content/docs/en/next/security-bouncy-castle.html - pulsar-site - Git at Google

 <!DOCTYPE html><html lang="en"><head><meta charSet="utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><title>Bouncy Castle Providers · Apache Pulsar</title><meta name="viewport" content="width=device-width, initial-scale=1.0"/><meta name="generator" content="Docusaurus"/><meta name="description" content="## BouncyCastle Introduce"/><meta name="docsearch:version" content="next"/><meta name="docsearch:language" content="en"/><meta property="og:title" content="Bouncy Castle Providers · Apache Pulsar"/><meta property="og:type" content="website"/><meta property="og:url" content="https://pulsar.apache.org/"/><meta property="og:description" content="## BouncyCastle Introduce"/><meta name="twitter:card" content="summary"/><meta name="twitter:image" content="https://pulsar.apache.org/img/pulsar.svg"/><link rel="shortcut icon" href="/img/pulsar.ico"/><link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/atom-one-dark.min.css"/><link rel="alternate" type="application/atom+xml" href="https://pulsar.apache.org/blog/atom.xml" title="Apache Pulsar Blog ATOM Feed"/><link rel="alternate" type="application/rss+xml" href="https://pulsar.apache.org/blog/feed.xml" title="Apache Pulsar Blog RSS Feed"/><link rel="stylesheet" href="/css/code-blocks-buttons.css"/><script type="text/javascript" src="https://buttons.github.io/buttons.js"></script><script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/2.0.0/clipboard.min.js"></script><script type="text/javascript" src="/js/custom.js"></script><script src="/js/scrollSpy.js"></script><link rel="stylesheet" href="/css/main.css"/><script src="/js/codetabs.js"></script></head><body class="sideNavVisible separateOnPageNav"><div class="fixedHeaderContainer"><div class="headerWrapper wrapper"><header><a href="/en"><img class="logo" src="/img/pulsar.svg" alt="Apache Pulsar"/></a><a href="/en/versions"><h3>next</h3></a><div class="navigationWrapper navigationSlider"><nav class="slidingNav"><ul class="nav-site nav-site-internal"><li class="siteNavGroupActive"><a href="/docs/en/next/getting-started-standalone" target="_self">Docs</a></li><li class=""><a href="/en/download" target="_self">Download</a></li><li class="siteNavGroupActive"><a href="/docs/en/next/client-libraries" target="_self">Clients</a></li><li class=""><a href="#restapis" target="_self">REST APIs</a></li><li class=""><a href="#cli" target="_self">Cli</a></li><li class=""><a href="/blog/" target="_self">Blog</a></li><li class=""><a href="#community" target="_self">Community</a></li><li class=""><a href="#apache" target="_self">Apache</a></li><li class=""><a href="https://pulsar-next.staged.apache.org/" target="_self">New Website (Beta)</a></li><span><li><a id="languages-menu" href="#"><img class="languages-icon" src="/img/language.svg" alt="Languages icon"/>English</a><div id="languages-dropdown" class="hide"><ul id="languages-dropdown-items"><li><a href="/docs/ja/next/security-bouncy-castle">日本語</a></li><li><a href="/docs/fr/next/security-bouncy-castle">Français</a></li><li><a href="/docs/ko/next/security-bouncy-castle">한국어</a></li><li><a href="/docs/zh-CN/next/security-bouncy-castle">中文</a></li><li><a href="/docs/zh-TW/next/security-bouncy-castle">繁體中文</a></li><li><a href="https://crowdin.com/project/apache-pulsar" target="_blank" rel="noreferrer noopener">Help Translate</a></li></ul></div></li><script>
         const languagesMenuItem = document.getElementById("languages-menu");
         const languagesDropDown = document.getElementById("languages-dropdown");
         languagesMenuItem.addEventListener("click", function(event) {
           event.preventDefault();

           if (languagesDropDown.className == "hide") {
             languagesDropDown.className = "visible";
           } else {
             languagesDropDown.className = "hide";
           }
         });
       </script></span></ul></nav></div></header></div></div><div class="navPusher"><div class="docMainWrapper wrapper"><div class="docsNavContainer" id="docsNav"><nav class="toc"><div class="toggleNav"><section class="navWrapper wrapper"><div class="navBreadcrumb wrapper"><div class="navToggle" id="navToggler"><div class="hamburger-menu"><div class="line1"></div><div class="line2"></div><div class="line3"></div></div></div><h2><i>›</i><span>Security</span></h2><div class="tocToggler" id="tocToggler"><i class="icon-toc"></i></div></div><div class="navGroups"><div class="navGroup"><h3 class="navGroupCategoryTitle">Get Started</h3><ul class=""><li class="navListItem"><a class="navItem" href="/docs/en/next/getting-started-standalone">Run Pulsar locally</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/getting-started-docker">Run Pulsar in Docker</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/getting-started-helm">Run Pulsar in Kubernetes</a></li></ul></div><div class="navGroup"><h3 class="navGroupCategoryTitle">Concepts and Architecture</h3><ul class=""><li class="navListItem"><a class="navItem" href="/docs/en/next/concepts-overview">Overview</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/concepts-messaging">Messaging</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/concepts-architecture-overview">Architecture</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/concepts-clients">Clients</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/concepts-replication">Geo Replication</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/concepts-multi-tenancy">Multi Tenancy</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/concepts-authentication">Authentication and Authorization</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/concepts-topic-compaction">Topic Compaction</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/concepts-proxy-sni-routing">Proxy support with SNI routing</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/concepts-multiple-advertised-listeners">Multiple advertised listeners</a></li></ul></div><div class="navGroup"><h3 class="navGroupCategoryTitle">Pulsar Schema</h3><ul class=""><li class="navListItem"><a class="navItem" href="/docs/en/next/schema-get-started">Get started</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/schema-understand">Understand schema</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/schema-evolution-compatibility">Schema evolution and compatibility</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/schema-manage">Manage schema</a></li></ul></div><div class="navGroup"><h3 class="navGroupCategoryTitle">Pulsar Functions</h3><ul class=""><li class="navListItem"><a class="navItem" href="/docs/en/next/functions-overview">Overview</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/functions-runtime">Setup: Configure Functions runtime</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/functions-worker">Setup: Pulsar Functions Worker</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/functions-develop">How-to: Develop</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/functions-package">How-to: Package</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/functions-debug">How-to: Debug</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/functions-deploy">How-to: Deploy</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/functions-cli">Reference: CLI</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/window-functions-context">Window Functions: Context</a></li></ul></div><div class="navGroup"><h3 class="navGroupCategoryTitle">Pulsar IO</h3><ul class=""><li class="navListItem"><a class="navItem" href="/docs/en/next/io-overview">Overview</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/io-quickstart">Get started</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/io-use">Use</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/io-debug">Debug</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/io-connectors">Built-in connector</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/io-cdc">CDC connector</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/io-develop">Develop</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/io-cli">CLI</a></li></ul></div><div class="navGroup"><h3 class="navGroupCategoryTitle">Pulsar SQL</h3><ul class=""><li class="navListItem"><a class="navItem" href="/docs/en/next/sql-overview">Overview</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/sql-getting-started">Query data</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/sql-deployment-configurations">Configuration and deployment</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/sql-rest-api">REST APIs</a></li></ul></div><div class="navGroup"><h3 class="navGroupCategoryTitle">Tiered Storage</h3><ul class=""><li class="navListItem"><a class="navItem" href="/docs/en/next/tiered-storage-overview">Overview</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/tiered-storage-aws">AWS S3 offloader</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/tiered-storage-gcs">GCS offloader</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/tiered-storage-filesystem">Filesystem offloader</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/tiered-storage-azure">Azure BlobStore offloader</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/tiered-storage-aliyun">Aliyun OSS offloader</a></li></ul></div><div class="navGroup"><h3 class="navGroupCategoryTitle">Transactions</h3><ul class=""><li class="navListItem"><a class="navItem" href="/docs/en/next/txn-why">Why transactions?</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/txn-what">What are transactions?</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/txn-how">How transactions work?</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/txn-use">How to use transactions?</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/txn-monitor">How to monitor transactions?</a></li></ul></div><div class="navGroup"><h3 class="navGroupCategoryTitle">Kubernetes (Helm)</h3><ul class=""><li class="navListItem"><a class="navItem" href="/docs/en/next/helm-overview">Overview</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/helm-prepare">Prepare</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/helm-install">Install</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/helm-deploy">Deployment</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/helm-upgrade">Upgrade</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/helm-tools">Required Tools</a></li></ul></div><div class="navGroup"><h3 class="navGroupCategoryTitle">Deployment</h3><ul class=""><li class="navListItem"><a class="navItem" href="/docs/en/next/deploy-aws">Amazon Web Services</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/deploy-kubernetes">Kubernetes</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/deploy-bare-metal">Bare metal</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/deploy-bare-metal-multi-cluster">Bare metal multi-cluster</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/deploy-docker">Docker</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/deploy-monitoring">Monitor</a></li></ul></div><div class="navGroup"><h3 class="navGroupCategoryTitle">Administration</h3><ul class=""><li class="navListItem"><a class="navItem" href="/docs/en/next/administration-zk-bk">ZooKeeper and BookKeeper</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/administration-geo">Geo-replication</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/administration-pulsar-manager">Pulsar Manager</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/administration-stats">Pulsar statistics</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/administration-load-balance">Load balance</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/administration-proxy">Pulsar proxy</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/administration-upgrade">Upgrade</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/administration-isolation">Pulsar isolation</a></li></ul></div><div class="navGroup"><h3 class="navGroupCategoryTitle">Security</h3><ul class=""><li class="navListItem"><a class="navItem" href="/docs/en/next/security-overview">Overview</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/security-policy-and-supported-versions">Security Policy and Supported Versions</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/security-tls-transport">Transport Encryption using TLS</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/security-tls-authentication">Authentication using TLS</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/security-tls-keystore">Using TLS with KeyStore configure</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/security-jwt">Authentication using JWT</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/security-athenz">Authentication using Athenz</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/security-kerberos">Authentication using Kerberos</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/security-oauth2">Authentication using OAuth 2.0 access tokens</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/security-authorization">Authorization and ACLs</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/security-encryption">End-to-End Encryption</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/security-extending">Extend Authentication and Authorization</a></li><li class="navListItem navListItemActive"><a class="navItem" href="/docs/en/next/security-bouncy-castle">Bouncy Castle Providers</a></li></ul></div><div class="navGroup"><h3 class="navGroupCategoryTitle">Performance</h3><ul class=""><li class="navListItem"><a class="navItem" href="/docs/en/next/performance-pulsar-perf">Pulsar Perf</a></li></ul></div><div class="navGroup"><h3 class="navGroupCategoryTitle">Client Libraries</h3><ul class=""><li class="navListItem"><a class="navItem" href="/docs/en/next/client-libraries">Overview</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/client-libraries-java">Java</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/client-libraries-go">Go</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/client-libraries-python">Python</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/client-libraries-cpp">C++</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/client-libraries-node">Node.js</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/client-libraries-websocket">WebSocket</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/client-libraries-dotnet">C#</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/client-libraries-rest">REST</a></li></ul></div><div class="navGroup"><h3 class="navGroupCategoryTitle">Admin API</h3><ul class=""><li class="navListItem"><a class="navItem" href="/docs/en/next/admin-api-overview">Overview</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/admin-api-clusters">Clusters</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/admin-api-tenants">Tenants</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/admin-api-brokers">Brokers</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/admin-api-namespaces">Namespaces</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/admin-api-permissions">Permissions</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/admin-api-topics">Topics</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/admin-api-functions">Functions</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/admin-api-packages">Packages</a></li></ul></div><div class="navGroup"><h3 class="navGroupCategoryTitle">Adaptors</h3><ul class=""><li class="navListItem"><a class="navItem" href="/docs/en/next/adaptors-kafka">Kafka client wrapper</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/adaptors-spark">Apache Spark</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/adaptors-storm">Apache Storm</a></li></ul></div><div class="navGroup"><h3 class="navGroupCategoryTitle">Cookbooks</h3><ul class=""><li class="navListItem"><a class="navItem" href="/docs/en/next/cookbooks-compaction">Topic compaction</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/cookbooks-deduplication">Message deduplication</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/cookbooks-non-persistent">Non-persistent messaging</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/cookbooks-retention-expiry">Message retention and expiry</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/cookbooks-encryption">Encryption</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/cookbooks-message-queue">Message queue</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/cookbooks-bookkeepermetadata">BookKeeper Ledger Metadata</a></li></ul></div><div class="navGroup"><h3 class="navGroupCategoryTitle">Development</h3><ul class=""><li class="navListItem"><a class="navItem" href="/docs/en/next/develop-tools">Simulation tools</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/developing-binary-protocol">Binary protocol</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/develop-load-manager">Modular load manager</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/develop-plugin">Plugin</a></li></ul></div><div class="navGroup"><h3 class="navGroupCategoryTitle">Reference</h3><ul class=""><li class="navListItem"><a class="navItem" href="/docs/en/next/reference-terminology">Terminology</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/reference-cli-tools">Pulsar CLI tools</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/reference-configuration">Pulsar configuration</a></li><li class="navListItem"><a class="navItem" href="/docs/en/next/reference-metrics">Pulsar Metrics</a></li></ul></div></div></section></div><script>
             var coll = document.getElementsByClassName('collapsible');
             var checkActiveCategory = true;
             for (var i = 0; i < coll.length; i++) {
               var links = coll[i].nextElementSibling.getElementsByTagName('*');
               if (checkActiveCategory){
                 for (var j = 0; j < links.length; j++) {
                   if (links[j].classList.contains('navListItemActive')){
                     coll[i].nextElementSibling.classList.toggle('hide');
                     coll[i].childNodes[1].classList.toggle('rotate');
                     checkActiveCategory = false;
                     break;
                   }
                 }
               }

               coll[i].addEventListener('click', function() {
                 var arrow = this.childNodes[1];
                 arrow.classList.toggle('rotate');
                 var content = this.nextElementSibling;
                 content.classList.toggle('hide');
               });
             }

             document.addEventListener('DOMContentLoaded', function() {
               createToggler('#navToggler', '#docsNav', 'docsSliderActive');
               createToggler('#tocToggler', 'body', 'tocActive');

               var headings = document.querySelector('.toc-headings');
               headings && headings.addEventListener('click', function(event) {
                 var el = event.target;
                 while(el !== headings){
                   if (el.tagName === 'A') {
                     document.body.classList.remove('tocActive');
                     break;
                   } else{
                     el = el.parentNode;
                   }
                 }
               }, false);

               function createToggler(togglerSelector, targetSelector, className) {
                 var toggler = document.querySelector(togglerSelector);
                 var target = document.querySelector(targetSelector);

                 if (!toggler) {
                   return;
                 }

                 toggler.onclick = function(event) {
                   event.preventDefault();

                   target.classList.toggle(className);
                 };
               }
             });
         </script></nav></div><div class="container mainContainer docsContainer"><div class="wrapper"><div class="post"><header class="postHeader"><a class="edit-page-link button" href="https://github.com/apache/pulsar/edit/master/site2/docs/security-bouncy-castle.md" target="_blank" rel="noreferrer noopener">Edit</a><h1 id="__docusaurus" class="postHeaderTitle">Bouncy Castle Providers</h1></header><article><div><span><h2><a class="anchor" aria-hidden="true" id="bouncycastle-introduce"></a><a href="#bouncycastle-introduce" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a>BouncyCastle Introduce</h2>
 <p><code>Bouncy Castle</code> is a Java library that complements the default Java Cryptographic Extension (JCE),
 and it provides more cipher suites and algorithms than the default JCE provided by Sun.</p>
 <p>In addition to that, <code>Bouncy Castle</code> has lots of utilities for reading arcane formats like PEM and ASN.1 that no sane person would want to rewrite themselves.</p>
 <p>In Pulsar, security and crypto have dependencies on BouncyCastle Jars. For the detailed installing and configuring Bouncy Castle FIPS, see <a href="https://www.bouncycastle.org/documentation.html">BC FIPS Documentation</a>, especially the <strong>User Guides</strong> and <strong>Security Policy</strong> PDFs.</p>
 <p><code>Bouncy Castle</code> provides both <a href="https://www.bouncycastle.org/fips_faq.html">FIPS</a> and non-FIPS version. But in a JVM, you can not include both of the 2 versions, and you need to exclude the current version before include the other.</p>
 <p>In Pulsar, the security and crypto methods also depends on <code>Bouncy Castle</code>, especially in <a href="/docs/en/next/security-tls-authentication">TLS Authentication</a> and <a href="/docs/en/next/security-encryption">Transport Encryption</a>. This document contains the configuration between BouncyCastle FIPS(BC-FIPS) and non-FIPS(BC-non-FIPS) version while using Pulsar.</p>
 <h2><a class="anchor" aria-hidden="true" id="how-bouncycastle-modules-packaged-in-pulsar"></a><a href="#how-bouncycastle-modules-packaged-in-pulsar" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a>How BouncyCastle modules packaged in Pulsar</h2>
 <p>In Pulsar's <code>bouncy-castle</code> module, We provide 2 sub modules: <code>bouncy-castle-bc</code>(for non-FIPS version) and <code>bouncy-castle-bcfips</code>(for FIPS version), to package BC jars together to make the include and exclude of <code>Bouncy Castle</code> easier.</p>
 <p>To achieve this goal, we will need to package several <code>bouncy-castle</code> jars together into <code>bouncy-castle-bc</code> or <code>bouncy-castle-bcfips</code> jar.
 Each of the original bouncy-castle jar is related with security, so BouncyCastle dutifully supplies signed of each JAR.
 But when we do the re-package, Maven shade explodes the BouncyCastle jar file which puts the signatures into META-INF,
 these signatures aren't valid for this new, uber-jar (signatures are only for the original BC jar).
 Usually, You will meet error like <code>java.lang.SecurityException: Invalid signature file digest for Manifest main attributes</code>.</p>
 <p>You could exclude these signatures in mvn pom file to avoid above error, by</p>
 <pre><code class="hljs css language-access transformers"><span class="hljs-tag">&lt;<span class="hljs-name">exclude</span>&gt;</span>META-INF/*.SF<span class="hljs-tag">&lt;/<span class="hljs-name">exclude</span>&gt;</span>
 <span class="hljs-tag">&lt;<span class="hljs-name">exclude</span>&gt;</span>META-INF/*.DSA<span class="hljs-tag">&lt;/<span class="hljs-name">exclude</span>&gt;</span>
 <span class="hljs-tag">&lt;<span class="hljs-name">exclude</span>&gt;</span>META-INF/*.RSA<span class="hljs-tag">&lt;/<span class="hljs-name">exclude</span>&gt;</span>
 </code></pre>
 <p>But it can also lead to new, cryptic errors, e.g. <code>java.security.NoSuchAlgorithmException: PBEWithSHA256And256BitAES-CBC-BC SecretKeyFactory not available</code>
 By explicitly specifying where to find the algorithm like this: <code>SecretKeyFactory.getInstance(&quot;PBEWithSHA256And256BitAES-CBC-BC&quot;,&quot;BC&quot;)</code>
 It will get the real error: <code>java.security.NoSuchProviderException: JCE cannot authenticate the provider BC</code></p>
 <p>So, we used a <a href="https://github.com/nthuemmel/executable-packer-maven-plugin">executable packer plugin</a> that uses a jar-in-jar approach to preserve the BouncyCastle signature in a single, executable jar.</p>
 <h3><a class="anchor" aria-hidden="true" id="include-dependencies-of-bc-non-fips"></a><a href="#include-dependencies-of-bc-non-fips" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a>Include dependencies of BC-non-FIPS</h3>
 <p>Pulsar module <code>bouncy-castle-bc</code>, which defined by <code>bouncy-castle/bc/pom.xml</code> contains the needed non-FIPS jars for Pulsar, and packaged as a jar-in-jar(need to provide <code>&lt;classifier&gt;pkg&lt;/classifier&gt;</code>).</p>
 <pre><code class="hljs css language-xml">  <span class="hljs-tag">&lt;<span class="hljs-name">dependency</span>&gt;</span>
     <span class="hljs-tag">&lt;<span class="hljs-name">groupId</span>&gt;</span>org.bouncycastle<span class="hljs-tag">&lt;/<span class="hljs-name">groupId</span>&gt;</span>
     <span class="hljs-tag">&lt;<span class="hljs-name">artifactId</span>&gt;</span>bcpkix-jdk15on<span class="hljs-tag">&lt;/<span class="hljs-name">artifactId</span>&gt;</span>
     <span class="hljs-tag">&lt;<span class="hljs-name">version</span>&gt;</span>${bouncycastle.version}<span class="hljs-tag">&lt;/<span class="hljs-name">version</span>&gt;</span>
   <span class="hljs-tag">&lt;/<span class="hljs-name">dependency</span>&gt;</span>

   <span class="hljs-tag">&lt;<span class="hljs-name">dependency</span>&gt;</span>
     <span class="hljs-tag">&lt;<span class="hljs-name">groupId</span>&gt;</span>org.bouncycastle<span class="hljs-tag">&lt;/<span class="hljs-name">groupId</span>&gt;</span>
     <span class="hljs-tag">&lt;<span class="hljs-name">artifactId</span>&gt;</span>bcprov-ext-jdk15on<span class="hljs-tag">&lt;/<span class="hljs-name">artifactId</span>&gt;</span>
     <span class="hljs-tag">&lt;<span class="hljs-name">version</span>&gt;</span>${bouncycastle.version}<span class="hljs-tag">&lt;/<span class="hljs-name">version</span>&gt;</span>
   <span class="hljs-tag">&lt;/<span class="hljs-name">dependency</span>&gt;</span>
 </code></pre>
 <p>By using this <code>bouncy-castle-bc</code> module, you can easily include and exclude BouncyCastle non-FIPS jars.</p>
 <h3><a class="anchor" aria-hidden="true" id="modules-that-include-bc-non-fips-module-bouncy-castle-bc"></a><a href="#modules-that-include-bc-non-fips-module-bouncy-castle-bc" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a>Modules that include BC-non-FIPS module (<code>bouncy-castle-bc</code>)</h3>
 <p>For Pulsar client, user need the bouncy-castle module, so <code>pulsar-client-original</code> will include the <code>bouncy-castle-bc</code> module, and have <code>&lt;classifier&gt;pkg&lt;/classifier&gt;</code> set to reference the <code>jar-in-jar</code> package.
 It is included as following example:</p>
 <pre><code class="hljs css language-xml">  <span class="hljs-tag">&lt;<span class="hljs-name">dependency</span>&gt;</span>
     <span class="hljs-tag">&lt;<span class="hljs-name">groupId</span>&gt;</span>org.apache.pulsar<span class="hljs-tag">&lt;/<span class="hljs-name">groupId</span>&gt;</span>
     <span class="hljs-tag">&lt;<span class="hljs-name">artifactId</span>&gt;</span>bouncy-castle-bc<span class="hljs-tag">&lt;/<span class="hljs-name">artifactId</span>&gt;</span>
     <span class="hljs-tag">&lt;<span class="hljs-name">version</span>&gt;</span>${pulsar.version}<span class="hljs-tag">&lt;/<span class="hljs-name">version</span>&gt;</span>
     <span class="hljs-tag">&lt;<span class="hljs-name">classifier</span>&gt;</span>pkg<span class="hljs-tag">&lt;/<span class="hljs-name">classifier</span>&gt;</span>
   <span class="hljs-tag">&lt;/<span class="hljs-name">dependency</span>&gt;</span>
 </code></pre>
 <p>By default <code>bouncy-castle-bc</code> already included in <code>pulsar-client-original</code>, And <code>pulsar-client-original</code> has been included in a lot of other modules like <code>pulsar-client-admin</code>, <code>pulsar-broker</code>.<br>
 But for the above shaded jar and signatures reason, we should not package Pulsar's <code>bouncy-castle</code> module into <code>pulsar-client-all</code> other shaded modules directly, such as <code>pulsar-client-shaded</code>, <code>pulsar-client-admin-shaded</code> and <code>pulsar-broker-shaded</code>.
 So in the shaded modules, we will exclude the <code>bouncy-castle</code> modules.</p>
 <pre><code class="hljs css language-xml">  <span class="hljs-tag">&lt;<span class="hljs-name">filters</span>&gt;</span>
     <span class="hljs-tag">&lt;<span class="hljs-name">filter</span>&gt;</span>
       <span class="hljs-tag">&lt;<span class="hljs-name">artifact</span>&gt;</span>org.apache.pulsar:pulsar-client-original<span class="hljs-tag">&lt;/<span class="hljs-name">artifact</span>&gt;</span>
       <span class="hljs-tag">&lt;<span class="hljs-name">includes</span>&gt;</span>
         <span class="hljs-tag">&lt;<span class="hljs-name">include</span>&gt;</span>**<span class="hljs-tag">&lt;/<span class="hljs-name">include</span>&gt;</span>
       <span class="hljs-tag">&lt;/<span class="hljs-name">includes</span>&gt;</span>
       <span class="hljs-tag">&lt;<span class="hljs-name">excludes</span>&gt;</span>
         <span class="hljs-tag">&lt;<span class="hljs-name">exclude</span>&gt;</span>org/bouncycastle/**<span class="hljs-tag">&lt;/<span class="hljs-name">exclude</span>&gt;</span>
       <span class="hljs-tag">&lt;/<span class="hljs-name">excludes</span>&gt;</span>
     <span class="hljs-tag">&lt;/<span class="hljs-name">filter</span>&gt;</span>
   <span class="hljs-tag">&lt;/<span class="hljs-name">filters</span>&gt;</span>
 </code></pre>
 <p>That means, <code>bouncy-castle</code> related jars are not shaded in these fat jars.</p>
 <h3><a class="anchor" aria-hidden="true" id="module-bc-fips-bouncy-castle-bcfips"></a><a href="#module-bc-fips-bouncy-castle-bcfips" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a>Module BC-FIPS (<code>bouncy-castle-bcfips</code>)</h3>
 <p>Pulsar module <code>bouncy-castle-bcfips</code>, which defined by <code>bouncy-castle/bcfips/pom.xml</code> contains the needed FIPS jars for Pulsar.
 Similar to <code>bouncy-castle-bc</code>, <code>bouncy-castle-bcfips</code> also packaged as a <code>jar-in-jar</code> package for easy include/exclude.</p>
 <pre><code class="hljs css language-xml">    <span class="hljs-tag">&lt;<span class="hljs-name">dependency</span>&gt;</span>
       <span class="hljs-tag">&lt;<span class="hljs-name">groupId</span>&gt;</span>org.bouncycastle<span class="hljs-tag">&lt;/<span class="hljs-name">groupId</span>&gt;</span>
       <span class="hljs-tag">&lt;<span class="hljs-name">artifactId</span>&gt;</span>bc-fips<span class="hljs-tag">&lt;/<span class="hljs-name">artifactId</span>&gt;</span>
       <span class="hljs-tag">&lt;<span class="hljs-name">version</span>&gt;</span>${bouncycastlefips.version}<span class="hljs-tag">&lt;/<span class="hljs-name">version</span>&gt;</span>
     <span class="hljs-tag">&lt;/<span class="hljs-name">dependency</span>&gt;</span>

     <span class="hljs-tag">&lt;<span class="hljs-name">dependency</span>&gt;</span>
       <span class="hljs-tag">&lt;<span class="hljs-name">groupId</span>&gt;</span>org.bouncycastle<span class="hljs-tag">&lt;/<span class="hljs-name">groupId</span>&gt;</span>
       <span class="hljs-tag">&lt;<span class="hljs-name">artifactId</span>&gt;</span>bcpkix-fips<span class="hljs-tag">&lt;/<span class="hljs-name">artifactId</span>&gt;</span>
       <span class="hljs-tag">&lt;<span class="hljs-name">version</span>&gt;</span>${bouncycastlefips.version}<span class="hljs-tag">&lt;/<span class="hljs-name">version</span>&gt;</span>
     <span class="hljs-tag">&lt;/<span class="hljs-name">dependency</span>&gt;</span>
 </code></pre>
 <h3><a class="anchor" aria-hidden="true" id="exclude-bc-non-fips-and-include-bc-fips"></a><a href="#exclude-bc-non-fips-and-include-bc-fips" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a>Exclude BC-non-FIPS and include BC-FIPS</h3>
 <p>If you want to switch from BC-non-FIPS to BC-FIPS version, Here is an example for <code>pulsar-broker</code> module:</p>
 <pre><code class="hljs css language-xml">  <span class="hljs-tag">&lt;<span class="hljs-name">dependency</span>&gt;</span>
     <span class="hljs-tag">&lt;<span class="hljs-name">groupId</span>&gt;</span>org.apache.pulsar<span class="hljs-tag">&lt;/<span class="hljs-name">groupId</span>&gt;</span>
     <span class="hljs-tag">&lt;<span class="hljs-name">artifactId</span>&gt;</span>pulsar-broker<span class="hljs-tag">&lt;/<span class="hljs-name">artifactId</span>&gt;</span>
     <span class="hljs-tag">&lt;<span class="hljs-name">version</span>&gt;</span>${pulsar.version}<span class="hljs-tag">&lt;/<span class="hljs-name">version</span>&gt;</span>
     <span class="hljs-tag">&lt;<span class="hljs-name">exclusions</span>&gt;</span>
       <span class="hljs-tag">&lt;<span class="hljs-name">exclusion</span>&gt;</span>
         <span class="hljs-tag">&lt;<span class="hljs-name">groupId</span>&gt;</span>org.apache.pulsar<span class="hljs-tag">&lt;/<span class="hljs-name">groupId</span>&gt;</span>
         <span class="hljs-tag">&lt;<span class="hljs-name">artifactId</span>&gt;</span>bouncy-castle-bc<span class="hljs-tag">&lt;/<span class="hljs-name">artifactId</span>&gt;</span>
       <span class="hljs-tag">&lt;/<span class="hljs-name">exclusion</span>&gt;</span>
     <span class="hljs-tag">&lt;/<span class="hljs-name">exclusions</span>&gt;</span>
   <span class="hljs-tag">&lt;/<span class="hljs-name">dependency</span>&gt;</span>

   <span class="hljs-tag">&lt;<span class="hljs-name">dependency</span>&gt;</span>
     <span class="hljs-tag">&lt;<span class="hljs-name">groupId</span>&gt;</span>org.apache.pulsar<span class="hljs-tag">&lt;/<span class="hljs-name">groupId</span>&gt;</span>
     <span class="hljs-tag">&lt;<span class="hljs-name">artifactId</span>&gt;</span>bouncy-castle-bcfips<span class="hljs-tag">&lt;/<span class="hljs-name">artifactId</span>&gt;</span>
     <span class="hljs-tag">&lt;<span class="hljs-name">version</span>&gt;</span>${pulsar.version}<span class="hljs-tag">&lt;/<span class="hljs-name">version</span>&gt;</span>
     <span class="hljs-tag">&lt;<span class="hljs-name">classifier</span>&gt;</span>pkg<span class="hljs-tag">&lt;/<span class="hljs-name">classifier</span>&gt;</span>
   <span class="hljs-tag">&lt;/<span class="hljs-name">dependency</span>&gt;</span>
 </code></pre>
 <p>For more example, you can reference module <code>bcfips-include-test</code>.</p>
 </span></div></article></div><div class="docs-prevnext"><a class="docs-prev button" href="/docs/en/next/security-extending"><span class="arrow-prev">← </span><span>Extend Authentication and Authorization</span></a><a class="docs-next button" href="/docs/en/next/performance-pulsar-perf"><span>Pulsar Perf</span><span class="arrow-next"> →</span></a></div></div></div><nav class="onPageNav"><ul class="toc-headings"><li><a href="#bouncycastle-introduce">BouncyCastle Introduce</a></li><li><a href="#how-bouncycastle-modules-packaged-in-pulsar">How BouncyCastle modules packaged in Pulsar</a><ul class="toc-headings"><li><a href="#include-dependencies-of-bc-non-fips">Include dependencies of BC-non-FIPS</a></li><li><a href="#modules-that-include-bc-non-fips-module-bouncy-castle-bc">Modules that include BC-non-FIPS module (<code>bouncy-castle-bc</code>)</a></li><li><a href="#module-bc-fips-bouncy-castle-bcfips">Module BC-FIPS (<code>bouncy-castle-bcfips</code>)</a></li><li><a href="#exclude-bc-non-fips-and-include-bc-fips">Exclude BC-non-FIPS and include BC-FIPS</a></li></ul></li></ul></nav></div><footer class="nav-footer" id="footer"><section class="copyright">Copyright © 2022 The Apache Software Foundation. All Rights Reserved. Apache, Apache Pulsar and the Apache feather logo are trademarks of The Apache Software Foundation.</section><span><script>
       const community = document.querySelector("a[href='#community']").parentNode;
       const communityMenu =
         '<li>' +
         '<a id="community-menu" href="#">Community <span style="font-size: 0.75em">&nbsp;▼</span></a>' +
         '<div id="community-dropdown" class="hide">' +
           '<ul id="community-dropdown-items">' +
             '<li><a href="/en/contact">Contact</a></li>' +
             '<li><a href="/en/contributing">Contributing</a></li>' +
             '<li><a href="/en/coding-guide">Coding guide</a></li>' +
             '<li><a href="/en/events">Events</a></li>' +
             '<li><a href="https://twitter.com/Apache_Pulsar" target="_blank">Twitter &#x2750</a></li>' +
             '<li><a href="https://github.com/apache/pulsar/wiki" target="_blank">Wiki &#x2750</a></li>' +
             '<li><a href="https://github.com/apache/pulsar/issues" target="_blank">Issue tracking &#x2750</a></li>' +
             '<li><a href="https://pulsar-summit.org/" target="_blank">Pulsar Summit &#x2750</a></li>' +
             '<li>&nbsp;</li>' +
             '<li><a href="/en/resources">Resources</a></li>' +
             '<li><a href="/en/team">Team</a></li>' +
             '<li><a href="/en/powered-by">Powered By</a></li>' +
           '</ul>' +
         '</div>' +
         '</li>';

       community.innerHTML = communityMenu;

       const communityMenuItem = document.getElementById("community-menu");
       const communityDropDown = document.getElementById("community-dropdown");
       communityMenuItem.addEventListener("click", function(event) {
         event.preventDefault();

         if (communityDropDown.className == 'hide') {
           communityDropDown.className = 'visible';
         } else {
           communityDropDown.className = 'hide';
         }
       });
     </script></span></footer></div><script>window.twttr=(function(d,s, id){var js,fjs=d.getElementsByTagName(s)[0],t=window.twttr||{};if(d.getElementById(id))return t;js=d.createElement(s);js.id=id;js.src='https://platform.twitter.com/widgets.js';fjs.parentNode.insertBefore(js, fjs);t._e = [];t.ready = function(f) {t._e.push(f);};return t;}(document, 'script', 'twitter-wjs'));</script></body></html>