Add security provider earlier in the bootstrap process

Signed-off-by: Terry Quigley <[email protected]>

Author: terryquigleysas

src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java

@@ -2441,17 +2441,6 @@ public Optional<SecureSettingsFactory> getSecureSettingFactory(Settings settings
         );
     }
 
-    @SuppressWarnings("removal")
-    private void tryAddSecurityProvider() {
-        AccessController.doPrivileged((PrivilegedAction<Object>) () -> {
-            if (Security.getProvider("BCFIPS") == null) {
-                Security.addProvider(new BouncyCastleFipsProvider());
-                log.debug("Bouncy Castle FIPS Provider added");
-            }
-            return null;
-        });
-    }
-
     // CS-SUPPRESS-SINGLE: RegexpSingleline get Resource Sharing Extensions
     @Override
     public void loadExtensions(ExtensionLoader loader) {

src/main/java/org/opensearch/security/ssl/OpenSearchSecuritySSLPlugin.java

@@ -20,6 +20,7 @@
 import java.nio.file.Path;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
+import java.security.Security;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
@@ -35,6 +36,7 @@
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 
+import org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider;
 import org.opensearch.OpenSearchException;
 import org.opensearch.SpecialPermission;
 import org.opensearch.Version;
@@ -256,6 +258,8 @@ public Object run() {
             log.error("SSL not activated for http and/or transport.");
         }
 
+        tryAddSecurityProvider();
+
         this.sslSettingsManager = new SslSettingsManager(new Environment(settings, configPath));
     }
 
@@ -772,4 +776,15 @@ protected Settings migrateSettings(Settings settings) {
     public ThreadPool getThreadPool() {
         return this.threadPool;
     }
+
+    @SuppressWarnings("removal")
+    protected void tryAddSecurityProvider() {
+        AccessController.doPrivileged((PrivilegedAction<Object>) () -> {
+            if (Security.getProvider("BCFIPS") == null) {
+                Security.addProvider(new BouncyCastleFipsProvider());
+                log.debug("Bouncy Castle FIPS Provider added");
+            }
+            return null;
+        });
+    }
 }