@@ -73,6 +73,7 @@ public BouncyCastleJsseProvider(String config)
7373
7474 boolean fipsMode = false ;
7575 String cryptoName = config ;
76+ String altCryptoName = null ;
7677
7778 int colonPos = config .indexOf (':' );
7879 if (colonPos >= 0 )
@@ -81,13 +82,24 @@ public BouncyCastleJsseProvider(String config)
8182 String second = config .substring (colonPos + 1 ).trim ();
8283
8384 fipsMode = first .equalsIgnoreCase ("fips" );
84- cryptoName = second ;
85+ config = second ;
86+ }
87+
88+ int commaPos = config .indexOf (',' );
89+ if (commaPos >= 0 )
90+ {
91+ cryptoName = config .substring (0 , commaPos ).trim ();
92+ altCryptoName = config .substring (commaPos + 1 ).trim ();
93+ }
94+ else
95+ {
96+ cryptoName = config ;
8597 }
8698
8799 JcaTlsCryptoProvider cryptoProvider ;
88100 try
89101 {
90- cryptoProvider = createCryptoProvider (cryptoName );
102+ cryptoProvider = createCryptoProvider (cryptoName , altCryptoName );
91103 }
92104 catch (GeneralSecurityException e )
93105 {
@@ -116,7 +128,7 @@ public Provider configure(String configArg)
116128 return new BouncyCastleJsseProvider (configArg );
117129 }
118130
119- private JcaTlsCryptoProvider createCryptoProvider (String cryptoName )
131+ private JcaTlsCryptoProvider createCryptoProvider (String cryptoName , String altCryptoName )
120132 throws GeneralSecurityException
121133 {
122134 if (cryptoName .equalsIgnoreCase ("default" ))
@@ -127,9 +139,18 @@ private JcaTlsCryptoProvider createCryptoProvider(String cryptoName)
127139 Provider provider = Security .getProvider (cryptoName );
128140 if (provider != null )
129141 {
130- return new JcaTlsCryptoProvider ().setProvider (provider );
142+ JcaTlsCryptoProvider cryptoProvider = new JcaTlsCryptoProvider ().setProvider (provider );
143+
144+ if (altCryptoName != null )
145+ {
146+ // this has to be done by name as a PKCS#11 login may be required.
147+ cryptoProvider .setAlternateProvider (altCryptoName );
148+ }
149+
150+ return cryptoProvider ;
131151 }
132152
153+ // TODO: should we support alt name here?
133154 try
134155 {
135156 Class <?> cryptoProviderClass = Class .forName (cryptoName );
@@ -234,7 +255,8 @@ public Object createInstance(Object constructorParameter)
234255 addAlgorithmImplementation ("SSLContext.DEFAULT" , "org.bouncycastle.jsse.provider.SSLContext.Default" ,
235256 new EngineCreator ()
236257 {
237- public Object createInstance (Object constructorParameter ) throws GeneralSecurityException
258+ public Object createInstance (Object constructorParameter )
259+ throws GeneralSecurityException
238260 {
239261 return new DefaultSSLContextSpi (fipsMode , cryptoProvider );
240262 }
@@ -281,7 +303,7 @@ public final Provider.Service getService(String type, String algorithm)
281303 {
282304 String upperCaseAlgName = Strings .toUpperCase (algorithm );
283305 String serviceKey = type + "." + upperCaseAlgName ;
284-
306+
285307 BcJsseService service = serviceMap .get (serviceKey );
286308
287309 if (service == null )
@@ -345,7 +367,7 @@ public synchronized final Set<Provider.Service> getServices()
345367 Set <Provider .Service > serviceSet = super .getServices ();
346368 Set <Provider .Service > bcServiceSet = new HashSet <Provider .Service >();
347369
348- for (Provider .Service service : serviceSet )
370+ for (Provider .Service service : serviceSet )
349371 {
350372 bcServiceSet .add (getService (service .getType (), service .getAlgorithm ()));
351373 }
@@ -405,7 +427,7 @@ private static class BcJsseService
405427 * @param attributes Map of attributes or null if this implementation
406428 * has no attributes
407429 * @throws NullPointerException if provider, type, algorithm, or
408- * className is null
430+ * className is null
409431 */
410432 public BcJsseService (Provider provider , String type , String algorithm , String className , List <String > aliases , Map <String , String > attributes , EngineCreator creator )
411433 {
0 commit comments