From d9ce0e673386dab213d6e615c47b29693c4ba762 Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Tue, 18 Feb 2020 14:11:34 +0200 Subject: [PATCH] Update BouncyCastle to 1.64 (#52185) (#52464) This commit upgrades the bouncycastle dependency from 1.61 to 1.64. --- buildSrc/version.properties | 2 +- .../licenses/bcmail-jdk15on-1.61.jar.sha1 | 1 - .../licenses/bcmail-jdk15on-1.64.jar.sha1 | 1 + .../licenses/bcpkix-jdk15on-1.61.jar.sha1 | 1 - .../licenses/bcpkix-jdk15on-1.64.jar.sha1 | 1 + .../licenses/bcprov-jdk15on-1.61.jar.sha1 | 1 - .../licenses/bcprov-jdk15on-1.64.jar.sha1 | 1 + x-pack/plugin/security/cli/build.gradle | 8 ++++++++ .../security/cli/licenses/bcpkix-jdk15on-1.61.jar.sha1 | 1 - .../security/cli/licenses/bcpkix-jdk15on-1.64.jar.sha1 | 1 + .../security/cli/licenses/bcprov-jdk15on-1.61.jar.sha1 | 1 - .../security/cli/licenses/bcprov-jdk15on-1.64.jar.sha1 | 1 + .../xpack/security/cli/CertificateGenerateToolTests.java | 6 +++--- .../xpack/security/cli/HttpCertificateCommandTests.java | 4 ++-- 14 files changed, 19 insertions(+), 11 deletions(-) delete mode 100644 plugins/ingest-attachment/licenses/bcmail-jdk15on-1.61.jar.sha1 create mode 100644 plugins/ingest-attachment/licenses/bcmail-jdk15on-1.64.jar.sha1 delete mode 100644 plugins/ingest-attachment/licenses/bcpkix-jdk15on-1.61.jar.sha1 create mode 100644 plugins/ingest-attachment/licenses/bcpkix-jdk15on-1.64.jar.sha1 delete mode 100644 plugins/ingest-attachment/licenses/bcprov-jdk15on-1.61.jar.sha1 create mode 100644 plugins/ingest-attachment/licenses/bcprov-jdk15on-1.64.jar.sha1 delete mode 100644 x-pack/plugin/security/cli/licenses/bcpkix-jdk15on-1.61.jar.sha1 create mode 100644 x-pack/plugin/security/cli/licenses/bcpkix-jdk15on-1.64.jar.sha1 delete mode 100644 x-pack/plugin/security/cli/licenses/bcprov-jdk15on-1.61.jar.sha1 create mode 100644 x-pack/plugin/security/cli/licenses/bcprov-jdk15on-1.64.jar.sha1 diff --git a/buildSrc/version.properties b/buildSrc/version.properties index 574d92be66c..044d1777978 100644 --- a/buildSrc/version.properties +++ b/buildSrc/version.properties @@ -29,7 +29,7 @@ joda = 2.10.4 # - plugins/ingest-attachment (transitive dependency, check the upstream POM) # - distribution/tools/plugin-cli # - x-pack/plugin/security -bouncycastle = 1.61 +bouncycastle=1.64 # test dependencies randomizedrunner = 2.7.1 junit = 4.12 diff --git a/plugins/ingest-attachment/licenses/bcmail-jdk15on-1.61.jar.sha1 b/plugins/ingest-attachment/licenses/bcmail-jdk15on-1.61.jar.sha1 deleted file mode 100644 index a41f43da590..00000000000 --- a/plugins/ingest-attachment/licenses/bcmail-jdk15on-1.61.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -69a1ea4bead1baadd1a1e00526de050c62ea7d82 \ No newline at end of file diff --git a/plugins/ingest-attachment/licenses/bcmail-jdk15on-1.64.jar.sha1 b/plugins/ingest-attachment/licenses/bcmail-jdk15on-1.64.jar.sha1 new file mode 100644 index 00000000000..9b752aae5ad --- /dev/null +++ b/plugins/ingest-attachment/licenses/bcmail-jdk15on-1.64.jar.sha1 @@ -0,0 +1 @@ +7a2601f0a1d336966cca03edb04a69ba0f5f25d9 \ No newline at end of file diff --git a/plugins/ingest-attachment/licenses/bcpkix-jdk15on-1.61.jar.sha1 b/plugins/ingest-attachment/licenses/bcpkix-jdk15on-1.61.jar.sha1 deleted file mode 100644 index 7ae081447a9..00000000000 --- a/plugins/ingest-attachment/licenses/bcpkix-jdk15on-1.61.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -89bb3aa5b98b48e584eee2a7401b7682a46779b4 \ No newline at end of file diff --git a/plugins/ingest-attachment/licenses/bcpkix-jdk15on-1.64.jar.sha1 b/plugins/ingest-attachment/licenses/bcpkix-jdk15on-1.64.jar.sha1 new file mode 100644 index 00000000000..568a9be16be --- /dev/null +++ b/plugins/ingest-attachment/licenses/bcpkix-jdk15on-1.64.jar.sha1 @@ -0,0 +1 @@ +3dac163e20110817d850d17e0444852a6d7d0bd7 \ No newline at end of file diff --git a/plugins/ingest-attachment/licenses/bcprov-jdk15on-1.61.jar.sha1 b/plugins/ingest-attachment/licenses/bcprov-jdk15on-1.61.jar.sha1 deleted file mode 100644 index 0ccfcd61a0e..00000000000 --- a/plugins/ingest-attachment/licenses/bcprov-jdk15on-1.61.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -00df4b474e71be02c1349c3292d98886f888d1f7 \ No newline at end of file diff --git a/plugins/ingest-attachment/licenses/bcprov-jdk15on-1.64.jar.sha1 b/plugins/ingest-attachment/licenses/bcprov-jdk15on-1.64.jar.sha1 new file mode 100644 index 00000000000..85b5d4e1e18 --- /dev/null +++ b/plugins/ingest-attachment/licenses/bcprov-jdk15on-1.64.jar.sha1 @@ -0,0 +1 @@ +1467dac1b787b5ad2a18201c0c281df69882259e \ No newline at end of file diff --git a/x-pack/plugin/security/cli/build.gradle b/x-pack/plugin/security/cli/build.gradle index f24d5f49d11..78048537bfb 100644 --- a/x-pack/plugin/security/cli/build.gradle +++ b/x-pack/plugin/security/cli/build.gradle @@ -24,6 +24,14 @@ forbiddenPatterns { exclude '**/*.jks' } +thirdPartyAudit { + ignoreMissingClasses( + // Used in org.bouncycastle.pqc.crypto.qtesla.QTeslaKeyEncodingTests + 'junit.framework.Assert', + 'junit.framework.TestCase' + ) +} + if (BuildParams.inFipsJvm) { test.enabled = false jarHell.enabled = false diff --git a/x-pack/plugin/security/cli/licenses/bcpkix-jdk15on-1.61.jar.sha1 b/x-pack/plugin/security/cli/licenses/bcpkix-jdk15on-1.61.jar.sha1 deleted file mode 100644 index 7ae081447a9..00000000000 --- a/x-pack/plugin/security/cli/licenses/bcpkix-jdk15on-1.61.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -89bb3aa5b98b48e584eee2a7401b7682a46779b4 \ No newline at end of file diff --git a/x-pack/plugin/security/cli/licenses/bcpkix-jdk15on-1.64.jar.sha1 b/x-pack/plugin/security/cli/licenses/bcpkix-jdk15on-1.64.jar.sha1 new file mode 100644 index 00000000000..568a9be16be --- /dev/null +++ b/x-pack/plugin/security/cli/licenses/bcpkix-jdk15on-1.64.jar.sha1 @@ -0,0 +1 @@ +3dac163e20110817d850d17e0444852a6d7d0bd7 \ No newline at end of file diff --git a/x-pack/plugin/security/cli/licenses/bcprov-jdk15on-1.61.jar.sha1 b/x-pack/plugin/security/cli/licenses/bcprov-jdk15on-1.61.jar.sha1 deleted file mode 100644 index 0ccfcd61a0e..00000000000 --- a/x-pack/plugin/security/cli/licenses/bcprov-jdk15on-1.61.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -00df4b474e71be02c1349c3292d98886f888d1f7 \ No newline at end of file diff --git a/x-pack/plugin/security/cli/licenses/bcprov-jdk15on-1.64.jar.sha1 b/x-pack/plugin/security/cli/licenses/bcprov-jdk15on-1.64.jar.sha1 new file mode 100644 index 00000000000..85b5d4e1e18 --- /dev/null +++ b/x-pack/plugin/security/cli/licenses/bcprov-jdk15on-1.64.jar.sha1 @@ -0,0 +1 @@ +1467dac1b787b5ad2a18201c0c281df69882259e \ No newline at end of file diff --git a/x-pack/plugin/security/cli/src/test/java/org/elasticsearch/xpack/security/cli/CertificateGenerateToolTests.java b/x-pack/plugin/security/cli/src/test/java/org/elasticsearch/xpack/security/cli/CertificateGenerateToolTests.java index 91fd55933c5..f64b13b3ac4 100644 --- a/x-pack/plugin/security/cli/src/test/java/org/elasticsearch/xpack/security/cli/CertificateGenerateToolTests.java +++ b/x-pack/plugin/security/cli/src/test/java/org/elasticsearch/xpack/security/cli/CertificateGenerateToolTests.java @@ -7,12 +7,12 @@ package org.elasticsearch.xpack.security.cli; import com.google.common.jimfs.Configuration; import com.google.common.jimfs.Jimfs; +import org.bouncycastle.asn1.DLTaggedObject; import org.elasticsearch.core.internal.io.IOUtils; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1String; import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.pkcs.Attribute; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.x509.Extension; @@ -489,8 +489,8 @@ public class CertificateGenerateToolTests extends ESTestCase { assertThat(seq.size(), equalTo(2)); assertThat(seq.getObjectAt(0), instanceOf(ASN1ObjectIdentifier.class)); assertThat(seq.getObjectAt(0).toString(), equalTo(CN_OID)); - assertThat(seq.getObjectAt(1), instanceOf(DERTaggedObject.class)); - DERTaggedObject taggedName = (DERTaggedObject) seq.getObjectAt(1); + assertThat(seq.getObjectAt(1), instanceOf(DLTaggedObject.class)); + DLTaggedObject taggedName = (DLTaggedObject) seq.getObjectAt(1); assertThat(taggedName.getTagNo(), equalTo(0)); assertThat(taggedName.getObject(), instanceOf(ASN1String.class)); assertThat(taggedName.getObject().toString(), Matchers.isIn(certInfo.commonNames)); diff --git a/x-pack/plugin/security/cli/src/test/java/org/elasticsearch/xpack/security/cli/HttpCertificateCommandTests.java b/x-pack/plugin/security/cli/src/test/java/org/elasticsearch/xpack/security/cli/HttpCertificateCommandTests.java index a21eb0efa77..818570ace03 100644 --- a/x-pack/plugin/security/cli/src/test/java/org/elasticsearch/xpack/security/cli/HttpCertificateCommandTests.java +++ b/x-pack/plugin/security/cli/src/test/java/org/elasticsearch/xpack/security/cli/HttpCertificateCommandTests.java @@ -11,7 +11,7 @@ import com.google.common.jimfs.Jimfs; import joptsimple.OptionSet; import org.bouncycastle.asn1.DERIA5String; import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; +import org.bouncycastle.asn1.DLSequence; import org.bouncycastle.asn1.pkcs.Attribute; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.x509.Extension; @@ -606,7 +606,7 @@ public class HttpCertificateCommandTests extends ESTestCase { final Attribute[] extensionAttributes = csr.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); assertThat(extensionAttributes, arrayWithSize(1)); assertThat(extensionAttributes[0].getAttributeValues(), arrayWithSize(1)); - assertThat(extensionAttributes[0].getAttributeValues()[0], instanceOf(DERSequence.class)); + assertThat(extensionAttributes[0].getAttributeValues()[0], instanceOf(DLSequence.class)); // We register 1 extension - the subject alternative names final Extensions extensions = Extensions.getInstance(extensionAttributes[0].getAttributeValues()[0]);