maven: upgrade bouncycastle due to cve (apache#5949)

pjfanning · web-flow · commit c7885f55eb0b · 2022-02-09T00:22:28.000+05:30
Fixes: apache#5948
diff --git a/client/pom.xml b/client/pom.xml
@@ -564,6 +564,11 @@
                         <artifactId>bcpkix-jdk15on</artifactId>
                         <version>${cs.bcprov.version}</version>
                     </dependency>
+                    <dependency>
+                        <groupId>org.bouncycastle</groupId>
+                        <artifactId>bctls-jdk15on</artifactId>
+                        <version>${cs.bcprov.version}</version>
+                    </dependency>
                 </dependencies>
                 <configuration>
                     <supportedPackagings>
@@ -751,6 +756,12 @@
                                     <overWrite>false</overWrite>
                                     <outputDirectory>${project.build.directory}/lib</outputDirectory>
                                 </artifactItem>
+                                <artifactItem>
+                                    <groupId>org.bouncycastle</groupId>
+                                    <artifactId>bctls-jdk15on</artifactId>
+                                    <overWrite>false</overWrite>
+                                    <outputDirectory>${project.build.directory}/lib</outputDirectory>
+                                </artifactItem>
                             </artifactItems>
                         </configuration>
                     </execution>
@@ -786,6 +797,7 @@
                                     <exclude>org.apache.geronimo.specs:geronimo-javamail_1.4_spec</exclude>
                                     <exclude>org.bouncycastle:bcprov-jdk15on</exclude>
                                     <exclude>org.bouncycastle:bcpkix-jdk15on</exclude>
+                                    <exclude>org.bouncycastle:bctls-jdk15on</exclude>
                                     <exclude>mysql:mysql-connector-java</exclude>
                                 </excludes>
                             </artifactSet>
diff --git a/plugins/integrations/kubernetes-service/pom.xml b/plugins/integrations/kubernetes-service/pom.xml
@@ -126,6 +126,11 @@
             <artifactId>bcprov-jdk15on</artifactId>
             <version>${cs.bcprov.version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bctls-jdk15on</artifactId>
+            <version>${cs.bcprov.version}</version>
+        </dependency>
         <dependency>
             <groupId>joda-time</groupId>
             <artifactId>joda-time</artifactId>
diff --git a/pom.xml b/pom.xml
@@ -123,7 +123,7 @@
         <cs.axiom.version>1.2.8</cs.axiom.version>
         <cs.axis.version>1.4</cs.axis.version>
         <cs.batik.version>1.14</cs.batik.version>
-        <cs.bcprov.version>1.64</cs.bcprov.version>
+        <cs.bcprov.version>1.70</cs.bcprov.version>
         <cs.cglib.version>3.3.0</cs.cglib.version>
         <cs.checkstyle-lib.version>8.18</cs.checkstyle-lib.version>
         <cs.cxf.version>3.2.14</cs.cxf.version>
@@ -554,6 +554,11 @@
                 <artifactId>bcprov-jdk15on</artifactId>
                 <version>${cs.bcprov.version}</version>
             </dependency>
+            <dependency>
+                <groupId>org.bouncycastle</groupId>
+                <artifactId>bctls-jdk15on</artifactId>
+                <version>${cs.bcprov.version}</version>
+            </dependency>
             <dependency>
                 <groupId>org.codehaus.groovy</groupId>
                 <artifactId>groovy-all</artifactId>
diff --git a/services/console-proxy/rdpconsole/pom.xml b/services/console-proxy/rdpconsole/pom.xml
@@ -48,6 +48,10 @@
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcprov-jdk15on</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bctls-jdk15on</artifactId>
+        </dependency>
         <dependency>
             <groupId>com.sun.xml.security</groupId>
             <artifactId>xml-security-impl</artifactId>
diff --git a/services/console-proxy/rdpconsole/src/main/java/streamer/bco/BcoSocketWrapperImpl.java b/services/console-proxy/rdpconsole/src/main/java/streamer/bco/BcoSocketWrapperImpl.java
@@ -17,12 +17,13 @@
 package streamer.bco;
 
 import org.apache.log4j.Logger;
-import org.bouncycastle.crypto.tls.Certificate;
-import org.bouncycastle.crypto.tls.DefaultTlsClient;
-import org.bouncycastle.crypto.tls.ServerOnlyTlsAuthentication;
-import org.bouncycastle.crypto.tls.TlsAuthentication;
-import org.bouncycastle.crypto.tls.TlsClientProtocol;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.tls.DefaultTlsClient;
+import org.bouncycastle.tls.ServerOnlyTlsAuthentication;
+import org.bouncycastle.tls.TlsAuthentication;
+import org.bouncycastle.tls.TlsClientProtocol;
+import org.bouncycastle.tls.TlsServerCertificate;
+import org.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto;
 import streamer.Direction;
 import streamer.Event;
 import streamer.SocketWrapperImpl;
@@ -60,18 +61,18 @@ public void upgradeToSsl() {
 
         try {
 
-            SecureRandom secureRandom = new SecureRandom();
-            bcoSslSocket = new TlsClientProtocol(socket.getInputStream(), socket.getOutputStream(), secureRandom);
+            bcoSslSocket = new TlsClientProtocol(socket.getInputStream(), socket.getOutputStream());
 
-            bcoSslSocket.connect(new DefaultTlsClient() {
+            bcoSslSocket.connect(new DefaultTlsClient(new BcTlsCrypto(new SecureRandom())) {
                 @Override
                 public TlsAuthentication getAuthentication() throws IOException {
                     return new ServerOnlyTlsAuthentication() {
                         @Override
-                        public void notifyServerCertificate(final Certificate certificate) throws IOException {
+                        public void notifyServerCertificate(final TlsServerCertificate certificate) throws IOException {
                             try {
                                 if (sslState != null) {
-                                    sslState.serverCertificateSubjectPublicKeyInfo = certificate.getCertificateAt(0).getSubjectPublicKeyInfo().getEncoded();
+                                    sslState.serverCertificateSubjectPublicKeyInfo =
+                                            certificate.getCertificate().getCertificateAt(0).getEncoded();
                                 }
                             } catch (IOException e) {
                                 throw new RuntimeException("Cannot get server public key.", e);
diff --git a/utils/pom.xml b/utils/pom.xml
@@ -70,6 +70,10 @@
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcpkix-jdk15on</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bctls-jdk15on</artifactId>
+        </dependency>
         <dependency>
             <groupId>com.jcraft</groupId>
             <artifactId>jsch</artifactId>
