Uploaded image for project: 'RESTEasy'
  1. RESTEasy
  2. RESTEASY-3344

Upgrade BouncyCastle to 1.76

XMLWordPrintable

    • Icon: Component Upgrade Component Upgrade
    • Resolution: Done
    • Icon: Major Major
    • 7.0.0.Alpha1
    • None
    • None
    • None

      Tag: https://github.com/bcgit/bc-java/releases/tag/r1rv76
      Diff: https://github.com/bcgit/bc-java/compare/r1rv75...r1rv76

      As of 2023-07-07 this has not yet been released and is a place holder. This upgrade should include https://github.com/bcgit/bc-java/commit/393c3669ff7fbc6835b34e6a24b50c55c7868ff8 which fixes a bug found in RESTEasy when running with the security manager enabled.

      Example stack trace:

      Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.security.SecurityPermission" "removeProviderProperty.BC")" in code source "(vfs:/content/PKCS7SignatureSmokeTest.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.PKCS7SignatureSmokeTest.war" from Service Module Loader")
	at org.wildfly.security.elytron-base@2.2.1.Final//org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:309)
	at org.wildfly.security.elytron-base@2.2.1.Final//org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:201)
	at java.base/java.lang.SecurityManager.checkSecurityAccess(SecurityManager.java:1435)
	at org.wildfly.security.elytron-base@2.2.1.Final//org.wildfly.security.manager.WildFlySecurityManager.checkSecurityAccess(WildFlySecurityManager.java:595)
	at java.base/java.security.Provider.check(Provider.java:851)
	at java.base/java.security.Provider.remove(Provider.java:559)
	at org.bouncycastle.bcprov@1.75.0.0//org.bouncycastle.jce.provider.BouncyCastleProvider.getService(BouncyCastleProvider.java:277)
	at java.base/sun.security.jca.GetInstance.getService(GetInstance.java:85)
	at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:206)
	at java.base/java.security.KeyPairGenerator.getInstance(KeyPairGenerator.java:300)
	at deployment.PKCS7SignatureSmokeTest.war//org.jboss.resteasy.test.crypto.resource.PKCS7SignatureSmokeResource.<init>(PKCS7SignatureSmokeResource.java:24)
	... 38 more

              jperkins-rhn James Perkins
              jperkins-rhn James Perkins
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: