bc.diff

diff --git a/src/main/java/org/jruby/ext/openssl/SecurityHelper.java b/src/main/java/org/jruby/ext/openssl/SecurityHelper.java
index 302ae10..8825f08 100644
--- a/src/main/java/org/jruby/ext/openssl/SecurityHelper.java
+++ b/src/main/java/org/jruby/ext/openssl/SecurityHelper.java
@@ -99,6 +99,7 @@ import org.bouncycastle.operator.bc.BcRSAContentVerifierProviderBuilder;
 public abstract class SecurityHelper {
 
     private static String BC_PROVIDER_CLASS = "org.bouncycastle.jce.provider.BouncyCastleProvider";
+    private static String BC_PROVIDER_NAME = "BC";
     static boolean setBouncyCastleProvider = true; // (package access for tests)
     static Provider securityProvider; // 'BC' provider (package access for tests)
     private static volatile Boolean registerProvider = null;
@@ -198,7 +199,21 @@ public abstract class SecurityHelper {
 
     static CertificateFactory getCertificateFactory(final String type, final Provider provider)
         throws CertificateException {
-        final CertificateFactorySpi spi = (CertificateFactorySpi) getImplEngine("CertificateFactory", type);
+        final CertificateFactorySpi spi;
+        boolean addedBC = false;
+        synchronized(SecurityHelper.class) {
+            try {
+                if (provider.getName().equals(BC_PROVIDER_NAME) && Security.getProvider(BC_PROVIDER_NAME) == null) {
+                    Security.addProvider(provider);
+                    addedBC = true;
+                }
+                spi = (CertificateFactorySpi) getImplEngine("CertificateFactory", type);
+            } finally {
+                if (addedBC) {
+                    Security.removeProvider(BC_PROVIDER_NAME);
+                }
+            }
+        }
         if ( spi == null ) throw new CertificateException(type + " not found");
         return newInstance(CertificateFactory.class,
                 new Class[]{ CertificateFactorySpi.class, Provider.class, String.class },