Update BouncyCastle to 1.64 (#52185) (#52464)

This commit upgrades the bouncycastle dependency from 1.61 to 1.64.
elastic · Feb 18, 2020 · d9ce0e6 · d9ce0e6
1 parent 9c49868
commit d9ce0e6
Show file tree

Hide file tree

Showing 14 changed files with 19 additions and 11 deletions.
diff --git a/buildSrc/version.properties b/buildSrc/version.properties
@@ -29,7 +29,7 @@ joda              = 2.10.4
 #  - plugins/ingest-attachment (transitive dependency, check the upstream POM)
 #  - distribution/tools/plugin-cli
 #  - x-pack/plugin/security
-bouncycastle      = 1.61
+bouncycastle=1.64
 # test dependencies
 randomizedrunner  = 2.7.1
 junit             = 4.12

diff --git a/plugins/ingest-attachment/licenses/bcmail-jdk15on-1.61.jar.sha1 b/plugins/ingest-attachment/licenses/bcmail-jdk15on-1.61.jar.sha1
diff --git a/plugins/ingest-attachment/licenses/bcmail-jdk15on-1.64.jar.sha1 b/plugins/ingest-attachment/licenses/bcmail-jdk15on-1.64.jar.sha1
@@ -0,0 +1 @@
+7a2601f0a1d336966cca03edb04a69ba0f5f25d9
diff --git a/plugins/ingest-attachment/licenses/bcpkix-jdk15on-1.61.jar.sha1 b/plugins/ingest-attachment/licenses/bcpkix-jdk15on-1.61.jar.sha1
diff --git a/plugins/ingest-attachment/licenses/bcpkix-jdk15on-1.64.jar.sha1 b/plugins/ingest-attachment/licenses/bcpkix-jdk15on-1.64.jar.sha1
@@ -0,0 +1 @@
+3dac163e20110817d850d17e0444852a6d7d0bd7
diff --git a/plugins/ingest-attachment/licenses/bcprov-jdk15on-1.61.jar.sha1 b/plugins/ingest-attachment/licenses/bcprov-jdk15on-1.61.jar.sha1
diff --git a/plugins/ingest-attachment/licenses/bcprov-jdk15on-1.64.jar.sha1 b/plugins/ingest-attachment/licenses/bcprov-jdk15on-1.64.jar.sha1
@@ -0,0 +1 @@
+1467dac1b787b5ad2a18201c0c281df69882259e
diff --git a/x-pack/plugin/security/cli/build.gradle b/x-pack/plugin/security/cli/build.gradle
@@ -24,6 +24,14 @@ forbiddenPatterns {
   exclude '**/*.jks'
 }
 
+thirdPartyAudit {
+  ignoreMissingClasses(
+    // Used in org.bouncycastle.pqc.crypto.qtesla.QTeslaKeyEncodingTests
+    'junit.framework.Assert',
+    'junit.framework.TestCase'
+  )
+}
+
 if (BuildParams.inFipsJvm) {
   test.enabled = false
   jarHell.enabled = false

diff --git a/x-pack/plugin/security/cli/licenses/bcpkix-jdk15on-1.61.jar.sha1 b/x-pack/plugin/security/cli/licenses/bcpkix-jdk15on-1.61.jar.sha1
diff --git a/x-pack/plugin/security/cli/licenses/bcpkix-jdk15on-1.64.jar.sha1 b/x-pack/plugin/security/cli/licenses/bcpkix-jdk15on-1.64.jar.sha1
@@ -0,0 +1 @@
+3dac163e20110817d850d17e0444852a6d7d0bd7
diff --git a/x-pack/plugin/security/cli/licenses/bcprov-jdk15on-1.61.jar.sha1 b/x-pack/plugin/security/cli/licenses/bcprov-jdk15on-1.61.jar.sha1
diff --git a/x-pack/plugin/security/cli/licenses/bcprov-jdk15on-1.64.jar.sha1 b/x-pack/plugin/security/cli/licenses/bcprov-jdk15on-1.64.jar.sha1
@@ -0,0 +1 @@
+1467dac1b787b5ad2a18201c0c281df69882259e
diff --git a/.../cli/src/test/java/org/elasticsearch/xpack/security/cli/CertificateGenerateToolTests.java b/.../cli/src/test/java/org/elasticsearch/xpack/security/cli/CertificateGenerateToolTests.java
@@ -7,12 +7,12 @@
 
 import com.google.common.jimfs.Configuration;
 import com.google.common.jimfs.Jimfs;
+import org.bouncycastle.asn1.DLTaggedObject;
 import org.elasticsearch.core.internal.io.IOUtils;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1String;
 import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERTaggedObject;
 import org.bouncycastle.asn1.pkcs.Attribute;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.x509.Extension;
@@ -489,8 +489,8 @@ private void assertSubjAltNames(GeneralNames subjAltNames, CertificateInformatio
                 assertThat(seq.size(), equalTo(2));
                 assertThat(seq.getObjectAt(0), instanceOf(ASN1ObjectIdentifier.class));
                 assertThat(seq.getObjectAt(0).toString(), equalTo(CN_OID));
-                assertThat(seq.getObjectAt(1), instanceOf(DERTaggedObject.class));
-                DERTaggedObject taggedName = (DERTaggedObject) seq.getObjectAt(1);
+                assertThat(seq.getObjectAt(1), instanceOf(DLTaggedObject.class));
+                DLTaggedObject taggedName = (DLTaggedObject) seq.getObjectAt(1);
                 assertThat(taggedName.getTagNo(), equalTo(0));
                 assertThat(taggedName.getObject(), instanceOf(ASN1String.class));
                 assertThat(taggedName.getObject().toString(), Matchers.isIn(certInfo.commonNames));

diff --git a/...y/cli/src/test/java/org/elasticsearch/xpack/security/cli/HttpCertificateCommandTests.java b/...y/cli/src/test/java/org/elasticsearch/xpack/security/cli/HttpCertificateCommandTests.java
@@ -11,7 +11,7 @@
 import joptsimple.OptionSet;
 import org.bouncycastle.asn1.DERIA5String;
 import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.DLSequence;
 import org.bouncycastle.asn1.pkcs.Attribute;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.x509.Extension;
@@ -606,7 +606,7 @@ private void verifyCertificationRequest(PKCS10CertificationRequest csr, String c
         final Attribute[] extensionAttributes = csr.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
         assertThat(extensionAttributes, arrayWithSize(1));
         assertThat(extensionAttributes[0].getAttributeValues(), arrayWithSize(1));
-        assertThat(extensionAttributes[0].getAttributeValues()[0], instanceOf(DERSequence.class));
+        assertThat(extensionAttributes[0].getAttributeValues()[0], instanceOf(DLSequence.class));
 
         // We register 1 extension - the subject alternative names
         final Extensions extensions = Extensions.getInstance(extensionAttributes[0].getAttributeValues()[0]);