[cvs] Expresso commit by rimovm: Updated to prevent multiple instantiation

JCorporate Ltd jcorp at jcorp2.servlets.net
Sat Oct 9 03:30:36 PDT 2004 

Log Message:
-----------
Updated to prevent multiple instantiation and debug logging to assist issues when running under a security context.

Modified Files:
--------------
    expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/core/security/strongencryption:
        StringEncryption.java

Revision Data
-------------
Index: StringEncryption.java
===================================================================
RCS file: /home/javacorp/.cvs/expresso/expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/core/security/strongencryption/StringEncryption.java,v
retrieving revision 1.12
retrieving revision 1.13
diff -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/core/security/strongencryption/StringEncryption.java -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/core/security/strongencryption/StringEncryption.java -u -r1.12 -r1.13
--- expresso-web/WEB-INF/src/com/jcorporate/expresso/core/security/strongencryption/StringEncryption.java
+++ expresso-web/WEB-INF/src/com/jcorporate/expresso/core/security/strongencryption/StringEncryption.java
@@ -83,6 +83,7 @@
 import java.security.Provider;
 import java.security.Security;
 import java.util.Hashtable;
+import org.apache.log4j.Logger;
 
 
 /**
@@ -117,6 +118,7 @@
     static protected ByteArrayCounter ivCounter64 = new ByteArrayCounter(8);
     static protected ByteArrayCounter ivCounter128 = new ByteArrayCounter(16);
 
+    static final private Logger log = Logger.getLogger(StringEncryption.class);
     /**
      * An array of prepared secret keys depending on the mode required.
      *
@@ -142,6 +144,8 @@
     //    private Provider theProvider = new cryptix.jce.provider.CryptixCrypto();
     private Provider theProvider; // = new org.bouncycastle.jce.provider.BouncyCastleProvider();
 
+    boolean providerAlreadyInstalled = false;
+
     /**
      * class for encapsulating encryption.
      * constructor will throw if JCE jar is not found; see Ant target 'get-crypto'
@@ -150,16 +154,36 @@
      * publicly distributed
      */
     public StringEncryption() {
-        try {
-            theProvider = (Provider) Class.forName(PROVIDER_NAME).newInstance();
-        } catch (Exception ex) {
-            throw new RuntimeException("constructor will throw if JCE jar is not found;" +
-                    " see Ant target 'get-crypto' for easy means to download the appropriate" +
-                    " crypto library from http://www.bouncycastle.org/download . " +
-                    " It is under export restriction, so it cannot be " +
-                    "added to the expresso library as publicly distributed.", ex);
+
+        //We test if the JDK already has it installed, if it is then we
+        //don't try to load it ourselves because some security systems
+        //may not allow us install our own provider
+        if (log.isDebugEnabled()) {
+            log.debug("Initializing Strong String Encryption");
+            log.debug("System Provider Dump -----------------------");
+            Provider allProviders[] = Security.getProviders();
+            for (int i = 0; i < allProviders.length; i++) {
+                log.debug(allProviders[i].toString());
+            }
+            log.debug("--------------------------------------------");
         }
 
+        theProvider = Security.getProvider(PROVIDER_NAME);
+        if (theProvider != null) {
+            providerAlreadyInstalled = true;
+        } else {
+            try {
+                theProvider = (Provider) Class.forName(PROVIDER_NAME).newInstance();
+            } catch (Exception ex) {
+                log.error("Error loading bouncycastle crypto", ex);
+                throw new RuntimeException("constructor will throw if JCE jar is"+
+                        " not found or if the security manager doesn't allow a new provider;" +
+                        " see Ant target 'get-crypto' for easy means to download the appropriate" +
+                        " crypto library from http://www.bouncycastle.org/download . " +
+                        " It is under export restriction, so it cannot be " +
+                        "added to the expresso library as publicly distributed.", ex);
+            }
+        }
     } /* StringEncryption() */
 
     public void init() throws ChainedException {
@@ -180,12 +204,14 @@
         ivMap.put("TWO", ivCounter128);
         ivMap.put("RC6", ivCounter128);
 
-        //Install the Cryptographic Provider
-        try {
-            Security.addProvider(theProvider);
-        } catch (SecurityException e) {
-            throw new ChainedException("Error Installing Bouncy Castle Provider",
-                    e);
+        //Install the Cryptographic Provider if not set up properly
+        if (!providerAlreadyInstalled) {
+            try {
+                Security.addProvider(theProvider);
+            } catch (SecurityException e) {
+                throw new ChainedException("Error Installing Bouncy Castle Provider",
+                        e);
+            }
         }
     }
 
@@ -194,7 +220,9 @@
      */
     public void destroy() {
         try {
-            Security.removeProvider(theProvider.getName());
+            if (!providerAlreadyInstalled) {
+                Security.removeProvider(theProvider.getName());
+            }
             keyMap.clear();
             ivMap.clear();
             modeMap.clear();

More information about the cvs mailing list