =
Security.getProvider(JSSE_PROVIDER_NAME);
if (existingProvider != null)
{
final Provider existingProvider =
Security.getProvider(JSSE_PROVIDER_NAME);
if (existingProvider != null)
{
BOUNCY_CASTLE_JSSE_PROVIDER_REF.compareAndSet(null, existingProvider);
return existingProvider;
}
BOUNCY_CASTLE_JSSE_PROVIDER_REF.compareAndSet(null, existingProvider);
return existingProvider;
}
}
catch (final Exception e)
Expand All @@ -850,10 +814,7 @@ static synchronized Provider loadBouncyCastleJSSEProvider(
{
jsseProviderClass =
Class.forName(BOUNCY_CASTLE_JSSE_PROVIDER_CLASS_NAME);
if (cacheProvider)
{
BOUNCY_CASTLE_JSSE_PROVIDER_CLASS_REF.set(jsseProviderClass);
}
BOUNCY_CASTLE_JSSE_PROVIDER_CLASS_REF.set(jsseProviderClass);
}
catch (final Exception e)
{
Expand Down Expand Up @@ -883,10 +844,7 @@ static synchronized Provider loadBouncyCastleJSSEProvider(
Security.addProvider(provider);
}

if (cacheProvider)
{
BOUNCY_CASTLE_JSSE_PROVIDER_REF.set(provider);
}
BOUNCY_CASTLE_JSSE_PROVIDER_REF.set(provider);
return provider;
}
catch (final Exception e)
Expand Down
12 changes: 6 additions & 6 deletions src/com/unboundid/util/CryptoHelper.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -329,10 +329,10 @@ else if (fipsProviderPropertyValue.equalsIgnoreCase(
BouncyCastleFIPSHelper.setPropertiesForPingIdentityServer();
FIPS_PROVIDER.set(
BouncyCastleFIPSHelper.loadBouncyCastleFIPSProvider(true,
fipsProviderVersionString, true));
fipsProviderVersionString));
FIPS_JSSE_PROVIDER.set(
BouncyCastleFIPSHelper.loadBouncyCastleJSSEProvider(true,
fipsProviderVersionString, true));
fipsProviderVersionString));
FIPS_DEFAULT_KEY_MANAGER_FACTORY_ALGORITHM.set(
BouncyCastleFIPSHelper.DEFAULT_KEY_MANAGER_FACTORY_ALGORITHM);
FIPS_DEFAULT_KEY_STORE_TYPE.set(
Expand Down Expand Up @@ -587,9 +587,9 @@ else if (providerName.equalsIgnoreCase(
BouncyCastleFIPSHelper.FIPS_PROVIDER_VERSION_1))
{
fipsProvider = BouncyCastleFIPSHelper.loadBouncyCastleFIPSProvider(true,
BouncyCastleFIPSHelper.FIPS_PROVIDER_VERSION_1, true);
BouncyCastleFIPSHelper.FIPS_PROVIDER_VERSION_1);
jsseProvider = BouncyCastleFIPSHelper.loadBouncyCastleJSSEProvider(true,
BouncyCastleFIPSHelper.FIPS_PROVIDER_VERSION_1, true);
BouncyCastleFIPSHelper.FIPS_PROVIDER_VERSION_1);
FIPS_PROVIDER_NAME.set(BouncyCastleFIPSHelper.FIPS_PROVIDER_NAME +
BouncyCastleFIPSHelper.FIPS_PROVIDER_VERSION_1);
}
Expand All @@ -598,9 +598,9 @@ else if (providerName.equalsIgnoreCase(
BouncyCastleFIPSHelper.FIPS_PROVIDER_VERSION_2))
{
fipsProvider = BouncyCastleFIPSHelper.loadBouncyCastleFIPSProvider(true,
BouncyCastleFIPSHelper.FIPS_PROVIDER_VERSION_2, true);
BouncyCastleFIPSHelper.FIPS_PROVIDER_VERSION_2);
jsseProvider = BouncyCastleFIPSHelper.loadBouncyCastleJSSEProvider(true,
BouncyCastleFIPSHelper.FIPS_PROVIDER_VERSION_2, true);
BouncyCastleFIPSHelper.FIPS_PROVIDER_VERSION_2);
FIPS_PROVIDER_NAME.set(BouncyCastleFIPSHelper.FIPS_PROVIDER_NAME +
BouncyCastleFIPSHelper.FIPS_PROVIDER_VERSION_2);
}
Expand Down

0 comments on commit e861c63

Please sign in to comment.