Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

remove bouncycastle dependency for EC key support #6008

Closed
coopstah13 opened this issue May 14, 2024 · 7 comments · Fixed by #6051
Closed

remove bouncycastle dependency for EC key support #6008

coopstah13 opened this issue May 14, 2024 · 7 comments · Fixed by #6051
Assignees
@shawkins
Milestone
7.0.0

Comments

@coopstah13
Copy link

Is your task related to a problem? Please describe

Newer version of BouncyCastle doesn't work with BCFIPS provider

Describe the solution you'd like

Remove dependency on BouncyCastle and rely on JDK only. The dependency is only used for EC keys, but they are supported since at least JDK8.

Describe alternatives you've considered

I have pinned the transitive bouncycastle dependency to an older version (1.68) in our repository as it seems to be the last one that doesn't have the problem.

Additional context

No response
@shawkins
Copy link
Contributor

@coopstah13 do you have suggested changes for this? The test case that was added for bcfips does not work with just the jdk - it fails with "java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : version mismatch: (supported: 00, parsed: 01 ..."

@manusa
Copy link
Member

manusa commented Jun 4, 2024

We probable need to add a specific case for
CertUtils#handleECKey so that we don't require the usage of BouncyCastle libraries for Elastic keys.

The idea would be to add some sort of fallback mechanism in

kubernetes-client/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/internal/CertUtils.java

Line 198 in 2f11261

Object pemObject = new PEMParser(new InputStreamReader(keyInputStream)).readObject();

so that we attempt to use the JDK-provided classes and then use BouncyCastle if the JVM doesn't provide them.

@manusa manusa added this to the 7.0.0 milestone Jun 4, 2024
@shawkins
Copy link
Contributor

We probable need to add a specific case for
CertUtils#handleECKey so that we don't require the usage of BouncyCastle libraries for Elastic keys.

Yes, I understand what could be done for eliptical curve keys, but nothing simple worked. Taking another look the best I could come up with was to borrow some code from vertx. I'll open a pr with that.

shawkins added a commit to shawkins/kubernetes-client that referenced this issue Jun 12, 2024
@shawkins
fix: remove bc optional dependency
7e02622 
closes: fabric8io#6008

Signed-off-by: Steve Hawkins <[email protected]>
shawkins added a commit to shawkins/kubernetes-client that referenced this issue Jun 12, 2024
@shawkins
fix: remove bc optional dependency
d95b2c6 
closes: fabric8io#6008

Signed-off-by: Steve Hawkins <[email protected]>
@shawkins shawkins mentioned this issue Jun 12, 2024
Merged
11 tasks
shawkins added a commit to shawkins/kubernetes-client that referenced this issue Jun 12, 2024
@shawkins
fix: remove bc optional dependency
3c89132 
closes: fabric8io#6008

Signed-off-by: Steve Hawkins <[email protected]>
shawkins added a commit to shawkins/kubernetes-client that referenced this issue Jun 12, 2024
@shawkins
fix: remove bc optional dependency
c4fd44a 
closes: fabric8io#6008

Signed-off-by: Steve Hawkins <[email protected]>
shawkins added a commit to shawkins/kubernetes-client that referenced this issue Jun 12, 2024
@shawkins
fix: remove bc optional dependency
29c8c19 
closes: fabric8io#6008

Signed-off-by: Steve Hawkins <[email protected]>
shawkins added a commit to shawkins/kubernetes-client that referenced this issue Jun 12, 2024
@shawkins
fix: remove bc optional dependency
ead330e 
closes: fabric8io#6008

Signed-off-by: Steve Hawkins <[email protected]>
shawkins added a commit to shawkins/kubernetes-client that referenced this issue Jun 12, 2024
@shawkins
fix: remove bc optional dependency
eea1acb 
closes: fabric8io#6008

Signed-off-by: Steve Hawkins <[email protected]>
@manusa manusa closed this as completed in ee74ab9 Jun 18, 2024
@shawkins shawkins mentioned this issue Aug 13, 2024
Closed
@martinwunderlich-celonis
Copy link

I've had the same issue and was to remove the Bouncycastle library after upgrading the fabric8 client from 6.13.1 to 7.0-SNAPSHOT (built locally).
Does anyone have an idea when 7.0.0 will get released?

@manusa
Copy link
Member

manusa commented Aug 14, 2024

Does anyone have an idea when 7.0.0 will get released?

End of September or October if everything goes well.

@martinwunderlich-celonis
Copy link

Hello @manusa , just out of curiosity, is the release for 7.0.0 on track? Thank you

@manusa
Copy link
Member

manusa commented Sep 27, 2024

Hi @martinwunderlich-celonis
We're having some issues with the new model generation approach (#6130) 7.0.0 won't make it in September.
You can track the overall status in #5778

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shawkins shawkins

Labels
None yet
Projects
None yet
Milestone
7.0.0
Development

Successfully merging a pull request may close this issue.

fix: remove bc optional dependency shawkins/kubernetes-client
4 participants
@manusa @coopstah13 @shawkins @martinwunderlich-celonis