From: Mathieu Baudier <mbaudier@argeo.org>
Date: Wed, 22 Mar 2023 12:36:12 +0000 (+0100)
Subject: Introduce Bouncy Castle FIPS
X-Git-Tag: v2.3.12~21
X-Git-Url: https://git.argeo.org/?p=gpl%2Fargeo-tp.git;a=commitdiff_plain;h=5b76fdf3107f6023bbb74bd2f37c09dd3793bd83

Introduce Bouncy Castle FIPS
---

diff --git a/repackage/Makefile b/repackage/Makefile
index 62f1c04..799cbfd 100644
--- a/repackage/Makefile
+++ b/repackage/Makefile
@@ -22,5 +22,9 @@ org.argeo.tp.utils \
 org.argeo.tp.jcr \
 org.argeo.tp.poi \
 org.argeo.tp.gis \
+org.argeo.tp.fips \
+
+# NOTE: FIPS support is experimental, in order to preapre for the 2.0.0 stream
+# see https://www.bouncycastle.org/fips_java_roadmap.html
 
 include  $(SDK_SRC_BASE)/sdk/argeo-build/repackage.mk
\ No newline at end of file
diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/bcmail.bnd b/repackage/org.argeo.tp.crypto/bouncycastle/bcmail.bnd
new file mode 100644
index 0000000..ec30584
--- /dev/null
+++ b/repackage/org.argeo.tp.crypto/bouncycastle/bcmail.bnd
@@ -0,0 +1 @@
+Argeo-Origin-M2: org.bouncycastle:bcmail-jdk18on
diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/bcpg.bnd b/repackage/org.argeo.tp.crypto/bouncycastle/bcpg.bnd
new file mode 100644
index 0000000..86d4e74
--- /dev/null
+++ b/repackage/org.argeo.tp.crypto/bouncycastle/bcpg.bnd
@@ -0,0 +1 @@
+Argeo-Origin-M2: org.bouncycastle:bcpg-jdk18on:1.72.2
diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/bcpkix.bnd b/repackage/org.argeo.tp.crypto/bouncycastle/bcpkix.bnd
new file mode 100644
index 0000000..1634680
--- /dev/null
+++ b/repackage/org.argeo.tp.crypto/bouncycastle/bcpkix.bnd
@@ -0,0 +1 @@
+Argeo-Origin-M2: org.bouncycastle:bcpkix-jdk18on
diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/bcprov.bnd b/repackage/org.argeo.tp.crypto/bouncycastle/bcprov.bnd
new file mode 100644
index 0000000..2941b4e
--- /dev/null
+++ b/repackage/org.argeo.tp.crypto/bouncycastle/bcprov.bnd
@@ -0,0 +1 @@
+Argeo-Origin-M2: org.bouncycastle:bcprov-jdk18on
diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/bctls.bnd b/repackage/org.argeo.tp.crypto/bouncycastle/bctls.bnd
new file mode 100644
index 0000000..5ac9fb2
--- /dev/null
+++ b/repackage/org.argeo.tp.crypto/bouncycastle/bctls.bnd
@@ -0,0 +1 @@
+Argeo-Origin-M2: org.bouncycastle:bctls-jdk18on
diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/bcutil.bnd b/repackage/org.argeo.tp.crypto/bouncycastle/bcutil.bnd
new file mode 100644
index 0000000..0a71f96
--- /dev/null
+++ b/repackage/org.argeo.tp.crypto/bouncycastle/bcutil.bnd
@@ -0,0 +1 @@
+Argeo-Origin-M2: org.bouncycastle:bcutil-jdk18on
diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/common.bnd b/repackage/org.argeo.tp.crypto/bouncycastle/common.bnd
index aad8cdf..0c2cd37 100644
--- a/repackage/org.argeo.tp.crypto/bouncycastle/common.bnd
+++ b/repackage/org.argeo.tp.crypto/bouncycastle/common.bnd
@@ -1,2 +1,3 @@
 SPDX-License-Identifier: MIT
 Argeo-Origin-M2: :1.72
+Argeo-Origin-NoMetadataGeneration: true
diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.mail.bnd b/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.mail.bnd
deleted file mode 100644
index 55de32d..0000000
--- a/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.mail.bnd
+++ /dev/null
@@ -1,2 +0,0 @@
-Argeo-Origin-NoMetadataGeneration: true
-Argeo-Origin-M2: org.bouncycastle:bcmail-jdk18on
diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.pg.bnd b/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.pg.bnd
deleted file mode 100644
index 70b7352..0000000
--- a/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.pg.bnd
+++ /dev/null
@@ -1,2 +0,0 @@
-Argeo-Origin-NoMetadataGeneration: true
-Argeo-Origin-M2: org.bouncycastle:bcpg-jdk18on:1.72.2
diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.pkix.bnd b/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.pkix.bnd
deleted file mode 100644
index 78ba1b3..0000000
--- a/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.pkix.bnd
+++ /dev/null
@@ -1,2 +0,0 @@
-Argeo-Origin-NoMetadataGeneration: true
-Argeo-Origin-M2: org.bouncycastle:bcpkix-jdk18on
diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.provider.bnd b/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.provider.bnd
deleted file mode 100644
index bbe70be..0000000
--- a/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.provider.bnd
+++ /dev/null
@@ -1,2 +0,0 @@
-Argeo-Origin-NoMetadataGeneration: true
-Argeo-Origin-M2: org.bouncycastle:bcprov-jdk18on
diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.util.bnd b/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.util.bnd
deleted file mode 100644
index ad1134b..0000000
--- a/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.util.bnd
+++ /dev/null
@@ -1,2 +0,0 @@
-Argeo-Origin-NoMetadataGeneration: true
-Argeo-Origin-M2: org.bouncycastle:bcutil-jdk18on
diff --git a/repackage/org.argeo.tp.fips/bouncycastle/bc-fips.bnd.disabled b/repackage/org.argeo.tp.fips/bouncycastle/bc-fips.bnd.disabled
new file mode 100644
index 0000000..b3384ca
--- /dev/null
+++ b/repackage/org.argeo.tp.fips/bouncycastle/bc-fips.bnd.disabled
@@ -0,0 +1,3 @@
+# !! The current version is unsafe, see:
+# https://github.com/bcgit/bc-java/wiki/CVE-2022-45146
+Argeo-Origin-M2: org.bouncycastle:bc-fips
diff --git a/repackage/org.argeo.tp.fips/bouncycastle/bc-noncert.bnd b/repackage/org.argeo.tp.fips/bouncycastle/bc-noncert.bnd
new file mode 100644
index 0000000..4788299
--- /dev/null
+++ b/repackage/org.argeo.tp.fips/bouncycastle/bc-noncert.bnd
@@ -0,0 +1,5 @@
+# !! The current version is unsafe, see:
+# https://github.com/bcgit/bc-java/wiki/CVE-2022-45146
+Argeo-Origin-M2: org.bouncycastle:bc-noncert:1.0.2.4
+Argeo-Origin-URI: https://downloads.bouncycastle.org/fips-java/bc-noncert-1.0.2.4.jar
+Argeo-Origin-Sources-URI: https://downloads.bouncycastle.org/fips-java/bc-noncert-1.0.2.4-sources.jar
diff --git a/repackage/org.argeo.tp.fips/bouncycastle/bcmail-fips.bnd b/repackage/org.argeo.tp.fips/bouncycastle/bcmail-fips.bnd
new file mode 100644
index 0000000..34dc61f
--- /dev/null
+++ b/repackage/org.argeo.tp.fips/bouncycastle/bcmail-fips.bnd
@@ -0,0 +1 @@
+Argeo-Origin-M2: org.bouncycastle:bcmail-fips:1.0.4
diff --git a/repackage/org.argeo.tp.fips/bouncycastle/bcpg-fips.bnd b/repackage/org.argeo.tp.fips/bouncycastle/bcpg-fips.bnd
new file mode 100644
index 0000000..be773b7
--- /dev/null
+++ b/repackage/org.argeo.tp.fips/bouncycastle/bcpg-fips.bnd
@@ -0,0 +1 @@
+Argeo-Origin-M2: org.bouncycastle:bcpg-fips:1.0.7.1
diff --git a/repackage/org.argeo.tp.fips/bouncycastle/bcpkix-fips.bnd b/repackage/org.argeo.tp.fips/bouncycastle/bcpkix-fips.bnd
new file mode 100644
index 0000000..f2f46d6
--- /dev/null
+++ b/repackage/org.argeo.tp.fips/bouncycastle/bcpkix-fips.bnd
@@ -0,0 +1 @@
+Argeo-Origin-M2: org.bouncycastle:bcpkix-fips:1.0.7
diff --git a/repackage/org.argeo.tp.fips/bouncycastle/bctls-fips.bnd b/repackage/org.argeo.tp.fips/bouncycastle/bctls-fips.bnd
new file mode 100644
index 0000000..7de0139
--- /dev/null
+++ b/repackage/org.argeo.tp.fips/bouncycastle/bctls-fips.bnd
@@ -0,0 +1 @@
+Argeo-Origin-M2: org.bouncycastle:bctls-fips:1.0.14.1
diff --git a/repackage/org.argeo.tp.fips/bouncycastle/common.bnd b/repackage/org.argeo.tp.fips/bouncycastle/common.bnd
new file mode 100644
index 0000000..3658686
--- /dev/null
+++ b/repackage/org.argeo.tp.fips/bouncycastle/common.bnd
@@ -0,0 +1,4 @@
+SPDX-License-Identifier: MIT
+Argeo-Origin-NoMetadataGeneration: true
+Argeo-Origin-Do-Not-Modify: true
+Argeo-Origin-M2: :1.0.2.3
\ No newline at end of file
diff --git a/sdk/argeo-build b/sdk/argeo-build
index 884c8b0..948d50f 160000
--- a/sdk/argeo-build
+++ b/sdk/argeo-build
@@ -1 +1 @@
-Subproject commit 884c8b0c0b76b4d60fcb4a65d48a898f3ba27f0e
+Subproject commit 948d50f9792c1984eb055e58b8199f5778df901f