[PLAT-6276] BouncyCastleProvider should be added to java Security onl…

…y once during the process start Summary: It should be added during startup. Test Plan: Tested with node-agent. It was failing before some because methods did not call this (addProvider). Reviewers: amalyshev, sb-yb, cwang Reviewed By: cwang Subscribers: jenkins-bot, yugaware Differential Revision: https://phabricator.dev.yugabyte.com/D21030
jayant07-yb · Nov 11, 2022 · 0ba7e8f · 0ba7e8f
1 parent 98db092
commit 0ba7e8f
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 10 deletions.
diff --git a/managed/src/main/java/Module.java b/managed/src/main/java/Module.java
@@ -62,6 +62,7 @@
 import de.dentrassi.crypto.pem.PemKeyStoreProvider;
 import java.security.Security;
 import lombok.extern.slf4j.Slf4j;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.pac4j.core.client.Clients;
 import org.pac4j.core.config.Config;
 import org.pac4j.core.http.url.DefaultUrlResolver;
@@ -99,6 +100,7 @@ public void configure() {
     }
 
     Security.addProvider(new PemKeyStoreProvider());
+    Security.addProvider(new BouncyCastleProvider());
     bind(RuntimeConfigFactory.class).to(SettableRuntimeConfigFactory.class).asEagerSingleton();
     install(new CloudModules());
 

diff --git a/managed/src/main/java/com/yugabyte/yw/common/certmgmt/CertificateHelper.java b/managed/src/main/java/com/yugabyte/yw/common/certmgmt/CertificateHelper.java
@@ -28,7 +28,6 @@
 import java.security.KeyPairGenerator;
 import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
-import java.security.Security;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
@@ -635,7 +634,6 @@ public static String getCertificateProperties(X509Certificate cert) {
 
   @SuppressWarnings("unchecked")
   public static List<X509Certificate> convertStringToX509CertList(String certContent) {
-    java.security.Security.addProvider(new BouncyCastleProvider());
     try {
       InputStream in;
       byte[] certEntryBytes = certContent.getBytes();
@@ -649,8 +647,6 @@ public static List<X509Certificate> convertStringToX509CertList(String certConte
   }
 
   public static X509Certificate convertStringToX509Cert(String certificate) throws Exception {
-    java.security.Security.addProvider(new BouncyCastleProvider());
-
     certificate = certificate.replace("\\n", "");
     certificate = certificate.replaceAll("^\"+|\"+$", "");
     certificate = certificate.replace("-----BEGIN CERTIFICATE-----", "");
@@ -662,9 +658,6 @@ public static X509Certificate convertStringToX509Cert(String certificate) throws
   }
 
   public static PrivateKey convertStringToPrivateKey(String strKey) throws Exception {
-
-    java.security.Security.addProvider(new BouncyCastleProvider());
-
     strKey = strKey.replace(System.lineSeparator(), "");
     strKey = strKey.replaceAll("^\"+|\"+$", "");
     strKey = strKey.replace("-----BEGIN PRIVATE KEY-----", "");
@@ -732,8 +725,6 @@ public static void writeCertBundleToCertPath(List<X509Certificate> certs, String
   }
 
   public static KeyPair getKeyPairObject() throws NoSuchAlgorithmException {
-    // Add the security provider in case it was never called.
-    Security.addProvider(new BouncyCastleProvider());
     KeyPairGenerator keypairGen = KeyPairGenerator.getInstance("RSA");
     keypairGen.initialize(2048);
     return keypairGen.generateKeyPair();
@@ -851,7 +842,7 @@ public static X509Certificate createAndSignCertificate(
               .setProvider(new BouncyCastleProvider())
               .getCertificate(newCertHolder);
 
-      newCert.verify(caCert.getPublicKey(), "BC");
+      newCert.verify(caCert.getPublicKey(), BouncyCastleProvider.PROVIDER_NAME);
 
       return newCert;
     } catch (Exception e) {