Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Issue-973 (part1) - Removing direct dependency on BouncyCastle librar… #976

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

uttamgupta
Copy link

Issue-973 (part1) - Removing direct dependency on BouncyCastle library and using JCE.

  • This is first change towards removing direct dependency on BouncyCastle.
  • Removed the imports org.bouncycastle.crypto.prng.RandomGenerator and org.bouncycastle.crypto.prng.VMPCRandomGenerator from the file BouncyCastleRandom.java, eliminating the direct dependency on BouncyCastle. Now using JCE with a provider, allowing SecureRandom to utilize the BC provider.
  • Added a new class, BouncyCastleFipsRandom, similar to BouncyCastleRandom.java, which leverages the BCFIPS provider to create SecureRandom instances.
  • Upgraded gradle plugin, groovy and Mockito versions to ensure compatibility with Java 21. from org.spockframework:spock-core:2.3-groovy-3.0 to org.spockframework:spock-core:2.4-M5-groovy-4.0 from org.mockito:mockito-core:4.11.0 to org.mockito:mockito-core:5.15.2 from gradle-8.2-bin.zip to gradle-8.11-bin.zip Testing: I have run gradle clean build with java 11 and Java 21 and works. Test Gradle Test Executor 2; Executed: 470/469/0
    ✓ Test Gradle Test Run :test; Executed: 470/469/0

…y and using JCE.

- This is first change towards removing direct dependency on BouncyCastle.
- Removed the imports org.bouncycastle.crypto.prng.RandomGenerator and
  org.bouncycastle.crypto.prng.VMPCRandomGenerator from the file
  BouncyCastleRandom.java, eliminating the direct dependency on BouncyCastle.
  Now using JCE with a provider, allowing SecureRandom to utilize the BC provider.
- Added a new class, BouncyCastleFipsRandom, similar to BouncyCastleRandom.java,
  which leverages the BCFIPS provider to create SecureRandom instances.
- Upgraded gradle plugin, groovy and Mockito versions to ensure compatibility with Java 21.
  from org.spockframework:spock-core:2.3-groovy-3.0 to org.spockframework:spock-core:2.4-M5-groovy-4.0
  from org.mockito:mockito-core:4.11.0 to org.mockito:mockito-core:5.15.2
  from gradle-8.2-bin.zip to gradle-8.11-bin.zip
 Testing: I have run gradle clean build with java 11 and Java 21 and works.
Test Gradle Test Executor 2; Executed: 470/469/0
✓ Test Gradle Test Run :test; Executed: 470/469/0
@uttamgupta
Copy link
Author

I have built with Java 11 and Java 21.
echo $JAVA_HOME
/Library/Java/JavaVirtualMachines/zulu11/zulu11.56.20-sa-jdk11.0.15-macosx_aarch64/zulu-11.jdk/Contents/Home/
ugupta@H77HXDL0QW~/work/sshj/sshj % ./gradlew clean build

Task :compileJava
Note: Some input files use unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.

Task :compileTestJava
Note: Some input files use or override a deprecated API.
Note: Recompile with -Xlint:deprecation for details.
Note: /Users/ugupta/work/sshj/sshj/src/test/java/com/hierynomus/sshj/transport/kex/KeyExchangeTest.java uses unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.

Task :test
✓ Test should determine correct keytype for #type key; Executed: 3/3/0
✓ Test com.hierynomus.sshj.common.KeyTypeSpec; Executed: 4/4/0
✓ Test com.hierynomus.sshj.connection.channel.direct.LocalPortForwarderSpec; Executed: 1/1/0
✓ Test should copy #sourceType->#targetType if #targetExists with #named name; Executed: 7/7/0
✓ Test com.hierynomus.sshj.sftp.SFTPClientSpec; Executed: 12/12/0
✓ Test com.hierynomus.sshj.transport.IdentificationStringParserSpec; Executed: 6/6/0
✓ Test should have #format FileKeyProvider enabled by default; Executed: 2/2/0
✓ Test com.hierynomus.sshj.userauth.keyprovider.FileKeyProviderSpec; Executed: 2/2/0c
✓ Test net.schmizz.sshj.ConfigImplSpec; Executed: 5/5/0
✓ Test should correctly componentize path "#input"; Executed: 7/7/0
✓ Test net.schmizz.sshj.sftp.PathHelperSpec; Executed: 7/7/0
✓ Test status #status should have status code #code; Executed: 33/33/0
✓ Test net.schmizz.sshj.sftp.ResponseStatusCodeSpec; Executed: 33/33/0
✓ Test should verify signature; Executed: 2/2/0
✓ Test net.schmizz.sshj.signature.SignatureDSASpec; Executed: 2/2/0
✓ Test should accept #digest fingerprints; Executed: 4/4/0
✓ Test should accept too short #digest fingerprints; Executed: 2/2/0
✓ Test net.schmizz.sshj.transport.verification.FingerprintVerifierSpec; Executed: 7/7/0
✓ Test accepting a cert-authority key #hostKey; Executed: 30/30/0
✓ Test verifying a valid host certificate #hostKey; Executed: 30/30/0
✓ Test net.schmizz.sshj.transport.verification.KeyWithCertificateUnitSpec; Executed: 65/65/0
✓ Test net.schmizz.sshj.xfer.FileSystemFileSpec; Executed: 3/3/0
✓ Test com.hierynomus.sshj.connection.channel.ChannelCloseEofTest; Executed: 1/1/0
✓ Test com.hierynomus.sshj.connection.channel.direct.CommandTest; Executed: 1/1/0
✓ Test com.hierynomus.sshj.connection.channel.forwarded.LocalPortForwarderTest; Executed: 3/3/0
✓ Test com.hierynomus.sshj.connection.channel.forwarded.RemotePFPerformanceTest; Executed: 1/0/0
✓ Test com.hierynomus.sshj.connection.channel.forwarded.RemotePortForwarderTest; Executed: 7/7/0
✓ Test com.hierynomus.sshj.keepalive.KeepAliveThreadTerminationTest; Executed: 2/2/0
✓ Test com.hierynomus.sshj.sftp.RemoteFileTest; Executed: 7/7/0
✓ Test com.hierynomus.sshj.transport.ChachaPolyCipherTest; Executed: 4/4/0
✓ Test com.hierynomus.sshj.transport.DisconnectionTest; Executed: 5/5/0
✓ Test testDecryptPacket(String, int); Executed: 2/2/0
✓ Test com.hierynomus.sshj.transport.GcmCipherDecryptSshPacketTest; Executed: 2/2/0
✓ Test testEncryptDecrypt(Factory); Executed: 2/2/0
✓ Test com.hierynomus.sshj.transport.GcmCipherTest; Executed: 2/2/0
✓ Test keyExchangeTests(); Executed: 12/12/0
✓ Test com.hierynomus.sshj.transport.kex.KeyExchangeTest; Executed: 12/12/0
✓ Test shouldMatchHostnameToPattern(String, String, boolean); Executed: 24/24/0
✓ Test com.hierynomus.sshj.transport.verification.KnownHostMatchersTest; Executed: 24/24/0
✓ Test shouldRetainCommentAtEndOfLine(String, String); Executed: 5/5/0
✓ Test com.hierynomus.sshj.transport.verification.OpenSSHKnownHostsTest; Executed: 17/17/0
✓ Test com.hierynomus.sshj.userauth.GssApiTest; Executed: 1/1/0
✓ Test com.hierynomus.sshj.userauth.keyprovider.bcrypt.BCryptTest; Executed: 2/2/0
✓ Test com.hierynomus.sshj.userauth.method.AuthKeyboardInteractiveTest; Executed: 1/1/0
✓ Test com.hierynomus.sshj.userauth.method.AuthPasswordTest; Executed: 5/5/0yptTest
✓ Test com.hierynomus.sshj.userauth.method.PasswordResponseProviderTest; Executed: 5/5/0
✓ Test connectsIfUnconnected(Connector); Executed: 2/2/0
✓ Test handlesConnected(Connector); Executed: 2/2/0
✓ Test net.schmizz.sshj.ConnectedSocketTest; Executed: 4/4/0
✓ Test net.schmizz.sshj.DefaultSecurityProviderConfigTest; Executed: 1/1/0
✓ Test net.schmizz.sshj.SmokeTest; Executed: 2/2/0
✓ Test net.schmizz.sshj.common.BufferTest; Executed: 11/11/0
✓ Test net.schmizz.sshj.common.CircularBufferTest; Executed: 14/14/0
✓ Test net.schmizz.sshj.common.StreamCopierTest; Executed: 1/1/0
✓ Test net.schmizz.sshj.connection.channel.SocketStreamCopyMonitorTest; Executed: 3/3/0
✓ Test net.schmizz.sshj.connection.channel.direct.ParametersTest; Executed: 7/7/0
✓ Test corruptedPublicKey(String, String); Executed: 4/4/0
✓ Test net.schmizz.sshj.keyprovider.CorruptedPublicKeyTest; Executed: 4/4/0
✓ Test net.schmizz.sshj.keyprovider.KeyProviderUtilTest; Executed: 6/6/0Test
✓ Test net.schmizz.sshj.keyprovider.OpenSSHKeyFileTest; Executed: 27/27/0
✓ Test net.schmizz.sshj.keyprovider.PKCS8KeyFileTest; Executed: 9/9/0
✓ Test net.schmizz.sshj.keyprovider.PuTTYKeyFileTest; Executed: 19/19/0
✓ Test net.schmizz.sshj.sftp.FileModeTest; Executed: 2/2/0
✓ Test net.schmizz.sshj.sftp.PacketReaderTest; Executed: 2/2/0
✓ Test net.schmizz.sshj.sftp.RemoteFileRenameTest; Executed: 6/6/0
✓ Test net.schmizz.sshj.sftp.SFTPClientTest; Executed: 1/1/0
✓ Test net.schmizz.sshj.sftp.SFTPFileTransferTest; Executed: 8/8/0
✓ Test net.schmizz.sshj.signature.SignatureDSATest; Executed: 1/1/0
✓ Test net.schmizz.sshj.signature.SignatureECDSATest; Executed: 3/3/0
✓ Test net.schmizz.sshj.signature.SignatureRSATest; Executed: 1/1/0
✓ Test net.schmizz.sshj.transport.DecoderDecryptGcmCipherSshPacketTest; Executed: 3/3/0
✓ Test net.schmizz.sshj.transport.KeyExchangeRepeatTest; Executed: 2/2/0
✓ Test net.schmizz.sshj.transport.KeyExchangerStrictKeyExchangeTest; Executed: 9/9/0
✓ Test forbidUnexpectedPacketsDuringStrictKeyExchange(Message); Executed: 29/29/0
✓ Test expectedPacketsDuringStrictKeyExchangeAreHandled(Message); Executed: 7/7/0
✓ Test net.schmizz.sshj.transport.TransportImplStrictKeyExchangeTest; Executed: 38/38/0
✓ Test net.schmizz.sshj.transport.kex.Curve25519DHTest; Executed: 2/2/0
✓ Test net.schmizz.sshj.transport.mac.BaseMacTest; Executed: 6/6/0
✓ Test net.schmizz.sshj.transport.mac.HMACMD596Test; Executed: 3/3/0Test
✓ Test net.schmizz.sshj.transport.mac.HMACMD5Test; Executed: 3/3/0
✓ Test net.schmizz.sshj.transport.mac.HMACSHA196Test; Executed: 3/3/0
✓ Test net.schmizz.sshj.transport.mac.HMACSHA1Test; Executed: 3/3/0
✓ Test net.schmizz.sshj.transport.mac.HMACSHA2256Test; Executed: 3/3/0
✓ Test net.schmizz.sshj.transport.mac.HMACSHA2512Test; Executed: 3/3/0
✓ Test net.schmizz.sshj.util.BufferTest; Executed: 6/6/0
✓ Test net.schmizz.sshj.xfer.scp.SCPFileTransferTest; Executed: 5/5/0
✓ Test Gradle Test Executor 4; Executed: 470/469/0
✓ Test Gradle Test Run :test; Executed: 470/469/0
[Incubating] Problems report is available at: file:///Users/ugupta/work/sshj/sshj/build/reports/problems/problems-report.html

Deprecated Gradle features were used in this build, making it incompatible with Gradle 9.0.

You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins.

For more on this, please refer to https://docs.gradle.org/8.11/userguide/command_line_interface.html#sec:command_line_warnings in the Gradle documentation.

BUILD SUCCESSFUL in 38s
16 actionable tasks: 13 executed, 3 up-to-date

@uttamgupta
Copy link
Author

uttamgupta commented Jan 18, 2025

Hi @hierynomus & @exceptionfactory,
Could you please approve my pull request to run workflow?
Thanks

@exceptionfactory
Copy link
Contributor

Hi @hierynomus & @exceptionfactory, Could you please approve my pull request to run workflow? Thanks

I am not a maintainer on the project, so this requires approval from @hierynomus.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants