Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

remove bouncycastle dependency for EC key support #6008

Closed
coopstah13 opened this issue May 14, 2024 · 7 comments · Fixed by #6051
Closed

remove bouncycastle dependency for EC key support #6008

coopstah13 opened this issue May 14, 2024 · 7 comments · Fixed by #6051
Assignees
Milestone

Comments

@coopstah13
Copy link

Is your task related to a problem? Please describe

Newer version of BouncyCastle doesn't work with BCFIPS provider

Describe the solution you'd like

Remove dependency on BouncyCastle and rely on JDK only. The dependency is only used for EC keys, but they are supported since at least JDK8.

Describe alternatives you've considered

I have pinned the transitive bouncycastle dependency to an older version (1.68) in our repository as it seems to be the last one that doesn't have the problem.

Additional context

No response

@shawkins
Copy link
Contributor

@coopstah13 do you have suggested changes for this? The test case that was added for bcfips does not work with just the jdk - it fails with "java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : version mismatch: (supported: 00, parsed: 01 ..."

@manusa
Copy link
Member

manusa commented Jun 4, 2024

We probable need to add a specific case for
CertUtils#handleECKey so that we don't require the usage of BouncyCastle libraries for Elastic keys.

The idea would be to add some sort of fallback mechanism in

Object pemObject = new PEMParser(new InputStreamReader(keyInputStream)).readObject();

so that we attempt to use the JDK-provided classes and then use BouncyCastle if the JVM doesn't provide them.

@manusa manusa added this to the 7.0.0 milestone Jun 4, 2024
@shawkins
Copy link
Contributor

We probable need to add a specific case for
CertUtils#handleECKey so that we don't require the usage of BouncyCastle libraries for Elastic keys.

Yes, I understand what could be done for eliptical curve keys, but nothing simple worked. Taking another look the best I could come up with was to borrow some code from vertx. I'll open a pr with that.

shawkins added a commit to shawkins/kubernetes-client that referenced this issue Jun 12, 2024
closes: fabric8io#6008

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
shawkins added a commit to shawkins/kubernetes-client that referenced this issue Jun 12, 2024
closes: fabric8io#6008

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
shawkins added a commit to shawkins/kubernetes-client that referenced this issue Jun 12, 2024
closes: fabric8io#6008

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
shawkins added a commit to shawkins/kubernetes-client that referenced this issue Jun 12, 2024
closes: fabric8io#6008

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
shawkins added a commit to shawkins/kubernetes-client that referenced this issue Jun 12, 2024
closes: fabric8io#6008

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
shawkins added a commit to shawkins/kubernetes-client that referenced this issue Jun 12, 2024
closes: fabric8io#6008

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
shawkins added a commit to shawkins/kubernetes-client that referenced this issue Jun 12, 2024
closes: fabric8io#6008

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
@manusa manusa closed this as completed in ee74ab9 Jun 18, 2024
@martinwunderlich-celonis

I've had the same issue and was to remove the Bouncycastle library after upgrading the fabric8 client from 6.13.1 to 7.0-SNAPSHOT (built locally).
Does anyone have an idea when 7.0.0 will get released?

@manusa
Copy link
Member

manusa commented Aug 14, 2024

Does anyone have an idea when 7.0.0 will get released?

End of September or October if everything goes well.

@martinwunderlich-celonis

Hello @manusa , just out of curiosity, is the release for 7.0.0 on track? Thank you

@manusa
Copy link
Member

manusa commented Sep 27, 2024

Hi @martinwunderlich-celonis
We're having some issues with the new model generation approach (#6130) 7.0.0 won't make it in September.
You can track the overall status in #5778

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants