cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alessio Soldano <asold...@redhat.com>
Subject On BouncyCastle installed as a global security provider
Date Wed, 23 Jul 2014 09:44:09 GMT
Hi,
I've been asked whether it's possible to avoid having BC installed as a 
global security provider when using Apache CXF. I'm of course aware that 
WSS4J installs it on behalf of CXF for supporting e.g. GCM algorithms, 
which is not an option. However the question is still reasonable; 
assuming the CXF stack is not the only framework running in the JVM, 
other frameworks are going to be affected by that. They might or might 
not want BC installed (for instance, just an example, because of [1]). 
They might prefer different providers for a given set of algorithm 
requirements. Ultimately, it should be up to the user to decide which 
providers are set as global security provider, application should either 
rely on the installed global providers without touching them, or 
explicitly use what they want.
So I'm wondering if there's a way we could modify CXF/WSS4J/Santuario 
for using BC (or whatever we want to use ;-) ) e.g. when needing GCM 
without installing it as a global provider. Something around e.g. 
getting ciphers through the javax.crypto.Cipher#getInstance(String 
transformation, Provider provider) method instead of the 
javax.crypto.Cipher#getInstance(String transformation) after having 
loaded the provider without installing it globally, etc.
Any thought / idea?
Thanks
Alessio

[1] http://bouncycastle.org/jira/browse/BJA-19 / 
https://issues.apache.org/jira/browse/HARMONY-3789, BouncyCastle DH 
KeyPairGenerator algorithm can hang / eat lots of CPU

-- 
Alessio Soldano
Web Service Lead, JBoss


Mime
View raw message