Upgrade BC to 1.76 (#810)

* Upgraded BC to 1.76
* Addressed Pkcs11Test that fails on Mac OS (arm64) with JDK 1.7 (x86_64)
* Updated README.md to show BC version 1.76
This commit is contained in:
lhazlewood 2023-09-05 14:29:17 -07:00 committed by GitHub
parent 8e0f740329
commit 26026d63cd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 37 additions and 19 deletions

View File

@ -555,8 +555,8 @@ If you're building a (non-Android) JDK project, you will want to define the foll
It is unnecessary for these algorithms on JDK 15 or later.
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.70</version>
<artifactId>bcprov-jdk18on</artifactId> or bcprov-jdk15to18 on JDK 7
<version>1.76</version>
<scope>runtime</scope>
</dependency>
-->
@ -578,7 +578,7 @@ dependencies {
- JDK 14 or earlier, and you want to use EdDSA (Ed25519 or Ed448) Elliptic Curve signature algorithms.
It is unnecessary for these algorithms on JDK 15 or later.
*/
// runtimeOnly 'org.bouncycastle:bcprov-jdk15on:1.70'
// runtimeOnly 'org.bouncycastle:bcprov-jdk18on:1.76' // or bcprov-jdk15to18 on JDK 7
}
```
@ -607,7 +607,7 @@ dependencies {
- EdDSA (Ed25519 or Ed448) Elliptic Curve signature algorithms.
** AND ALSO ensure you enable the BouncyCastle provider as shown below **
*/
//implementation('org.bouncycastle:bcprov-jdk15on:1.70')
//implementation('org.bouncycastle:bcprov-jdk18on:1.76') // or bcprov-jdk15to18 for JDK 7
}
```

View File

@ -14,7 +14,8 @@
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/maven-v4_0_0.xsd">
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
@ -43,12 +44,12 @@
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<artifactId>${bcprov.artifactId}</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<artifactId>${bcpkix.artifactId}</artifactId>
<scope>test</scope>
</dependency>
<dependency>

View File

@ -87,7 +87,10 @@ class Pkcs11Test {
provider = Security.getProvider("SunPKCS11")
provider = provider.configure(config) as Provider
} else { // JDK 8 or earlier:
provider = new sun.security.pkcs11.SunPKCS11(config)
try {
provider = new sun.security.pkcs11.SunPKCS11(config)
} catch (Throwable ignored) { // MacOS on JDK 7: libsofthsm2.so is arm64, JDK is x86_64, can't load
}
}
}
return provider
@ -184,8 +187,7 @@ class Pkcs11Test {
* - On JDK < 11 X25519 and X448 PrivateKeys cannot be loaded (but their certs and PublicKeys may be).
*
* 3. RSASSA-PSS keys of any kind are not available because SoftHSM doesn't currently support them. See
* https://github.com/opendnssec/SoftHSMv2/issues/721
*/
* https://github.com/opendnssec/SoftHSMv2/issues/721*/
static final Map<String, TestKeys.Bundle> PKCS11_BUNDLES = findPkcs11Bundles(KEYSTORE)
static TestKeys.Bundle findPkcs11(Identifiable alg) {
@ -324,10 +326,10 @@ class Pkcs11Test {
/**
* Ensures that for all JWE and JWS algorithms, when the PKCS11 provider is installed as a JVM provider,
* no calls to JwtBuilder/Parser .provider are needed, and no ProviderKeys (Keys.builder) calls are needed
* anywhere in application code.
*/
* anywhere in application code.*/
@Test
void testPkcs11JvmProviderDoesNotRequireProviderKeys() {
if (PKCS11 == null) return; // couldn't load on MacOS (arm64 libsofthsm2.so) on JDK 7 (x86_64)
Security.addProvider(PKCS11)
try {
testJws(null)

18
pom.xml
View File

@ -117,7 +117,9 @@
<maven.javadoc.additionalOptions/>
<!-- Optional Runtime Dependencies: -->
<bouncycastle.version>1.70</bouncycastle.version>
<bouncycastle.version>1.76</bouncycastle.version>
<bcprov.artifactId>bcprov-jdk18on</bcprov.artifactId>
<bcpkix.artifactId>bcpkix-jdk18on</bcpkix.artifactId>
<!-- Test Dependencies: Only required for testing when building. Not required by users at runtime: -->
<groovy.version>2.5.16</groovy.version> <!-- higher version used in jdk8AndLater profile below -->
@ -210,13 +212,13 @@
<!-- Used only during testing for PS256, PS384 and PS512 since JDK <= 10 doesn't support them: -->
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<artifactId>${bcprov.artifactId}</artifactId>
<version>${bouncycastle.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<artifactId>${bcpkix.artifactId}</artifactId>
<version>${bouncycastle.version}</version>
<scope>test</scope>
</dependency>
@ -637,6 +639,16 @@
</plugins>
</build>
<profiles>
<profile>
<id>jdk7</id>
<activation>
<jdk>1.7</jdk>
</activation>
<properties>
<bcprov.artifactId>bcprov-jdk15to18</bcprov.artifactId>
<bcpkix.artifactId>bcpkix-jdk15to18</bcpkix.artifactId>
</properties>
</profile>
<profile>
<id>jdk8AndLater</id>
<activation>

View File

@ -14,7 +14,8 @@
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/maven-v4_0_0.xsd">
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
@ -27,7 +28,9 @@
<artifactId>jjwt</artifactId>
<name>JJWT :: Legacy Transitive Dependency Jar</name>
<description>Legacy dependency. Please update your dependencies as documented here: https://github.com/jwtk/jjwt#installation</description>
<description>Legacy dependency. Please update your dependencies as documented here:
https://github.com/jwtk/jjwt#installation
</description>
<packaging>jar</packaging>
<properties>
@ -53,12 +56,12 @@
<!-- Testing only: -->
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<artifactId>${bcprov.artifactId}</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<artifactId>${bcpkix.artifactId}</artifactId>
<scope>test</scope>
</dependency>
</dependencies>