databricks · sreekanth-db · Jun 25, 2025 · Jun 25, 2025 · Jun 27, 2025
diff --git a/NEXT_CHANGELOG.md b/NEXT_CHANGELOG.md
@@ -9,7 +9,7 @@
 - 
 
 ### Fixed
--
+- Fixed bouncy castle registration issue by using local instance instead of global registration with java security API.
 
 ---
 *Note: When making changes, please add your change under the appropriate section with a brief description.* 
diff --git a/src/main/java/com/databricks/jdbc/auth/JwtPrivateKeyClientCredentials.java b/src/main/java/com/databricks/jdbc/auth/JwtPrivateKeyClientCredentials.java
@@ -25,7 +25,6 @@
 import java.net.URISyntaxException;
 import java.nio.charset.StandardCharsets;
 import java.security.PrivateKey;
-import java.security.Security;
 import java.security.interfaces.ECPrivateKey;
 import java.security.interfaces.RSAPrivateKey;
 import java.sql.Timestamp;
@@ -118,7 +117,8 @@ public JwtPrivateKeyClientCredentials build() {
     }
   }
 
-  private final String BOUNCY_CASTLE_PROVIDER = "BC";
+  private final BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
+
   private IDatabricksHttpClient hc;
   private String clientId;
   private String tokenUrl;
@@ -235,13 +235,10 @@ JWSAlgorithm determineSignatureAlgorithm(String jwtAlgorithm) {
   }
 
   private PrivateKey getPrivateKey() {
-    try {
-      Security.addProvider(new BouncyCastleProvider());
-      try (Reader reader = new FileReader(jwtKeyFile);
-          PEMParser pemParser = new PEMParser(reader)) {
-        Object object = pemParser.readObject();
-        return convertPrivateKey(object);
-      }
+    try (Reader reader = new FileReader(jwtKeyFile);
+        PEMParser pemParser = new PEMParser(reader)) {
+      Object object = pemParser.readObject();
+      return convertPrivateKey(object);
     } catch (DatabricksSQLException | IOException e) {
       String errorMessage = "Failed to parse private key: " + e.getMessage();
       LOGGER.error(errorMessage);
@@ -257,7 +254,7 @@ PrivateKey convertPrivateKey(Object pemObject) throws DatabricksParsingException
         PKCS8EncryptedPrivateKeyInfo encryptedKeyInfo = (PKCS8EncryptedPrivateKeyInfo) pemObject;
         JceOpenSSLPKCS8DecryptorProviderBuilder decryptorProviderBuilder =
             new JceOpenSSLPKCS8DecryptorProviderBuilder();
-        decryptorProviderBuilder.setProvider(BOUNCY_CASTLE_PROVIDER);
+        decryptorProviderBuilder.setProvider(bouncyCastleProvider);
         InputDecryptorProvider decryptorProvider =
             decryptorProviderBuilder.build(jwtKeyPassphrase.toCharArray());
         privateKeyInfo = encryptedKeyInfo.decryptPrivateKeyInfo(decryptorProvider);
@@ -269,8 +266,7 @@ PrivateKey convertPrivateKey(Object pemObject) throws DatabricksParsingException
           privateKeyInfo = (PrivateKeyInfo) pemObject;
         }
       }
-      JcaPEMKeyConverter keyConverter =
-          new JcaPEMKeyConverter().setProvider(BOUNCY_CASTLE_PROVIDER);
+      JcaPEMKeyConverter keyConverter = new JcaPEMKeyConverter().setProvider(bouncyCastleProvider);
       return keyConverter.getPrivateKey(privateKeyInfo);
     } catch (OperatorCreationException | PKCSException | PEMException e) {
       String errorMessage = "Cannot decrypt private JWT key " + e.getMessage();