From 9f3d09cd6c7dda2953a35a0400a27590c7cdcee6 Mon Sep 17 00:00:00 2001 From: "Cloud.Liu" Date: Thu, 19 May 2022 17:03:52 +0800 Subject: [PATCH] =?UTF-8?q?REPORT-71512=20fix:=20=E4=BF=AE=E6=94=B9?= =?UTF-8?q?=E5=86=85=E7=BD=AEBouncyCastle=E7=9A=84providerName?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../bouncycastle/jcajce/util/BCJcaJceHelper.java | 3 ++- .../jce/netscape/NetscapeCertRequest.java | 9 ++++++--- .../jce/provider/BouncyCastleProvider.java | 13 ++++++++++--- .../x509/AttributeCertificateHolder.java | 3 ++- .../bouncycastle/x509/PKIXCertPathReviewer.java | 6 ++++-- .../x509/X509V1CertificateGenerator.java | 6 ++++-- .../org/bouncycastle/x509/X509V2CRLGenerator.java | 6 ++++-- .../x509/X509V3CertificateGenerator.java | 6 ++++-- .../apache/poi/poifs/crypt/CryptoFunctions.java | 15 ++++++++------- 9 files changed, 44 insertions(+), 23 deletions(-) diff --git a/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/jcajce/util/BCJcaJceHelper.java b/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/jcajce/util/BCJcaJceHelper.java index c49f17f4f..7f22143e4 100644 --- a/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/jcajce/util/BCJcaJceHelper.java +++ b/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/jcajce/util/BCJcaJceHelper.java @@ -15,7 +15,8 @@ public class BCJcaJceHelper private static synchronized Provider getBouncyCastleProvider() { - final Provider system = Security.getProvider("BC"); + // [BouncyCastle] + final Provider system = Security.getProvider("FR_BC"); // Avoid using the old, deprecated system BC provider on Android. // See: https://android-developers.googleblog.com/2018/03/cryptography-changes-in-android-p.html if (system instanceof BouncyCastleProvider) diff --git a/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/jce/netscape/NetscapeCertRequest.java b/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/jce/netscape/NetscapeCertRequest.java index 93e62c27b..677af0b18 100644 --- a/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/jce/netscape/NetscapeCertRequest.java +++ b/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/jce/netscape/NetscapeCertRequest.java @@ -115,7 +115,8 @@ public class NetscapeCertRequest pubkeyinfo).getBytes()); keyAlg = pubkeyinfo.getAlgorithm(); - pubkey = KeyFactory.getInstance(keyAlg.getAlgorithm().getId(), "BC") + // [BouncyCastle] + pubkey = KeyFactory.getInstance(keyAlg.getAlgorithm().getId(), "FR_BC") .generatePublic(xspec); } @@ -203,8 +204,9 @@ public class NetscapeCertRequest // Verify the signature .. shows the response was generated // by someone who knew the associated private key // + // [BouncyCastle] Signature sig = Signature.getInstance(sigAlg.getAlgorithm().getId(), - "BC"); + "FR_BC"); sig.initVerify(pubkey); sig.update(content.getBytes()); @@ -223,8 +225,9 @@ public class NetscapeCertRequest SignatureException, NoSuchProviderException, InvalidKeySpecException { + // [BouncyCastle] Signature sig = Signature.getInstance(sigAlg.getAlgorithm().getId(), - "BC"); + "FR_BC"); if (rand != null) { diff --git a/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/jce/provider/BouncyCastleProvider.java index db4b232d5..79ecc226c 100644 --- a/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/jce/provider/BouncyCastleProvider.java +++ b/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/jce/provider/BouncyCastleProvider.java @@ -60,7 +60,14 @@ public final class BouncyCastleProvider extends Provider { private static String info = "BouncyCastle Security Provider v1.68"; - public static final String PROVIDER_NAME = "BC"; + /** + * 内置的BouncyCastle,providerName改为FR_BC,防止跟客户引入的BouncyCastle冲突。 + * + * 对应地改了fine-third中其他库,使用"BC"字面量而非BouncyCastleProvider.PROVIDER_NAME引用BouncyCastle的地方,会有[BouncyCastle]标识. + * fine-core等库中的位置也要对应修改。 + */ + // [BouncyCastle] + public static final String PROVIDER_NAME = "FR_BC"; public static final ProviderConfiguration CONFIGURATION = new BouncyCastleProviderConfiguration(); @@ -124,8 +131,8 @@ public final class BouncyCastleProvider extends Provider */ private static final String KEYSTORE_PACKAGE = "com.fr.third.org.bouncycastle.jcajce.provider.keystore."; private static final String[] KEYSTORES = - { - "BC", "BCFKS", "PKCS12" + { // [BouncyCastle] + "FR_BC", "BCFKS", "PKCS12" }; /* diff --git a/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/x509/AttributeCertificateHolder.java b/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/x509/AttributeCertificateHolder.java index 5afd4fc87..d2d931563 100644 --- a/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/x509/AttributeCertificateHolder.java +++ b/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/x509/AttributeCertificateHolder.java @@ -354,7 +354,8 @@ public class AttributeCertificateHolder MessageDigest md = null; try { - md = MessageDigest.getInstance(getDigestAlgorithm(), "BC"); + // [BouncyCastle] + md = MessageDigest.getInstance(getDigestAlgorithm(), "FR_BC"); } catch (Exception e) diff --git a/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/x509/PKIXCertPathReviewer.java b/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/x509/PKIXCertPathReviewer.java index 38a83a50c..70cec88ad 100644 --- a/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/x509/PKIXCertPathReviewer.java +++ b/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/x509/PKIXCertPathReviewer.java @@ -2173,7 +2173,8 @@ public class PKIXCertPathReviewer extends CertPathValidatorUtilities { try { - crl.verify(workingPublicKey, "BC"); + // [BouncyCastle] + crl.verify(workingPublicKey, "FR_BC"); } catch (Exception e) { @@ -2445,7 +2446,8 @@ public class PKIXCertPathReviewer extends CertPathValidatorUtilities conn.connect(); if (conn.getResponseCode() == HttpURLConnection.HTTP_OK) { - CertificateFactory cf = CertificateFactory.getInstance("X.509","BC"); + // [BouncyCastle] + CertificateFactory cf = CertificateFactory.getInstance("X.509","FR_BC"); result = (X509CRL) cf.generateCRL(conn.getInputStream()); } else diff --git a/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/x509/X509V1CertificateGenerator.java b/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/x509/X509V1CertificateGenerator.java index 1a023dc06..83f8b0069 100644 --- a/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/x509/X509V1CertificateGenerator.java +++ b/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/x509/X509V1CertificateGenerator.java @@ -189,7 +189,8 @@ public class X509V1CertificateGenerator { try { - return generateX509Certificate(key, "BC", null); + // [BouncyCastle] + return generateX509Certificate(key, "FR_BC", null); } catch (NoSuchProviderException e) { @@ -209,7 +210,8 @@ public class X509V1CertificateGenerator { try { - return generateX509Certificate(key, "BC", random); + // [BouncyCastle] + return generateX509Certificate(key, "FR_BC", random); } catch (NoSuchProviderException e) { diff --git a/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/x509/X509V2CRLGenerator.java b/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/x509/X509V2CRLGenerator.java index 4788c2f83..29349e708 100644 --- a/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/x509/X509V2CRLGenerator.java +++ b/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/x509/X509V2CRLGenerator.java @@ -247,7 +247,8 @@ public class X509V2CRLGenerator { try { - return generateX509CRL(key, "BC", null); + // [BouncyCastle] + return generateX509CRL(key, "FR_BC", null); } catch (NoSuchProviderException e) { @@ -268,7 +269,8 @@ public class X509V2CRLGenerator { try { - return generateX509CRL(key, "BC", random); + // [BouncyCastle] + return generateX509CRL(key, "FR_BC", random); } catch (NoSuchProviderException e) { diff --git a/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/x509/X509V3CertificateGenerator.java b/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/x509/X509V3CertificateGenerator.java index 24fab64d9..da950fa63 100644 --- a/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/x509/X509V3CertificateGenerator.java +++ b/fine-bouncycastle/src/main/java/com/fr/third/org/bouncycastle/x509/X509V3CertificateGenerator.java @@ -326,7 +326,8 @@ public class X509V3CertificateGenerator { try { - return generateX509Certificate(key, "BC", null); + // [BouncyCastle] + return generateX509Certificate(key, "FR_BC", null); } catch (NoSuchProviderException e) { @@ -347,7 +348,8 @@ public class X509V3CertificateGenerator { try { - return generateX509Certificate(key, "BC", random); + // [BouncyCastle] + return generateX509Certificate(key, "FR_BC", random); } catch (NoSuchProviderException e) { diff --git a/fine-poi/src/main/java/com/fr/third/v2/org/apache/poi/poifs/crypt/CryptoFunctions.java b/fine-poi/src/main/java/com/fr/third/v2/org/apache/poi/poifs/crypt/CryptoFunctions.java index 549c224a6..5fcb0543a 100644 --- a/fine-poi/src/main/java/com/fr/third/v2/org/apache/poi/poifs/crypt/CryptoFunctions.java +++ b/fine-poi/src/main/java/com/fr/third/v2/org/apache/poi/poifs/crypt/CryptoFunctions.java @@ -238,7 +238,8 @@ public final class CryptoFunctions { cipher = Cipher.getInstance(cipherAlgorithm.jceId); } else if (cipherAlgorithm.needsBouncyCastle) { registerBouncyCastle(); - cipher = Cipher.getInstance(cipherAlgorithm.jceId + "/" + chain.jceId + "/" + padding, "BC"); + // [BouncyCastle] + cipher = Cipher.getInstance(cipherAlgorithm.jceId + "/" + chain.jceId + "/" + padding, "FR_BC"); } else { cipher = Cipher.getInstance(cipherAlgorithm.jceId + "/" + chain.jceId + "/" + padding); } @@ -297,7 +298,8 @@ public final class CryptoFunctions { try { if (hashAlgorithm.needsBouncyCastle) { registerBouncyCastle(); - return MessageDigest.getInstance(hashAlgorithm.jceId, "BC"); + // [BouncyCastle] + return MessageDigest.getInstance(hashAlgorithm.jceId, "FR_BC"); } else { return MessageDigest.getInstance(hashAlgorithm.jceId); } @@ -310,7 +312,8 @@ public final class CryptoFunctions { try { if (hashAlgorithm.needsBouncyCastle) { registerBouncyCastle(); - return Mac.getInstance(hashAlgorithm.jceHmacId, "BC"); + // [BouncyCastle] + return Mac.getInstance(hashAlgorithm.jceHmacId, "FR_BC"); } else { return Mac.getInstance(hashAlgorithm.jceHmacId); } @@ -321,10 +324,8 @@ public final class CryptoFunctions { @SuppressWarnings("unchecked") public static void registerBouncyCastle() { - if (Security.getProvider("BC") != null) { - return; - } - + // [BouncyCastle] + if (Security.getProvider("FR_BC") != null) return; try { ClassLoader cl = CryptoFunctions.class.getClassLoader(); String bcProviderName = "com.fr.third.v2.org.bouncycastle.jce.provider.BouncyCastleProvider";