diff options
| author | Henning Baldersheim <balder@yahoo-inc.com> | 2022-02-20 22:37:54 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-02-20 22:37:54 +0100 |
| commit | c7d896f7484b629aef89ebd511e715ce85ba6a30 (patch) | |
| tree | fdd6cf1d7e812fc3f51e360fbd9b6096272adc33 | |
| parent | 1cfea65b9bc71b472e9dc3370b120cf428b6ece0 (diff) | |
| parent | bff798348953569858221c25428ea6d59758ffe7 (diff) | |
Merge pull request #21278 from vespa-engine/bjorncs/install-bc-providerv7.546.44
Install BouncyCastle during jdisc startup [run-systemtest]
| -rw-r--r-- | container-disc/src/main/java/com/yahoo/container/jdisc/ConfiguredApplication.java | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/container-disc/src/main/java/com/yahoo/container/jdisc/ConfiguredApplication.java b/container-disc/src/main/java/com/yahoo/container/jdisc/ConfiguredApplication.java index a27b082f014..2c25f38437a 100644 --- a/container-disc/src/main/java/com/yahoo/container/jdisc/ConfiguredApplication.java +++ b/container-disc/src/main/java/com/yahoo/container/jdisc/ConfiguredApplication.java @@ -48,7 +48,10 @@ import com.yahoo.net.HostName; import com.yahoo.vespa.config.ConfigKey; import com.yahoo.yolean.Exceptions; import com.yahoo.yolean.UncheckedInterruptedException; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import java.security.Provider; +import java.security.Security; import java.util.Collection; import java.util.Collections; import java.util.IdentityHashMap; @@ -108,6 +111,23 @@ public final class ConfiguredApplication implements Application { static { LogSetup.initVespaLogging("Container"); log.log(Level.INFO, "Starting jdisc" + (Vtag.currentVersion.isEmpty() ? "" : " at version " + Vtag.currentVersion)); + installBouncyCastleSecurityProvider(); + } + + /** + * Eagerly install BouncyCastle as security provider. It's done here to ensure no bundle is able install this security provider. + * If a bundle install this provider and the bundle is later uninstall, + * it will break havoc if the installed security provider tries to load new classes. + */ + private static void installBouncyCastleSecurityProvider() { + BouncyCastleProvider bcProvider = new BouncyCastleProvider(); + if (Security.addProvider(bcProvider) != -1) { + log.info("Installed '" + bcProvider.getInfo() + "' as Java Security Provider"); + } else { + Provider alreadyInstalledBcProvider = Security.getProvider(BouncyCastleProvider.PROVIDER_NAME); + log.warning("Unable to install '" + bcProvider.getInfo() + "' as Java Security Provider. " + + "A provider '" + alreadyInstalledBcProvider.getInfo() + "' is already installed."); + } } /** |