Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue-973 (part1) - Removing direct dependency on BouncyCastle librar… #976

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Issue-973 (part1) - Removing direct dependency on BouncyCastle librar… #976

wants to merge 1 commit into from

Conversation

uttamgupta
Copy link

Issue-973 (part1) - Removing direct dependency on BouncyCastle library and using JCE.

  • This is first change towards removing direct dependency on BouncyCastle.
  • Removed the imports org.bouncycastle.crypto.prng.RandomGenerator and org.bouncycastle.crypto.prng.VMPCRandomGenerator from the file BouncyCastleRandom.java, eliminating the direct dependency on BouncyCastle. Now using JCE with a provider, allowing SecureRandom to utilize the BC provider.
  • Added a new class, BouncyCastleFipsRandom, similar to BouncyCastleRandom.java, which leverages the BCFIPS provider to create SecureRandom instances.
  • Upgraded gradle plugin, groovy and Mockito versions to ensure compatibility with Java 21. from org.spockframework:spock-core:2.3-groovy-3.0 to org.spockframework:spock-core:2.4-M5-groovy-4.0 from org.mockito:mockito-core:4.11.0 to org.mockito:mockito-core:5.15.2 from gradle-8.2-bin.zip to gradle-8.11-bin.zip Testing: I have run gradle clean build with java 11 and Java 21 and works. Test Gradle Test Executor 2; Executed: 470/469/0
    ✓ Test Gradle Test Run :test; Executed: 470/469/0

@uttamgupta
Issue-973 (part1) - Removing direct dependency on BouncyCastle librar…
bfa82b4 
…y and using JCE.

- This is first change towards removing direct dependency on BouncyCastle.
- Removed the imports org.bouncycastle.crypto.prng.RandomGenerator and
  org.bouncycastle.crypto.prng.VMPCRandomGenerator from the file
  BouncyCastleRandom.java, eliminating the direct dependency on BouncyCastle.
  Now using JCE with a provider, allowing SecureRandom to utilize the BC provider.
- Added a new class, BouncyCastleFipsRandom, similar to BouncyCastleRandom.java,
  which leverages the BCFIPS provider to create SecureRandom instances.
- Upgraded gradle plugin, groovy and Mockito versions to ensure compatibility with Java 21.
  from org.spockframework:spock-core:2.3-groovy-3.0 to org.spockframework:spock-core:2.4-M5-groovy-4.0
  from org.mockito:mockito-core:4.11.0 to org.mockito:mockito-core:5.15.2
  from gradle-8.2-bin.zip to gradle-8.11-bin.zip
 Testing: I have run gradle clean build with java 11 and Java 21 and works.
Test Gradle Test Executor 2; Executed: 470/469/0
✓ Test Gradle Test Run :test; Executed: 470/469/0
@uttamgupta
Copy link
Author

I have built with Java 11 and Java 21.
echo $JAVA_HOME
/Library/Java/JavaVirtualMachines/zulu11/zulu11.56.20-sa-jdk11.0.15-macosx_aarch64/zulu-11.jdk/Contents/Home/
ugupta@H77HXDL0QW~/work/sshj/sshj % ./gradlew clean build

Task :compileJava
Note: Some input files use unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.

Task :compileTestJava
Note: Some input files use or override a deprecated API.
Note: Recompile with -Xlint:deprecation for details.
Note: /Users/ugupta/work/sshj/sshj/src/test/java/com/hierynomus/sshj/transport/kex/KeyExchangeTest.java uses unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.

Task :test
✓ Test should determine correct keytype for #type key; Executed: 3/3/0
✓ Test com.hierynomus.sshj.common.KeyTypeSpec; Executed: 4/4/0
✓ Test com.hierynomus.sshj.connection.channel.direct.LocalPortForwarderSpec; Executed: 1/1/0
✓ Test should copy #sourceType->#targetType if #targetExists with #named name; Executed: 7/7/0
✓ Test com.hierynomus.sshj.sftp.SFTPClientSpec; Executed: 12/12/0
✓ Test com.hierynomus.sshj.transport.IdentificationStringParserSpec; Executed: 6/6/0
✓ Test should have #format FileKeyProvider enabled by default; Executed: 2/2/0
✓ Test com.hierynomus.sshj.userauth.keyprovider.FileKeyProviderSpec; Executed: 2/2/0c
✓ Test net.schmizz.sshj.ConfigImplSpec; Executed: 5/5/0
✓ Test should correctly componentize path "#input"; Executed: 7/7/0
✓ Test net.schmizz.sshj.sftp.PathHelperSpec; Executed: 7/7/0
✓ Test status #status should have status code #code; Executed: 33/33/0
✓ Test net.schmizz.sshj.sftp.ResponseStatusCodeSpec; Executed: 33/33/0
✓ Test should verify signature; Executed: 2/2/0
✓ Test net.schmizz.sshj.signature.SignatureDSASpec; Executed: 2/2/0
✓ Test should accept #digest fingerprints; Executed: 4/4/0
✓ Test should accept too short #digest fingerprints; Executed: 2/2/0
✓ Test net.schmizz.sshj.transport.verification.FingerprintVerifierSpec; Executed: 7/7/0
✓ Test accepting a cert-authority key #hostKey; Executed: 30/30/0
✓ Test verifying a valid host certificate #hostKey; Executed: 30/30/0
✓ Test net.schmizz.sshj.transport.verification.KeyWithCertificateUnitSpec; Executed: 65/65/0
✓ Test net.schmizz.sshj.xfer.FileSystemFileSpec; Executed: 3/3/0
✓ Test com.hierynomus.sshj.connection.channel.ChannelCloseEofTest; Executed: 1/1/0
✓ Test com.hierynomus.sshj.connection.channel.direct.CommandTest; Executed: 1/1/0
✓ Test com.hierynomus.sshj.connection.channel.forwarded.LocalPortForwarderTest; Executed: 3/3/0
✓ Test com.hierynomus.sshj.connection.channel.forwarded.RemotePFPerformanceTest; Executed: 1/0/0
✓ Test com.hierynomus.sshj.connection.channel.forwarded.RemotePortForwarderTest; Executed: 7/7/0
✓ Test com.hierynomus.sshj.keepalive.KeepAliveThreadTerminationTest; Executed: 2/2/0
✓ Test com.hierynomus.sshj.sftp.RemoteFileTest; Executed: 7/7/0
✓ Test com.hierynomus.sshj.transport.ChachaPolyCipherTest; Executed: 4/4/0
✓ Test com.hierynomus.sshj.transport.DisconnectionTest; Executed: 5/5/0
✓ Test testDecryptPacket(String, int); Executed: 2/2/0
✓ Test com.hierynomus.sshj.transport.GcmCipherDecryptSshPacketTest; Executed: 2/2/0
✓ Test testEncryptDecrypt(Factory); Executed: 2/2/0
✓ Test com.hierynomus.sshj.transport.GcmCipherTest; Executed: 2/2/0
✓ Test keyExchangeTests(); Executed: 12/12/0
✓ Test com.hierynomus.sshj.transport.kex.KeyExchangeTest; Executed: 12/12/0
✓ Test shouldMatchHostnameToPattern(String, String, boolean); Executed: 24/24/0
✓ Test com.hierynomus.sshj.transport.verification.KnownHostMatchersTest; Executed: 24/24/0
✓ Test shouldRetainCommentAtEndOfLine(String, String); Executed: 5/5/0
✓ Test com.hierynomus.sshj.transport.verification.OpenSSHKnownHostsTest; Executed: 17/17/0
✓ Test com.hierynomus.sshj.userauth.GssApiTest; Executed: 1/1/0
✓ Test com.hierynomus.sshj.userauth.keyprovider.bcrypt.BCryptTest; Executed: 2/2/0
✓ Test com.hierynomus.sshj.userauth.method.AuthKeyboardInteractiveTest; Executed: 1/1/0
✓ Test com.hierynomus.sshj.userauth.method.AuthPasswordTest; Executed: 5/5/0yptTest
✓ Test com.hierynomus.sshj.userauth.method.PasswordResponseProviderTest; Executed: 5/5/0
✓ Test connectsIfUnconnected(Connector); Executed: 2/2/0
✓ Test handlesConnected(Connector); Executed: 2/2/0
✓ Test net.schmizz.sshj.ConnectedSocketTest; Executed: 4/4/0
✓ Test net.schmizz.sshj.DefaultSecurityProviderConfigTest; Executed: 1/1/0
✓ Test net.schmizz.sshj.SmokeTest; Executed: 2/2/0
✓ Test net.schmizz.sshj.common.BufferTest; Executed: 11/11/0
✓ Test net.schmizz.sshj.common.CircularBufferTest; Executed: 14/14/0
✓ Test net.schmizz.sshj.common.StreamCopierTest; Executed: 1/1/0
✓ Test net.schmizz.sshj.connection.channel.SocketStreamCopyMonitorTest; Executed: 3/3/0
✓ Test net.schmizz.sshj.connection.channel.direct.ParametersTest; Executed: 7/7/0
✓ Test corruptedPublicKey(String, String); Executed: 4/4/0
✓ Test net.schmizz.sshj.keyprovider.CorruptedPublicKeyTest; Executed: 4/4/0
✓ Test net.schmizz.sshj.keyprovider.KeyProviderUtilTest; Executed: 6/6/0Test
✓ Test net.schmizz.sshj.keyprovider.OpenSSHKeyFileTest; Executed: 27/27/0
✓ Test net.schmizz.sshj.keyprovider.PKCS8KeyFileTest; Executed: 9/9/0
✓ Test net.schmizz.sshj.keyprovider.PuTTYKeyFileTest; Executed: 19/19/0
✓ Test net.schmizz.sshj.sftp.FileModeTest; Executed: 2/2/0
✓ Test net.schmizz.sshj.sftp.PacketReaderTest; Executed: 2/2/0
✓ Test net.schmizz.sshj.sftp.RemoteFileRenameTest; Executed: 6/6/0
✓ Test net.schmizz.sshj.sftp.SFTPClientTest; Executed: 1/1/0
✓ Test net.schmizz.sshj.sftp.SFTPFileTransferTest; Executed: 8/8/0
✓ Test net.schmizz.sshj.signature.SignatureDSATest; Executed: 1/1/0
✓ Test net.schmizz.sshj.signature.SignatureECDSATest; Executed: 3/3/0
✓ Test net.schmizz.sshj.signature.SignatureRSATest; Executed: 1/1/0
✓ Test net.schmizz.sshj.transport.DecoderDecryptGcmCipherSshPacketTest; Executed: 3/3/0
✓ Test net.schmizz.sshj.transport.KeyExchangeRepeatTest; Executed: 2/2/0
✓ Test net.schmizz.sshj.transport.KeyExchangerStrictKeyExchangeTest; Executed: 9/9/0
✓ Test forbidUnexpectedPacketsDuringStrictKeyExchange(Message); Executed: 29/29/0
✓ Test expectedPacketsDuringStrictKeyExchangeAreHandled(Message); Executed: 7/7/0
✓ Test net.schmizz.sshj.transport.TransportImplStrictKeyExchangeTest; Executed: 38/38/0
✓ Test net.schmizz.sshj.transport.kex.Curve25519DHTest; Executed: 2/2/0
✓ Test net.schmizz.sshj.transport.mac.BaseMacTest; Executed: 6/6/0
✓ Test net.schmizz.sshj.transport.mac.HMACMD596Test; Executed: 3/3/0Test
✓ Test net.schmizz.sshj.transport.mac.HMACMD5Test; Executed: 3/3/0
✓ Test net.schmizz.sshj.transport.mac.HMACSHA196Test; Executed: 3/3/0
✓ Test net.schmizz.sshj.transport.mac.HMACSHA1Test; Executed: 3/3/0
✓ Test net.schmizz.sshj.transport.mac.HMACSHA2256Test; Executed: 3/3/0
✓ Test net.schmizz.sshj.transport.mac.HMACSHA2512Test; Executed: 3/3/0
✓ Test net.schmizz.sshj.util.BufferTest; Executed: 6/6/0
✓ Test net.schmizz.sshj.xfer.scp.SCPFileTransferTest; Executed: 5/5/0
✓ Test Gradle Test Executor 4; Executed: 470/469/0
✓ Test Gradle Test Run :test; Executed: 470/469/0
[Incubating] Problems report is available at: file:///Users/ugupta/work/sshj/sshj/build/reports/problems/problems-report.html

Deprecated Gradle features were used in this build, making it incompatible with Gradle 9.0.

You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins.

For more on this, please refer to https://docs.gradle.org/8.11/userguide/command_line_interface.html#sec:command_line_warnings in the Gradle documentation.

BUILD SUCCESSFUL in 38s
16 actionable tasks: 13 executed, 3 up-to-date

@uttamgupta
Copy link
Author

uttamgupta commented Jan 18, 2025
edited
Loading

Hi @hierynomus & @exceptionfactory,
Could you please approve my pull request to run workflow?
Thanks

@exceptionfactory
Copy link
Contributor

Hi @hierynomus & @exceptionfactory, Could you please approve my pull request to run workflow? Thanks

I am not a maintainer on the project, so this requires approval from @hierynomus.

@uttamgupta
Copy link
Author

@hierynomus Could you please allow me to run test workflow on this pull request.

@uttamgupta uttamgupta mentioned this pull request Jan 23, 2025
Open
@uttamgupta
Copy link
Author

@hierynomus I am wondering what the procedure is to contribute to this repo. I don't have permission to run the workflow. Do I need to get approval first, or is there a step I'm missing?

@hierynomus
Copy link
Owner

As a first time contributor, GH will not automatically run a workflow for a PR. THe maintainers need to approve, i.e. me :)

And as I'm pretty tied up in paid work atm, I don't always have time to review.

@hierynomus
Copy link
Owner

These classes now feel awfully duplicated, with only a single parameter difference....

@uttamgupta
Copy link
Author

uttamgupta commented Feb 7, 2025
edited
Loading

These classes now feel awfully duplicated, with only a single parameter difference....

Thanks for your time and giving permission to run workflow. I created a separate class for the BCFIPS provider because these factory classes abstract the security provider. The class BouncyCastleRandom uses the regular BC provider, while BouncyCastleFipsRandom uses the BCFIPS provider, both of which are abstracted. If you want me to combine them into one class, I would need to check which provider is currently set, BC, BCFIPS, or none. I will update code after combining.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hierynomus hierynomus Awaiting requested review from hierynomus hierynomus is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@uttamgupta @exceptionfactory @hierynomus