From 06b20c50aab178751f9427ac64a43457f93c035b Mon Sep 17 00:00:00 2001
From: Tianli Feng <ftl94@live.com>
Date: Wed, 5 Jan 2022 16:59:55 -0800
Subject: [PATCH] Update FIPS API libraries of Bouncy Castle (#1853)

* Update bc-fips to 1.0.2.1

Signed-off-by: Tianli Feng <ftl94@live.com>

* Update bcpg-fips to 1.0.5.1

Signed-off-by: Tianli Feng <ftl94@live.com>

* Update bctls-fips to 1.0.12.2

Signed-off-by: Tianli Feng <ftl94@live.com>

* Use the unified bouncycastle version for bcpkix-jdk15on in HDFS testing fixture

Signed-off-by: Tianli Feng <ftl94@live.com>
---
 distribution/tools/plugin-cli/build.gradle                    | 4 ++--
 .../tools/plugin-cli/licenses/bc-fips-1.0.2.1.jar.sha1        | 1 +
 distribution/tools/plugin-cli/licenses/bc-fips-1.0.2.jar.sha1 | 1 -
 .../tools/plugin-cli/licenses/bcpg-fips-1.0.4.jar.sha1        | 1 -
 .../tools/plugin-cli/licenses/bcpg-fips-1.0.5.1.jar.sha1      | 1 +
 gradle/fips.gradle                                            | 4 ++--
 test/fixtures/hdfs-fixture/build.gradle                       | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)
 create mode 100644 distribution/tools/plugin-cli/licenses/bc-fips-1.0.2.1.jar.sha1
 delete mode 100644 distribution/tools/plugin-cli/licenses/bc-fips-1.0.2.jar.sha1
 delete mode 100644 distribution/tools/plugin-cli/licenses/bcpg-fips-1.0.4.jar.sha1
 create mode 100644 distribution/tools/plugin-cli/licenses/bcpg-fips-1.0.5.1.jar.sha1

diff --git a/distribution/tools/plugin-cli/build.gradle b/distribution/tools/plugin-cli/build.gradle
index be601924b75b7..d96fced1ec293 100644
--- a/distribution/tools/plugin-cli/build.gradle
+++ b/distribution/tools/plugin-cli/build.gradle
@@ -35,8 +35,8 @@ archivesBaseName = 'opensearch-plugin-cli'
 dependencies {
   compileOnly project(":server")
   compileOnly project(":libs:opensearch-cli")
-  api "org.bouncycastle:bcpg-fips:1.0.4"
-  api "org.bouncycastle:bc-fips:1.0.2"
+  api "org.bouncycastle:bcpg-fips:1.0.5.1"
+  api "org.bouncycastle:bc-fips:1.0.2.1"
   testImplementation project(":test:framework")
   testImplementation 'com.google.jimfs:jimfs:1.1'
   testRuntimeOnly 'com.google.guava:guava:30.1.1-jre'
diff --git a/distribution/tools/plugin-cli/licenses/bc-fips-1.0.2.1.jar.sha1 b/distribution/tools/plugin-cli/licenses/bc-fips-1.0.2.1.jar.sha1
new file mode 100644
index 0000000000000..3c2bd02f432fe
--- /dev/null
+++ b/distribution/tools/plugin-cli/licenses/bc-fips-1.0.2.1.jar.sha1
@@ -0,0 +1 @@
+3110169183fc532d00f0930f2b5901672515eb7c
\ No newline at end of file
diff --git a/distribution/tools/plugin-cli/licenses/bc-fips-1.0.2.jar.sha1 b/distribution/tools/plugin-cli/licenses/bc-fips-1.0.2.jar.sha1
deleted file mode 100644
index 425b11ee6c13f..0000000000000
--- a/distribution/tools/plugin-cli/licenses/bc-fips-1.0.2.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-4fb5db5f03d00f6a94e43b78d097978190e4abb2
\ No newline at end of file
diff --git a/distribution/tools/plugin-cli/licenses/bcpg-fips-1.0.4.jar.sha1 b/distribution/tools/plugin-cli/licenses/bcpg-fips-1.0.4.jar.sha1
deleted file mode 100644
index 7aec78e9e6f07..0000000000000
--- a/distribution/tools/plugin-cli/licenses/bcpg-fips-1.0.4.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-1a838a87959d9c2cee658f4a4e1869e28f6b9976
\ No newline at end of file
diff --git a/distribution/tools/plugin-cli/licenses/bcpg-fips-1.0.5.1.jar.sha1 b/distribution/tools/plugin-cli/licenses/bcpg-fips-1.0.5.1.jar.sha1
new file mode 100644
index 0000000000000..30c30bb4af8e0
--- /dev/null
+++ b/distribution/tools/plugin-cli/licenses/bcpg-fips-1.0.5.1.jar.sha1
@@ -0,0 +1 @@
+63a454936d930fadb1c7a3206b8e758378dd0a26
\ No newline at end of file
diff --git a/gradle/fips.gradle b/gradle/fips.gradle
index e6eb570747aa4..1ce2cb89176f6 100644
--- a/gradle/fips.gradle
+++ b/gradle/fips.gradle
@@ -36,8 +36,8 @@ if (BuildParams.inFipsJvm) {
       fipsPolicy = new File(fipsResourcesDir, "fips_java_bcjsse_11.policy")
     }
     File fipsTrustStore = new File(fipsResourcesDir, 'cacerts.bcfks')
-    def bcFips = dependencies.create('org.bouncycastle:bc-fips:1.0.2')
-    def bcTlsFips = dependencies.create('org.bouncycastle:bctls-fips:1.0.9')
+    def bcFips = dependencies.create('org.bouncycastle:bc-fips:1.0.2.1')
+    def bcTlsFips = dependencies.create('org.bouncycastle:bctls-fips:1.0.12.2')
 
     pluginManager.withPlugin('java') {
       TaskProvider<ExportOpenSearchBuildResourcesTask> fipsResourcesTask = project.tasks.register('fipsResources', ExportOpenSearchBuildResourcesTask)
diff --git a/test/fixtures/hdfs-fixture/build.gradle b/test/fixtures/hdfs-fixture/build.gradle
index 815dd2c4afba3..0f2681284efe4 100644
--- a/test/fixtures/hdfs-fixture/build.gradle
+++ b/test/fixtures/hdfs-fixture/build.gradle
@@ -37,7 +37,7 @@ dependencies {
   api "org.apache.logging.log4j:log4j-core:${versions.log4j}"
   api "io.netty:netty-all:${versions.netty}"
   api 'com.google.code.gson:gson:2.8.9'
-  api 'org.bouncycastle:bcpkix-jdk15on:1.69'
+  api "org.bouncycastle:bcpkix-jdk15on:${versions.bouncycastle}"
   api "com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:${versions.jackson}"
   api "com.fasterxml.jackson.core:jackson-databind:${versions.jackson}"
   api 'net.minidev:json-smart:2.4.7'