Bump BuncyCastle to jdk18on

Signed-off-by: Andrey Pleskach <[email protected]>
opensearch-project · Jun 24, 2023 · 444f629 · 444f629
1 parent d871af3
commit 444f629
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 12 deletions.
diff --git a/build.gradle b/build.gradle
@@ -168,7 +168,7 @@ task copyExtraTestResources(dependsOn: testClasses) {
         into 'build/testrun/test/src/test/resources'
     }
 }
-tasks.test.dependsOn(copyExtraTestResources, opensslTest)
+tasks.test.dependsOn(copyExtraTestResources)//, opensslTest)
 
 jacoco {
     reportsDirectory = file("$buildDir/reports/jacoco")
@@ -345,7 +345,8 @@ dependencies {
     implementation 'com.google.guava:guava:32.0.1-jre'
     implementation 'org.greenrobot:eventbus:3.2.0'
     implementation 'commons-cli:commons-cli:1.3.1'
-    implementation "org.bouncycastle:bcprov-jdk15on:${versions.bouncycastle}"
+    implementation "org.bouncycastle:bcprov-jdk18on:1.75"
+            //#${versions.bouncycastle}"
     implementation 'org.ldaptive:ldaptive:1.2.3'
     implementation 'io.jsonwebtoken:jjwt-api:0.10.8'
     implementation('org.apache.cxf:cxf-rt-rs-security-jose:3.5.5') {

diff --git a/plugin-security.policy b/plugin-security.policy
@@ -58,7 +58,9 @@ grant {
 
   permission java.security.SecurityPermission "putProviderProperty.BC";
   permission java.security.SecurityPermission "insertProvider.BC";
-
+  permission java.security.SecurityPermission "removeProviderProperty.BC";
+  permission java.util.PropertyPermission "jdk.tls.rejectClientInitiatedRenegotiation", "read,write";
+
   permission java.lang.RuntimePermission "accessUserInformation";
 
   permission java.security.SecurityPermission "org.apache.xml.security.register";

diff --git a/src/main/java/org/opensearch/security/ssl/DefaultSecurityKeyStore.java b/src/main/java/org/opensearch/security/ssl/DefaultSecurityKeyStore.java
@@ -1090,12 +1090,7 @@ private SslContext buildSSLContext0(final SslContextBuilder sslContextBuilder) t
 
         SslContext sslContext = null;
         try {
-            sslContext = AccessController.doPrivileged(new PrivilegedExceptionAction<SslContext>() {
-                @Override
-                public SslContext run() throws Exception {
-                    return sslContextBuilder.build();
-                }
-            });
+            sslContext = AccessController.doPrivileged((PrivilegedExceptionAction<SslContext>) sslContextBuilder::build);
         } catch (final PrivilegedActionException e) {
             throw (SSLException) e.getCause();
         }
@@ -1179,7 +1174,7 @@ private List<String> getOtherName(List<?> altName) {
             throw new RuntimeException("Could not read ASN1InputStream", e);
         }
         if (oct instanceof ASN1TaggedObject) {
-            oct = ((ASN1TaggedObject) oct).getObject();
+            oct = ((ASN1TaggedObject) oct).getLoadedObject();
         }
         ASN1Sequence seq = ASN1Sequence.getInstance(oct);
 
@@ -1190,9 +1185,9 @@ private List<String> getOtherName(List<?> altName) {
         // Get value of object from second element
         final ASN1TaggedObject obj = (ASN1TaggedObject) seq.getObjectAt(1);
         // Could be tagged twice due to bug in java cert.getSubjectAltName
-        ASN1Primitive prim = obj.getObject();
+        ASN1Primitive prim = obj.getLoadedObject();
         if (prim instanceof ASN1TaggedObject) {
-            prim = ASN1TaggedObject.getInstance(((ASN1TaggedObject) prim)).getObject();
+            prim = ASN1TaggedObject.getInstance(((ASN1TaggedObject) prim)).getLoadedObject();
         }
 
         if (prim instanceof ASN1String) {