From 1140503101bc65298997bfb8bf89bf507c2b8101 Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Mon, 11 Mar 2024 13:47:15 -0600
Subject: [PATCH] JCE: set PKIXParameters Signature provider to wolfJCE if null
 when using wolfCrypt FIPS

---
 .../jce/WolfCryptPKIXCertPathValidator.java         | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/main/java/com/wolfssl/provider/jce/WolfCryptPKIXCertPathValidator.java b/src/main/java/com/wolfssl/provider/jce/WolfCryptPKIXCertPathValidator.java
index 6e77bf63..f017c769 100644
--- a/src/main/java/com/wolfssl/provider/jce/WolfCryptPKIXCertPathValidator.java
+++ b/src/main/java/com/wolfssl/provider/jce/WolfCryptPKIXCertPathValidator.java
@@ -653,9 +653,16 @@ public CertPathValidatorResult engineValidate(
         /* If we are in FIPS mode, verify wolfJCE is the Signature provider
          * to help maintain FIPS compliance */
         if (Fips.enabled && pkixParams.getSigProvider() != "wolfJCE") {
-            throw new CertPathValidatorException(
-                "CertPathParameters Signature Provider must be wolfJCE " +
-                "when using wolfCrypt FIPS");
+            if (pkixParams.getSigProvider() == null) {
+                /* Preferred Signature provider not set, set to wolfJCE */
+                pkixParams.setSigProvider("wolfJCE");
+            }
+            else {
+                throw new CertPathValidatorException(
+                    "CertPathParameters Signature Provider must be wolfJCE " +
+                    "when using wolfCrypt FIPS: " +
+                    pkixParams.getSigProvider());
+            }
         }
 
         /* Use wolfSSL CertManager to facilitate chain verification */