From 24fb700e114615d9f618ef6f2993e7900c4782c3 Mon Sep 17 00:00:00 2001
From: jdyer1 <jdyer@apache.org>
Date: Mon, 11 Dec 2023 17:55:57 -0600
Subject: [PATCH 1/2] SOLR-15484

- newer version of bouncycastle dependencies
- old version did not parse dates correctly for some locales
---
 gradle/testing/randomization/policies/solr-tests.policy       | 1 +
 solr/licenses/bcmail-jdk15on-1.70.jar.sha1                    | 1 -
 solr/licenses/bcmail-jdk18on-1.77.jar.sha1                    | 1 +
 solr/licenses/bcpkix-jdk15on-1.70.jar.sha1                    | 1 -
 solr/licenses/bcpkix-jdk18on-1.77.jar.sha1                    | 1 +
 solr/licenses/bcprov-jdk15on-1.70.jar.sha1                    | 1 -
 solr/licenses/bcprov-jdk18on-1.77.jar.sha1                    | 1 +
 ...il-jdk15on-LICENSE-BSD_LIKE.txt => bcutil-LICENSE-MIT.txt} | 0
 solr/licenses/bcutil-jdk15on-1.70.jar.sha1                    | 1 -
 solr/licenses/bcutil-jdk18on-1.77.jar.sha1                    | 1 +
 .../{bcutil-jdk15on-NOTICE.txt => bcutil-jdk18on-NOTICE.txt}  | 0
 solr/modules/jwt-auth/build.gradle                            | 4 ++--
 versions.lock                                                 | 4 ----
 13 files changed, 7 insertions(+), 10 deletions(-)
 delete mode 100644 solr/licenses/bcmail-jdk15on-1.70.jar.sha1
 create mode 100644 solr/licenses/bcmail-jdk18on-1.77.jar.sha1
 delete mode 100644 solr/licenses/bcpkix-jdk15on-1.70.jar.sha1
 create mode 100644 solr/licenses/bcpkix-jdk18on-1.77.jar.sha1
 delete mode 100644 solr/licenses/bcprov-jdk15on-1.70.jar.sha1
 create mode 100644 solr/licenses/bcprov-jdk18on-1.77.jar.sha1
 rename solr/licenses/{bcutil-jdk15on-LICENSE-BSD_LIKE.txt => bcutil-LICENSE-MIT.txt} (100%)
 delete mode 100644 solr/licenses/bcutil-jdk15on-1.70.jar.sha1
 create mode 100644 solr/licenses/bcutil-jdk18on-1.77.jar.sha1
 rename solr/licenses/{bcutil-jdk15on-NOTICE.txt => bcutil-jdk18on-NOTICE.txt} (100%)

diff --git a/gradle/testing/randomization/policies/solr-tests.policy b/gradle/testing/randomization/policies/solr-tests.policy
index 86871e726139..c4b07f8ac1a7 100644
--- a/gradle/testing/randomization/policies/solr-tests.policy
+++ b/gradle/testing/randomization/policies/solr-tests.policy
@@ -164,6 +164,7 @@ grant {
 
   // Needed by BouncyCastle in jwt-auth tests
   permission java.security.SecurityPermission "putProviderProperty.BC";
+  permission java.security.SecurityPermission "removeProviderProperty.BC";
   permission java.security.SecurityPermission "getProperty.org.bouncycastle.x509.allow_non-der_tbscert";
 
   // may only be necessary with Java 7?
diff --git a/solr/licenses/bcmail-jdk15on-1.70.jar.sha1 b/solr/licenses/bcmail-jdk15on-1.70.jar.sha1
deleted file mode 100644
index acc49ba80180..000000000000
--- a/solr/licenses/bcmail-jdk15on-1.70.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-08f4aafad90f6cc7f16b9992279828ae848c9e0d
diff --git a/solr/licenses/bcmail-jdk18on-1.77.jar.sha1 b/solr/licenses/bcmail-jdk18on-1.77.jar.sha1
new file mode 100644
index 000000000000..f71659316b8c
--- /dev/null
+++ b/solr/licenses/bcmail-jdk18on-1.77.jar.sha1
@@ -0,0 +1 @@
+f2bb8aa55dc901ee8b8aae7d1007c03592d65e03
\ No newline at end of file
diff --git a/solr/licenses/bcpkix-jdk15on-1.70.jar.sha1 b/solr/licenses/bcpkix-jdk15on-1.70.jar.sha1
deleted file mode 100644
index 07cad6d4edec..000000000000
--- a/solr/licenses/bcpkix-jdk15on-1.70.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-f81e5af49571a9d5a109a88f239a73ce87055417
diff --git a/solr/licenses/bcpkix-jdk18on-1.77.jar.sha1 b/solr/licenses/bcpkix-jdk18on-1.77.jar.sha1
new file mode 100644
index 000000000000..05a8b2d5729b
--- /dev/null
+++ b/solr/licenses/bcpkix-jdk18on-1.77.jar.sha1
@@ -0,0 +1 @@
+ed953791ba0229747dd0fd9911e3d76a462acfd3
\ No newline at end of file
diff --git a/solr/licenses/bcprov-jdk15on-1.70.jar.sha1 b/solr/licenses/bcprov-jdk15on-1.70.jar.sha1
deleted file mode 100644
index bef2dafc7893..000000000000
--- a/solr/licenses/bcprov-jdk15on-1.70.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-4636a0d01f74acaf28082fb62b317f1080118371
diff --git a/solr/licenses/bcprov-jdk18on-1.77.jar.sha1 b/solr/licenses/bcprov-jdk18on-1.77.jar.sha1
new file mode 100644
index 000000000000..3e780df9559a
--- /dev/null
+++ b/solr/licenses/bcprov-jdk18on-1.77.jar.sha1
@@ -0,0 +1 @@
+2cc971b6c20949c1ff98d1a4bc741ee848a09523
\ No newline at end of file
diff --git a/solr/licenses/bcutil-jdk15on-LICENSE-BSD_LIKE.txt b/solr/licenses/bcutil-LICENSE-MIT.txt
similarity index 100%
rename from solr/licenses/bcutil-jdk15on-LICENSE-BSD_LIKE.txt
rename to solr/licenses/bcutil-LICENSE-MIT.txt
diff --git a/solr/licenses/bcutil-jdk15on-1.70.jar.sha1 b/solr/licenses/bcutil-jdk15on-1.70.jar.sha1
deleted file mode 100644
index 73d787313593..000000000000
--- a/solr/licenses/bcutil-jdk15on-1.70.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-54280e7195a7430d7911ded93fc01e07300b9526
diff --git a/solr/licenses/bcutil-jdk18on-1.77.jar.sha1 b/solr/licenses/bcutil-jdk18on-1.77.jar.sha1
new file mode 100644
index 000000000000..5c67e521cc42
--- /dev/null
+++ b/solr/licenses/bcutil-jdk18on-1.77.jar.sha1
@@ -0,0 +1 @@
+de3eaef351545fe8562cf29ddff4a403a45b49b7
\ No newline at end of file
diff --git a/solr/licenses/bcutil-jdk15on-NOTICE.txt b/solr/licenses/bcutil-jdk18on-NOTICE.txt
similarity index 100%
rename from solr/licenses/bcutil-jdk15on-NOTICE.txt
rename to solr/licenses/bcutil-jdk18on-NOTICE.txt
diff --git a/solr/modules/jwt-auth/build.gradle b/solr/modules/jwt-auth/build.gradle
index 17886099e18f..c2a4990b5b38 100644
--- a/solr/modules/jwt-auth/build.gradle
+++ b/solr/modules/jwt-auth/build.gradle
@@ -61,8 +61,8 @@ dependencies {
   testImplementation 'com.fasterxml.jackson.core:jackson-databind'
   permitTestUnusedDeclared 'com.fasterxml.jackson.core:jackson-databind'
 
-  testImplementation 'org.bouncycastle:bcpkix-jdk15on'
-  testImplementation 'org.bouncycastle:bcprov-jdk15on'
+  testImplementation 'org.bouncycastle:bcpkix-jdk18on'
+  testImplementation 'org.bouncycastle:bcprov-jdk18on'
   testImplementation 'com.nimbusds:nimbus-jose-jwt'
   testImplementation 'com.squareup.okhttp3:mockwebserver'
   testImplementation 'com.squareup.okhttp3:okhttp'
diff --git a/versions.lock b/versions.lock
index aa992040b51f..8b42bde42c96 100644
--- a/versions.lock
+++ b/versions.lock
@@ -259,10 +259,6 @@ org.apache.zookeeper:zookeeper:3.9.1 (2 constraints: 9d13795f)
 org.apache.zookeeper:zookeeper-jute:3.9.1 (2 constraints: 9b128823)
 org.apiguardian:apiguardian-api:1.1.2 (2 constraints: 601bd5a8)
 org.bitbucket.b_c:jose4j:0.9.3 (1 constraints: 0e050936)
-org.bouncycastle:bcmail-jdk15on:1.70 (1 constraints: 310c8af5)
-org.bouncycastle:bcpkix-jdk15on:1.70 (2 constraints: ce1b11b3)
-org.bouncycastle:bcprov-jdk15on:1.70 (4 constraints: 1f34ee12)
-org.bouncycastle:bcutil-jdk15on:1.70 (2 constraints: 961ad454)
 org.brotli:dec:0.1.2 (1 constraints: 5a0ce101)
 org.carrot2:carrot2-core:4.5.1 (1 constraints: 0c050f36)
 org.carrot2:morfologik-fsa:2.1.9 (1 constraints: db0d9c36)

From 76156c6437b1e7c11c978e691c13fef33248992e Mon Sep 17 00:00:00 2001
From: jdyer1 <jdyer@apache.org>
Date: Mon, 11 Dec 2023 18:29:46 -0600
Subject: [PATCH 2/2] SOLR-15484

- fix version files and checksums
---
 solr/licenses/bcmail-jdk15on-1.70.jar.sha1 | 1 +
 solr/licenses/bcmail-jdk18on-1.77.jar.sha1 | 1 -
 solr/licenses/bcpkix-jdk15on-1.70.jar.sha1 | 1 +
 solr/licenses/bcpkix-jdk18on-1.77.jar.sha1 | 2 +-
 solr/licenses/bcprov-jdk15on-1.70.jar.sha1 | 1 +
 solr/licenses/bcprov-jdk18on-1.77.jar.sha1 | 2 +-
 solr/licenses/bcutil-jdk15on-1.70.jar.sha1 | 1 +
 solr/licenses/bcutil-jdk18on-1.77.jar.sha1 | 2 +-
 versions.lock                              | 7 +++++++
 versions.props                             | 1 +
 10 files changed, 15 insertions(+), 4 deletions(-)
 create mode 100644 solr/licenses/bcmail-jdk15on-1.70.jar.sha1
 delete mode 100644 solr/licenses/bcmail-jdk18on-1.77.jar.sha1
 create mode 100644 solr/licenses/bcpkix-jdk15on-1.70.jar.sha1
 create mode 100644 solr/licenses/bcprov-jdk15on-1.70.jar.sha1
 create mode 100644 solr/licenses/bcutil-jdk15on-1.70.jar.sha1

diff --git a/solr/licenses/bcmail-jdk15on-1.70.jar.sha1 b/solr/licenses/bcmail-jdk15on-1.70.jar.sha1
new file mode 100644
index 000000000000..acc49ba80180
--- /dev/null
+++ b/solr/licenses/bcmail-jdk15on-1.70.jar.sha1
@@ -0,0 +1 @@
+08f4aafad90f6cc7f16b9992279828ae848c9e0d
diff --git a/solr/licenses/bcmail-jdk18on-1.77.jar.sha1 b/solr/licenses/bcmail-jdk18on-1.77.jar.sha1
deleted file mode 100644
index f71659316b8c..000000000000
--- a/solr/licenses/bcmail-jdk18on-1.77.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-f2bb8aa55dc901ee8b8aae7d1007c03592d65e03
\ No newline at end of file
diff --git a/solr/licenses/bcpkix-jdk15on-1.70.jar.sha1 b/solr/licenses/bcpkix-jdk15on-1.70.jar.sha1
new file mode 100644
index 000000000000..07cad6d4edec
--- /dev/null
+++ b/solr/licenses/bcpkix-jdk15on-1.70.jar.sha1
@@ -0,0 +1 @@
+f81e5af49571a9d5a109a88f239a73ce87055417
diff --git a/solr/licenses/bcpkix-jdk18on-1.77.jar.sha1 b/solr/licenses/bcpkix-jdk18on-1.77.jar.sha1
index 05a8b2d5729b..78f704d21a8f 100644
--- a/solr/licenses/bcpkix-jdk18on-1.77.jar.sha1
+++ b/solr/licenses/bcpkix-jdk18on-1.77.jar.sha1
@@ -1 +1 @@
-ed953791ba0229747dd0fd9911e3d76a462acfd3
\ No newline at end of file
+ed953791ba0229747dd0fd9911e3d76a462acfd3
diff --git a/solr/licenses/bcprov-jdk15on-1.70.jar.sha1 b/solr/licenses/bcprov-jdk15on-1.70.jar.sha1
new file mode 100644
index 000000000000..bef2dafc7893
--- /dev/null
+++ b/solr/licenses/bcprov-jdk15on-1.70.jar.sha1
@@ -0,0 +1 @@
+4636a0d01f74acaf28082fb62b317f1080118371
diff --git a/solr/licenses/bcprov-jdk18on-1.77.jar.sha1 b/solr/licenses/bcprov-jdk18on-1.77.jar.sha1
index 3e780df9559a..72d478f021ac 100644
--- a/solr/licenses/bcprov-jdk18on-1.77.jar.sha1
+++ b/solr/licenses/bcprov-jdk18on-1.77.jar.sha1
@@ -1 +1 @@
-2cc971b6c20949c1ff98d1a4bc741ee848a09523
\ No newline at end of file
+2cc971b6c20949c1ff98d1a4bc741ee848a09523
diff --git a/solr/licenses/bcutil-jdk15on-1.70.jar.sha1 b/solr/licenses/bcutil-jdk15on-1.70.jar.sha1
new file mode 100644
index 000000000000..73d787313593
--- /dev/null
+++ b/solr/licenses/bcutil-jdk15on-1.70.jar.sha1
@@ -0,0 +1 @@
+54280e7195a7430d7911ded93fc01e07300b9526
diff --git a/solr/licenses/bcutil-jdk18on-1.77.jar.sha1 b/solr/licenses/bcutil-jdk18on-1.77.jar.sha1
index 5c67e521cc42..003ab86c340a 100644
--- a/solr/licenses/bcutil-jdk18on-1.77.jar.sha1
+++ b/solr/licenses/bcutil-jdk18on-1.77.jar.sha1
@@ -1 +1 @@
-de3eaef351545fe8562cf29ddff4a403a45b49b7
\ No newline at end of file
+de3eaef351545fe8562cf29ddff4a403a45b49b7
diff --git a/versions.lock b/versions.lock
index 8b42bde42c96..7343705ac00a 100644
--- a/versions.lock
+++ b/versions.lock
@@ -259,6 +259,10 @@ org.apache.zookeeper:zookeeper:3.9.1 (2 constraints: 9d13795f)
 org.apache.zookeeper:zookeeper-jute:3.9.1 (2 constraints: 9b128823)
 org.apiguardian:apiguardian-api:1.1.2 (2 constraints: 601bd5a8)
 org.bitbucket.b_c:jose4j:0.9.3 (1 constraints: 0e050936)
+org.bouncycastle:bcmail-jdk15on:1.70 (1 constraints: 310c8af5)
+org.bouncycastle:bcpkix-jdk15on:1.70 (2 constraints: ce1b11b3)
+org.bouncycastle:bcprov-jdk15on:1.70 (4 constraints: 1f34ee12)
+org.bouncycastle:bcutil-jdk15on:1.70 (2 constraints: 961ad454)
 org.brotli:dec:0.1.2 (1 constraints: 5a0ce101)
 org.carrot2:carrot2-core:4.5.1 (1 constraints: 0c050f36)
 org.carrot2:morfologik-fsa:2.1.9 (1 constraints: db0d9c36)
@@ -414,6 +418,9 @@ org.apache.kerby:kerb-identity:1.0.1 (1 constraints: 5f0cb602)
 org.apache.kerby:kerb-server:1.0.1 (1 constraints: d10b65f2)
 org.apache.kerby:kerb-simplekdc:1.0.1 (1 constraints: dc0d7e3e)
 org.apache.tomcat.embed:tomcat-embed-el:9.0.76 (1 constraints: d41558cf)
+org.bouncycastle:bcpkix-jdk18on:1.77 (1 constraints: e3040431)
+org.bouncycastle:bcprov-jdk18on:1.77 (2 constraints: c51a825c)
+org.bouncycastle:bcutil-jdk18on:1.77 (1 constraints: 620d2d29)
 org.freemarker:freemarker:2.3.32 (1 constraints: f00e9371)
 org.glassfish.grizzly:grizzly-framework:2.4.4 (1 constraints: 670fe271)
 org.glassfish.grizzly:grizzly-http:2.4.4 (1 constraints: 2b127cf5)
diff --git a/versions.props b/versions.props
index f38263dd33b5..b6250414448e 100644
--- a/versions.props
+++ b/versions.props
@@ -52,6 +52,7 @@ org.apache.tika:*=1.28.5
 org.apache.tomcat:annotations-api=6.0.53
 org.apache.zookeeper:*=3.9.1
 org.bitbucket.b_c:jose4j=0.9.3
+org.bouncycastle:bcpkix-jdk18on=1.77
 org.carrot2:carrot2-core=4.5.1
 org.codehaus.woodstox:stax2-api=4.2.2
 org.eclipse.jetty*:*=10.0.18