From e8918ac2f13662811ef0ca12ad3bf0651e034ed2 Mon Sep 17 00:00:00 2001 From: Tianli Feng Date: Wed, 5 Jan 2022 22:13:24 +0000 Subject: [PATCH 1/4] Update bc-fips to 1.0.2.1 Signed-off-by: Tianli Feng --- distribution/tools/plugin-cli/build.gradle | 2 +- distribution/tools/plugin-cli/licenses/bc-fips-1.0.2.1.jar.sha1 | 1 + distribution/tools/plugin-cli/licenses/bc-fips-1.0.2.jar.sha1 | 1 - gradle/fips.gradle | 2 +- 4 files changed, 3 insertions(+), 3 deletions(-) create mode 100644 distribution/tools/plugin-cli/licenses/bc-fips-1.0.2.1.jar.sha1 delete mode 100644 distribution/tools/plugin-cli/licenses/bc-fips-1.0.2.jar.sha1 diff --git a/distribution/tools/plugin-cli/build.gradle b/distribution/tools/plugin-cli/build.gradle index be601924b75b7..c9a092a484c96 100644 --- a/distribution/tools/plugin-cli/build.gradle +++ b/distribution/tools/plugin-cli/build.gradle @@ -36,7 +36,7 @@ dependencies { compileOnly project(":server") compileOnly project(":libs:opensearch-cli") api "org.bouncycastle:bcpg-fips:1.0.4" - api "org.bouncycastle:bc-fips:1.0.2" + api "org.bouncycastle:bc-fips:1.0.2.1" testImplementation project(":test:framework") testImplementation 'com.google.jimfs:jimfs:1.1' testRuntimeOnly 'com.google.guava:guava:30.1.1-jre' diff --git a/distribution/tools/plugin-cli/licenses/bc-fips-1.0.2.1.jar.sha1 b/distribution/tools/plugin-cli/licenses/bc-fips-1.0.2.1.jar.sha1 new file mode 100644 index 0000000000000..3c2bd02f432fe --- /dev/null +++ b/distribution/tools/plugin-cli/licenses/bc-fips-1.0.2.1.jar.sha1 @@ -0,0 +1 @@ +3110169183fc532d00f0930f2b5901672515eb7c \ No newline at end of file diff --git a/distribution/tools/plugin-cli/licenses/bc-fips-1.0.2.jar.sha1 b/distribution/tools/plugin-cli/licenses/bc-fips-1.0.2.jar.sha1 deleted file mode 100644 index 425b11ee6c13f..0000000000000 --- a/distribution/tools/plugin-cli/licenses/bc-fips-1.0.2.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -4fb5db5f03d00f6a94e43b78d097978190e4abb2 \ No newline at end of file diff --git a/gradle/fips.gradle b/gradle/fips.gradle index e6eb570747aa4..517d35e42afa5 100644 --- a/gradle/fips.gradle +++ b/gradle/fips.gradle @@ -36,7 +36,7 @@ if (BuildParams.inFipsJvm) { fipsPolicy = new File(fipsResourcesDir, "fips_java_bcjsse_11.policy") } File fipsTrustStore = new File(fipsResourcesDir, 'cacerts.bcfks') - def bcFips = dependencies.create('org.bouncycastle:bc-fips:1.0.2') + def bcFips = dependencies.create('org.bouncycastle:bc-fips:1.0.2.1') def bcTlsFips = dependencies.create('org.bouncycastle:bctls-fips:1.0.9') pluginManager.withPlugin('java') { From c16335aa61fa6ca07636e76e2c2966bb7fed4468 Mon Sep 17 00:00:00 2001 From: Tianli Feng Date: Wed, 5 Jan 2022 22:39:25 +0000 Subject: [PATCH 2/4] Update bcpg-fips to 1.0.5.1 Signed-off-by: Tianli Feng --- distribution/tools/plugin-cli/build.gradle | 2 +- distribution/tools/plugin-cli/licenses/bcpg-fips-1.0.4.jar.sha1 | 1 - .../tools/plugin-cli/licenses/bcpg-fips-1.0.5.1.jar.sha1 | 1 + 3 files changed, 2 insertions(+), 2 deletions(-) delete mode 100644 distribution/tools/plugin-cli/licenses/bcpg-fips-1.0.4.jar.sha1 create mode 100644 distribution/tools/plugin-cli/licenses/bcpg-fips-1.0.5.1.jar.sha1 diff --git a/distribution/tools/plugin-cli/build.gradle b/distribution/tools/plugin-cli/build.gradle index c9a092a484c96..d96fced1ec293 100644 --- a/distribution/tools/plugin-cli/build.gradle +++ b/distribution/tools/plugin-cli/build.gradle @@ -35,7 +35,7 @@ archivesBaseName = 'opensearch-plugin-cli' dependencies { compileOnly project(":server") compileOnly project(":libs:opensearch-cli") - api "org.bouncycastle:bcpg-fips:1.0.4" + api "org.bouncycastle:bcpg-fips:1.0.5.1" api "org.bouncycastle:bc-fips:1.0.2.1" testImplementation project(":test:framework") testImplementation 'com.google.jimfs:jimfs:1.1' diff --git a/distribution/tools/plugin-cli/licenses/bcpg-fips-1.0.4.jar.sha1 b/distribution/tools/plugin-cli/licenses/bcpg-fips-1.0.4.jar.sha1 deleted file mode 100644 index 7aec78e9e6f07..0000000000000 --- a/distribution/tools/plugin-cli/licenses/bcpg-fips-1.0.4.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -1a838a87959d9c2cee658f4a4e1869e28f6b9976 \ No newline at end of file diff --git a/distribution/tools/plugin-cli/licenses/bcpg-fips-1.0.5.1.jar.sha1 b/distribution/tools/plugin-cli/licenses/bcpg-fips-1.0.5.1.jar.sha1 new file mode 100644 index 0000000000000..30c30bb4af8e0 --- /dev/null +++ b/distribution/tools/plugin-cli/licenses/bcpg-fips-1.0.5.1.jar.sha1 @@ -0,0 +1 @@ +63a454936d930fadb1c7a3206b8e758378dd0a26 \ No newline at end of file From 7171d632f86e28d1aaf193079b92b57e7bbde7e1 Mon Sep 17 00:00:00 2001 From: Tianli Feng Date: Wed, 5 Jan 2022 22:40:28 +0000 Subject: [PATCH 3/4] Update bctls-fips to 1.0.12.2 Signed-off-by: Tianli Feng --- gradle/fips.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle/fips.gradle b/gradle/fips.gradle index 517d35e42afa5..1ce2cb89176f6 100644 --- a/gradle/fips.gradle +++ b/gradle/fips.gradle @@ -37,7 +37,7 @@ if (BuildParams.inFipsJvm) { } File fipsTrustStore = new File(fipsResourcesDir, 'cacerts.bcfks') def bcFips = dependencies.create('org.bouncycastle:bc-fips:1.0.2.1') - def bcTlsFips = dependencies.create('org.bouncycastle:bctls-fips:1.0.9') + def bcTlsFips = dependencies.create('org.bouncycastle:bctls-fips:1.0.12.2') pluginManager.withPlugin('java') { TaskProvider fipsResourcesTask = project.tasks.register('fipsResources', ExportOpenSearchBuildResourcesTask) From 108e2ad994bafe95aa133a5847d05ac18820d08e Mon Sep 17 00:00:00 2001 From: Tianli Feng Date: Wed, 5 Jan 2022 22:43:54 +0000 Subject: [PATCH 4/4] Use the unified bouncycastle version for bcpkix-jdk15on in HDFS testing fixture Signed-off-by: Tianli Feng --- test/fixtures/hdfs-fixture/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/fixtures/hdfs-fixture/build.gradle b/test/fixtures/hdfs-fixture/build.gradle index d6720b41c6756..2dfbb3e147205 100644 --- a/test/fixtures/hdfs-fixture/build.gradle +++ b/test/fixtures/hdfs-fixture/build.gradle @@ -39,7 +39,7 @@ dependencies { api "org.apache.logging.log4j:log4j-core:${versions.log4j}" api "io.netty:netty-all:${versions.netty}" api 'com.google.code.gson:gson:2.8.9' - api 'org.bouncycastle:bcpkix-jdk15on:1.69' + api "org.bouncycastle:bcpkix-jdk15on:${versions.bouncycastle}" api "com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:${versions.jackson}" api "com.fasterxml.jackson.core:jackson-databind:${versions.jackson}" api 'net.minidev:json-smart:2.4.7'