Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Use the BouncyCastleProvider class directly (#84)
* Use the BouncyCastleProvider class directly This avoids issues where a shaded version of BCProvider is installed in the system JCE provider list, which can result in problems when we pass an ECNamedCurveParameterSpec from a different shaded version of BC. Fixes: #68 * Add BouncyCastleConfiguration class for handling BC init This moves the BouncyCastleProvider creation from CryptoAlgorithm to BouncyCastleConfiguration, which also contains a static field for classes that must use a pegged version of BouncyCastle. A newInstance reference is included from CryptoAlgorithm to BouncyCastleConfiguration to force initialization, since it depends on BouncyCastle being on the SecurityProvider chain. * Add comments, and use static method to force class loading This adds documentation for the purpose of the BouncyCastleConfiguration class, and uses a static method call to force the BouncyCastleConfiguration class to be loaded.
- Loading branch information
1 parent
9c61fcc
commit 7db5f02
Showing
3 changed files
with
48 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
37 changes: 37 additions & 0 deletions
37
src/main/java/com/amazonaws/encryptionsdk/internal/BouncyCastleConfiguration.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
package com.amazonaws.encryptionsdk.internal; | ||
|
||
import org.bouncycastle.jce.provider.BouncyCastleProvider; | ||
|
||
import java.security.Security; | ||
|
||
/** | ||
* This API is internal and subject to change. It is used to add BouncyCastleProvider to the | ||
* java.security.Provider list, and to provide a static reference to BouncyCastleProvider for internal | ||
* classes. | ||
*/ | ||
public class BouncyCastleConfiguration { | ||
static final BouncyCastleProvider INTERNAL_BOUNCY_CASTLE_PROVIDER; | ||
static { | ||
BouncyCastleProvider bouncyCastleProvider; | ||
try { | ||
bouncyCastleProvider = new BouncyCastleProvider(); | ||
Security.addProvider(bouncyCastleProvider); | ||
} catch (final Throwable ex) { | ||
bouncyCastleProvider = null; | ||
// Swallow this error. We'll either succeed or fail later with reasonable | ||
// stacktraces. | ||
} | ||
INTERNAL_BOUNCY_CASTLE_PROVIDER = bouncyCastleProvider; | ||
} | ||
|
||
/** | ||
* Prevent instantiation | ||
*/ | ||
private BouncyCastleConfiguration() { | ||
} | ||
|
||
/** | ||
* No-op used to force class loading on first call, which will cause the static blocks to be executed | ||
*/ | ||
public static void init() {} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters