Introduce Bouncy Castle FIPS

diff --git a/repackage/Makefile b/repackage/Makefile
index 62f1c04e940f71c1b6f37fa706062efbd0bee078..799cbfda7df635a49a99091ba57e52b4341695c8 100644 (file)
--- a/repackage/Makefile
+++ b/repackage/Makefile
@@ -22,5 +22,9 @@ org.argeo.tp.utils \
 org.argeo.tp.jcr \
 org.argeo.tp.poi \
 org.argeo.tp.gis \
+org.argeo.tp.fips \
+
+# NOTE: FIPS support is experimental, in order to preapre for the 2.0.0 stream
+# see https://www.bouncycastle.org/fips_java_roadmap.html
 
 include  $(SDK_SRC_BASE)/sdk/argeo-build/repackage.mk
\ No newline at end of file

diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/bcmail.bnd b/repackage/org.argeo.tp.crypto/bouncycastle/bcmail.bnd
new file mode 100644 (file)
index 0000000..ec30584
--- /dev/null
+++ b/repackage/org.argeo.tp.crypto/bouncycastle/bcmail.bnd
@@ -0,0 +1 @@
+Argeo-Origin-M2: org.bouncycastle:bcmail-jdk18on

diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/bcpg.bnd b/repackage/org.argeo.tp.crypto/bouncycastle/bcpg.bnd
new file mode 100644 (file)
index 0000000..86d4e74
--- /dev/null
+++ b/repackage/org.argeo.tp.crypto/bouncycastle/bcpg.bnd
@@ -0,0 +1 @@
+Argeo-Origin-M2: org.bouncycastle:bcpg-jdk18on:1.72.2

diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/bcpkix.bnd b/repackage/org.argeo.tp.crypto/bouncycastle/bcpkix.bnd
new file mode 100644 (file)
index 0000000..1634680
--- /dev/null
+++ b/repackage/org.argeo.tp.crypto/bouncycastle/bcpkix.bnd
@@ -0,0 +1 @@
+Argeo-Origin-M2: org.bouncycastle:bcpkix-jdk18on

diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/bcprov.bnd b/repackage/org.argeo.tp.crypto/bouncycastle/bcprov.bnd
new file mode 100644 (file)
index 0000000..2941b4e
--- /dev/null
+++ b/repackage/org.argeo.tp.crypto/bouncycastle/bcprov.bnd
@@ -0,0 +1 @@
+Argeo-Origin-M2: org.bouncycastle:bcprov-jdk18on

diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/bctls.bnd b/repackage/org.argeo.tp.crypto/bouncycastle/bctls.bnd
new file mode 100644 (file)
index 0000000..5ac9fb2
--- /dev/null
+++ b/repackage/org.argeo.tp.crypto/bouncycastle/bctls.bnd
@@ -0,0 +1 @@
+Argeo-Origin-M2: org.bouncycastle:bctls-jdk18on

diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/bcutil.bnd b/repackage/org.argeo.tp.crypto/bouncycastle/bcutil.bnd
new file mode 100644 (file)
index 0000000..0a71f96
--- /dev/null
+++ b/repackage/org.argeo.tp.crypto/bouncycastle/bcutil.bnd
@@ -0,0 +1 @@
+Argeo-Origin-M2: org.bouncycastle:bcutil-jdk18on

diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/common.bnd b/repackage/org.argeo.tp.crypto/bouncycastle/common.bnd
index aad8cdff1262eaf2765f0bad514fc241977972ec..0c2cd379f3ce268a6a3d2aaaf61cc7b16b8b04d9 100644 (file)
--- a/repackage/org.argeo.tp.crypto/bouncycastle/common.bnd
+++ b/repackage/org.argeo.tp.crypto/bouncycastle/common.bnd
@@ -1,2 +1,3 @@
 SPDX-License-Identifier: MIT
 Argeo-Origin-M2: :1.72
+Argeo-Origin-NoMetadataGeneration: true

diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.mail.bnd b/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.mail.bnd
deleted file mode 100644 (file)
index 55de32d..0000000
--- a/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.mail.bnd
+++ /dev/null
@@ -1,2 +0,0 @@
-Argeo-Origin-NoMetadataGeneration: true
-Argeo-Origin-M2: org.bouncycastle:bcmail-jdk18on

diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.pg.bnd b/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.pg.bnd
deleted file mode 100644 (file)
index 70b7352..0000000
--- a/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.pg.bnd
+++ /dev/null
@@ -1,2 +0,0 @@
-Argeo-Origin-NoMetadataGeneration: true
-Argeo-Origin-M2: org.bouncycastle:bcpg-jdk18on:1.72.2

diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.pkix.bnd b/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.pkix.bnd
deleted file mode 100644 (file)
index 78ba1b3..0000000
--- a/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.pkix.bnd
+++ /dev/null
@@ -1,2 +0,0 @@
-Argeo-Origin-NoMetadataGeneration: true
-Argeo-Origin-M2: org.bouncycastle:bcpkix-jdk18on

diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.provider.bnd b/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.provider.bnd
deleted file mode 100644 (file)
index bbe70be..0000000
--- a/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.provider.bnd
+++ /dev/null
@@ -1,2 +0,0 @@
-Argeo-Origin-NoMetadataGeneration: true
-Argeo-Origin-M2: org.bouncycastle:bcprov-jdk18on

diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.util.bnd b/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.util.bnd
deleted file mode 100644 (file)
index ad1134b..0000000
--- a/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.util.bnd
+++ /dev/null
@@ -1,2 +0,0 @@
-Argeo-Origin-NoMetadataGeneration: true
-Argeo-Origin-M2: org.bouncycastle:bcutil-jdk18on

diff --git a/repackage/org.argeo.tp.fips/bouncycastle/bc-fips.bnd.disabled b/repackage/org.argeo.tp.fips/bouncycastle/bc-fips.bnd.disabled
new file mode 100644 (file)
index 0000000..b3384ca
--- /dev/null
+++ b/repackage/org.argeo.tp.fips/bouncycastle/bc-fips.bnd.disabled
@@ -0,0 +1,3 @@
+# !! The current version is unsafe, see:
+# https://github.com/bcgit/bc-java/wiki/CVE-2022-45146
+Argeo-Origin-M2: org.bouncycastle:bc-fips

diff --git a/repackage/org.argeo.tp.fips/bouncycastle/bc-noncert.bnd b/repackage/org.argeo.tp.fips/bouncycastle/bc-noncert.bnd
new file mode 100644 (file)
index 0000000..4788299
--- /dev/null
+++ b/repackage/org.argeo.tp.fips/bouncycastle/bc-noncert.bnd
@@ -0,0 +1,5 @@
+# !! The current version is unsafe, see:
+# https://github.com/bcgit/bc-java/wiki/CVE-2022-45146
+Argeo-Origin-M2: org.bouncycastle:bc-noncert:1.0.2.4
+Argeo-Origin-URI: https://downloads.bouncycastle.org/fips-java/bc-noncert-1.0.2.4.jar
+Argeo-Origin-Sources-URI: https://downloads.bouncycastle.org/fips-java/bc-noncert-1.0.2.4-sources.jar

diff --git a/repackage/org.argeo.tp.fips/bouncycastle/bcmail-fips.bnd b/repackage/org.argeo.tp.fips/bouncycastle/bcmail-fips.bnd
new file mode 100644 (file)
index 0000000..34dc61f
--- /dev/null
+++ b/repackage/org.argeo.tp.fips/bouncycastle/bcmail-fips.bnd
@@ -0,0 +1 @@
+Argeo-Origin-M2: org.bouncycastle:bcmail-fips:1.0.4

diff --git a/repackage/org.argeo.tp.fips/bouncycastle/bcpg-fips.bnd b/repackage/org.argeo.tp.fips/bouncycastle/bcpg-fips.bnd
new file mode 100644 (file)
index 0000000..be773b7
--- /dev/null
+++ b/repackage/org.argeo.tp.fips/bouncycastle/bcpg-fips.bnd
@@ -0,0 +1 @@
+Argeo-Origin-M2: org.bouncycastle:bcpg-fips:1.0.7.1

diff --git a/repackage/org.argeo.tp.fips/bouncycastle/bcpkix-fips.bnd b/repackage/org.argeo.tp.fips/bouncycastle/bcpkix-fips.bnd
new file mode 100644 (file)
index 0000000..f2f46d6
--- /dev/null
+++ b/repackage/org.argeo.tp.fips/bouncycastle/bcpkix-fips.bnd
@@ -0,0 +1 @@
+Argeo-Origin-M2: org.bouncycastle:bcpkix-fips:1.0.7

diff --git a/repackage/org.argeo.tp.fips/bouncycastle/bctls-fips.bnd b/repackage/org.argeo.tp.fips/bouncycastle/bctls-fips.bnd
new file mode 100644 (file)
index 0000000..7de0139
--- /dev/null
+++ b/repackage/org.argeo.tp.fips/bouncycastle/bctls-fips.bnd
@@ -0,0 +1 @@
+Argeo-Origin-M2: org.bouncycastle:bctls-fips:1.0.14.1

diff --git a/repackage/org.argeo.tp.fips/bouncycastle/common.bnd b/repackage/org.argeo.tp.fips/bouncycastle/common.bnd
new file mode 100644 (file)
index 0000000..3658686
--- /dev/null
+++ b/repackage/org.argeo.tp.fips/bouncycastle/common.bnd
@@ -0,0 +1,4 @@
+SPDX-License-Identifier: MIT
+Argeo-Origin-NoMetadataGeneration: true
+Argeo-Origin-Do-Not-Modify: true
+Argeo-Origin-M2: :1.0.2.3
\ No newline at end of file

diff --git a/sdk/argeo-build b/sdk/argeo-build
index 884c8b0c0b76b4d60fcb4a65d48a898f3ba27f0e..948d50f9792c1984eb055e58b8199f5778df901f 160000 (submodule)
--- a/sdk/argeo-build
+++ b/sdk/argeo-build
@@ -1 +1 @@
-Subproject commit 884c8b0c0b76b4d60fcb4a65d48a898f3ba27f0e
+Subproject commit 948d50f9792c1984eb055e58b8199f5778df901f