REPORT-71512 fix: 修改内置BouncyCastle的providerName

2 years ago · 0750c20ac8
9 changed files with 44 additions and 20 deletions
--- a/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/jcajce/util/BCJcaJceHelper.java
+++ b/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/jcajce/util/BCJcaJceHelper.java
@ -15,7 +15,8 @@ public class BCJcaJceHelper

    private static synchronized Provider getBouncyCastleProvider()
    {
-        final Provider system = Security.getProvider("BC");
+        // [BouncyCastle]
+        final Provider system = Security.getProvider("FR_BC");
        // Avoid using the old, deprecated system BC provider on Android.
        // See: https://android-developers.googleblog.com/2018/03/cryptography-changes-in-android-p.html
        if (system instanceof BouncyCastleProvider)
--- a/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/jce/netscape/NetscapeCertRequest.java
+++ b/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/jce/netscape/NetscapeCertRequest.java
@ -115,7 +115,8 @@ public class NetscapeCertRequest
                    pubkeyinfo).getBytes());

            keyAlg = pubkeyinfo.getAlgorithm();
-            pubkey = KeyFactory.getInstance(keyAlg.getAlgorithm().getId(), "BC")
+            // [BouncyCastle]
+            pubkey = KeyFactory.getInstance(keyAlg.getAlgorithm().getId(), "FR_BC")
                    .generatePublic(xspec);

        }
@ -203,8 +204,9 @@ public class NetscapeCertRequest
        // Verify the signature .. shows the response was generated
        // by someone who knew the associated private key
        //
+        // [BouncyCastle]
        Signature sig = Signature.getInstance(sigAlg.getAlgorithm().getId(),
-                "BC");
+                "FR_BC");
        sig.initVerify(pubkey);
        sig.update(content.getBytes());

@ -223,8 +225,9 @@ public class NetscapeCertRequest
            SignatureException, NoSuchProviderException,
            InvalidKeySpecException
    {
+        // [BouncyCastle]
        Signature sig = Signature.getInstance(sigAlg.getAlgorithm().getId(),
-                "BC");
+                "FR_BC");

        if (rand != null)
        {
--- a/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/jce/provider/BouncyCastleProvider.java
+++ b/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/jce/provider/BouncyCastleProvider.java
@ -60,7 +60,14 @@ public final class BouncyCastleProvider extends Provider
 {
    private static String info = "BouncyCastle Security Provider v1.68";

-    public static final String PROVIDER_NAME = "BC";
+    /**
+     * 内置的BouncyCastle，providerName改为FR_BC，防止跟客户引入的BouncyCastle冲突。
+     * 
+     * 对应地改了fine-third中其他库，使用"BC"字面量而非BouncyCastleProvider.PROVIDER_NAME引用BouncyCastle的地方，会有[BouncyCastle]标识.
+     * fine-core等库中的位置也要对应修改。
+     */
+    // [BouncyCastle]
+    public static final String PROVIDER_NAME = "FR_BC";

    public static final ProviderConfiguration CONFIGURATION = new BouncyCastleProviderConfiguration();

@ -124,8 +131,8 @@ public final class BouncyCastleProvider extends Provider
     */
    private static final String KEYSTORE_PACKAGE = "com.fr.third.org.bouncycastle.jcajce.provider.keystore.";
    private static final String[] KEYSTORES =
-    {
-        "BC", "BCFKS", "PKCS12"
+    { // [BouncyCastle]
+        "FR_BC", "BCFKS", "PKCS12"
    };

    /*
--- a/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/x509/AttributeCertificateHolder.java
+++ b/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/x509/AttributeCertificateHolder.java
@ -354,7 +354,8 @@ public class AttributeCertificateHolder
                MessageDigest md = null;
                try
                {
-                    md = MessageDigest.getInstance(getDigestAlgorithm(), "BC");
+                    // [BouncyCastle]
+                    md = MessageDigest.getInstance(getDigestAlgorithm(), "FR_BC");

                }
                catch (Exception e)
--- a/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/x509/PKIXCertPathReviewer.java
+++ b/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/x509/PKIXCertPathReviewer.java
@ -2173,7 +2173,8 @@ public class PKIXCertPathReviewer extends CertPathValidatorUtilities
            {
                try
                {
-                    crl.verify(workingPublicKey, "BC");
+                    // [BouncyCastle]
+                    crl.verify(workingPublicKey, "FR_BC");
                }
                catch (Exception e)
                {
@ -2445,7 +2446,8 @@ public class PKIXCertPathReviewer extends CertPathValidatorUtilities
                conn.connect();
                if (conn.getResponseCode() == HttpURLConnection.HTTP_OK)
                {
-                    CertificateFactory cf = CertificateFactory.getInstance("X.509","BC");
+                    // [BouncyCastle]
+                    CertificateFactory cf = CertificateFactory.getInstance("X.509","FR_BC");
                    result = (X509CRL) cf.generateCRL(conn.getInputStream());
                }
                else
--- a/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/x509/X509V1CertificateGenerator.java
+++ b/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/x509/X509V1CertificateGenerator.java
@ -189,7 +189,8 @@ public class X509V1CertificateGenerator
    {
        try
        {
-            return generateX509Certificate(key, "BC", null);
+            // [BouncyCastle]
+            return generateX509Certificate(key, "FR_BC", null);
        }
        catch (NoSuchProviderException e)
        {
@ -209,7 +210,8 @@ public class X509V1CertificateGenerator
    {
        try
        {
-            return generateX509Certificate(key, "BC", random);
+            // [BouncyCastle]
+            return generateX509Certificate(key, "FR_BC", random);
        }
        catch (NoSuchProviderException e)
        {
--- a/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/x509/X509V2CRLGenerator.java
+++ b/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/x509/X509V2CRLGenerator.java
@ -247,7 +247,8 @@ public class X509V2CRLGenerator
    {
        try
        {
-            return generateX509CRL(key, "BC", null);
+            // [BouncyCastle]
+            return generateX509CRL(key, "FR_BC", null);
        }
        catch (NoSuchProviderException e)
        {
@ -268,7 +269,8 @@ public class X509V2CRLGenerator
    {
        try
        {
-            return generateX509CRL(key, "BC", random);
+            // [BouncyCastle]
+            return generateX509CRL(key, "FR_BC", random);
        }
        catch (NoSuchProviderException e)
        {
--- a/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/x509/X509V3CertificateGenerator.java
+++ b/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/x509/X509V3CertificateGenerator.java
@ -326,7 +326,8 @@ public class X509V3CertificateGenerator
    {
        try
        {
-            return generateX509Certificate(key, "BC", null);
+            // [BouncyCastle]
+            return generateX509Certificate(key, "FR_BC", null);
        }
        catch (NoSuchProviderException e)
        {
@ -347,7 +348,8 @@ public class X509V3CertificateGenerator
    {
        try
        {
-            return generateX509Certificate(key, "BC", random);
+            // [BouncyCastle]
+            return generateX509Certificate(key, "FR_BC", random);
        }
        catch (NoSuchProviderException e)
        {
--- a/fine-poi/src/main/java/com/fr/third/v2/org/apache/poi/poifs/crypt/CryptoFunctions.java
+++ b/fine-poi/src/main/java/com/fr/third/v2/org/apache/poi/poifs/crypt/CryptoFunctions.java
@ -213,7 +213,8 @@ public class CryptoFunctions {
                cipher = Cipher.getInstance(cipherAlgorithm.jceId);
            } else if (cipherAlgorithm.needsBouncyCastle) {
                registerBouncyCastle();
-                cipher = Cipher.getInstance(cipherAlgorithm.jceId + "/" + chain.jceId + "/" + padding, "BC");
+                // [BouncyCastle]
+                cipher = Cipher.getInstance(cipherAlgorithm.jceId + "/" + chain.jceId + "/" + padding, "FR_BC");
            } else {
                cipher = Cipher.getInstance(cipherAlgorithm.jceId + "/" + chain.jceId + "/" + padding);
            }
@ -272,7 +273,8 @@ public class CryptoFunctions {
        try {
            if (hashAlgorithm.needsBouncyCastle) {
                registerBouncyCastle();
-                return MessageDigest.getInstance(hashAlgorithm.jceId, "BC");
+                // [BouncyCastle]
+                return MessageDigest.getInstance(hashAlgorithm.jceId, "FR_BC");
            } else {
                return MessageDigest.getInstance(hashAlgorithm.jceId);
            }
@ -285,7 +287,8 @@ public class CryptoFunctions {
        try {
            if (hashAlgorithm.needsBouncyCastle) {
                registerBouncyCastle();
-                return Mac.getInstance(hashAlgorithm.jceHmacId, "BC");
+                // [BouncyCastle]
+                return Mac.getInstance(hashAlgorithm.jceHmacId, "FR_BC");
            } else {
                return Mac.getInstance(hashAlgorithm.jceHmacId);
            }
@ -296,7 +299,8 @@ public class CryptoFunctions {

    @SuppressWarnings("unchecked")
    public static void registerBouncyCastle() {
-        if (Security.getProvider("BC") != null) return;
+        // [BouncyCastle]
+        if (Security.getProvider("FR_BC") != null) return;
        try {
            ClassLoader cl = Thread.currentThread().getContextClassLoader();
            String bcProviderName = "org.bouncycastle.jce.provider.BouncyCastleProvider";