- changed status to open
Make provider used by X509CertUtils configurable
X509CertUtils gets a CertificateFactory using CertificateFactory.getInstance(“X.509”). It provides no way to pass in which security provider to use.
We have certificates which the standard Java provider can’t handle but BouncyCastle handles fine. However, there is no way to programmatically tell Nimbus to use BouncyCastle instead of the default provider. This means, when we try to construct a JWK containing such a certificate in the x5c, it fails.
One option is to modify $JAVA_HOME/conf/security/java.security to configure the default provider to be BouncyCastle. However, we’d prefer if there was an API we could call to tell X509CertUtils which provider to use.
Please see attached patch. I tried to make the smallest patch which would address the issue without requiring changes to other parts of the code.
Comments (2)
-
-
- changed status to resolved
Commit 9c82c6b : Adds new static X509CertUtils.setProvider(java.security.Provider) method, test.
Will be pushed to Maven Central as v9.1 in a few minutes.
- Log in to comment
Thanks Simon, we'll review it.